Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
DTLite1200-2126.exe

Overview

General Information

Sample name:DTLite1200-2126.exe
Analysis ID:1428488
MD5:418747f6c138cef786bb250b9d8b655d
SHA1:d497cfc9b09438c152812c92931255865a7bb003
SHA256:524786246019f9e19f329297eb933d574ebb672eebd7104b4756d2004967f6f0
Infos:

Detection

Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:64
Range:0 - 100

Signatures

Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Changes security center settings (notifications, updates, antivirus, firewall)
Creates an undocumented autostart registry key
Creates files in the system32 config directory
Queries sensitive service information (via WMI, MSSMBios_RawSMBiosTables, often done to detect sandboxes)
Tries to detect virtualization through RDTSC time measurements
Yara detected Generic Downloader
Adds / modifies Windows certificates
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains capabilities to detect virtual machines
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates driver files
Creates files inside the driver directory
Creates files inside the system directory
Creates or modifies windows services
Deletes files inside the Windows folder
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops certificate files (DER)
Enables debug privileges
Enables driver privileges
Enables security privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Is looking for software installed on the system
May sleep (evasive loops) to hinder dynamic analysis
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Registers a DLL
Sigma detected: Classes Autorun Keys Modification
Sigma detected: CurrentVersion Autorun Keys Modification
Stores large binary data to the registry

Classification

Process Tree

  • System is w10x64_ra
  • DTLite1200-2126.exe (PID: 7008 cmdline: "C:\Users\user\Desktop\DTLite1200-2126.exe" MD5: 418747F6C138CEF786BB250B9D8B655D)
    • DTInstaller.exe (PID: 6184 cmdline: "C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe" MD5: 2D662D8F9A404CC76334BD6F8E03B22C)
      • DiscSoftBusServiceLite.exe (PID: 876 cmdline: "C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe" /Service MD5: 5FC722B16E223DC3E2FAE73CE882CC4E)
      • regsvr32.exe (PID: 1640 cmdline: "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files\DAEMON Tools Lite\dtshl32.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
      • regsvr32.exe (PID: 3180 cmdline: "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files\DAEMON Tools Lite\dtshl64.dll" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
        • regsvr32.exe (PID: 1884 cmdline: /s "C:\Program Files\DAEMON Tools Lite\dtshl64.dll" MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
      • DTCommandLine.exe (PID: 2268 cmdline: "C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe" -a --type=dt MD5: 488E5C80AE286EC94CC134B2F16795C0)
        • conhost.exe (PID: 724 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • ngen.exe (PID: 4332 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe" install "DTLite.exe" MD5: 417D6EA61C097F8DF6FEF2A57F9692DF)
        • conhost.exe (PID: 4456 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • mscorsvw.exe (PID: 5920 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 214 -InterruptEvent 0 -NGENProcess 20c -Pipe 210 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
      • ngen.exe (PID: 7028 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe" install "DTAgent.exe" MD5: 417D6EA61C097F8DF6FEF2A57F9692DF)
        • conhost.exe (PID: 5096 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • mscorsvw.exe (PID: 5136 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 1bc -InterruptEvent 0 -NGENProcess 21c -Pipe 184 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
      • ngen.exe (PID: 4820 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe" install "DiscSoft.NET.Common.dll" MD5: 417D6EA61C097F8DF6FEF2A57F9692DF)
        • conhost.exe (PID: 3752 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • mscorsvw.exe (PID: 7024 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 21c -InterruptEvent 0 -NGENProcess 204 -Pipe 218 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 2412 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2ec -InterruptEvent 0 -NGENProcess 2b0 -Pipe 2e8 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 2752 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 30c -InterruptEvent 0 -NGENProcess 300 -Pipe 308 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 5700 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2fc -InterruptEvent 0 -NGENProcess 2f0 -Pipe 2f8 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 3540 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2d0 -InterruptEvent 0 -NGENProcess 310 -Pipe 2cc -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 4668 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 358 -InterruptEvent 0 -NGENProcess 36c -Pipe 30c -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 4108 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 39c -InterruptEvent 0 -NGENProcess 374 -Pipe 378 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 4812 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 368 -InterruptEvent 0 -NGENProcess 390 -Pipe 39c -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 5756 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 394 -InterruptEvent 0 -NGENProcess 33c -Pipe 358 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 4592 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 380 -InterruptEvent 0 -NGENProcess 37c -Pipe 394 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 6004 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3b0 -InterruptEvent 0 -NGENProcess 3a4 -Pipe 3ac -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 1040 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3b4 -InterruptEvent 0 -NGENProcess 390 -Pipe 3b8 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 6992 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 38c -InterruptEvent 0 -NGENProcess 3cc -Pipe 3c4 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 6868 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3b4 -InterruptEvent 0 -NGENProcess 2f8 -Pipe 354 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 5720 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 328 -InterruptEvent 0 -NGENProcess 3b0 -Pipe 2e4 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 6712 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f8 -InterruptEvent 0 -NGENProcess 38c -Pipe 3b0 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 1612 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2c8 -InterruptEvent 0 -NGENProcess 36c -Pipe 2a0 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 6840 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f0 -InterruptEvent 0 -NGENProcess 3d8 -Pipe 2d0 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 636 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3bc -InterruptEvent 0 -NGENProcess 38c -Pipe 398 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 6308 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 21c -InterruptEvent 0 -NGENProcess 3dc -Pipe 384 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 2216 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3d0 -InterruptEvent 0 -NGENProcess 3bc -Pipe 29c -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 3968 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3c8 -InterruptEvent 0 -NGENProcess 3f8 -Pipe 310 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 5852 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f8 -InterruptEvent 0 -NGENProcess 418 -Pipe 408 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 3720 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 404 -InterruptEvent 0 -NGENProcess 418 -Pipe 3d8 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 3228 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 424 -InterruptEvent 0 -NGENProcess 420 -Pipe 41c -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 1884 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 414 -InterruptEvent 0 -NGENProcess 3ec -Pipe 3f8 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 1252 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3ec -InterruptEvent 0 -NGENProcess 3e4 -Pipe 414 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 2128 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 21c -InterruptEvent 0 -NGENProcess 344 -Pipe 3bc -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 1872 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3e8 -InterruptEvent 0 -NGENProcess 3ec -Pipe 338 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 2476 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3e4 -InterruptEvent 0 -NGENProcess 404 -Pipe 2f0 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 3300 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3d0 -InterruptEvent 0 -NGENProcess 424 -Pipe 3c8 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 4944 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 424 -InterruptEvent 0 -NGENProcess 3cc -Pipe 3d0 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 1316 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3c0 -InterruptEvent 0 -NGENProcess 304 -Pipe 2a0 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 5240 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f8 -InterruptEvent 0 -NGENProcess 3a4 -Pipe 3ec -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 5664 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 340 -InterruptEvent 0 -NGENProcess 36c -Pipe 404 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 5520 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 424 -InterruptEvent 0 -NGENProcess 36c -Pipe 370 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 2280 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 360 -InterruptEvent 0 -NGENProcess 3dc -Pipe 3a0 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 4960 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 36c -InterruptEvent 0 -NGENProcess 40c -Pipe 424 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 2060 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 418 -InterruptEvent 0 -NGENProcess 3e4 -Pipe 3f0 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 4580 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 304 -InterruptEvent 0 -NGENProcess 328 -Pipe 40c -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 1696 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3d4 -InterruptEvent 0 -NGENProcess 2b0 -Pipe 36c -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 5108 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3f4 -InterruptEvent 0 -NGENProcess 410 -Pipe 424 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 5140 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3c0 -InterruptEvent 0 -NGENProcess 418 -Pipe 3e4 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 1308 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 388 -InterruptEvent 0 -NGENProcess 3d4 -Pipe 390 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 5484 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 21c -InterruptEvent 0 -NGENProcess 3e8 -Pipe 364 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 3948 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 374 -InterruptEvent 0 -NGENProcess 428 -Pipe 3e8 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 5672 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3a8 -InterruptEvent 0 -NGENProcess 21c -Pipe 2ec -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 4888 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 348 -InterruptEvent 0 -NGENProcess 388 -Pipe 340 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 6016 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3e0 -InterruptEvent 0 -NGENProcess 434 -Pipe 428 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 5568 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3cc -InterruptEvent 0 -NGENProcess 348 -Pipe 430 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 6244 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 440 -InterruptEvent 0 -NGENProcess 448 -Pipe 2b0 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 68 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 418 -InterruptEvent 0 -NGENProcess 3d4 -Pipe 3c0 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 2752 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3e0 -InterruptEvent 0 -NGENProcess 448 -Pipe 3a8 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 6408 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 43c -InterruptEvent 0 -NGENProcess 3d4 -Pipe 21c -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 6772 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 450 -InterruptEvent 0 -NGENProcess 434 -Pipe 44c -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 5492 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 454 -InterruptEvent 0 -NGENProcess 42c -Pipe 390 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 6496 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 458 -InterruptEvent 0 -NGENProcess 374 -Pipe 3cc -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 2608 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 458 -InterruptEvent 0 -NGENProcess 434 -Pipe 364 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 6480 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3a8 -InterruptEvent 0 -NGENProcess 444 -Pipe 3e0 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 6564 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 45c -InterruptEvent 0 -NGENProcess 464 -Pipe 478 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 7136 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 460 -InterruptEvent 0 -NGENProcess 33c -Pipe 47c -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 6468 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 470 -InterruptEvent 0 -NGENProcess 494 -Pipe 3a8 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
        • mscorsvw.exe (PID: 4324 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 42c -InterruptEvent 0 -NGENProcess 488 -Pipe 480 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)
  • svchost.exe (PID: 7060 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 5644 cmdline: C:\Windows\System32\svchost.exe -k NetworkService -p MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • SgrmBroker.exe (PID: 2528 cmdline: C:\Windows\system32\SgrmBroker.exe MD5: 3BA1A18A0DC30A0545E7765CB97D8E63)
  • svchost.exe (PID: 3508 cmdline: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 6324 cmdline: C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 6520 cmdline: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
    • MpCmdRun.exe (PID: 7136 cmdline: "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable MD5: B3676839B2EE96983F9ED735CD044159)
      • conhost.exe (PID: 5556 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • svchost.exe (PID: 6580 cmdline: C:\Windows\system32\svchost.exe -k UnistackSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • DTLite1200-2126.exe (PID: 6684 cmdline: "C:\Users\user\Desktop\DTLite1200-2126.exe" MD5: 418747F6C138CEF786BB250B9D8B655D)
  • DTLite1200-2126.exe (PID: 6836 cmdline: "C:\Users\user\Desktop\DTLite1200-2126.exe" MD5: 418747F6C138CEF786BB250B9D8B655D)
  • svchost.exe (PID: 6684 cmdline: C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
    • drvinst.exe (PID: 6928 cmdline: DrvInst.exe "4" "0" "C:\Users\user\AppData\Local\Temp\{343eae17-3dcd-9e48-a925-7d15f6c4544d}\dtlitescsibus.inf" "9" "47b4131af" "0000000000000158" "WinSta0\Default" "0000000000000168" "208" "c:\program files\daemon tools lite" MD5: 294990C88B9D1FE0A54A1FA8BF4324D9)
    • drvinst.exe (PID: 3984 cmdline: DrvInst.exe "2" "211" "ROOT\SCSIADAPTER\0000" "C:\Windows\INF\oem4.inf" "oem4.inf:f5fe8c81ebc2f07d:Install:5.29.0.0:root\dtlitescsibus," "47b4131af" "0000000000000188" MD5: 294990C88B9D1FE0A54A1FA8BF4324D9)
    • drvinst.exe (PID: 5288 cmdline: DrvInst.exe "4" "0" "C:\Users\user\AppData\Local\Temp\{61b2a228-9030-a742-87fe-0942fcb33003}\dtliteusbbus.inf" "9" "42e124347" "0000000000000198" "WinSta0\Default" "00000000000001A0" "208" "c:\program files\daemon tools lite" MD5: 294990C88B9D1FE0A54A1FA8BF4324D9)
    • drvinst.exe (PID: 4008 cmdline: DrvInst.exe "2" "211" "ROOT\USB\0000" "C:\Windows\INF\oem5.inf" "oem5.inf:f5fe8c81ebc2f07d:Install:3.6.0.0:root\dtliteusbbus," "42e124347" "0000000000000198" MD5: 294990C88B9D1FE0A54A1FA8BF4324D9)
  • DiscSoftBusServiceLite.exe (PID: 2408 cmdline: "C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe" MD5: 5FC722B16E223DC3E2FAE73CE882CC4E)
  • cleanup

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.2797292761.00000000085A0000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

    Sigma Signatures

    Sigma detected: Classes Autorun Keys Modification
    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: {C06369D6-E77D-4626-9656-1256312BD576}, EventID: 13, EventType: SetValue, Image: C:\Windows\SysWOW64\regsvr32.exe, ProcessId: 1640, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\DaemonShellExtDriveLite\(Default)
    Sigma detected: CurrentVersion Autorun Keys Modification
    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe, ProcessId: 6184, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DAEMON Tools Lite Automount
    Sigma detected: Windows Processes Suspicious Parent Directory
    Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 656, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 7060, ProcessName: svchost.exe

    Snort Signatures

    No Snort rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Multi AV Scanner detection for dropped file
    Source: C:\Users\user\AppData\Local\Temp\DTInstallerResources\DotSetupSDK.dllVirustotal: Detection: 15%Perma Link
    Multi AV Scanner detection for submitted file
    Source: DTLite1200-2126.exeReversingLabs: Detection: 33%
    Source: DTLite1200-2126.exeVirustotal: Detection: 18%Perma Link

    Compliance

    barindex
    Creates a directory in C:\Program Files
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\Plugins
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\DTLite.exe.config
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\GenCSS.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\GenDisc.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\GenDPM.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\GenSub.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\SafeDisc.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\Tages.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\DiscSoft.NET.Common.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\DotNetCommon.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\DTAgent.exe
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\DTCommonRes.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\DTHelper.exe
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\DTLite.exe
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\DTLiteHelper.exe
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\DTShl64.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\Engine.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\imgengine.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\QuickConverter.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\sptdintf.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\ToastNotificationControl.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\VDriveLib.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\VirtualizingWrapPanel.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\DTShl.propdesc
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\Profiles.ini
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\DTShl32.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\Extractor.exe
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\uninst.exe
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\lang
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\lang\ARA.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\lang\CHS.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\lang\CSY.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\lang\DEU.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\lang\ENU.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\lang\ESN.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\lang\FIN.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\lang\FRA.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\lang\HEB.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\lang\HUN.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\lang\HYE.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\lang\ITA.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\lang\JPN.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\lang\KOR.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\lang\LVI.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\lang\PLK.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\lang\PTB.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\lang\PTP.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\lang\RUS.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\lang\TRK.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\lang\UKR.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\inst
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\inst\setuphlp.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\inst\sptdintf.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\SPTDinst-x64.exe
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeDirectory created: C:\Program Files\DAEMON Tools Lite\dtlitescsibus.sys
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeDirectory created: C:\Program Files\DAEMON Tools Lite\dtlitescsibus.inf
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeDirectory created: C:\Program Files\DAEMON Tools Lite\dtlitescsibus.cat
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeDirectory created: C:\Program Files\DAEMON Tools Lite\dtliteusbbus.sys
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeDirectory created: C:\Program Files\DAEMON Tools Lite\dtliteusbbus.inf
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeDirectory created: C:\Program Files\DAEMON Tools Lite\dtliteusbbus.cat
    Creates a software uninstall entry
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DAEMON Tools Lite
    PE / OLE file has a valid certificate
    Source: DTLite1200-2126.exeStatic PE information: certificate valid
    Uses secure TLS version for HTTPS connections
    Source: unknownHTTPS traffic detected: 161.35.212.100:443 -> 192.168.2.16:49714 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 18.160.45.150:443 -> 192.168.2.16:49715 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 3.162.93.143:443 -> 192.168.2.16:49716 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 161.35.103.80:443 -> 192.168.2.16:49721 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 161.35.103.80:443 -> 192.168.2.16:49723 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 172.64.145.29:443 -> 192.168.2.16:49724 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 161.35.212.100:443 -> 192.168.2.16:49725 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 161.35.212.100:443 -> 192.168.2.16:49735 version: TLS 1.2
    Contains modern PE file flags such as dynamic base (ASLR) or NX
    Source: DTLite1200-2126.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

    Networking

    barindex
    Yara detected Generic Downloader
    Source: Yara matchFile source: 00000003.00000002.2797292761.00000000085A0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownDNS traffic detected: queries for: secure.disc-soft.com
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
    Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
    Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
    Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
    Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
    Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
    Source: unknownHTTPS traffic detected: 161.35.212.100:443 -> 192.168.2.16:49714 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 18.160.45.150:443 -> 192.168.2.16:49715 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 3.162.93.143:443 -> 192.168.2.16:49716 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 161.35.103.80:443 -> 192.168.2.16:49721 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 161.35.103.80:443 -> 192.168.2.16:49723 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 172.64.145.29:443 -> 192.168.2.16:49724 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 161.35.212.100:443 -> 192.168.2.16:49725 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 161.35.212.100:443 -> 192.168.2.16:49735 version: TLS 1.2
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeFile created: C:\Users\user\AppData\Local\Temp\{61b2a228-9030-a742-87fe-0942fcb33003}\SET526E.tmpJump to dropped file
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeFile created: C:\Program Files\DAEMON Tools Lite\dtlitescsibus.catJump to dropped file
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeFile created: C:\Program Files\DAEMON Tools Lite\dtlitescsibus.sys
    Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\Temp\{3b4f7933-ad24-274e-9e1c-bd2fb7fb3a0d}
    Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
    Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\FileRepository\dtlitescsibus.inf_amd64_1e9e0203e659905c
    Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\drvstore.tmp
    Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\inf\oem4.inf
    Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\drivers\SET2EB6.tmp
    Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\drivers\SET2EB6.tmp
    Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\FileRepository\dtliteusbbus.inf_amd64_c60bb6f964925bc7
    Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\DriverStore\drvstore.tmp
    Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\inf\oem5.inf
    Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\drivers\SET83EA.tmp
    Source: C:\Windows\System32\drvinst.exeFile created: C:\Windows\System32\drivers\SET83EA.tmp
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E7EC0C85688F4738F3BE49B104BA67
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E7EC0C85688F4738F3BE49B104BA67
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3B179347615B32FE859CEABBE50C3EE6_26B6C6D99327AD2BC8D8227F7F6CAF3E
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3B179347615B32FE859CEABBE50C3EE6_26B6C6D99327AD2BC8D8227F7F6CAF3E
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0968A1E3A40D2582E7FD463BAEB59CD
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0968A1E3A40D2582E7FD463BAEB59CD
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_E6095CD2AECC9011BCD0D7B421356B17
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D7833C286363AD25C70511661A83D581_3557B2296D2E2C94AED9D1D96EBF2B6E
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_E6095CD2AECC9011BCD0D7B421356B17
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D7833C286363AD25C70511661A83D581_3557B2296D2E2C94AED9D1D96EBF2B6E
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3538626A1FCCCA43C7E18F220BDD9B02
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3538626A1FCCCA43C7E18F220BDD9B02
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9E6286BA49003BA567AB6681F1333DB4
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9E6286BA49003BA567AB6681F1333DB4
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeFile created: C:\Windows\Microsoft.NET\ngenserviceclientlock.dat
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeFile created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeFile created: C:\Windows\Microsoft.NET\ngennicupdatelock.dat
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeFile created: C:\Windows\assembly\NativeImages_v4.0.30319_32\ngenlock.dat
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeFile created: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeFile created: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\9b7df5e92f99ac776a0aafa426a0223a
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeFile created: C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\9b7df5e92f99ac776a0aafa426a0223a\System.ServiceModel.ni.dll.aux.tmp
    Source: C:\Windows\System32\drvinst.exeFile deleted: C:\Windows\System32\DriverStore\Temp\{3b4f7933-ad24-274e-9e1c-bd2fb7fb3a0d}\SET525.tmp
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeProcess token adjusted: Load Driver
    Source: C:\Windows\System32\svchost.exeProcess token adjusted: Security
    Source: classification engineClassification label: mal80.troj.evad.winEXE@172/80@8/311
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile created: C:\Program Files\DAEMON Tools Lite
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile created: C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3752:120:WilError_03
    Source: C:\Windows\System32\drvinst.exeMutant created: \BaseNamedObjects\DrvInst.exe_mutex_{5B10AC83-4F13-4fde-8C0B-B85681BA8D73}
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeMutant created: NULL
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{BBCE738A-D4CB-4da8-99D2-7DC90CB671EF}
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{DD0AB876-4899-42B4-BD68-0E7B03D5392F}
    Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5556:120:WilError_03
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeMutant created: \BaseNamedObjects\DiscSoftBusServiceMutex
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeMutant created: \Sessions\1\BaseNamedObjects\DiscSoftBusServiceMutex
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeMutant created: \BaseNamedObjects\Global\discsoft_virtual_scsi_bus_mutex_19659239224E364682FA4BAF72C53EA4
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{9c5c35e6-8462-455b-afd1-0ffcee756a74}
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeMutant created: \Sessions\1\BaseNamedObjects\MUTEX_PRODUCT
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{337AF885-2FD3-4211-B923-019538619506}
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeMutant created: \Sessions\1\BaseNamedObjects\Global\discsoft_virtual_scsi_bus_mutex_19659239224E364682FA4BAF72C53EA4
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:724:120:WilError_03
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeMutant created: \Sessions\1\BaseNamedObjects\Global\discsoft_virtual_usb_bus_mutex_19659239224E364682FA4BAF72C53EA4
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{20BF2A7B-EC9D-4921-8E83-3B3BCB33074A}
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeFile created: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP
    Source: DTLite1200-2126.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: DTLite1200-2126.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeFile read: C:\Users\user\Desktop\desktop.ini
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
    Source: DTLite1200-2126.exeReversingLabs: Detection: 33%
    Source: DTLite1200-2126.exeVirustotal: Detection: 18%
    Source: unknownProcess created: C:\Users\user\Desktop\DTLite1200-2126.exe "C:\Users\user\Desktop\DTLite1200-2126.exe"
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess created: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe "C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe"
    Source: unknownProcess created: C:\Users\user\Desktop\DTLite1200-2126.exe "C:\Users\user\Desktop\DTLite1200-2126.exe"
    Source: unknownProcess created: C:\Users\user\Desktop\DTLite1200-2126.exe "C:\Users\user\Desktop\DTLite1200-2126.exe"
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess created: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe "C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe"
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess created: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe "C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe" /Service
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess created: C:\Windows\System32\drvinst.exe DrvInst.exe "4" "0" "C:\Users\user\AppData\Local\Temp\{343eae17-3dcd-9e48-a925-7d15f6c4544d}\dtlitescsibus.inf" "9" "47b4131af" "0000000000000158" "WinSta0\Default" "0000000000000168" "208" "c:\program files\daemon tools lite"
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess created: C:\Windows\System32\drvinst.exe DrvInst.exe "2" "211" "ROOT\SCSIADAPTER\0000" "C:\Windows\INF\oem4.inf" "oem4.inf:f5fe8c81ebc2f07d:Install:5.29.0.0:root\dtlitescsibus," "47b4131af" "0000000000000188"
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess created: C:\Windows\System32\drvinst.exe DrvInst.exe "4" "0" "C:\Users\user\AppData\Local\Temp\{61b2a228-9030-a742-87fe-0942fcb33003}\dtliteusbbus.inf" "9" "42e124347" "0000000000000198" "WinSta0\Default" "00000000000001A0" "208" "c:\program files\daemon tools lite"
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess created: C:\Windows\System32\drvinst.exe DrvInst.exe "2" "211" "ROOT\USB\0000" "C:\Windows\INF\oem5.inf" "oem5.inf:f5fe8c81ebc2f07d:Install:3.6.0.0:root\dtliteusbbus," "42e124347" "0000000000000198"
    Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
    Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k NetworkService -p
    Source: unknownProcess created: C:\Windows\System32\SgrmBroker.exe C:\Windows\system32\SgrmBroker.exe
    Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
    Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc
    Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc
    Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k UnistackSvcGroup
    Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
    Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
    Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess created: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe "C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe" /Service
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files\DAEMON Tools Lite\dtshl32.dll"
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files\DAEMON Tools Lite\dtshl64.dll"
    Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe /s "C:\Program Files\DAEMON Tools Lite\dtshl64.dll"
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess created: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe
    Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exeProcess created: C:\Windows\System32\conhost.exe
    Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
    Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\drvinst.exe DrvInst.exe "4" "0" "C:\Users\user\AppData\Local\Temp\{343eae17-3dcd-9e48-a925-7d15f6c4544d}\dtlitescsibus.inf" "9" "47b4131af" "0000000000000158" "WinSta0\Default" "0000000000000168" "208" "c:\program files\daemon tools lite"
    Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\drvinst.exe DrvInst.exe "2" "211" "ROOT\SCSIADAPTER\0000" "C:\Windows\INF\oem4.inf" "oem4.inf:f5fe8c81ebc2f07d:Install:5.29.0.0:root\dtlitescsibus," "47b4131af" "0000000000000188"
    Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\drvinst.exe DrvInst.exe "4" "0" "C:\Users\user\AppData\Local\Temp\{61b2a228-9030-a742-87fe-0942fcb33003}\dtliteusbbus.inf" "9" "42e124347" "0000000000000198" "WinSta0\Default" "00000000000001A0" "208" "c:\program files\daemon tools lite"
    Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\System32\drvinst.exe DrvInst.exe "2" "211" "ROOT\USB\0000" "C:\Windows\INF\oem5.inf" "oem5.inf:f5fe8c81ebc2f07d:Install:3.6.0.0:root\dtliteusbbus," "42e124347" "0000000000000198"
    Source: unknownProcess created: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe "C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe"
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe" install "DTLite.exe"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 214 -InterruptEvent 0 -NGENProcess 20c -Pipe 210 -Comment "NGen Worker Process"
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe" install "DTAgent.exe"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 1bc -InterruptEvent 0 -NGENProcess 21c -Pipe 184 -Comment "NGen Worker Process"
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe" install "DiscSoft.NET.Common.dll"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 21c -InterruptEvent 0 -NGENProcess 204 -Pipe 218 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2ec -InterruptEvent 0 -NGENProcess 2b0 -Pipe 2e8 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 30c -InterruptEvent 0 -NGENProcess 300 -Pipe 308 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2fc -InterruptEvent 0 -NGENProcess 2f0 -Pipe 2f8 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2d0 -InterruptEvent 0 -NGENProcess 310 -Pipe 2cc -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 358 -InterruptEvent 0 -NGENProcess 36c -Pipe 30c -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 39c -InterruptEvent 0 -NGENProcess 374 -Pipe 378 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 368 -InterruptEvent 0 -NGENProcess 390 -Pipe 39c -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 394 -InterruptEvent 0 -NGENProcess 33c -Pipe 358 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 380 -InterruptEvent 0 -NGENProcess 37c -Pipe 394 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3b0 -InterruptEvent 0 -NGENProcess 3a4 -Pipe 3ac -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3b4 -InterruptEvent 0 -NGENProcess 390 -Pipe 3b8 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 38c -InterruptEvent 0 -NGENProcess 3cc -Pipe 3c4 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3b4 -InterruptEvent 0 -NGENProcess 2f8 -Pipe 354 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 328 -InterruptEvent 0 -NGENProcess 3b0 -Pipe 2e4 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f8 -InterruptEvent 0 -NGENProcess 38c -Pipe 3b0 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2c8 -InterruptEvent 0 -NGENProcess 36c -Pipe 2a0 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f0 -InterruptEvent 0 -NGENProcess 3d8 -Pipe 2d0 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3bc -InterruptEvent 0 -NGENProcess 38c -Pipe 398 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 21c -InterruptEvent 0 -NGENProcess 3dc -Pipe 384 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3d0 -InterruptEvent 0 -NGENProcess 3bc -Pipe 29c -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3c8 -InterruptEvent 0 -NGENProcess 3f8 -Pipe 310 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f8 -InterruptEvent 0 -NGENProcess 418 -Pipe 408 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 404 -InterruptEvent 0 -NGENProcess 418 -Pipe 3d8 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 424 -InterruptEvent 0 -NGENProcess 420 -Pipe 41c -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 414 -InterruptEvent 0 -NGENProcess 3ec -Pipe 3f8 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3ec -InterruptEvent 0 -NGENProcess 3e4 -Pipe 414 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 21c -InterruptEvent 0 -NGENProcess 344 -Pipe 3bc -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3e8 -InterruptEvent 0 -NGENProcess 3ec -Pipe 338 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3e4 -InterruptEvent 0 -NGENProcess 404 -Pipe 2f0 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3d0 -InterruptEvent 0 -NGENProcess 424 -Pipe 3c8 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 424 -InterruptEvent 0 -NGENProcess 3cc -Pipe 3d0 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3c0 -InterruptEvent 0 -NGENProcess 304 -Pipe 2a0 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f8 -InterruptEvent 0 -NGENProcess 3a4 -Pipe 3ec -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 340 -InterruptEvent 0 -NGENProcess 36c -Pipe 404 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 424 -InterruptEvent 0 -NGENProcess 36c -Pipe 370 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 360 -InterruptEvent 0 -NGENProcess 3dc -Pipe 3a0 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 36c -InterruptEvent 0 -NGENProcess 40c -Pipe 424 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 418 -InterruptEvent 0 -NGENProcess 3e4 -Pipe 3f0 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 304 -InterruptEvent 0 -NGENProcess 328 -Pipe 40c -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3d4 -InterruptEvent 0 -NGENProcess 2b0 -Pipe 36c -Comment "NGen Worker Process"
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files\DAEMON Tools Lite\dtshl32.dll"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3f4 -InterruptEvent 0 -NGENProcess 410 -Pipe 424 -Comment "NGen Worker Process"
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files\DAEMON Tools Lite\dtshl64.dll"
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess created: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe" install "DTLite.exe"
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe" install "DTAgent.exe"
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe" install "DiscSoft.NET.Common.dll"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3c0 -InterruptEvent 0 -NGENProcess 418 -Pipe 3e4 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 388 -InterruptEvent 0 -NGENProcess 3d4 -Pipe 390 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 21c -InterruptEvent 0 -NGENProcess 3e8 -Pipe 364 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 374 -InterruptEvent 0 -NGENProcess 428 -Pipe 3e8 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3a8 -InterruptEvent 0 -NGENProcess 21c -Pipe 2ec -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 348 -InterruptEvent 0 -NGENProcess 388 -Pipe 340 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3e0 -InterruptEvent 0 -NGENProcess 434 -Pipe 428 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3cc -InterruptEvent 0 -NGENProcess 348 -Pipe 430 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 440 -InterruptEvent 0 -NGENProcess 448 -Pipe 2b0 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 418 -InterruptEvent 0 -NGENProcess 3d4 -Pipe 3c0 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 43c -InterruptEvent 0 -NGENProcess 3d4 -Pipe 21c -Comment "NGen Worker Process"
    Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\System32\regsvr32.exe /s "C:\Program Files\DAEMON Tools Lite\dtshl64.dll"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 450 -InterruptEvent 0 -NGENProcess 434 -Pipe 44c -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 454 -InterruptEvent 0 -NGENProcess 42c -Pipe 390 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 458 -InterruptEvent 0 -NGENProcess 374 -Pipe 3cc -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 458 -InterruptEvent 0 -NGENProcess 434 -Pipe 364 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3a8 -InterruptEvent 0 -NGENProcess 444 -Pipe 3e0 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 45c -InterruptEvent 0 -NGENProcess 464 -Pipe 478 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 460 -InterruptEvent 0 -NGENProcess 33c -Pipe 47c -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 470 -InterruptEvent 0 -NGENProcess 494 -Pipe 3a8 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 42c -InterruptEvent 0 -NGENProcess 488 -Pipe 480 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 21c -InterruptEvent 0 -NGENProcess 204 -Pipe 218 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2ec -InterruptEvent 0 -NGENProcess 2b0 -Pipe 2e8 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2fc -InterruptEvent 0 -NGENProcess 2f0 -Pipe 2f8 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 30c -InterruptEvent 0 -NGENProcess 300 -Pipe 308 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2d0 -InterruptEvent 0 -NGENProcess 310 -Pipe 2cc -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 358 -InterruptEvent 0 -NGENProcess 36c -Pipe 30c -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 39c -InterruptEvent 0 -NGENProcess 374 -Pipe 378 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 368 -InterruptEvent 0 -NGENProcess 390 -Pipe 39c -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 394 -InterruptEvent 0 -NGENProcess 33c -Pipe 358 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 380 -InterruptEvent 0 -NGENProcess 37c -Pipe 394 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3b0 -InterruptEvent 0 -NGENProcess 3a4 -Pipe 3ac -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3b4 -InterruptEvent 0 -NGENProcess 390 -Pipe 3b8 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 38c -InterruptEvent 0 -NGENProcess 3cc -Pipe 3c4 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3b4 -InterruptEvent 0 -NGENProcess 2f8 -Pipe 354 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 328 -InterruptEvent 0 -NGENProcess 3b0 -Pipe 2e4 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f8 -InterruptEvent 0 -NGENProcess 38c -Pipe 3b0 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2c8 -InterruptEvent 0 -NGENProcess 36c -Pipe 2a0 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f0 -InterruptEvent 0 -NGENProcess 3d8 -Pipe 2d0 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3bc -InterruptEvent 0 -NGENProcess 38c -Pipe 398 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 21c -InterruptEvent 0 -NGENProcess 3dc -Pipe 384 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3d0 -InterruptEvent 0 -NGENProcess 3bc -Pipe 29c -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3c8 -InterruptEvent 0 -NGENProcess 3f8 -Pipe 310 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f8 -InterruptEvent 0 -NGENProcess 418 -Pipe 408 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 404 -InterruptEvent 0 -NGENProcess 418 -Pipe 3d8 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 424 -InterruptEvent 0 -NGENProcess 420 -Pipe 41c -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 414 -InterruptEvent 0 -NGENProcess 3ec -Pipe 3f8 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3ec -InterruptEvent 0 -NGENProcess 3e4 -Pipe 414 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 21c -InterruptEvent 0 -NGENProcess 344 -Pipe 3bc -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3e8 -InterruptEvent 0 -NGENProcess 3ec -Pipe 338 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3e4 -InterruptEvent 0 -NGENProcess 404 -Pipe 2f0 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3d0 -InterruptEvent 0 -NGENProcess 424 -Pipe 3c8 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 424 -InterruptEvent 0 -NGENProcess 3cc -Pipe 3d0 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3c0 -InterruptEvent 0 -NGENProcess 304 -Pipe 2a0 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f8 -InterruptEvent 0 -NGENProcess 3a4 -Pipe 3ec -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 340 -InterruptEvent 0 -NGENProcess 36c -Pipe 404 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 424 -InterruptEvent 0 -NGENProcess 36c -Pipe 370 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 36c -InterruptEvent 0 -NGENProcess 40c -Pipe 424 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 360 -InterruptEvent 0 -NGENProcess 3dc -Pipe 3a0 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 418 -InterruptEvent 0 -NGENProcess 3e4 -Pipe 3f0 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 304 -InterruptEvent 0 -NGENProcess 328 -Pipe 40c -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3d4 -InterruptEvent 0 -NGENProcess 2b0 -Pipe 36c -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3f4 -InterruptEvent 0 -NGENProcess 410 -Pipe 424 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3c0 -InterruptEvent 0 -NGENProcess 418 -Pipe 3e4 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 388 -InterruptEvent 0 -NGENProcess 3d4 -Pipe 390 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 21c -InterruptEvent 0 -NGENProcess 3e8 -Pipe 364 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 374 -InterruptEvent 0 -NGENProcess 428 -Pipe 3e8 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3a8 -InterruptEvent 0 -NGENProcess 21c -Pipe 2ec -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 348 -InterruptEvent 0 -NGENProcess 388 -Pipe 340 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3e0 -InterruptEvent 0 -NGENProcess 434 -Pipe 428 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3cc -InterruptEvent 0 -NGENProcess 348 -Pipe 430 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 440 -InterruptEvent 0 -NGENProcess 448 -Pipe 2b0 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 418 -InterruptEvent 0 -NGENProcess 3d4 -Pipe 3c0 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 30c -InterruptEvent 0 -NGENProcess 300 -Pipe 308 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 43c -InterruptEvent 0 -NGENProcess 3d4 -Pipe 21c -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 450 -InterruptEvent 0 -NGENProcess 434 -Pipe 44c -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 454 -InterruptEvent 0 -NGENProcess 42c -Pipe 390 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 458 -InterruptEvent 0 -NGENProcess 374 -Pipe 3cc -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 458 -InterruptEvent 0 -NGENProcess 434 -Pipe 364 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3a8 -InterruptEvent 0 -NGENProcess 444 -Pipe 3e0 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 45c -InterruptEvent 0 -NGENProcess 464 -Pipe 478 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 460 -InterruptEvent 0 -NGENProcess 33c -Pipe 47c -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 470 -InterruptEvent 0 -NGENProcess 494 -Pipe 3a8 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 42c -InterruptEvent 0 -NGENProcess 488 -Pipe 480 -Comment "NGen Worker Process"
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeSection loaded: mscoree.dll
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeSection loaded: kernel.appcore.dll
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeSection loaded: version.dll
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeSection loaded: vcruntime140_clr0400.dll
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeSection loaded: urlmon.dll
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeSection loaded: iertutil.dll
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeSection loaded: srvcli.dll
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeSection loaded: netutils.dll
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeSection loaded: uxtheme.dll
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeSection loaded: windows.storage.dll
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeSection loaded: wldp.dll
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeSection loaded: profapi.dll
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeSection loaded: cryptsp.dll
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeSection loaded: rsaenh.dll
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeSection loaded: cryptbase.dll
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeSection loaded: rasapi32.dll
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeSection loaded: rasman.dll
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeSection loaded: rtutils.dll
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeSection loaded: mswsock.dll
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeSection loaded: winhttp.dll
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeSection loaded: ondemandconnroutehelper.dll
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeSection loaded: iphlpapi.dll
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeSection loaded: dhcpcsvc6.dll
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeSection loaded: dhcpcsvc.dll
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeSection loaded: dnsapi.dll
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeSection loaded: winnsi.dll
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeSection loaded: rasadhlp.dll
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeSection loaded: fwpuclnt.dll
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeSection loaded: propsys.dll
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeSection loaded: edputil.dll
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeSection loaded: windows.staterepositoryps.dll
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeSection loaded: sspicli.dll
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeSection loaded: wintypes.dll
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeSection loaded: appresolver.dll
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeSection loaded: bcp47langs.dll
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeSection loaded: slc.dll
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeSection loaded: userenv.dll
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeSection loaded: sppc.dll
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeSection loaded: onecorecommonproxystub.dll
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeSection loaded: onecoreuapcommonproxystub.dll
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeSection loaded: apphelp.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: mscoree.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: kernel.appcore.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: version.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: vcruntime140_clr0400.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: uxtheme.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: cryptsp.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: rsaenh.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: cryptbase.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: dwrite.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: msvcp140_clr0400.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: windows.storage.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: wldp.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: profapi.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: rstrtmgr.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: msimg32.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: oleacc.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: winmm.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: ncrypt.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: ntasn1.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: urlmon.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: iertutil.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: srvcli.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: netutils.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: msasn1.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: wbemcomn.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: amsi.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: userenv.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: rasapi32.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: rasman.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: rtutils.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: mswsock.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: winhttp.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: ondemandconnroutehelper.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: iphlpapi.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: dhcpcsvc6.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: dhcpcsvc.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: dnsapi.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: winnsi.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: rasadhlp.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: fwpuclnt.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: ntmarta.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: secur32.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: sspicli.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: schannel.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: mskeyprotect.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: ncryptsslp.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: gpapi.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: dwmapi.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: propsys.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: d3d9.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: d3d10warp.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: wtsapi32.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: winsta.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: powrprof.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: umpdc.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: dataexchange.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: d3d11.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: dcomp.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: dxgi.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: twinapi.appcore.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: resourcepolicyclient.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: dxcore.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: textinputframework.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: coreuicomponents.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: coremessaging.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: wintypes.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: wintypes.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: wintypes.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: msctfui.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: uiautomationcore.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: d3dcompiler_47.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: windowscodecs.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: riched20.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: usp10.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: msls31.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: textshaping.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: thumbcache.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: policymanager.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: msvcp110_win.dll
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeSection loaded: mscoree.dll
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeSection loaded: kernel.appcore.dll
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeSection loaded: version.dll
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeSection loaded: vcruntime140_clr0400.dll
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeSection loaded: ucrtbase_clr0400.dll
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeSection loaded: textshaping.dll
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeSection loaded: uxtheme.dll
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeSection loaded: textinputframework.dll
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeSection loaded: coreuicomponents.dll
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeSection loaded: coremessaging.dll
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeSection loaded: ntmarta.dll
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeSection loaded: coremessaging.dll
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeSection loaded: wintypes.dll
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeSection loaded: wintypes.dll
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeSection loaded: wintypes.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: esent.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: mi.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: webio.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: es.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: webio.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: asycfilt.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: dpapi.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: newdev.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: devobj.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: devrtl.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: firewallapi.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: fwbase.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: fwpolicyiomgr.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: sxs.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: linkinfo.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: ntshrui.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: cscapi.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: edputil.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: windows.staterepositoryps.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: appresolver.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: bcp47langs.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: slc.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: sppc.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: onecorecommonproxystub.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: onecoreuapcommonproxystub.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeSection loaded: apphelp.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: moshost.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: mapsbtsvc.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: mosstorage.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: ztrace_maps.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: ztrace_maps.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: ztrace_maps.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: bcp47langs.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: mapconfiguration.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: storsvc.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: devobj.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: fltlib.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: bcd.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: wer.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: cabinet.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: storageusage.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: usosvc.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: updatepolicy.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: cabinet.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: taskschd.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: upshared.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: usocoreps.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: usoapi.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: aphostservice.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: networkhelper.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: userdataplatformhelperutil.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: syncutil.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: mccspal.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: vaultcli.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: dmcfgutils.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: wintypes.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: dmcmnutils.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: dmxmlhelputils.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: inproclogger.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: windows.networking.connectivity.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: synccontroller.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: pimstore.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: aphostclient.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: accountaccessor.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: dsclient.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: systemeventsbrokerclient.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: userdatalanguageutil.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: mccsengineshared.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: pimstore.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: cemapi.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: userdatatypehelperutil.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: phoneutil.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dll
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeSection loaded: winhttp.dll
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeSection loaded: msasn1.dll
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeSection loaded: cryptbase.dll
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeSection loaded: iphlpapi.dll
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeSection loaded: devrtl.dll
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeSection loaded: spinf.dll
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeSection loaded: drvstore.dll
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeSection loaded: devobj.dll
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeSection loaded: cryptsp.dll
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeSection loaded: rsaenh.dll
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeSection loaded: gpapi.dll
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeSection loaded: kernel.appcore.dll
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeSection loaded: windows.storage.dll
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeSection loaded: wldp.dll
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeSection loaded: profapi.dll
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeSection loaded: ntmarta.dll
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeSection loaded: newdev.dll
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeSection loaded: cabinet.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: umpnpmgr.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
    Source: C:\Windows\System32\svchost.exeSection loaded: devrtl.dll
    Source: C:\Windows\System32\drvinst.exeSection loaded: ntmarta.dll
    Source: C:\Windows\System32\drvinst.exeSection loaded: devrtl.dll
    Source: C:\Windows\System32\drvinst.exeSection loaded: drvstore.dll
    Source: C:\Windows\System32\drvinst.exeSection loaded: cabinet.dll
    Source: C:\Windows\System32\drvinst.exeSection loaded: msasn1.dll
    Source: C:\Windows\System32\drvinst.exeSection loaded: cryptsp.dll
    Source: C:\Windows\System32\drvinst.exeSection loaded: rsaenh.dll
    Source: C:\Windows\System32\drvinst.exeSection loaded: cryptbase.dll
    Source: C:\Windows\System32\drvinst.exeSection loaded: gpapi.dll
    Source: C:\Windows\System32\drvinst.exeSection loaded: ntmarta.dll
    Source: C:\Windows\System32\drvinst.exeSection loaded: devrtl.dll
    Source: C:\Windows\System32\drvinst.exeSection loaded: drvstore.dll
    Source: C:\Windows\System32\drvinst.exeSection loaded: devobj.dll
    Source: C:\Windows\System32\drvinst.exeSection loaded: cabinet.dll
    Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: mpclient.dll
    Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: secur32.dll
    Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: sspicli.dll
    Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: version.dll
    Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: msasn1.dll
    Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: kernel.appcore.dll
    Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: userenv.dll
    Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: gpapi.dll
    Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: wbemcomn.dll
    Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: amsi.dll
    Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: profapi.dll
    Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: wscapi.dll
    Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: urlmon.dll
    Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: iertutil.dll
    Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: srvcli.dll
    Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: netutils.dll
    Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: slc.dll
    Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: sppc.dll
    Source: C:\Windows\System32\drvinst.exeSection loaded: ntmarta.dll
    Source: C:\Windows\System32\drvinst.exeSection loaded: devrtl.dll
    Source: C:\Windows\System32\drvinst.exeSection loaded: drvstore.dll
    Source: C:\Windows\System32\drvinst.exeSection loaded: cabinet.dll
    Source: C:\Windows\System32\drvinst.exeSection loaded: msasn1.dll
    Source: C:\Windows\System32\drvinst.exeSection loaded: cryptsp.dll
    Source: C:\Windows\System32\drvinst.exeSection loaded: rsaenh.dll
    Source: C:\Windows\System32\drvinst.exeSection loaded: cryptbase.dll
    Source: C:\Windows\System32\drvinst.exeSection loaded: gpapi.dll
    Source: C:\Windows\System32\drvinst.exeSection loaded: ntmarta.dll
    Source: C:\Windows\System32\drvinst.exeSection loaded: devrtl.dll
    Source: C:\Windows\System32\drvinst.exeSection loaded: drvstore.dll
    Source: C:\Windows\System32\drvinst.exeSection loaded: devobj.dll
    Source: C:\Windows\System32\drvinst.exeSection loaded: cabinet.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: apphelp.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: aclayers.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mpr.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc_os.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: uxtheme.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: urlmon.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: iertutil.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: srvcli.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: netutils.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: apphelp.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: aclayers.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mpr.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc_os.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: uxtheme.dll
    Source: C:\Windows\System32\regsvr32.exeSection loaded: apphelp.dll
    Source: C:\Windows\System32\regsvr32.exeSection loaded: aclayers.dll
    Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc.dll
    Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc_os.dll
    Source: C:\Windows\System32\regsvr32.exeSection loaded: kernel.appcore.dll
    Source: C:\Windows\System32\regsvr32.exeSection loaded: uxtheme.dll
    Source: C:\Windows\System32\regsvr32.exeSection loaded: urlmon.dll
    Source: C:\Windows\System32\regsvr32.exeSection loaded: iertutil.dll
    Source: C:\Windows\System32\regsvr32.exeSection loaded: srvcli.dll
    Source: C:\Windows\System32\regsvr32.exeSection loaded: netutils.dll
    Source: C:\Windows\System32\regsvr32.exeSection loaded: windows.storage.dll
    Source: C:\Windows\System32\regsvr32.exeSection loaded: wldp.dll
    Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exeSection loaded: urlmon.dll
    Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exeSection loaded: mpr.dll
    Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exeSection loaded: iertutil.dll
    Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exeSection loaded: srvcli.dll
    Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exeSection loaded: netutils.dll
    Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exeSection loaded: kernel.appcore.dll
    Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exeSection loaded: uxtheme.dll
    Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exeSection loaded: engine.dll
    Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exeSection loaded: sptdintf.dll
    Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exeSection loaded: windows.storage.dll
    Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exeSection loaded: wldp.dll
    Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exeSection loaded: profapi.dll
    Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exeSection loaded: ntmarta.dll
    Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exeSection loaded: msasn1.dll
    Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exeSection loaded: wbemcomn.dll
    Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exeSection loaded: amsi.dll
    Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exeSection loaded: userenv.dll
    Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exeSection loaded: sxs.dll
    Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exeSection loaded: winhttp.dll
    Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exeSection loaded: ondemandconnroutehelper.dll
    Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exeSection loaded: webio.dll
    Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exeSection loaded: mswsock.dll
    Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exeSection loaded: iphlpapi.dll
    Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exeSection loaded: winnsi.dll
    Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exeSection loaded: sspicli.dll
    Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exeSection loaded: dnsapi.dll
    Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exeSection loaded: rasadhlp.dll
    Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exeSection loaded: fwpuclnt.dll
    Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exeSection loaded: schannel.dll
    Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exeSection loaded: mskeyprotect.dll
    Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exeSection loaded: ntasn1.dll
    Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exeSection loaded: ncrypt.dll
    Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exeSection loaded: ncryptsslp.dll
    Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exeSection loaded: cryptsp.dll
    Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exeSection loaded: rsaenh.dll
    Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exeSection loaded: cryptbase.dll
    Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exeSection loaded: gpapi.dll
    Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exeSection loaded: dpapi.dll
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeSection loaded: winhttp.dll
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeSection loaded: msasn1.dll
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeSection loaded: cryptbase.dll
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeSection loaded: iphlpapi.dll
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeSection loaded: devrtl.dll
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeSection loaded: spinf.dll
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeSection loaded: drvstore.dll
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeSection loaded: devobj.dll
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeSection loaded: cryptsp.dll
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeSection loaded: rsaenh.dll
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeSection loaded: gpapi.dll
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeSection loaded: cryptnet.dll
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeSection loaded: profapi.dll
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeSection loaded: winnsi.dll
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeSection loaded: ondemandconnroutehelper.dll
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeSection loaded: mswsock.dll
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeSection loaded: dhcpcsvc6.dll
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeSection loaded: dhcpcsvc.dll
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeSection loaded: webio.dll
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeSection loaded: sspicli.dll
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeSection loaded: dnsapi.dll
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeSection loaded: rasadhlp.dll
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeSection loaded: fwpuclnt.dll
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeSection loaded: ondemandconnroutehelper.dll
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeSection loaded: ondemandconnroutehelper.dll
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeSection loaded: ondemandconnroutehelper.dll
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeSection loaded: ondemandconnroutehelper.dll
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeSection loaded: kernel.appcore.dll
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeSection loaded: windows.storage.dll
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeSection loaded: wldp.dll
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeSection loaded: wbemcomn.dll
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeSection loaded: amsi.dll
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeSection loaded: userenv.dll
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeSection loaded: napinsp.dll
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeSection loaded: pnrpnsp.dll
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeSection loaded: wshbth.dll
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeSection loaded: nlaapi.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile written: C:\ProgramData\Disc-Soft\DAEMON Tools Lite\settings.ini
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\Plugins
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\DTLite.exe.config
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\GenCSS.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\GenDisc.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\GenDPM.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\GenSub.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\SafeDisc.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\Tages.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\DiscSoft.NET.Common.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\DotNetCommon.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\DTAgent.exe
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\DTCommonRes.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\DTHelper.exe
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\DTLite.exe
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\DTLiteHelper.exe
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\DTShl64.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\Engine.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\imgengine.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\QuickConverter.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\sptdintf.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\ToastNotificationControl.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\VDriveLib.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\VirtualizingWrapPanel.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\DTShl.propdesc
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\Profiles.ini
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\DTShl32.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\Extractor.exe
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\uninst.exe
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\lang
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\lang\ARA.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\lang\CHS.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\lang\CSY.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\lang\DEU.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\lang\ENU.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\lang\ESN.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\lang\FIN.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\lang\FRA.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\lang\HEB.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\lang\HUN.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\lang\HYE.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\lang\ITA.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\lang\JPN.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\lang\KOR.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\lang\LVI.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\lang\PLK.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\lang\PTB.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\lang\PTP.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\lang\RUS.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\lang\TRK.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\lang\UKR.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\inst
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\inst\setuphlp.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\inst\sptdintf.dll
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDirectory created: C:\Program Files\DAEMON Tools Lite\SPTDinst-x64.exe
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeDirectory created: C:\Program Files\DAEMON Tools Lite\dtlitescsibus.sys
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeDirectory created: C:\Program Files\DAEMON Tools Lite\dtlitescsibus.inf
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeDirectory created: C:\Program Files\DAEMON Tools Lite\dtlitescsibus.cat
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeDirectory created: C:\Program Files\DAEMON Tools Lite\dtliteusbbus.sys
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeDirectory created: C:\Program Files\DAEMON Tools Lite\dtliteusbbus.inf
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeDirectory created: C:\Program Files\DAEMON Tools Lite\dtliteusbbus.cat
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DAEMON Tools Lite
    Source: DTLite1200-2126.exeStatic PE information: certificate valid
    Source: DTLite1200-2126.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
    Source: DTLite1200-2126.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
    Source: DTLite1200-2126.exeStatic file information: File size 49105232 > 1048576
    Source: DTLite1200-2126.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x2eb4800
    Source: DTLite1200-2126.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
    Source: DTLite1200-2126.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: DTLite1200-2126.exeStatic PE information: 0xE8495B15 [Mon Jun 29 13:45:57 2093 UTC]
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files\DAEMON Tools Lite\dtshl32.dll"

    Persistence and Installation Behavior

    barindex
    Creates files in the system32 config directory
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E7EC0C85688F4738F3BE49B104BA67
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E7EC0C85688F4738F3BE49B104BA67
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3B179347615B32FE859CEABBE50C3EE6_26B6C6D99327AD2BC8D8227F7F6CAF3E
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3B179347615B32FE859CEABBE50C3EE6_26B6C6D99327AD2BC8D8227F7F6CAF3E
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0968A1E3A40D2582E7FD463BAEB59CD
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0968A1E3A40D2582E7FD463BAEB59CD
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_E6095CD2AECC9011BCD0D7B421356B17
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D7833C286363AD25C70511661A83D581_3557B2296D2E2C94AED9D1D96EBF2B6E
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_E6095CD2AECC9011BCD0D7B421356B17
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D7833C286363AD25C70511661A83D581_3557B2296D2E2C94AED9D1D96EBF2B6E
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3538626A1FCCCA43C7E18F220BDD9B02
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3538626A1FCCCA43C7E18F220BDD9B02
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9E6286BA49003BA567AB6681F1333DB4
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9E6286BA49003BA567AB6681F1333DB4
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile created: C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\SafeDisc.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile created: C:\Program Files\DAEMON Tools Lite\DotNetCommon.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile created: C:\Program Files\DAEMON Tools Lite\uninst.exeJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile created: C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\GenDPM.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\DTInstallerResources\PTP.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\DTInstallerResources\FIN.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile created: C:\Program Files\DAEMON Tools Lite\ToastNotificationControl.dllJump to dropped file
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeFile created: C:\Program Files\DAEMON Tools Lite\dtlitescsibus.sysJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile created: C:\Program Files\DAEMON Tools Lite\VDriveLib.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\DTInstallerResources\UKR.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\DTInstallerResources\CSY.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\DTInstallerResources\KOR.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile created: C:\Program Files\DAEMON Tools Lite\DTCommonRes.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile created: C:\Program Files\DAEMON Tools Lite\DTShl64.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\DTInstallerResources\FRA.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile created: C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exeJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile created: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exeJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\DTInstallerResources\RUS.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile created: C:\Program Files\DAEMON Tools Lite\VirtualizingWrapPanel.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile created: C:\Program Files\DAEMON Tools Lite\sptdintf.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile created: C:\Program Files\DAEMON Tools Lite\DTShellHlp.exeJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\DTInstallerResources\setuphlp.dllJump to dropped file
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeFile created: C:\Program Files\DAEMON Tools Lite\dtliteusbbus.sysJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\DTInstallerResources\ITA.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\DTInstallerResources\LVI.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile created: C:\Program Files\DAEMON Tools Lite\DTAgent.exeJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile created: C:\Program Files\DAEMON Tools Lite\Engine.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\DTInstallerResources\DEU.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\DTInstallerResources\BouncyCastle.Crypto.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\DTInstallerResources\ESN.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile created: C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\Tages.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\DTInstallerResources\JPN.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile created: C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\GenDisc.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile created: C:\Program Files\DAEMON Tools Lite\Extractor.exeJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile created: C:\Program Files\DAEMON Tools Lite\DTHelper.exeJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\DTInstallerResources\CHS.dllJump to dropped file
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeFile created: C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1574-0\System.Data.Entity.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\DTInstallerResources\HYE.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\BrightVPNResources\setup.exeJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\DTInstallerResources\TRK.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\DTInstallerResources\DotSetupSDK.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile created: C:\Program Files\DAEMON Tools Lite\imgengine.dllJump to dropped file
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeFile created: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\DTInstallerResources\PTB.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile created: C:\Program Files\DAEMON Tools Lite\DTShl32.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\DTInstallerResources\7z.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\DTInstallerResources\HEB.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile created: C:\Program Files\DAEMON Tools Lite\SPTDinst-x64.exeJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile created: C:\Program Files\DAEMON Tools Lite\DTLite.exeJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\DTInstallerResources\HUN.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\DTInstallerResources\sptdintf.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\DTInstallerResources\ARA.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile created: C:\Program Files\DAEMON Tools Lite\DTLiteHelper.exeJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\DTInstallerResources\ENU.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile created: C:\Program Files\DAEMON Tools Lite\QuickConverter.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile created: C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\GenSub.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\DTInstallerResources\PLK.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile created: C:\Program Files\DAEMON Tools Lite\DiscSoft.NET.Common.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile created: C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\GenCSS.dllJump to dropped file
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeFile created: C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1574-0\System.Data.Entity.dllJump to dropped file

    Boot Survival

    barindex
    Creates an undocumented autostart registry key
    Source: C:\Windows\SysWOW64\regsvr32.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\DaemonShellExtImageLite NULL
    Source: C:\Windows\SysWOW64\regsvr32.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\DaemonShellExtImageLite NULL
    Source: C:\Windows\System32\regsvr32.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\DaemonShellExtImageLite NULL
    Source: C:\Windows\System32\regsvr32.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\DaemonShellExtImageLite NULL
    Source: C:\Windows\System32\drvinst.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dtlitescsibus
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DAEMON Tools Lite Automount
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DAEMON Tools Lite Automount
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeKey value created or modified: HKEY_USERS.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates\D89E3BD43D5D909B47A18977AA9D5CE36CEE184C Blob
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\drvinst.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeProcess information set: NOOPENFILEERRORBOX

    Malware Analysis System Evasion

    barindex
    Queries sensitive service information (via WMI, MSSMBios_RawSMBiosTables, often done to detect sandboxes)
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\WMI : MSSMBios_RawSMBiosTables
    Tries to detect virtualization through RDTSC time measurements
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeRDTSC instruction interceptor: First address: 6AB5892A second address: 6AB58940 instructions: 0x00000000 rdtsc 0x00000002 xchg al, cl 0x00000004 mov edx, dword ptr [6AA85934h] 0x0000000a lahf 0x0000000b mov al, bh 0x0000000d mov dword ptr [ebp-00000124h], edx 0x00000013 setp cl 0x00000016 rdtsc
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeRDTSC instruction interceptor: First address: 6AB58940 second address: 6ABA06BB instructions: 0x00000000 rdtsc 0x00000002 mov eax, dword ptr [6AA85938h] 0x00000007 mov cx, cx 0x0000000a xchg ch, cl 0x0000000c jmp 00007F2B6950A77Fh 0x00000011 mov dword ptr [ebp-00000120h], eax 0x00000017 cmovne eax, esp 0x0000001a mov ecx, dword ptr [6AA8593Ch] 0x00000020 movsx ax, ah 0x00000024 cwde 0x00000025 mov dword ptr [ebp-0000011Ch], ecx 0x0000002b jmp 00007F2B694FE2E9h 0x00000030 mov dword ptr [ebp-00000118h], 00000002h 0x0000003a not dh 0x0000003c lea edx, dword ptr [ebp-0000012Ch] 0x00000042 cbw 0x00000044 jmp 00007F2B69542A23h 0x00000049 push edx 0x0000004a setne ah 0x0000004d not dl 0x0000004f rdtsc
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeRDTSC instruction interceptor: First address: 6AB66E35 second address: 6AB66E4D instructions: 0x00000000 rdtsc 0x00000002 neg ax 0x00000005 popfd 0x00000006 movsx esi, si 0x00000009 mov ecx, 11E344FBh 0x0000000e pop ebx 0x0000000f pop ecx 0x00000010 mov dl, 0Ah 0x00000012 pop edi 0x00000013 pop ebp 0x00000014 cmovbe dx, si 0x00000018 rdtsc
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeRDTSC instruction interceptor: First address: 6AB8BEC4 second address: 6AB8BED1 instructions: 0x00000000 rdtsc 0x00000002 cbw 0x00000004 movsx esi, dx 0x00000007 pop ebx 0x00000008 mov esi, 69CB75D0h 0x0000000d rdtsc
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeRDTSC instruction interceptor: First address: 6AB8BED1 second address: 6AB8BEE1 instructions: 0x00000000 rdtsc 0x00000002 not dx 0x00000005 pop ecx 0x00000006 xchg dx, bp 0x00000009 movzx edi, bx 0x0000000c pop edi 0x0000000d xchg eax, edx 0x0000000e pop ebp 0x0000000f cwde 0x00000010 rdtsc
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeRDTSC instruction interceptor: First address: 6AB58940 second address: 6ABA06BB instructions: 0x00000000 rdtsc 0x00000002 mov eax, dword ptr [6AA85938h] 0x00000007 mov cx, cx 0x0000000a xchg ch, cl 0x0000000c jmp 00007F2B686BB99Fh 0x00000011 mov dword ptr [ebp-00000120h], eax 0x00000017 cmovne eax, esp 0x0000001a mov ecx, dword ptr [6AA8593Ch] 0x00000020 movsx ax, ah 0x00000024 cwde 0x00000025 mov dword ptr [ebp-0000011Ch], ecx 0x0000002b jmp 00007F2B686AF509h 0x00000030 mov dword ptr [ebp-00000118h], 00000002h 0x0000003a not dh 0x0000003c lea edx, dword ptr [ebp-0000012Ch] 0x00000042 cbw 0x00000044 jmp 00007F2B686F3C43h 0x00000049 push edx 0x0000004a setne ah 0x0000004d not dl 0x0000004f rdtsc
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeRDTSC instruction interceptor: First address: 6AB29F07 second address: 6AB29F1B instructions: 0x00000000 rdtsc 0x00000002 push 00000010h 0x00000004 lahf 0x00000005 cbw 0x00000007 mov cx, bp 0x0000000a lea eax, dword ptr [ebp-20h] 0x0000000d mov dl, dl 0x0000000f cdq 0x00000010 movzx edx, bx 0x00000013 push eax 0x00000014 rdtsc
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeRDTSC instruction interceptor: First address: 6AB29F1B second address: 6AB29F29 instructions: 0x00000000 rdtsc 0x00000002 setbe ch 0x00000005 push 00000012h 0x00000007 xchg dh, dh 0x00000009 cwde 0x0000000a mov ecx, dword ptr [ebp-80h] 0x0000000d lahf 0x0000000e rdtsc
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeRDTSC instruction interceptor: First address: 6AB83164 second address: 6AB82F85 instructions: 0x00000000 rdtsc 0x00000002 movzx eax, byte ptr [ebp-0Dh] 0x00000006 movsx ecx, bx 0x00000009 push eax 0x0000000a cdq 0x0000000b mov eax, eax 0x0000000d movsx ax, dh 0x00000011 push 0000003Bh 0x00000013 bswap ax 0x00000016 movzx eax, si 0x00000019 mov ecx, dword ptr [ebp-40h] 0x0000001c mov edx, dword ptr [ecx] 0x0000001e mov ecx, dword ptr [ebp-40h] 0x00000021 bswap eax 0x00000023 movzx eax, di 0x00000026 not ah 0x00000028 mov eax, dword ptr [edx+1Ch] 0x0000002b jmp 00007F2B686A2609h 0x00000030 call eax 0x00000032 jmp 00007F2B689E2049h 0x00000037 push ebp 0x00000038 cwd 0x0000003a mov ebp, esp 0x0000003c movzx dx, ch 0x00000040 push ecx 0x00000041 cbw 0x00000043 mov dword ptr [ebp-04h], ecx 0x00000046 lahf 0x00000047 bswap eax 0x00000049 push 00000001h 0x0000004b lea eax, dword ptr [ebp+0Ch] 0x0000004e push eax 0x0000004f movsx dx, al 0x00000053 rdtsc
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeRDTSC instruction interceptor: First address: 6AB58940 second address: 6ABA06BB instructions: 0x00000000 rdtsc 0x00000002 mov eax, dword ptr [6AA85938h] 0x00000007 mov cx, cx 0x0000000a xchg ch, cl 0x0000000c jmp 00007F2B686BDD5Fh 0x00000011 mov dword ptr [ebp-00000120h], eax 0x00000017 cmovne eax, esp 0x0000001a mov ecx, dword ptr [6AA8593Ch] 0x00000020 movsx ax, ah 0x00000024 cwde 0x00000025 mov dword ptr [ebp-0000011Ch], ecx 0x0000002b jmp 00007F2B686B18C9h 0x00000030 mov dword ptr [ebp-00000118h], 00000002h 0x0000003a not dh 0x0000003c lea edx, dword ptr [ebp-0000012Ch] 0x00000042 cbw 0x00000044 jmp 00007F2B686F6003h 0x00000049 push edx 0x0000004a setne ah 0x0000004d not dl 0x0000004f rdtsc
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeRDTSC instruction interceptor: First address: 6AB83164 second address: 6AB82F85 instructions: 0x00000000 rdtsc 0x00000002 movzx eax, byte ptr [ebp-0Dh] 0x00000006 movsx ecx, bx 0x00000009 push eax 0x0000000a cdq 0x0000000b mov eax, eax 0x0000000d movsx ax, dh 0x00000011 push 0000003Bh 0x00000013 bswap ax 0x00000016 movzx eax, si 0x00000019 mov ecx, dword ptr [ebp-40h] 0x0000001c mov edx, dword ptr [ecx] 0x0000001e mov ecx, dword ptr [ebp-40h] 0x00000021 bswap eax 0x00000023 movzx eax, di 0x00000026 not ah 0x00000028 mov eax, dword ptr [edx+1Ch] 0x0000002b jmp 00007F2B686A49C9h 0x00000030 call eax 0x00000032 jmp 00007F2B689E4409h 0x00000037 push ebp 0x00000038 cwd 0x0000003a mov ebp, esp 0x0000003c movzx dx, ch 0x00000040 push ecx 0x00000041 cbw 0x00000043 mov dword ptr [ebp-04h], ecx 0x00000046 lahf 0x00000047 bswap eax 0x00000049 push 00000001h 0x0000004b lea eax, dword ptr [ebp+0Ch] 0x0000004e push eax 0x0000004f movsx dx, al 0x00000053 rdtsc
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeRDTSC instruction interceptor: First address: 7FF772A89669 second address: 7FF772A896C3 instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 mov eax, dword ptr [esp+38h] 0x00000007 rcr si, 006Dh 0x0000000b inc eax 0x0000000c and dh, 00000037h 0x0000000f or di, 7304h 0x00000014 mov ecx, dword ptr [esp+000001B8h] 0x0000001b sar si, 0035h 0x0000001f mov dword ptr [eax], ecx 0x00000021 adc dx, 40E2h 0x00000026 dec eax 0x00000027 cmp esp, eax 0x00000029 dec eax 0x0000002a mov eax, dword ptr [esp+38h] 0x0000002e stc 0x0000002f bt si, FF81h 0x00000034 dec eax 0x00000035 sub edi, 13141010h 0x0000003b dec eax 0x0000003c add eax, 04h 0x0000003f dec eax 0x00000040 mov edi, eax 0x00000042 dec eax 0x00000043 cmove esi, esi 0x00000046 dec eax 0x00000047 mov esi, dword ptr [esp+48h] 0x0000004b dec eax 0x0000004c mov ecx, dword ptr [esp+58h] 0x00000050 rep movsb 0x00000052 rep movsb 0x00000054 rep movsb 0x00000056 rep movsb 0x00000058 rep movsb 0x0000005a rep movsb 0x0000005c rep movsb 0x0000005e rep movsb 0x00000060 rep movsb 0x00000062 rep movsb 0x00000064 rep movsb 0x00000066 rep movsb 0x00000068 rep movsb 0x0000006a rep movsb 0x0000006c rep movsb 0x0000006e rep movsb 0x00000070 rep movsb 0x00000072 rep movsb 0x00000074 rep movsb 0x00000076 rep movsb 0x00000078 rep movsb 0x0000007a rep movsb 0x0000007c rep movsb 0x0000007e rep movsb 0x00000080 rep movsb 0x00000082 rep movsb 0x00000084 rep movsb 0x00000086 rep movsb 0x00000088 mov di, sp 0x0000008b inc cx 0x0000008d movsx eax, cl 0x00000090 rdtsc
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeRDTSC instruction interceptor: First address: 6AB58940 second address: 6ABA06BB instructions: 0x00000000 rdtsc 0x00000002 mov eax, dword ptr [6AA85938h] 0x00000007 mov cx, cx 0x0000000a xchg ch, cl 0x0000000c jmp 00007F2B692BBEAFh 0x00000011 mov dword ptr [ebp-00000120h], eax 0x00000017 cmovne eax, esp 0x0000001a mov ecx, dword ptr [6AA8593Ch] 0x00000020 movsx ax, ah 0x00000024 cwde 0x00000025 mov dword ptr [ebp-0000011Ch], ecx 0x0000002b jmp 00007F2B692AFA19h 0x00000030 mov dword ptr [ebp-00000118h], 00000002h 0x0000003a not dh 0x0000003c lea edx, dword ptr [ebp-0000012Ch] 0x00000042 cbw 0x00000044 jmp 00007F2B692F4153h 0x00000049 push edx 0x0000004a setne ah 0x0000004d not dl 0x0000004f rdtsc
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeRDTSC instruction interceptor: First address: 6AB83164 second address: 6AB82F85 instructions: 0x00000000 rdtsc 0x00000002 movzx eax, byte ptr [ebp-0Dh] 0x00000006 movsx ecx, bx 0x00000009 push eax 0x0000000a cdq 0x0000000b mov eax, eax 0x0000000d movsx ax, dh 0x00000011 push 0000003Bh 0x00000013 bswap ax 0x00000016 movzx eax, si 0x00000019 mov ecx, dword ptr [ebp-40h] 0x0000001c mov edx, dword ptr [ecx] 0x0000001e mov ecx, dword ptr [ebp-40h] 0x00000021 bswap eax 0x00000023 movzx eax, di 0x00000026 not ah 0x00000028 mov eax, dword ptr [edx+1Ch] 0x0000002b jmp 00007F2B692A2B19h 0x00000030 call eax 0x00000032 jmp 00007F2B695E2559h 0x00000037 push ebp 0x00000038 cwd 0x0000003a mov ebp, esp 0x0000003c movzx dx, ch 0x00000040 push ecx 0x00000041 cbw 0x00000043 mov dword ptr [ebp-04h], ecx 0x00000046 lahf 0x00000047 bswap eax 0x00000049 push 00000001h 0x0000004b lea eax, dword ptr [ebp+0Ch] 0x0000004e push eax 0x0000004f movsx dx, al 0x00000053 rdtsc
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeRDTSC instruction interceptor: First address: 6AB58940 second address: 6ABA06BB instructions: 0x00000000 rdtsc 0x00000002 mov eax, dword ptr [6AA85938h] 0x00000007 mov cx, cx 0x0000000a xchg ch, cl 0x0000000c jmp 00007F2B695BF7AFh 0x00000011 mov dword ptr [ebp-00000120h], eax 0x00000017 cmovne eax, esp 0x0000001a mov ecx, dword ptr [6AA8593Ch] 0x00000020 movsx ax, ah 0x00000024 cwde 0x00000025 mov dword ptr [ebp-0000011Ch], ecx 0x0000002b jmp 00007F2B695B3319h 0x00000030 mov dword ptr [ebp-00000118h], 00000002h 0x0000003a not dh 0x0000003c lea edx, dword ptr [ebp-0000012Ch] 0x00000042 cbw 0x00000044 jmp 00007F2B695F7A53h 0x00000049 push edx 0x0000004a setne ah 0x0000004d not dl 0x0000004f rdtsc
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeRDTSC instruction interceptor: First address: 6AB83164 second address: 6AB82F85 instructions: 0x00000000 rdtsc 0x00000002 movzx eax, byte ptr [ebp-0Dh] 0x00000006 movsx ecx, bx 0x00000009 push eax 0x0000000a cdq 0x0000000b mov eax, eax 0x0000000d movsx ax, dh 0x00000011 push 0000003Bh 0x00000013 bswap ax 0x00000016 movzx eax, si 0x00000019 mov ecx, dword ptr [ebp-40h] 0x0000001c mov edx, dword ptr [ecx] 0x0000001e mov ecx, dword ptr [ebp-40h] 0x00000021 bswap eax 0x00000023 movzx eax, di 0x00000026 not ah 0x00000028 mov eax, dword ptr [edx+1Ch] 0x0000002b jmp 00007F2B695A6419h 0x00000030 call eax 0x00000032 jmp 00007F2B698E5E59h 0x00000037 push ebp 0x00000038 cwd 0x0000003a mov ebp, esp 0x0000003c movzx dx, ch 0x00000040 push ecx 0x00000041 cbw 0x00000043 mov dword ptr [ebp-04h], ecx 0x00000046 lahf 0x00000047 bswap eax 0x00000049 push 00000001h 0x0000004b lea eax, dword ptr [ebp+0Ch] 0x0000004e push eax 0x0000004f movsx dx, al 0x00000053 rdtsc
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeMemory allocated: 25668880000 memory reserve | memory write watch
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeMemory allocated: 25668AD0000 memory reserve | memory write watch
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeMemory allocated: 39C0000 memory reserve | memory write watch
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeMemory allocated: 5470000 memory reserve | memory write watch
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeMemory allocated: 5320000 memory reserve | memory write watch
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeMemory allocated: 290DC600000 memory reserve | memory write watch
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeMemory allocated: 290F6010000 memory reserve | memory write watch
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeMemory allocated: 12C60000 memory reserve | memory write watch
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeMemory allocated: 11200000 memory reserve | memory write watch
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeMemory allocated: 16410000 memory reserve | memory write watch
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeMemory allocated: 17410000 memory reserve | memory write watch
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeMemory allocated: 17C40000 memory reserve | memory write watch
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeMemory allocated: 13C60000 memory reserve | memory write watch
    Source: C:\Windows\System32\svchost.exeFile opened / queried: SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeThread delayed: delay time: 922337203685477
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeThread delayed: delay time: 922337203685477
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeThread delayed: delay time: 600000
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeThread delayed: delay time: 599890
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeThread delayed: delay time: 599779
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeThread delayed: delay time: 599667
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeThread delayed: delay time: 599555
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeThread delayed: delay time: 599443
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeThread delayed: delay time: 599316
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeThread delayed: delay time: 599190
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeThread delayed: delay time: 599062
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeThread delayed: delay time: 598950
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeThread delayed: delay time: 598838
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeThread delayed: delay time: 598726
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeThread delayed: delay time: 598614
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeThread delayed: delay time: 598486
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeThread delayed: delay time: 597448
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeThread delayed: delay time: 597337
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeThread delayed: delay time: 922337203685477
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWindow / User API: threadDelayed 9123
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeWindow / User API: threadDelayed 607
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDropped PE file which has not been started: C:\Program Files\DAEMON Tools Lite\DotNetCommon.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDropped PE file which has not been started: C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\SafeDisc.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDropped PE file which has not been started: C:\Program Files\DAEMON Tools Lite\uninst.exeJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DTInstallerResources\PTP.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDropped PE file which has not been started: C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\GenDPM.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DTInstallerResources\FIN.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDropped PE file which has not been started: C:\Program Files\DAEMON Tools Lite\ToastNotificationControl.dllJump to dropped file
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeDropped PE file which has not been started: C:\Program Files\DAEMON Tools Lite\dtlitescsibus.sysJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDropped PE file which has not been started: C:\Program Files\DAEMON Tools Lite\VDriveLib.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DTInstallerResources\UKR.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DTInstallerResources\CSY.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DTInstallerResources\KOR.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDropped PE file which has not been started: C:\Program Files\DAEMON Tools Lite\DTShl64.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DTInstallerResources\FRA.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DTInstallerResources\RUS.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDropped PE file which has not been started: C:\Program Files\DAEMON Tools Lite\VirtualizingWrapPanel.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDropped PE file which has not been started: C:\Program Files\DAEMON Tools Lite\sptdintf.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDropped PE file which has not been started: C:\Program Files\DAEMON Tools Lite\DTShellHlp.exeJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DTInstallerResources\setuphlp.dllJump to dropped file
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeDropped PE file which has not been started: C:\Program Files\DAEMON Tools Lite\dtliteusbbus.sysJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DTInstallerResources\ITA.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DTInstallerResources\LVI.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDropped PE file which has not been started: C:\Program Files\DAEMON Tools Lite\DTAgent.exeJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDropped PE file which has not been started: C:\Program Files\DAEMON Tools Lite\Engine.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DTInstallerResources\DEU.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DTInstallerResources\BouncyCastle.Crypto.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DTInstallerResources\ESN.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DTInstallerResources\JPN.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDropped PE file which has not been started: C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\GenDisc.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDropped PE file which has not been started: C:\Program Files\DAEMON Tools Lite\Extractor.exeJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDropped PE file which has not been started: C:\Program Files\DAEMON Tools Lite\DTHelper.exeJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DTInstallerResources\CHS.dllJump to dropped file
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeDropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1574-0\System.Data.Entity.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DTInstallerResources\HYE.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\BrightVPNResources\setup.exeJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DTInstallerResources\TRK.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DTInstallerResources\DotSetupSDK.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDropped PE file which has not been started: C:\Program Files\DAEMON Tools Lite\imgengine.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DTInstallerResources\PTB.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDropped PE file which has not been started: C:\Program Files\DAEMON Tools Lite\DTShl32.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DTInstallerResources\7z.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DTInstallerResources\HEB.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDropped PE file which has not been started: C:\Program Files\DAEMON Tools Lite\SPTDinst-x64.exeJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDropped PE file which has not been started: C:\Program Files\DAEMON Tools Lite\DTLite.exeJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DTInstallerResources\HUN.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DTInstallerResources\sptdintf.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DTInstallerResources\ARA.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDropped PE file which has not been started: C:\Program Files\DAEMON Tools Lite\DTLiteHelper.exeJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DTInstallerResources\ENU.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDropped PE file which has not been started: C:\Program Files\DAEMON Tools Lite\QuickConverter.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDropped PE file which has not been started: C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\GenSub.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DTInstallerResources\PLK.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDropped PE file which has not been started: C:\Program Files\DAEMON Tools Lite\DiscSoft.NET.Common.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeDropped PE file which has not been started: C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\GenCSS.dllJump to dropped file
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeRegistry key enumerated: More than 207 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeRegistry key enumerated: More than 207 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeRegistry key enumerated: More than 207 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeRegistry key enumerated: More than 207 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeRegistry key enumerated: More than 207 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
    Source: C:\Users\user\Desktop\DTLite1200-2126.exe TID: 5768Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe TID: 6376Thread sleep count: 9123 > 30
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe TID: 6376Thread sleep count: 607 > 30
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe TID: 6996Thread sleep time: -11068046444225724s >= -30000s
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe TID: 6996Thread sleep time: -600000s >= -30000s
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe TID: 6996Thread sleep time: -599890s >= -30000s
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe TID: 6996Thread sleep time: -599779s >= -30000s
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe TID: 6996Thread sleep time: -599667s >= -30000s
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe TID: 6996Thread sleep time: -599555s >= -30000s
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe TID: 6996Thread sleep time: -599443s >= -30000s
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe TID: 6996Thread sleep time: -599316s >= -30000s
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe TID: 6996Thread sleep time: -599190s >= -30000s
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe TID: 6996Thread sleep time: -599062s >= -30000s
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe TID: 6996Thread sleep time: -598950s >= -30000s
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe TID: 6996Thread sleep time: -598838s >= -30000s
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe TID: 6996Thread sleep time: -598726s >= -30000s
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe TID: 6996Thread sleep time: -598614s >= -30000s
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe TID: 6996Thread sleep time: -598486s >= -30000s
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe TID: 6996Thread sleep time: -597448s >= -30000s
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe TID: 6996Thread sleep time: -597337s >= -30000s
    Source: C:\Users\user\Desktop\DTLite1200-2126.exe TID: 6896Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Windows\System32\svchost.exe TID: 4884Thread sleep time: -30000s >= -30000s
    Source: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe TID: 2332Thread sleep time: -30000s >= -30000s
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe TID: 3652Thread sleep time: -120000s >= -30000s
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe TID: 5760Thread sleep count: 116 > 30
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe TID: 4152Thread sleep count: 112 > 30
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe TID: 4152Thread sleep count: 201 > 30
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe TID: 5760Thread sleep count: 234 > 30
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe TID: 640Thread sleep time: -922337203685477s >= -30000s
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile opened: PhysicalDrive0
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile Volume queried: C:\ FullSizeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile Volume queried: C:\ FullSizeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeFile Volume queried: C:\ FullSizeInformation
    Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformation
    Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformation
    Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformation
    Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\Windows\System32 FullSizeInformation
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeThread delayed: delay time: 922337203685477
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeThread delayed: delay time: 922337203685477
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeThread delayed: delay time: 600000
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeThread delayed: delay time: 599890
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeThread delayed: delay time: 599779
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeThread delayed: delay time: 599667
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeThread delayed: delay time: 599555
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeThread delayed: delay time: 599443
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeThread delayed: delay time: 599316
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeThread delayed: delay time: 599190
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeThread delayed: delay time: 599062
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeThread delayed: delay time: 598950
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeThread delayed: delay time: 598838
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeThread delayed: delay time: 598726
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeThread delayed: delay time: 598614
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeThread delayed: delay time: 598486
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeThread delayed: delay time: 597448
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeThread delayed: delay time: 597337
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeThread delayed: delay time: 922337203685477
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeThread delayed: delay time: 922337203685477
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess information queried: ProcessInformation
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess token adjusted: Debug
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess token adjusted: Debug
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeMemory allocated: page read and write | page guard
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeProcess created: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe "C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe"
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess created: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe "C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe" /Service
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files\DAEMON Tools Lite\dtshl32.dll"
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files\DAEMON Tools Lite\dtshl64.dll"
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess created: C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe" install "DTLite.exe"
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe" install "DTAgent.exe"
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe" install "DiscSoft.NET.Common.dll"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 21c -InterruptEvent 0 -NGENProcess 204 -Pipe 218 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2ec -InterruptEvent 0 -NGENProcess 2b0 -Pipe 2e8 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2fc -InterruptEvent 0 -NGENProcess 2f0 -Pipe 2f8 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 30c -InterruptEvent 0 -NGENProcess 300 -Pipe 308 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2d0 -InterruptEvent 0 -NGENProcess 310 -Pipe 2cc -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 358 -InterruptEvent 0 -NGENProcess 36c -Pipe 30c -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 39c -InterruptEvent 0 -NGENProcess 374 -Pipe 378 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 368 -InterruptEvent 0 -NGENProcess 390 -Pipe 39c -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 394 -InterruptEvent 0 -NGENProcess 33c -Pipe 358 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 380 -InterruptEvent 0 -NGENProcess 37c -Pipe 394 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3b0 -InterruptEvent 0 -NGENProcess 3a4 -Pipe 3ac -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3b4 -InterruptEvent 0 -NGENProcess 390 -Pipe 3b8 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 38c -InterruptEvent 0 -NGENProcess 3cc -Pipe 3c4 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3b4 -InterruptEvent 0 -NGENProcess 2f8 -Pipe 354 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 328 -InterruptEvent 0 -NGENProcess 3b0 -Pipe 2e4 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f8 -InterruptEvent 0 -NGENProcess 38c -Pipe 3b0 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2c8 -InterruptEvent 0 -NGENProcess 36c -Pipe 2a0 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f0 -InterruptEvent 0 -NGENProcess 3d8 -Pipe 2d0 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3bc -InterruptEvent 0 -NGENProcess 38c -Pipe 398 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 21c -InterruptEvent 0 -NGENProcess 3dc -Pipe 384 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3d0 -InterruptEvent 0 -NGENProcess 3bc -Pipe 29c -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3c8 -InterruptEvent 0 -NGENProcess 3f8 -Pipe 310 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f8 -InterruptEvent 0 -NGENProcess 418 -Pipe 408 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 404 -InterruptEvent 0 -NGENProcess 418 -Pipe 3d8 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 424 -InterruptEvent 0 -NGENProcess 420 -Pipe 41c -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 414 -InterruptEvent 0 -NGENProcess 3ec -Pipe 3f8 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3ec -InterruptEvent 0 -NGENProcess 3e4 -Pipe 414 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 21c -InterruptEvent 0 -NGENProcess 344 -Pipe 3bc -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3e8 -InterruptEvent 0 -NGENProcess 3ec -Pipe 338 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3e4 -InterruptEvent 0 -NGENProcess 404 -Pipe 2f0 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3d0 -InterruptEvent 0 -NGENProcess 424 -Pipe 3c8 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 424 -InterruptEvent 0 -NGENProcess 3cc -Pipe 3d0 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3c0 -InterruptEvent 0 -NGENProcess 304 -Pipe 2a0 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f8 -InterruptEvent 0 -NGENProcess 3a4 -Pipe 3ec -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 340 -InterruptEvent 0 -NGENProcess 36c -Pipe 404 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 424 -InterruptEvent 0 -NGENProcess 36c -Pipe 370 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 36c -InterruptEvent 0 -NGENProcess 40c -Pipe 424 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 360 -InterruptEvent 0 -NGENProcess 3dc -Pipe 3a0 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 418 -InterruptEvent 0 -NGENProcess 3e4 -Pipe 3f0 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 304 -InterruptEvent 0 -NGENProcess 328 -Pipe 40c -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3d4 -InterruptEvent 0 -NGENProcess 2b0 -Pipe 36c -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3f4 -InterruptEvent 0 -NGENProcess 410 -Pipe 424 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3c0 -InterruptEvent 0 -NGENProcess 418 -Pipe 3e4 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 388 -InterruptEvent 0 -NGENProcess 3d4 -Pipe 390 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 21c -InterruptEvent 0 -NGENProcess 3e8 -Pipe 364 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 374 -InterruptEvent 0 -NGENProcess 428 -Pipe 3e8 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3a8 -InterruptEvent 0 -NGENProcess 21c -Pipe 2ec -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 348 -InterruptEvent 0 -NGENProcess 388 -Pipe 340 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3e0 -InterruptEvent 0 -NGENProcess 434 -Pipe 428 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3cc -InterruptEvent 0 -NGENProcess 348 -Pipe 430 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 440 -InterruptEvent 0 -NGENProcess 448 -Pipe 2b0 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 418 -InterruptEvent 0 -NGENProcess 3d4 -Pipe 3c0 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 30c -InterruptEvent 0 -NGENProcess 300 -Pipe 308 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 43c -InterruptEvent 0 -NGENProcess 3d4 -Pipe 21c -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 450 -InterruptEvent 0 -NGENProcess 434 -Pipe 44c -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 454 -InterruptEvent 0 -NGENProcess 42c -Pipe 390 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 458 -InterruptEvent 0 -NGENProcess 374 -Pipe 3cc -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 458 -InterruptEvent 0 -NGENProcess 434 -Pipe 364 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 3a8 -InterruptEvent 0 -NGENProcess 444 -Pipe 3e0 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 45c -InterruptEvent 0 -NGENProcess 464 -Pipe 478 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 460 -InterruptEvent 0 -NGENProcess 33c -Pipe 47c -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 470 -InterruptEvent 0 -NGENProcess 494 -Pipe 3a8 -Comment "NGen Worker Process"
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 42c -InterruptEvent 0 -NGENProcess 488 -Pipe 480 -Comment "NGen Worker Process"
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeQueries volume information: C:\Users\user\Desktop\DTLite1200-2126.exe VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Users\user\AppData\Local\Temp\DTInstallerResources\DotSetupSDK.dll VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Users\user\AppData\Local\Temp\DTInstallerResources\BouncyCastle.Crypto.dll VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXmlLinq\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXmlLinq.dll VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemCore\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemCore.dll VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeQueries volume information: C:\Users\user\Desktop\DTLite1200-2126.exe VolumeInformation
    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Windows\System32\svchost.exeQueries volume information: C: VolumeInformation
    Source: C:\Windows\System32\svchost.exeQueries volume information: C: VolumeInformation
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeQueries volume information: C:\Program Files\DAEMON Tools Lite\dtlitescsibus.cat VolumeInformation
    Source: C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exeQueries volume information: C:\Program Files\DAEMON Tools Lite\dtliteusbbus.cat VolumeInformation
    Source: C:\Windows\System32\drvinst.exeQueries volume information: C:\Windows\System32\DriverStore\Temp\{3b4f7933-ad24-274e-9e1c-bd2fb7fb3a0d}\dtlitescsibus.cat VolumeInformation
    Source: C:\Windows\System32\drvinst.exeQueries volume information: C:\Windows\System32\DriverStore\Temp\{19e10466-1d86-6948-b0b6-34b8099bfaec}\dtliteusbbus.cat VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll VolumeInformation
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll VolumeInformation
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformation
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll VolumeInformation
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll VolumeInformation
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll VolumeInformation
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll VolumeInformation
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll VolumeInformation
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll VolumeInformation
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll VolumeInformation
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll VolumeInformation
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
    Source: C:\Users\user\Desktop\DTLite1200-2126.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

    Lowering of HIPS / PFW / Operating System Security Settings

    barindex
    Changes security center settings (notifications, updates, antivirus, firewall)
    Source: C:\Windows\System32\svchost.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center cval
    Source: C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 Blob
    Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA &apos;AntiVirusProduct&apos; OR TargetInstance ISA &apos;FirewallProduct&apos; OR TargetInstance ISA &apos;AntiSpywareProduct&apos;
    Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA &apos;AntiVirusProduct&apos; OR TargetInstance ISA &apos;FirewallProduct&apos; OR TargetInstance ISA &apos;AntiSpywareProduct&apos;
    Source: C:\Program Files\Windows Defender\MpCmdRun.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
    Source: C:\Program Files\Windows Defender\MpCmdRun.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
    Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA &apos;AntiVirusProduct&apos; OR TargetInstance ISA &apos;FirewallProduct&apos; OR TargetInstance ISA &apos;AntiSpywareProduct&apos;
    Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA &apos;AntiVirusProduct&apos; OR TargetInstance ISA &apos;FirewallProduct&apos; OR TargetInstance ISA &apos;AntiSpywareProduct&apos;
    Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA &apos;AntiVirusProduct&apos; OR TargetInstance ISA &apos;FirewallProduct&apos; OR TargetInstance ISA &apos;AntiSpywareProduct&apos;
    Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA &apos;AntiVirusProduct&apos; OR TargetInstance ISA &apos;FirewallProduct&apos; OR TargetInstance ISA &apos;AntiSpywareProduct&apos;

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
    Windows Management Instrumentation    		21
    Windows Service    		21
    Windows Service    		133
    Masquerading    		OS Credential Dumping33
    Security Software Discovery    		Remote ServicesData from Local System2
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/Job11
    Registry Run Keys / Startup Folder    		11
    Process Injection    		1
    Modify Registry    		LSASS Memory11
    Process Discovery    		Remote Desktop ProtocolData from Removable Media1
    Non-Application Layer Protocol    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAt1
    LSASS Driver    		11
    Registry Run Keys / Startup Folder    		111
    Disable or Modify Tools    		Security Account Manager51
    Virtualization/Sandbox Evasion    		SMB/Windows Admin SharesData from Network Shared Drive2
    Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCron1
    DLL Side-Loading    		1
    LSASS Driver    		51
    Virtualization/Sandbox Evasion    		NTDS1
    Application Window Discovery    		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script1
    DLL Side-Loading    		11
    Process Injection    		LSA Secrets2
    File and Directory Discovery    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    Regsvr32    		Cached Domain Credentials133
    System Information Discovery    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
    Timestomp    		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
    DLL Side-Loading    		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
    File Deletion    		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    DTLite1200-2126.exe33%ReversingLabsWin32.PUA.Superfluss
    DTLite1200-2126.exe19%VirustotalBrowse

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Local\Temp\DTInstallerResources\7z.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\DTInstallerResources\7z.dll0%VirustotalBrowse
    C:\Users\user\AppData\Local\Temp\DTInstallerResources\ARA.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\DTInstallerResources\ARA.dll0%VirustotalBrowse
    C:\Users\user\AppData\Local\Temp\DTInstallerResources\BouncyCastle.Crypto.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\DTInstallerResources\BouncyCastle.Crypto.dll0%VirustotalBrowse
    C:\Users\user\AppData\Local\Temp\DTInstallerResources\CHS.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\DTInstallerResources\CHS.dll1%VirustotalBrowse
    C:\Users\user\AppData\Local\Temp\DTInstallerResources\CSY.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\DTInstallerResources\CSY.dll0%VirustotalBrowse
    C:\Users\user\AppData\Local\Temp\DTInstallerResources\DEU.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\DTInstallerResources\DEU.dll0%VirustotalBrowse
    C:\Users\user\AppData\Local\Temp\DTInstallerResources\DotSetupSDK.dll8%ReversingLabs
    C:\Users\user\AppData\Local\Temp\DTInstallerResources\DotSetupSDK.dll16%VirustotalBrowse
    C:\Users\user\AppData\Local\Temp\DTInstallerResources\ENU.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\DTInstallerResources\ENU.dll0%VirustotalBrowse
    C:\Users\user\AppData\Local\Temp\DTInstallerResources\ESN.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\DTInstallerResources\ESN.dll0%VirustotalBrowse
    C:\Users\user\AppData\Local\Temp\DTInstallerResources\FIN.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\DTInstallerResources\FIN.dll0%VirustotalBrowse
    C:\Users\user\AppData\Local\Temp\DTInstallerResources\FRA.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\DTInstallerResources\FRA.dll1%VirustotalBrowse
    C:\Users\user\AppData\Local\Temp\DTInstallerResources\HEB.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\DTInstallerResources\HEB.dll0%VirustotalBrowse
    C:\Users\user\AppData\Local\Temp\DTInstallerResources\HUN.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\DTInstallerResources\HUN.dll1%VirustotalBrowse
    C:\Users\user\AppData\Local\Temp\DTInstallerResources\HYE.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\DTInstallerResources\HYE.dll0%VirustotalBrowse
    C:\Users\user\AppData\Local\Temp\DTInstallerResources\ITA.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\DTInstallerResources\ITA.dll0%VirustotalBrowse
    C:\Users\user\AppData\Local\Temp\DTInstallerResources\JPN.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\DTInstallerResources\JPN.dll0%VirustotalBrowse
    C:\Users\user\AppData\Local\Temp\DTInstallerResources\KOR.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\DTInstallerResources\KOR.dll0%VirustotalBrowse
    C:\Users\user\AppData\Local\Temp\DTInstallerResources\LVI.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\DTInstallerResources\LVI.dll0%VirustotalBrowse
    C:\Users\user\AppData\Local\Temp\DTInstallerResources\PLK.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\DTInstallerResources\PLK.dll0%VirustotalBrowse
    C:\Users\user\AppData\Local\Temp\DTInstallerResources\PTB.dll0%ReversingLabs
    C:\Users\user\AppData\Local\Temp\DTInstallerResources\PTB.dll0%VirustotalBrowse

    Unpacked PE Files

    No Antivirus matches

    Domains

    SourceDetectionScannerLabelLink
    secure.disc-soft.com0%VirustotalBrowse
    dt.web-search-home.com1%VirustotalBrowse
    download.websearchhome.com0%VirustotalBrowse
    web-search-home.com0%VirustotalBrowse
    crl.sectigo.com0%VirustotalBrowse
    ocsp.sectigo.com0%VirustotalBrowse

    URLs

    No Antivirus matches

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    dt.web-search-home.com
    		161.35.103.80
    		truefalseunknown
    wsh-59477fcee407fa1b188bd9152683fcf7.fra1.cdn.digitaloceanspaces.com
    		172.64.145.29
    		truefalse
      		high
      d1i9zsetliuqlw.cloudfront.net
      		3.162.93.143
      		truefalse
        		high
        secure.disc-soft.com
        		161.35.212.100
        		truefalseunknown
        d18pai2j2nazug.cloudfront.net
        		18.160.45.150
        		truefalse
          		high
          web-search-home.com
          		161.35.103.80
          		truefalseunknown
          ocsp.sectigo.com
          		unknown
          		unknownfalseunknown
          crl.sectigo.com
          		unknown
          		unknownfalseunknown
          download.websearchhome.com
          		unknown
          		unknownfalseunknown

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          104.18.38.233
          		unknownUnited States
          		13335CLOUDFLARENETUSfalse
          18.160.45.150
          		d18pai2j2nazug.cloudfront.netUnited States
          		3MIT-GATEWAYSUSfalse

          Private

          IP
          192.168.2.148
          192.168.2.149
          192.168.2.146
          192.168.2.147
          192.168.2.140
          192.168.2.141
          192.168.2.144
          192.168.2.145
          192.168.2.142
          192.168.2.143
          192.168.2.159
          192.168.2.157
          192.168.2.158
          192.168.2.151
          192.168.2.152
          192.168.2.150
          192.168.2.155
          192.168.2.156
          192.168.2.153
          192.168.2.154
          192.168.2.126
          192.168.2.247
          192.168.2.127
          192.168.2.248
          192.168.2.124
          192.168.2.245
          192.168.2.125
          192.168.2.246
          192.168.2.128
          192.168.2.249
          192.168.2.129
          192.168.2.240
          192.168.2.122
          192.168.2.243
          192.168.2.123
          192.168.2.244
          192.168.2.120
          192.168.2.241
          192.168.2.121
          192.168.2.242
          192.168.2.97
          192.168.2.137
          192.168.2.96
          192.168.2.138
          192.168.2.99
          192.168.2.135
          192.168.2.98
          192.168.2.136
          192.168.2.139
          192.168.2.250
          192.168.2.130
          192.168.2.251
          192.168.2.91
          192.168.2.90
          192.168.2.93
          192.168.2.133
          192.168.2.254
          192.168.2.92
          192.168.2.134
          192.168.2.95
          192.168.2.131
          192.168.2.252
          192.168.2.94
          192.168.2.132
          192.168.2.253
          192.168.2.104
          192.168.2.225
          192.168.2.105
          192.168.2.226
          192.168.2.102
          192.168.2.223
          192.168.2.103
          192.168.2.224
          192.168.2.108
          192.168.2.229
          192.168.2.109
          192.168.2.106
          192.168.2.227
          192.168.2.107
          192.168.2.228
          192.168.2.100
          192.168.2.221
          192.168.2.101
          192.168.2.222
          192.168.2.220
          192.168.2.115
          192.168.2.236
          192.168.2.116
          192.168.2.237
          192.168.2.113
          192.168.2.234
          192.168.2.114
          192.168.2.235
          192.168.2.119
          192.168.2.117
          192.168.2.238
          192.168.2.118
          192.168.2.239

          General Information

          Joe Sandbox version:40.0.0 Tourmaline
          Analysis ID:1428488
          Start date and time:2024-04-19 02:15:22 +02:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:defaultwindowsinteractivecookbook.jbs
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:102
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:1
          Technologies:
          • EGA enabled
          Analysis Mode:stream
          Sample name:DTLite1200-2126.exe
          Detection:MAL
          Classification:mal80.troj.evad.winEXE@172/80@8/311
          Cookbook Comments:
          • Found application associated with file extension: .exe

          Warnings

          • Exclude process from analysis (whitelisted): dllhost.exe, consent.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, svchost.exe
          • Excluded IPs from analysis (whitelisted): 74.125.138.139, 74.125.138.102, 74.125.138.101, 74.125.138.113, 74.125.138.100, 74.125.138.138
          • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com, www.google-analytics.com
          • Not all processes where analyzed, report is missing behavior information
          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
          • Report size getting too big, too many NtEnumerateKey calls found.
          • Report size getting too big, too many NtOpenKeyEx calls found.
          • Report size getting too big, too many NtProtectVirtualMemory calls found.
          • Report size getting too big, too many NtQueryValueKey calls found.
          • Report size getting too big, too many NtReadVirtualMemory calls found.
          • Report size getting too big, too many NtSetInformationFile calls found.
          • Timeout during stream target processing, analysis might miss dynamic analysis data

          Created / dropped Files

          C:\Program Files\DAEMON Tools Lite\DTAgent.exe

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):482640
          Entropy (8bit):4.938703801934926
          Encrypted:false
          SSDEEP:
          MD5:891C79016169A545DA8907622CF9EC9F
          SHA1:CC1FEC7EC9FAC02BBF045EF1CE015B472C30988E
          SHA-256:A1D4C887C98CCD4CD3C4C7C30A9BC262D455043E04AB330746425EC43C2EA50A
          SHA-512:DE5F87FBBA5120864C1697E147D974DD012616D1EA6A19BF812EFE3E2256C6AF6D8EBCF56A5FF41A299271F11F1C8389586D2AF9E5B8EF1330F54C92244AB105
          Malicious:true
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...U.#e.........."...0..^............... .....@..... .......................`.......,....`...@......@............... ...............................................6..P'...........{............................................................... ..H............text....\... ...^.................. ..`.rsrc................`..............@..@........................................H........[.. ...........0...Pn..........................................>. 4......(....*2......o....*:........o....*.0..,........o....r...p $...........%...%....o....t....*&...o....*..( ...*..s!...}.....s!...}.....(".....s#...}....*F.{.........o$...*>.{.......o%...*:.{......o&...*6.{.....o'...*..0..R.......sM......s(...}%....{......|....()....{%......N...s*...o+...&...(,....{......o-...*...0..t.......sO.....{......|....()....|&...o....-.*.{&....o/....{......|....()....{&......P...s*.

          C:\Program Files\DAEMON Tools Lite\DTCommandLine.exe

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:PE32+ executable (console) x86-64, for MS Windows
          Category:dropped
          Size (bytes):808784
          Entropy (8bit):6.404851672348121
          Encrypted:false
          SSDEEP:
          MD5:488E5C80AE286EC94CC134B2F16795C0
          SHA1:058DD8CE87AC4E52EC20B634192C6FE638336A12
          SHA-256:43D7D6B24CC946B2E80187C27CB06080344459ACEB7E6E791EA27013EF540EBB
          SHA-512:1A3B92FA3812E4A1A71E7FEAA86866B46A04852A5856D916692882EB384F5EE3A3122B36A6B0D34AE1DDCB8D642218DC3AA5CCF0E204DA07337F5A325ADF1EAD
          Malicious:true
          Reputation:unknown
          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........B.e..e..e...f..e...`...e...c..e.a.a..e.a.f..e.K.`..e...a..e..d..e...d..e.a.`...e...a..e...`..e...l..e.....e.....e...g..e.Rich.e.........PE..d.....#e.........."....$. ... .................@....................................i.....`..........................................................`..`.......h....0..P'...p......p...p.......................(...0...@............0..@............................text............ .................. ..`.rdata.......0.......$..............@..@.data...|.... ...p..................@....pdata..h............~..............@..@_RDATA..\....P......................@..@.rsrc...`....`......................@..@.reloc.......p......................@..B........................................................................................................................................................................

          C:\Program Files\DAEMON Tools Lite\DTCommonRes.dll

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):5000016
          Entropy (8bit):6.570260250647054
          Encrypted:false
          SSDEEP:
          MD5:74D5233FF4D9B4A619969F0EEAEF040D
          SHA1:7C329C30BB2465127D5CE54BCF47652AA80BE44B
          SHA-256:91B086889DF5272563416FF39D168B08E3E52D3FFE62A3C1DE88DAD552E19DCA
          SHA-512:1245E7F80B4329A9A6D4EDA2A4D3E2056257E337B355DF128AE9D514DB951A9E6534E19FAFB5813A1C4EE9D0BBB7503B0303828AF98DEF5CF416A019ED0EE766
          Malicious:true
          Reputation:unknown
          Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........;...Z...Z...Z..."...Z...!...Z..."...Z...".._Z..."...Z..-$...Z..-$...Z..."...Z...Z...Y..-$...[...%...Z...%...Z...%...Z...%...Z...%H..Z...Z ..Z...%...Z..Rich.Z..........PE..d...6.#e.........." ...$..#..^(.....Pp........................................M......*M...`...........................................,.....|.,.h....`2.<...../. ~...$L.P'...`1..... ').p....................().(....%).@............P"..............................text...o2"......4"................. ..`.rdata..`....P"......8".............@..@.data....`....,.......,.............@....pdata...}...@...~....-.............@..@_RDATA..\...../......./.............@..@.vmp0........./......./.............`..`.reloc.......`1.......0.............@..@.rsrc...<....`2.......1.............@..@........................................................................................................................

          C:\Program Files\DAEMON Tools Lite\DTHelper.exe

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:PE32+ executable (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):377168
          Entropy (8bit):6.153415282067804
          Encrypted:false
          SSDEEP:
          MD5:7B12A137C3CA6AB93D8C1B2BA27686DE
          SHA1:E188195E89EB064D4F4DDF0DD3B95FAFED50E582
          SHA-256:A2AF1A38408A7A4723BC156EBE0A9D79BBE8A09919E37AC9DAEB966FB7BD2E3C
          SHA-512:4C79BAC878FADE72EDFC17EF977BD6AD14CE2046D739279EAC6D970CCC150D40C4D12E27F6E3F46A1209D8E5BAAC33106D5042E6D70996E62A651B15596BFC66
          Malicious:true
          Reputation:unknown
          Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.........@N...........-......+.Y.....*.......(....K.*.....K.-....../....../.....K.+.......*.......+......'..................,....Rich...........................PE..d...A.#e.........."....$.............@.........@.....................................4....`..................................................b..........................P'...........B..p....................C..(...PA..@............................................text.............................. ..`.rdata..H...........................@..@.data....i...p...J...b..............@....pdata..............................@..@_RDATA..\...........................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................

          C:\Program Files\DAEMON Tools Lite\DTLite.exe

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):9367888
          Entropy (8bit):7.63413201870249
          Encrypted:false
          SSDEEP:
          MD5:50C85267C385FA4271619D118794D84B
          SHA1:023FEB910519645CA71B8A7A11C914B9DD09BBD2
          SHA-256:6E8F9825CB0CEB10B75DE32545C26BAD3A4C4F25D1B17E3E5E485F1B931FB2E0
          SHA-512:3C0394A20CEC129697C133B2A258FC2B3BDBA318E1B7F90EDB6638564FC9E39BF045C769191BE34DC4232C2C73EE343AAC3E91986863CAB9091787979E4324D5
          Malicious:true
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...S.#e.........."...0.................. .....@..... ...............................]....`...@......@............... ............................... .................P'........................................................................... ..H............text....... ...................... ..`.rsrc........ .....................@..@........................................H.......|.........../...`...Hj..........................................>. 4......(*...*2......o+...*:........o,...*.0..,........o-...r...p $...........%...%....o....t....*&...o/...*..(0...*...0..F........(1.....}......(2...(3...o@.....|....oK....(3...o@....oJ...(4...(5...*..{....(6...,..{....*.{....r!..p.{....(7...*..(8.....}.....s,...}.....{.....o'....{.....{....}9...*....0..S........{....-3.s....}.....{.....{....o:....{...........s;...o<....{....o=....{....o>...&*"..}....*.s....%.

          C:\Program Files\DAEMON Tools Lite\DTLite.exe.config

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):796
          Entropy (8bit):5.190884407600476
          Encrypted:false
          SSDEEP:
          MD5:EC1C9FAC92FCF24FF452D405266109BB
          SHA1:4FB9E92FB2D4E01654014852A6E0D95B98B2F5A4
          SHA-256:B718ACFA92E137E1A24D35A13245B74F0E52CF1E7631832C12B18CE3F565ADDA
          SHA-512:412F3ABBADC05AFBC105559BB5E6099A094722C4C0E39EBA17C2610A2707175CBC84DC10198150CD1864DD4CD026F51FF25502CE7DFBFC39C8698962F7F58E5D
          Malicious:false
          Reputation:unknown
          Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <sectionGroup name="userSettings" type="System.Configuration.UserSettingsGroup, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">.. <section name="DTClient.Properties.Settings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" allowExeDefinition="MachineToLocalUser" requirePermission="false"/>.. </sectionGroup>.. </configSections>.. <runtime>.. <AppContextSwitchOverrides value="Switch.MS.Internal.DoNotApplyLayoutRoundingToMarginsAndBorderThickness=False;"/>.. </runtime>..<startup><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.7.2"/></startup></configuration>..

          C:\Program Files\DAEMON Tools Lite\DTLiteHelper.exe

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):158032
          Entropy (8bit):4.92995595357872
          Encrypted:false
          SSDEEP:
          MD5:EBFB3FEEE91CE1085F139EDBE993E03A
          SHA1:03F069588E49B8AB2A07FF591ED90EFBFB95BE57
          SHA-256:A411F921D6982222B7782568B221C826A175C8361DA8EFCA9E286682EB724C76
          SHA-512:D36D8FE7FDA56CDF4862832ED3B01860F46AABE75713128A5B1C76F9C2FA2AE864E788637A13F69B6E8E91532BB06905526219C9017B6289E4961A384F75B5DA
          Malicious:true
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...&.#e.........."...0..j............... .....@..... ...............................I....`...@......@............... ...............................................B..P'........................................................................... ..H............text....i... ...j.................. ..`.rsrc................l..............@..@........................................H........1...W......(....................................................0..8.......~....-+.....(....&~.......oM...~....~........oR...~....*.......*Jr...p.(.....(....*.(.....X(....(.......oR...(.....Y(.....*..0..9.......(.....X(.....(.....$rC..p.(....r...p(......(.....Y(.....*.......................++.......0..+.......(.....X(....(......oU........R(.....Y(....*..0..+.......(.....X(....(......oT........R(.....Y(....*..0..G.......s....%s ...%(!...o"...(#...r...p($...o%...%r...po&...o'.

          C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:PE32+ executable (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):3731792
          Entropy (8bit):6.39246504314925
          Encrypted:false
          SSDEEP:
          MD5:E96F4DF3AD526466D3BDEAEE9FAB2EBF
          SHA1:6BC34F18499F488E4ADAD24B6AEDAB7B6AE4A86F
          SHA-256:18EC62459F9B463A2A85750D3ED398CC276602EE10CA72F3FD3C90041B83471E
          SHA-512:64D368B51F26B247A4688677A75F1B78D7EA2CFC2DA524B71191A49001C6C93AB324629EF1211F4E4C98AAD54CB4E22A04C583C3C9F4D755B8F8D3017E7D3557
          Malicious:true
          Reputation:unknown
          Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........~..@...@...@....g.T....g.g....g.......g..B....a.S....a.K....a......T`.S...T`..P...T`.C....g.h...@......T`.._...T`..A...@.g.B...T`.A...Rich@...................PE..d...M.#e.........."....$.6"..6......$..........@..............................9.....h.9...`.................................................hH,......./..............8.P'....8.....0.).p.....................).(.....).@............P"..............................text...u5"......6"................. ..`.rdata..r@...P"..B...:".............@..@.data....f....,......|,.............@....pdata..............>-.............@..@_RDATA..\...../.....................@..@.rsrc........./.....................@..@.reloc........8.......7.............@..B................................................................................................................................................................

          C:\Program Files\DAEMON Tools Lite\DTShl.propdesc

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):1437
          Entropy (8bit):5.042311372806747
          Encrypted:false
          SSDEEP:
          MD5:B559881713DC26F1F3EB200DC4CF1FFE
          SHA1:9258B9936B3A33ACB6D5B62F9CA0C2EEAA6BBE1F
          SHA-256:45A9C17F0EB77160B1B5B2DB2A8E2B9B9CB2EC32AE3D372E09A4EE8E25427352
          SHA-512:937F76AECEEB7D7F17D53DB6965DD28FCBB6A768D5370C0D280AECD9365B458873403B54BC8EB4281540102D1CD8E0E966CFF483D15B117642DA3EF641B05527
          Malicious:false
          Reputation:unknown
          Preview:<schema xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" .. xmlns="http://schemas.microsoft.com/windows/2006/propertydescription".. schemaVersion="1.0" >.. <propertyDescriptionList publisher="DTSOFT" product="DAEMON Tools">.. <propertyDescription name="DTSOFT.ImageCatalog.ImagePath" formatID="{621C440C-448F-4bbe-A1B0-1836FFE43028}" propID="3">.. <description>Image path.</description>.. <searchInfo inInvertedIndex="false" isColumn="false" />.. <typeInfo canStackBy="true" type="String"/>.. <labelInfo label="Image path"/>.. </propertyDescription>.. <propertyDescription name="DTSOFT.ImageCatalog.ImageSize" formatID="{818733AD-FB60-493d-B7AB-A84034BCEE99}" propID="3">.. <description>Image size</description>.. <searchInfo inInvertedIndex="false" isColumn="false" />.. <typeInfo canStackBy="true" type="Int32"/>.. <labelInfo label="Image size"/>.. </propertyD

          C:\Program Files\DAEMON Tools Lite\DTShl32.dll

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):775504
          Entropy (8bit):5.699985981899981
          Encrypted:false
          SSDEEP:
          MD5:2DB0D401A867FB13A6E0F1CB32B463F9
          SHA1:A91125335F0F89BB040437FBA2BD04B6CFD2D61B
          SHA-256:FC61FC987EF2E930C5703E9E81437CFF16DC39FCBEB38A754B2CB97163B7F348
          SHA-512:2B0FBAA98A0D6E9025B828CB311339E4C9B1DF8E703EFEBBCCF2CEB393E178ECD35107973BD6C3968B3C24DB3B9FA04B889756A3CDCD401A2EA51D22E993F706
          Malicious:true
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........q#..p..p..p...q..p...qw..p...q..pk..q..pk..q..p...q..p..p..p...q..pk..q...p...q..p...q..p...q..p...p..p..p..p...q..pRich..p........PE..L...c.#e...........!...$............%................................................z....@.........................P................... N..............P'..........p...T...............................@............................................text............................... ..`.rdata..............................@..@.data...x........P..................@....rsrc... N.......P..................@..@.reloc...........0...~..............@..B................................................................................................................................................................................................................................................................................

          C:\Program Files\DAEMON Tools Lite\DTShl64.dll

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):844624
          Entropy (8bit):5.706161038224923
          Encrypted:false
          SSDEEP:
          MD5:1110A33C160111440EBEC77D5CB6E108
          SHA1:9DB1E405F4816CD1A5B04329AE714FA104C8DE38
          SHA-256:259F04269B77911E1AC8F18467FF3FE608F5D269596E0C6FF0896D4882771906
          SHA-512:31CAC101BEE5F3091433011026D84831B76EB189ACB45FCBC29CA63681DB9799785F06283A563613A89808C1A8051F73CE0A2815A374A78B8CA65D5CCD9F2797
          Malicious:true
          Reputation:unknown
          Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......,..Dh..h..h..#...z..#......#...i.....y.....b..#......h..z..#...{.....<..|......|...|..|...i..|.z.i..h...j..|...i..Richh..........................PE..d.....#e.........." ...$.....p......$........................................@...........`.........................................@................... N.......2......P'...0..H...`]..T....................^..(... \..@............................................text............................... ..`.rdata..BJ.......L..................@..@.data............V..................@....pdata...2.......4...*..............@..@_RDATA..\............^..............@..@.rsrc... N.......P...`..............@..@.reloc..H....0......................@..B................................................................................................................................................................

          C:\Program Files\DAEMON Tools Lite\DiscSoft.NET.Common.dll

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):1515344
          Entropy (8bit):6.273219140306202
          Encrypted:false
          SSDEEP:
          MD5:44DD55081EE58A8DE6EBE8EFC19D0A5D
          SHA1:A8EB948E5DE6456465910B9895E74337928A2333
          SHA-256:21723C4818F8CB39CD0501C89D5561BFACC229350037B4F93FADF338862D98C3
          SHA-512:ABC41ACF06D1551FEDB3286B8B0131E6DA6E147B644221F93BFE1CE7CB4CD0D9C50FCC35E585094D3B6B12F3A5DF89F4D7CAA218F699466F7654D224DA39BE0E
          Malicious:true
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....#e.........." ..0.................. ... ....... .......................`......*.....`.................................T...O.... ..................P'...@....................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H............2..........T"................................................{m...*..{n...*V.(o.....}m.....}n...*...0..A........u&.......4.,/(p....{m....{m...oq...,.(r....{n....{n...os...*.*.*. ..!. )UU.Z(p....{m...ot...X )UU.Z(r....{n...ou...X*...0..b........r...p......%..{m......%q)....)...-.&.+...)...ov....%..{n......%q*....*...-.&.+...*...ov....(w...*~.(o.....}......st...(...+}....*...0..Q........{....o......oy...-6.~#...%-.&~".....x...sz...%.#....({... ....(|...o...+*.{....

          C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:PE32+ executable (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):4974416
          Entropy (8bit):6.4622720895178745
          Encrypted:false
          SSDEEP:
          MD5:5FC722B16E223DC3E2FAE73CE882CC4E
          SHA1:9AF29B12220D1DDC12D16C59CC06A10B28ACEB6F
          SHA-256:4F2310ABB900F2E1FF53870AA3453243B3A2F62E25BC8CC648FD1BEAA1B71E60
          SHA-512:19041A8A4666FA921BE15B50765E5F1D9A98F90D8EF1C4B8CB3A1856104D37E4E6CD6CC19F28A2C0CE24541B796038E89417B55D9782802344760CCD6378329F
          Malicious:true
          Reputation:unknown
          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........L...-...-...-..U...-..U..4-..KS...-..KS...-..KS..-...R...,..U...-..U...-..U...-...-../...R...-...R..!-...R...-...R:..-...-R..-...R...-..Rich.-..........PE..d.....#e.........."....$..;...........(........@..............................N......EL...`...........................................@.....l @.@.....J..R...G.......K.P'...pJ.`3...?;.T....................@;.(....O9.@............p7.P.....@......................text...l.6.......6................. ..`APE_C....*....6..,....6............. ..`FLAC_C..8.... 7.......7............. ..`ZLIB_C...)...@7..*....7............. ..`.rdata.......p7......B7.............@..@.data...`....`@......&@.............@....pdata....... C.......A.............@..@_RDATA..\.....E.......C.............@..@.vmp0....b....F..d....C.............`..`.reloc..`3...pJ..4...8H.............@..@.rsrc....R....J..T...lH.............@..@........

          C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (copy)

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:PE32+ executable (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:5FC722B16E223DC3E2FAE73CE882CC4E
          SHA1:9AF29B12220D1DDC12D16C59CC06A10B28ACEB6F
          SHA-256:4F2310ABB900F2E1FF53870AA3453243B3A2F62E25BC8CC648FD1BEAA1B71E60
          SHA-512:19041A8A4666FA921BE15B50765E5F1D9A98F90D8EF1C4B8CB3A1856104D37E4E6CD6CC19F28A2C0CE24541B796038E89417B55D9782802344760CCD6378329F
          Malicious:true
          Reputation:unknown
          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........L...-...-...-..U...-..U..4-..KS...-..KS...-..KS..-...R...,..U...-..U...-..U...-...-../...R...-...R..!-...R...-...R:..-...-R..-...R...-..Rich.-..........PE..d.....#e.........."....$..;...........(........@..............................N......EL...`...........................................@.....l @.@.....J..R...G.......K.P'...pJ.`3...?;.T....................@;.(....O9.@............p7.P.....@......................text...l.6.......6................. ..`APE_C....*....6..,....6............. ..`FLAC_C..8.... 7.......7............. ..`ZLIB_C...)...@7..*....7............. ..`.rdata.......p7......B7.............@..@.data...`....`@......&@.............@....pdata....... C.......A.............@..@_RDATA..\.....E.......C.............@..@.vmp0....b....F..d....C.............`..`.reloc..`3...pJ..4...8H.............@..@.rsrc....R....J..T...lH.............@..@........

          C:\Program Files\DAEMON Tools Lite\DotNetCommon.dll

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):920400
          Entropy (8bit):6.183565560122605
          Encrypted:false
          SSDEEP:
          MD5:4F46EC43B5C55D8FAA13151DB9B90F53
          SHA1:8C7ED5ABE21664DD39C5A6F25C635D7B00FCDA28
          SHA-256:CCE12F57459F037BDEE15068CFFFFC3EF52608B97CE7B365EE90D03F06549863
          SHA-512:0B0B884CCF024703CA6510A834C2D49E4A9AD72CA21245536E377C3C62054951001A5188D91A1E5D861BA2A656BC5924F6F1975F2A5811EFC3D5DBA74FAFC565
          Malicious:true
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...F.#e.........." ..0.................. ........... ....................... ............`...@......@............... ..................................................P'........................................................................... ..H............text...p.... ...................... ..`.rsrc...............................@..@........................................H........... ...............xv..........................................>. 4......(6...*2......o7...*:........o8...*.0..,........o9...r...p $...........%...%....o:...t....*&...o;...*..(<...*..s....*..(=...*V~....%-.&s....%.....*.0..C........u....,4.u[...,,.o>.....(...+,..o>.....(...+,......+...!...*..!...*.s@...z..(A...*V~....%-.&s....%.....*.0..................(B...,.....!...*.sC...z:.(D.....(....*..{....*"..}....*2.,..o....*.*..s....*Z((...oT...o.....o....*2.($...(....*Z((...oT...o

          C:\Program Files\DAEMON Tools Lite\Engine.dll

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):5542736
          Entropy (8bit):6.7545228693585475
          Encrypted:false
          SSDEEP:
          MD5:B86D2BD5C804B925669BB14FECE2E3E4
          SHA1:1D39B12070F4B2270B258E0810AA92F82792CB74
          SHA-256:33032F860894B15A4C9CA959BD103858AFEADCBAE14953F78622137851CEDEEA
          SHA-512:7704EFF28E03473C1746D26F4D23922AF439796C978A3CC5CE6B291FDA0F9100A83C65C804857CE9E19CF67649EEB8E6D2DCE13E8CBB91F430DE76DFF7914F5B
          Malicious:true
          Reputation:unknown
          Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.........'.S.I.S.I.S.I...J.E.I...L...I.....Q.I...H.Q.I..L.Q.I...O.R.I...M.B.I...J.Y.I...M.p.I.G.@...I...H.H.I.S.H.Y.I...L.:.I.G.M.D.I.G.L...I.G.I.R.I.G...R.I.S...Q.I.G.K.R.I.RichS.I.........PE..d.....#e.........." ...$.|?..........1 ...................................... W.......T...`...........................................0.......0.......M..s...VK......lT.P'...pM..*....-.T.....................-.(... ;-.@.............(.......0.`....................text.....(.......(................. ...APE_C....*... (..,....(............. ..`FLAC_C..8....P(......>(............. ..`ZLIB_C...)...p(..*...T(............. ..`.rdata...T....(..V...~(.............@..@.data....1....1.......0.............@....pdata..L....@4.......1.............@..@_RDATA..\....P6.......3.............@..@.vmp0........`6.......3.............`..`.reloc...*...pM..,....J.............@..@.rsrc....s....M..t....J.

          C:\Program Files\DAEMON Tools Lite\Extractor.exe

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):5696704
          Entropy (8bit):7.555584633060003
          Encrypted:false
          SSDEEP:
          MD5:504CFDB318BF371BBFC19E4A8E59AA7C
          SHA1:9992D61C2A049EED006694C781680EBE24CD3654
          SHA-256:F705C129F44EFC8EAB9A1158B4A099B65D36CE3CE6F54C1FE10A28F712C73488
          SHA-512:5DBF475031A86AB4E6E585F69FB002CFF3B442922E3C6B16A42798210743C4767D1DB22B37ACCF827039A20B8849687E0CE50340883D5459DA31A525020CFE27
          Malicious:true
          Reputation:unknown
          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......%...ae.]ae.]ae.]..s]ue.]..q].e.]..p]~e.].<.\be.].>.\ye.].>.\ e.].j.]ce.]..m]ve.]ae.]:d.].>.\)e.].>.\re.]..v]ee.].>.\~e.].>}]`e.]ae.]`e.].>.\`e.]Richae.]........PE..L...l.BW..................G...........K...........@..........................PW.......W...@..................................$J.|.....L.\G............V.....................................`0K.$.......@.............J.....D...@....................text............................... ..`.rdata...(.......*..................@..@.data...T........p..................@....gfids...............n..............@..@.tls.................z..............@....vmp0.....3.......3..|..............`..`.vmp1... .....G......nG.............`..`.rsrc...\G....L..H....K.............@..@................................................................................................................................................

          C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\GenCSS.dll

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):16896
          Entropy (8bit):5.928513643307834
          Encrypted:false
          SSDEEP:
          MD5:DFDA856D665D3D8B73F1332691F5B814
          SHA1:4D6BA43663A5629720D02C10027A7375AB9D35C0
          SHA-256:ADAF04838E0262A01CEA6F4A99E7FC319336731416F46E03C3AD0B3BD4902E4E
          SHA-512:8D8F151962BFF1FCD4E3213D4D4ED3F357AD6372DC229DCFFDB3A3BCA448D05046A5758FC419405CAA575777ACB956BDC7FB44B0E38CBAA5888D988F14D388DC
          Malicious:true
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........A...A...A...U...E......B...A...O......@......@.....~.@......@...RichA...........................PE..d...r.>c.........." ...!.(................................................................`..........................................D..x...hE..P....p.. ....`..P...................@A..T............................................@...............................text....'.......(.................. ..`.rdata..P....@.......,..............@..@.data........P.......4..............@....pdata..P....`.......:..............@..@.rsrc... ....p.......<..............@..@.reloc...............@..............@..B........................................................................................................................................................................................................................................................................

          C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\GenDPM.dll

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):209920
          Entropy (8bit):6.31796614477651
          Encrypted:false
          SSDEEP:
          MD5:9DC0A45313AFD405CADC8D1748478BF4
          SHA1:0CC9441C8DC06AE23092AA569A80DA70B86D23A6
          SHA-256:3482FD06D2B46BF872441CAE73573875484BFAFE856328E1255BBB7BDB892E2E
          SHA-512:029189CC3B0D9BB0D17F91720922A4FE440E9D62559D7F3D04C4465DA45A04F3DB5E89D0973720C59A3D33697163598F2600ADE1D0EE593CADD15332B2EC0468
          Malicious:true
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Sw..2.T.2.T.2.T.Y.U.2.T.Y.U.2.T.Y.Ue2.TcI.U.2.TcI.U.2.TcI.U.2.T.Y.U.2.TmI.U.2.T.2.T.2.TmI.U.2.TmI.U.2.TmI.T.2.TmI.U.2.TRich.2.T................PE..d...k.>c.........." ...!.0...>............................................................`.............................................|...L...P.......8....`..........................p...............................@............@...............................text...@........0.................. ..`.rdata.......@.......4..............@..@.data....J..........................@....pdata.......`......................@..@_RDATA..\............&..............@..@.rsrc...8............(..............@..@.reloc...............,..............@..B........................................................................................................................................................................................

          C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\GenDisc.dll

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):9728
          Entropy (8bit):4.4374631502392745
          Encrypted:false
          SSDEEP:
          MD5:B0EA7CA6F1AF6A8CDA1AA79D97BD923C
          SHA1:50225404B1236B29B7FD96554EF49D2D533430E6
          SHA-256:9532A514CD7241B3B069469EF379FB739F7B1AE1D819073F07C66FC5FBF5F7A6
          SHA-512:EFA26E61A5B307E9F8FD9BAD6A7E8A335C6AC86E01DB3BCAF1F48D0FC898A02DEA58A2594F311D2FD20187E4C6F0E8D8041F14C65CBE8868BDEFBB6E3E1D0D29
          Malicious:true
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........A...A...A...U...E.....B...A...H.....@.....@.....v.@.....@...RichA...........................PE..d...j.>c.........." ...!.....................................................p............`......................................... $..x....$..P....P..@....@..x............`.......!..p............................................ ..`............................text...G........................... ..`.rdata....... ......................@..@.data...8....0......................@....pdata..x....@......................@..@.rsrc...@....P....... ..............@..@.reloc.......`.......$..............@..B........................................................................................................................................................................................................................................................................

          C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\GenSub.dll

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):5120
          Entropy (8bit):3.701240158725542
          Encrypted:false
          SSDEEP:
          MD5:11377AF4F42BD1A62F5D8E9A44C40DC4
          SHA1:EA032AD84FDED6A5D54613A41FBE837B54B6E7DA
          SHA-256:FFF64DBBBBAE4A885EF53C16BED7DA9F86E624B4D7008CE125EBA0C139618DBF
          SHA-512:4A6AEC5C2DE31B8EC71BC01849C99D71BB9AE3657FFA97C8DFB39DB19B84BCFEA48FE9E419D771CF9443204D23F3A673BB9EDA7B9D2FD88587B2BCE66520DE62
          Malicious:true
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Q...Q...Q...E.S.....R...Q...R.....P.....P.......P.....P...RichQ...........PE..d...j.>c.........." ...!.....................................................P............`.........................................."..x...H#..<....@..P....0..<.................... ..p............................................ ..(............................text............................... ..`.rdata....... ......................@..@.pdata..<....0......................@..@.rsrc...P....@......................@..@........................................................................................................................................................................................................................................................................................................................................................................

          C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\SafeDisc.dll

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):10240
          Entropy (8bit):5.900531522064429
          Encrypted:false
          SSDEEP:
          MD5:6185B63C16955DC522D9B55D7F408CFB
          SHA1:0E41A590EF591F8A83D3119F26C8A0859E86561D
          SHA-256:B373B5E7992A5E4B5C6372318CC8FD70FA5A45699D344C6D99EBB3CFB78A0FE3
          SHA-512:E26F0161E894F256541E282AF5DFBBE6BDEF7593C88EC77000D343103C5E5A5BAD4B414BFA5AECE9801C500E838BE4DCAA7B7C6A6073671FA5E922FC6BDDFDB7
          Malicious:true
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Q...Q...Q.......P...E...S.......R...Q...V.......P.......P.......P.......P...RichQ...........PE..d...\.>c.........." ...!..................................................................`.........................................0$..x....$..<.......P...........................@!..p............................................ ..P............................text............................... ..`.rdata....... ......................@..@.data...0....0......................@....pdata..............."..............@..@.rsrc...P............$..............@..@........................................................................................................................................................................................................................................................................................................................

          C:\Program Files\DAEMON Tools Lite\Plugins\Grabbers\Tages.dll

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):1076224
          Entropy (8bit):7.908646875932286
          Encrypted:false
          SSDEEP:
          MD5:109E7457A5F5E9E7845E3D549E028BBB
          SHA1:3EE52FF61699195842F7A8B4290E28C7D119D05A
          SHA-256:D5625F4DAB241E1170861E6C46E91C3DC92F9126AC7C65A3BD0447480785D6FF
          SHA-512:10408DA3F8DBAD5E7A34D37D676D5E853A381D5D02DAC1D596C69282C401AC58DB79516AE17FD65AC151C9D0CF80E38F23D70E96BDE44AD1F91053A0E786F9F3
          Malicious:true
          Reputation:unknown
          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........@Z..............*.......-.......+.%...(.*.....(.-.....(.+.......(......./.....&./......./....&.'.....&.......&.......&.,.....Rich............................PE..d.....>c.........." ...!.b..........%t........................................"...........`.........................................x...u.......x.....".0...`n"...............".(................................... m".@............0 .@............................text...@).......................... ..`.rdata.......@......................@..@.data....,..........................@....pdata..4.... ......................@..@_RDATA..\....@......................@..@.tgs0........P...................... ..`.tgs1...ta... ...b..................`..`.reloc..(....."......f..............@..@.rsrc...0....."......h..............@..@........................................................................................

          C:\Program Files\DAEMON Tools Lite\Profiles.ini

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):4134
          Entropy (8bit):5.400682031821773
          Encrypted:false
          SSDEEP:
          MD5:DB8AA4465FFE4CE141210918FD7C4FC6
          SHA1:D266FEA7540A388B97C7030841AC7BD0737C3612
          SHA-256:FAEEFE8290E17AB09A993DABBDEFA87C52282DA81F17C0BB694D6A384B3AFDD1
          SHA-512:E9C64A1BF374361FFC0A5DC31B2BC35A8819B83940557951E3C7D0A073911B96841A84B83AFC6D73FA13857A5982798004E98FCBD790628132EBBAB95E235924
          Malicious:false
          Reputation:unknown
          Preview:[{AC6DD2EB-4EED-4b08-A8B5-C38D5CF74FD0}]..Caption=Data Disc..ProtectTypeDescription=Computer Data Disc (unprotected)..ProtectDescriptionId = 4286..Plugin={FF617E41-6A5A-4CFA-B0AF-581552B5C8EF}..RetryLogic=1..Retries=3..SplitSize=0..Subchannel=0..[{A56CEDB8-4583-478c-B307-8D55A46FFD03}]..Caption=Audio Disc..ProtectTypeDescription=Unprotected Audio Disc..ProtectDescriptionId = 4287..Plugin={FF617E41-6A5A-4CFA-B0AF-581552B5C8EF}..Retries=3..RetryLogic=1..Subchannel=0..[{ACB59B66-276D-499d-BF7B-87927484FA80}]..Caption=Karaoke CD..ProtectTypeDescription=Audio CD with graphics in RAW96..ProtectDescriptionId = 4288..Plugin={FF617E41-6A5A-4CFA-B0AF-581552B5C8EF}..Retries=3..RetryLogic=1..[{3A4EE7C7-0086-4a51-9E21-BE639A0438FE}]..Caption=Mixed Mode CD..ProtectTypeDescription=Audio and Data tracks in one session..ProtectDescriptionId = 4289..Plugin={FF617E41-6A5A-4CFA-B0AF-581552B5C8EF}..Retries=3..RetryLogic=1..Subchannel=0..[{8967B1F4-BC5E-497f-B45C-D8E59D943511}]..Caption=CD-Extra..ProtectTyp

          C:\Program Files\DAEMON Tools Lite\QuickConverter.dll

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):112128
          Entropy (8bit):6.039088721775209
          Encrypted:false
          SSDEEP:
          MD5:1BACB2390F7219665959B57E26A51AF2
          SHA1:8A9858C0F1781B1810DE4A4A0D8498C799E70C6F
          SHA-256:0DD10658F252E3A0B079874FC033A3B24E1AE12E49CFA07BDD70753FD952077A
          SHA-512:A6EAA78EEECC1C33342184C92AEB17602E9C7C827FD4D64E7A8E0D2EA8B4733BFF153BBBD5F8EB34794D2FC8B286B8C1C327D7A9CD8E139C136DFC8311B1E1E0
          Malicious:true
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Y.........." ..0.................. ........... ....................... .......S....@.................................`...O...................................(................................................ ............... ..H............text...(.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......4...t.............................................................{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*:.(......(....*...0...........(....-....q....-...+|......(....o....u......,..o ...uT...,...+R.,..o!...uK...-...+>.o!...uK...o"..........(....(#..

          C:\Program Files\DAEMON Tools Lite\SPTDinst-x64.exe

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:PE32+ executable (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):365768
          Entropy (8bit):6.842740819856597
          Encrypted:false
          SSDEEP:
          MD5:0E226BA5DFB6380C080E0718DFC00B93
          SHA1:A8C3B31891EB92E3C68DD14DC9D3E29F0AF2BF66
          SHA-256:7134B671818C893D81CBC7B80D4A3840461DB225748E5FDEE8E2BD79A43BAE9E
          SHA-512:2FD9A1B8BCDB126B545E055AA8F358875A9E509A0405A6CBA6B4EFE2AA560F6BC414B055B7AC4ABCA80B7AD4EA80E2AC693D8A25F217D5C7975051D6A731D897
          Malicious:true
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............zwT.zwT.zwT..sU.zwT..tU.zwT..rUHzwT..tU.zwT..rU.zwT..sU.zwT..qU.zwT..vU.zwT.zvTPzwT..~U.zwT...T.zwT..uU.zwTRich.zwT........................PE..d...<..Z.........."......R...@.......4.........@....................................,.....`.....................................................x........F...`.......x..........8...@...T............................................p...............................text....P.......R.................. ..`.rdata.......p.......V..............@..@.data....)...0......................@....pdata.......`......................@..@.rsrc....F.......H...(..............@..@.reloc..8............p..............@..B................................................................................................................................................................................................................................

          C:\Program Files\DAEMON Tools Lite\ToastNotificationControl.dll

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):103424
          Entropy (8bit):6.079861794743237
          Encrypted:false
          SSDEEP:
          MD5:AD54E13EB99828CEBA8A8F6881410348
          SHA1:AD219840EE84E66D4755E6C1061473AE4AD4D027
          SHA-256:5872F89C40E7DDBDF654C65C033D5C46C307F5CEB3964C5030C33192F29FA86E
          SHA-512:235F0F5B598058D57CE8010CACBEC55E39B16D381E2BE9BF62A96B7297424133FE3CB045B485E4A74EB19AA416FB15440DC13A84C5A3DA4F0521186A7BC25965
          Malicious:true
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...L.#e.........." ..0.................. ........... ....................................`...@......@............... ..............................................................<................................................................ ..H............text...t.... ...................... ..`.rsrc...............................@..@........................................H.......PL...c..............H...........................................~.(.....(............s....(....*.0..@........s....(...........(.... ...._(....&.(....u...........s....od...*>..(......o....*.0...........(....u.....(........(.....(....Y( ......(!.....-...........+..(g...s".......(#...-...........+...($...ls%.......(&...-...........+....('...Ys%......(&...-..((...+...('...()....{....(*....1Is.......{.....(+...t...........(+...t!...}W....(,...........s-.....o....&..&..*...........

          C:\Program Files\DAEMON Tools Lite\VDriveLib.dll

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):728912
          Entropy (8bit):6.778029741299928
          Encrypted:false
          SSDEEP:
          MD5:1F3BB642A9643ED4CFA5EAFDF3F61F98
          SHA1:6BBE27A6716EA3D4D20A000A0CB16E308FB741BB
          SHA-256:1A3FC002AFFF149B9A8C561C7353F06A54627B523259540E99EB78F7EDE57F2B
          SHA-512:5B1A7CE35147493645E0D829548DB94D0AB9A2AC209710E5E626155A84EDE883D0A815E21551FEB41D145484AA51F99D706D41398E52C265D0470F1152421AF9
          Malicious:true
          Reputation:unknown
          Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$........;.~.Z.-.Z.-.Z.-.".,.Z.-.".,:Z.-.".,.Z.-Y$@-.Z.-."]-.Z.-."b-.Z.-.".,.Z.-Y$.,.Z.-Y$.,.Z.-.%.,.Z.-.%.,.Z.-.%.,.Z.-.".,.Z.-.Z.-.Z.-Y$.,.Z.-.%.,.Z.-.%.,.Z.-.%B-.Z.-.%.,.Z.-Rich.Z.-................PE..d.....#e.........." ...$.....`.......Q.......................................p.......9....`.........................................p)..\....A..........8....9...(......P'...p..........p.......................(...p...@............P..`............................text...x*.......,.................. ..`.stext.......@.......0.............. ....rdata.......P.......6..............@..@.data...Ll...`...L...<..............@....pdata..\(.......*..................@..@_RDATA..\...........................@..@.vdrv0...R.......T..................`..`.reloc.......p......................@..@.rsrc...............................@..@........................................................

          C:\Program Files\DAEMON Tools Lite\VirtualizingWrapPanel.dll

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):39936
          Entropy (8bit):5.552626039456685
          Encrypted:false
          SSDEEP:
          MD5:9410F56546CB5A6E1677C8D58D06F2E6
          SHA1:7172C0561EB5FB0EC5E40028C915894A7F9D1585
          SHA-256:DEB3BC630A8319A0BB83D4DA6079EC5F96681A6F40ED407EDF5D0F5C86D2C7B9
          SHA-512:094EC41873F028161421A3B6244E39DC67530D6FB726F6695D40E656F42E44D1DF54AE5C28893A648D98C040DDCCDCFDEEE2B8DA2E4606CF25D0FE4CD2993389
          Malicious:true
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....#............" ..0.................. ........... ....................................`.................................3...O...................................p...T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................g.......H.......dP..DU............................................................(....*..(....*^.(.......J...%...}....*:.(......}....*:.(......}....*F.~....(....t....*6.~.....(....*2.~....(....*6.~.....(....*6.(.....(....*z.(....t....%.......s....o....*...0..;.........( ...}6......}9......}8......}7......}5.....|6.....(...+*..0..3.........( ...}>......}?......}@......}=.....|>.....(...+*..0..D........{....-.r...ps"...z.(.....3..{....o#......($...*.{....o#......(%...*..{....-.r...ps"

          C:\Program Files\DAEMON Tools Lite\dtlitescsibus.cat

          Download File
          Process:C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
          File Type:data
          Category:dropped
          Size (bytes):10689
          Entropy (8bit):7.229505706771137
          Encrypted:false
          SSDEEP:
          MD5:635AA7F842DF0A65E1823FB8C8AB990B
          SHA1:FAFCCF2BEA719CA7936F9E5F5E6E272E13B0A24C
          SHA-256:640513C8FC370E897D613515F8C1DCC551B657F9D546F05C3DEC09EC952C6178
          SHA-512:345591B9208A9D41C1810CAB5A3DA2A28197DFAF69ACFAED810A9D6084BBCC758BFC25D4C5EA5C752F7030E242A7B549A4C0A28840F35ABB49C55B9E8D5FEF1A
          Malicious:false
          Reputation:unknown
          Preview:0.)...*.H........).0.)....1.0...`.H.e......0..3..+.....7.....$0.. 0...+.....7.........WwO....~f....181113031756Z0...+.....7.....0...0....)%..6%o.....dt...Z1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0F..+.....7...1806...F.i.l.e.......$d.t.l.i.t.e.s.c.s.i.b.u.s...s.y.s...0....F.t. ].My..\.Sw.K..=1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0F..+.....7...1806...F.i.l.e.......$d.t.l.i.t.e.s.c.s.i.b.u.s...i.n.f...0.... . ...ip.."6.6*..@..$.Ps....-.9}1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0F..+.....7...1806...F.i.l.e.......$d.t.l.i.t.e.s.c.s.i.b.u.s...s.y.s...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... . ...ip.."6.6*..@..$.Ps....-.9}0.... ....C7$,O;U.}.ZS..].k.....zM..1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0F..+.....7...1806...F.i.l.e.......$d.t.l.i.t.e.s.c.s.i.b.u.s...i.n.f...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... ...

          C:\Program Files\DAEMON Tools Lite\dtlitescsibus.sys

          Download File
          Process:C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
          File Type:PE32+ executable (native) x86-64, for MS Windows
          Category:dropped
          Size (bytes):42256
          Entropy (8bit):6.943231630906518
          Encrypted:false
          SSDEEP:
          MD5:9E101F28BB8422848C524E8311E9C0D6
          SHA1:A16CCA026D9806A46F922B7F453E499FC89FC72E
          SHA-256:EC601CE7FA6B1B20711993079E5B8323357E9EBB2C40B896DEC2315EBA74D958
          SHA-512:E045027553AC3A07195BF2D37F6AE54DDE83DFB7D33E99AC3E42850CA8CC87D24299FEAAEA0C98B1C106A87990087A1208C10041D6F930CD7FC30963551F25D8
          Malicious:true
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)..mz..mz..mz..mz..Xz......nz......oz..d. .jz..d.>.lz..d.;.lz..Richmz..........................PE..d....@.[.........."......L..........................................................#...........................................................(............P.......Z...K...........1...............................................0...............................text............................... ..h.rdata.......0....... ..............@..H.data........@......................@....pdata.......P.......$..............@..HPAGE.....&...`...(...&.............. ..`INIT.................N.............. ....rsrc................V..............@..B........................................................................................................................................................................................................................................

          C:\Program Files\DAEMON Tools Lite\dtliteusbbus.sys

          Download File
          Process:C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
          File Type:PE32+ executable (native) x86-64, for MS Windows
          Category:dropped
          Size (bytes):63696
          Entropy (8bit):6.842323049283022
          Encrypted:false
          SSDEEP:
          MD5:371589BDA78F41199FC3D9AC77B77BA3
          SHA1:20D24969CC349F795596DDB280459C85ADC187D7
          SHA-256:2E24FD5ADEB4214CA64D11DF70449E7CECC7A06DF4B114113B60EDE31E0B287F
          SHA-512:76624D13504FA46FF02FC940002717BA4FEC5264A092F29B6D3028302038CE2047251315C3211D8BD3680A4B82E295B63CA6B112F1CDDDF1D74057B8FFB0FA8D
          Malicious:true
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................l.............................Rich...................PE..d...c..`.........."......z..........(......................................................................................................H...(............p...........\......4...PR...............................................P..P............................text....6.......8.................. ..h.rdata..@....P.......<..............@..H.data... ....`.......J..............@....pdata.......p.......N..............@..HPAGE....%4.......6...T.............. ..`INIT....v........................... ....rsrc...............................@..B.reloc..............................@..B................................................................................................................................................................................

          C:\Program Files\DAEMON Tools Lite\imgengine.dll

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):662352
          Entropy (8bit):6.663104628698165
          Encrypted:false
          SSDEEP:
          MD5:FD8036B33CA9129DF88E876894985CDE
          SHA1:854CD59308372CD34651B769CF7C6A2D003D5B89
          SHA-256:7AC9A74EE64DDC784389BE0DA4F9A72B00749BDEC4C4B159C2B479FB754657BC
          SHA-512:9D51BC48D37974D3925494676C707653A34B17C312EDB8C7A1B86FACEEE7058F8EDE81FBE4844DB03A19F4B6854394CE08AC792563A4BD0CDA3285609C7D0F04
          Malicious:true
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............qC..qC..qC..rB..qC..tBA.qC..uB..qC..wB..qCq.uB..qCq.rB..qC..uB..qC..pB..qC..pC..qC..xB..qCq.tB..qC..tB..qC..qB..qC...C..qC..sB..qCRich..qC........PE..d...b.#e.........." ...$.....~.......8.......................................`......0C....`......................................... U..h....U..(....@..X........5......P'...P......0...T...............................@............................................text............................... ..`.rdata..............................@..@.data...P....`...\...T..............@....pdata...5.......6..................@..@_RDATA..\....0......................@..@.rsrc...X....@......................@..@.reloc.......P......................@..B................................................................................................................................................................................

          C:\Program Files\DAEMON Tools Lite\sptdintf.dll

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
          Category:dropped
          Size (bytes):55840
          Entropy (8bit):7.050248510215833
          Encrypted:false
          SSDEEP:
          MD5:5B91B8EF0DD74486BCAA38004417E565
          SHA1:01C5CFC191CA8006B43F355EE41A35AD49C34FD4
          SHA-256:7353EA393051B369F92E230459D6904F88938E1EF94562AAA86342B9AAEA7762
          SHA-512:AEDBFB925E23E216DD0B03E6E26C1852ECFDEE6A79662CE327E4213CDA8D97EAC2D9DC4D86F65A287C1346EC1D57573135711F941FD98ACECDFA6215EC4B3AB1
          Malicious:true
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A................R...............!..............................>............Rich....................PE..d......V.........." ................4................................................g....`.........................................0B..|....B..(.......\....`.......... 4..........@@...............................................@..8............................text...P........................... ..`.stext.......0...................... ....rdata..~....@......................@..@.data...H....P....... ..............@....pdata.......`......."..............@..@.vmp0....m...p...n...$.............. ..`.reloc..............................@..@.rsrc...............................@..@........................................................................................................................................................................................

          C:\Program Files\DAEMON Tools Lite\uninst.exe

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):3042640
          Entropy (8bit):7.79044012106498
          Encrypted:false
          SSDEEP:
          MD5:382E279A449F4690EF435D5DADD0B7C6
          SHA1:7012A952700FA062A4DD3D8A451D7FDE3EE5439D
          SHA-256:13B7D819B65CA5BFCCE98572D288C7864CD22791CD83DDA1E19CFD362740921A
          SHA-512:6EC071D3FEF649A7F5B8BA2C8ED4FC93535DAF8539DD85512D3DF8DF524EBF5FB1CA996A4418BA89C09CDBAD47717023CC3F097977A15AD3A2E7DA6B14CE0BD9
          Malicious:true
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....#e..............0..l,.........:.,.. ....,...@.. ...............................@/...`..................................,.O.....,.,............F..P'............,.............................................. ............... ..H............text...hk,.. ...l,................. ..`.rsrc...,.....,......n,.............@..@.reloc...............D..............@..B..................,.....H.............................'...........................................{%...*..{&...*V.('.....}%.....}&...*...0..A........u........4.,/((....{%....{%...o)...,.(*....{&....{&...o+...*.*.*. ..!. )UU.Z((....{%...o,...X )UU.Z(*....{&...o-...X*...0..b........r...p......%..{%......%q.........-.&.+.......o.....%..{&......%q.........-.&.+.......o.....(/...*...0..........(@...oA...(0..........s1...o2...(3...~....%-.&~..........s4...%.....(...+(6...-........(....(3....(.....o....(..

          C:\ProgramData\Disc-Soft\DAEMON Tools Lite\license.dat

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:data
          Category:modified
          Size (bytes):5740
          Entropy (8bit):7.939132058903539
          Encrypted:false
          SSDEEP:
          MD5:76DA833A38DC266F98E7B062495C0650
          SHA1:90BB4E92CB5A496B590A91BE44884CBE5A052D2E
          SHA-256:B1FB0C6EB5A83295D004424EF4AF1867EB8EB2DBE6209F38F31216EF6583D167
          SHA-512:F975492EB2418D8291D7F8C5205F9688C212392EDE4B401F79B36AFB9BA24D6CE1C66E07B3867376DA61FA3D4989656BEBECCFA11C465A045211F8119D13B83B
          Malicious:false
          Reputation:unknown
          Preview:....X.}.`].........0....IA...O...3.3..#f....$Ag.,.e,0Op@.....L_...M5...../.....B....wJ...e.......$98..H..E-...;.F..f7.....l.K0......x3=.....+.mB...3.b\L.yg...Z....AS..b..n..T...............j.gxz6..k%..asdqY.9_.%.T..[.i...%.(...`.....x...@H...\[...zk0...^......&..x.....z.=.]G....E..c.5ik..Daz.....[.MLugL)...R4-a..!......Q`.....;..].H.......-.`......".c..`. <.....O}.8..K......aGnp.....kr....*..j.W.}.Oa3.u >.].^."...7..`.....C..|.M.....v,/.!&Q.XD.w..g...kP..=..J...j...G.YS?..4X..L...B.. .y..L.6...;..as....C..#e.Y7.U`....q....eB.[>.F..W.Z..|..".J.m..*.!YA..3.h..'.........m@.c....w.W.+6...41D.......v/.'.+..9..`...c....caB......c..*.llT.N.Y.../)...c.j.......fO..x...X....:d..G...R..F....&.wa..YAy.....Y.L`........Z.J..W.^**....K....R..T...!qb.XQ......_P.t...;....s../rM.,..........W.g...._C^..N...`...Z?6..3.K.0.1!.d.=..NM.......$..+.N..E....."....x....S...i..e..Mh..|M.].i...Kh..x:..v...."j8`...8...H..N........U.g.i1..K....i..y.uY2. .O.V.....d`."*a.RX.a.

          C:\ProgramData\Disc-Soft\DAEMON Tools Lite\settings.ini

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
          Category:dropped
          Size (bytes):198
          Entropy (8bit):3.574372945143324
          Encrypted:false
          SSDEEP:
          MD5:2C2F222BAD2BFFCCAA5C60131F421906
          SHA1:D65D04389E98DBE0157984A0124F03BFCD01C947
          SHA-256:1E5E592D7866B8C8217F418F676188D02F6EB65193A3A558FD4F83E1D908892B
          SHA-512:B86F1F2FD9B4627288EBE8C1D6EE78620456AD29AAF0743B5A2E5BDBDF38A52A06F25B995AFAB8CBB19E46D78299E2F222BF078644334B00DC0B2C38574F5F3F
          Malicious:false
          Reputation:unknown
          Preview:......[.I.n.i.].....L.S.A.c.t.i.v.a.t.i.o.n.=.0.....D.e.f.a.u.l.t.L.a.n.g.u.a.g.e.F.i.l.e.P.a.t.h.=.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.D.A.E.M.O.N. .T.o.o.l.s. .L.i.t.e.\.L.a.n.g.\.E.N.U...d.l.l.....

          C:\ProgramData\Microsoft\Windows\Start Menu\DAEMON Tools Lite\DAEMON Tools Lite.lnk

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Thu Apr 18 23:16:29 2024, mtime=Thu Apr 18 23:16:30 2024, atime=Thu Apr 18 23:16:30 2024, length=9367888, window=hide
          Category:dropped
          Size (bytes):846
          Entropy (8bit):4.63872639186358
          Encrypted:false
          SSDEEP:
          MD5:9119168E5A71B19416252048C1BEC653
          SHA1:26ED0D8AFDC25CF9D85BA8600669187E1437F34C
          SHA-256:99FADA607059A3A705087955FC4A1B5C5E55D997354EC52AEC6E8078FBF6ECDB
          SHA-512:97FE726E46D50D52F79862022D096687503A2286ED261BEFFEEF2ADCB1ECEF24D6673DEA063109E0A003D3A0E538BA053CDED1D0E0ED9351821DE511D0E75DD1
          Malicious:false
          Reputation:unknown
          Preview:L..................F.... ...H.a.....h......h.....P...........................P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....l.1......X....DAEMON~1..T......X...X............................t...D.A.E.M.O.N. .T.o.o.l.s. .L.i.t.e.....`.2.P...X.. .DTLite.exe..F......X...X...........................xG..D.T.L.i.t.e...e.x.e.......\...............-.......[.............4......C:\Program Files\DAEMON Tools Lite\DTLite.exe..9.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.D.A.E.M.O.N. .T.o.o.l.s. .L.i.t.e.\.D.T.L.i.t.e...e.x.e.`.......X.......760639...........hT..CrF.f4... ..............%..hT..CrF.f4... ..............%.E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

          C:\Users\Public\Desktop\DAEMON Tools Lite.lnk

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Thu Apr 18 23:16:29 2024, mtime=Thu Apr 18 23:16:33 2024, atime=Thu Apr 18 23:16:30 2024, length=9367888, window=hide
          Category:dropped
          Size (bytes):834
          Entropy (8bit):4.649522816977375
          Encrypted:false
          SSDEEP:
          MD5:9DA3D9FD8818E60B5CCB64D72A0CFB65
          SHA1:F56347F830ECF50830E0A90FCBF7F65A85E71583
          SHA-256:A557F8A0101C25A9B7B075A297FB1E29E7FB8C9ADE6F9337C7D51C8ECDAFCC6D
          SHA-512:4E8A738123480755EB6F815D7ED472E30D2A36589B552F236262F2C68B4A947857F7AF129B9DB49C73D149B6C5CF01F21B9D4F9C764517777C5E8986200F7D1E
          Malicious:false
          Reputation:unknown
          Preview:L..................F.... ...H.a....8.z.....h.....P...........................P.O. .:i.....+00.../C:\.....................1......X....PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....l.1......X....DAEMON~1..T......X...X...............................D.A.E.M.O.N. .T.o.o.l.s. .L.i.t.e.....`.2.P...X.. .DTLite.exe..F......X...X...........................xG..D.T.L.i.t.e...e.x.e.......\...............-.......[.............4......C:\Program Files\DAEMON Tools Lite\DTLite.exe..3.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.D.A.E.M.O.N. .T.o.o.l.s. .L.i.t.e.\.D.T.L.i.t.e...e.x.e.`.......X.......760639...........hT..CrF.f4... ..............%..hT..CrF.f4... ..............%.E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

          C:\Users\user\AppData\Local\Temp\BrightVPNResources\setup.exe

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
          Category:dropped
          Size (bytes):7681448
          Entropy (8bit):7.949582969632694
          Encrypted:false
          SSDEEP:
          MD5:AEC1ACEE129F051BDB15002A3AB10324
          SHA1:BC013FDBD5990FA37E7228B9BBB45EE2E932E8DE
          SHA-256:AFE03DD009EA72FD4EBD6D3B3BB732BD030A287E5D3186A8A4DF98CBAD25A69E
          SHA-512:3C74C2384FA4A5C26F6F332CA61716F9631AD6ED126931ECE945CE3142B1FB863B2A5749E01A634DED3BB471A22A5136662B4980DF77BE54686E14785146D608
          Malicious:true
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L......\.................h...8...@...3............@..........................P#......pu...@..........................................p................t..R...........................................................................................text...'f.......h.................. ..`.rdata...............l..............@..@.data...............................@....ndata...................................rsrc........p......................@..@................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\DTInstallerResources\7z.dll

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):158720
          Entropy (8bit):6.552278125180993
          Encrypted:false
          SSDEEP:
          MD5:AD71A5E3A757AEF0329AEDA567F25A00
          SHA1:97C766D85C9DABFCABD5A983FE165506D227A8AC
          SHA-256:F6B9AE6EAAEDC55DB0E381EC153892C122F1F257ADA80CF242A20BE8A2F117EF
          SHA-512:6852496FB8F59BEA3AE46EFD507D654AE27306D9F4F2F0DC0DB8B03F9F63A3712E075B12F0EBDF6EA88DB081FCA4DD29BE1555584AA70386CCB8297BEEF886EA
          Malicious:true
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          • Antivirus: Virustotal, Detection: 0%, Browse
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B..N.t...t...t..ik...t...h...t..ik...t..ik...t...|...t...t..?t...|...t..0R..At..0R...t....;..t.......t...r...t...T...t..Rich.t..................PE..L....l(\...........!......................................................................@..........................H..{....E..P....................................................................................................................text............................... ..`.rdata..;:.......<..................@..@.data....J...P.......6..............@....sxdata..............8..............@....rsrc................:..............@..@.reloc...............R..............@..B................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\DTInstallerResources\ARA.dll

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):214864
          Entropy (8bit):4.211820412218977
          Encrypted:false
          SSDEEP:
          MD5:A119FE87A395FDE096FDABEDD677BEC8
          SHA1:B6C86732D0D85F923BA831D34E801FFEACA9C5A9
          SHA-256:AC867A95FDB8127B923B8E6BD46901579CC0FAA21F25F3BE18695D707B8D03C8
          SHA-512:6833748B6C03B7403B0745955931FA137847E1012F3F5E8784F0A760014DCFCBB29875A632C3A5D3AF3D37CE63E03D328CB6FC055B6026D8A8D9E54194F8B0F8
          Malicious:true
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          • Antivirus: Virustotal, Detection: 0%, Browse
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5Q=.q0S.q0S.q0S.eO..p0S.eOQ.p0S.Richq0S.................PE..L.....#e...........!...$.....................................................@......}I....@.......................................... ............... ..P'...........................................................................................rdata..............................@..@.rsrc........ ......................@..@......#e........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...2...rsrc$01.....R..8....rsrc$02............................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\DTInstallerResources\BouncyCastle.Crypto.dll

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):2572288
          Entropy (8bit):5.821989355772821
          Encrypted:false
          SSDEEP:
          MD5:3551343FAB213740BBB022E3A6DCF27B
          SHA1:DE67FB4F9D58DB4A860A703C8D1F54FF00FF9B1F
          SHA-256:5530DFF976BC0C889076B97CA695BDB97EF07F63449D32F893ED32398ED8BFE6
          SHA-512:E90F51053E1D4B0EA1F7458229DE92174ABF0781C766290DA4DE5CC8DFCFB730998252BF28B36CA5070978FDCEA8B97F0AEA6A47B875DD34173643AC0CB46C42
          Malicious:true
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          • Antivirus: Virustotal, Detection: 0%, Browse
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....O^...........!......'.. .......,'.. ...@'...@.. ........................'......'.....................................P,'.K....@'.`....................`'...................................................... ............... ..H............text.....'.. ....'................. ..`.rsrc...`....@'...... '.............@..@.reloc.......`'......0'.............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\DTInstallerResources\CHS.dll

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):108880
          Entropy (8bit):6.318912976985265
          Encrypted:false
          SSDEEP:
          MD5:138E31E051E8A269429CE396B64A628E
          SHA1:E861E2EDF90627A7B41C662228B3221DCF5FCF7F
          SHA-256:6302A6A048F73CDB2C3E38E4CB278F114908A6A0C290FFDEF17547D760AE902A
          SHA-512:319BCEC828CFBA7A6398664480C835D531D0FF03D1EC34A338F22B904B22FECCF3D842EFE1F7DD1380471136E1C772D094C04FC229DE8E61E0ED97D798561AE6
          Malicious:true
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          • Antivirus: Virustotal, Detection: 1%, Browse
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5Q=.q0S.q0S.q0S.eO..p0S.eOQ.p0S.Richq0S.................PE..L.....#e...........!...$..................................................................@.......................................... ..(}..............P'...........................................................................................rdata..............................@..@.rsrc...(}... ...~..................@..@......#e........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...2...rsrc$01.....R...J...rsrc$02............................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\DTInstallerResources\CSY.dll

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):236368
          Entropy (8bit):4.0083027647349505
          Encrypted:false
          SSDEEP:
          MD5:01E963EF7C1EADF0A71D52C53D02AB60
          SHA1:6DA6B8E2AC5E852C8CF497C52C200D496F5B969C
          SHA-256:357CE7330767A4F628008C0B0ED41CBD67AD4BF29EDE9C8C1989CA18021790CF
          SHA-512:5F8DC79EB6CE6FAC0FD17805902286D0E11E52C6137F4BADDEC01252FB21CE12F4EBE911AD8FC378ED4E3B5A9D5DFAE7E4DC562AF3EC8901944845C8FB08C902
          Malicious:true
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          • Antivirus: Virustotal, Detection: 0%, Browse
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5Q=.q0S.q0S.q0S.eO..p0S.eOQ.p0S.Richq0S.................PE..L.....#e...........!...$.....r......................................................P.....@.......................................... ...o...........t..P'...........................................................................................rdata..............................@..@.rsrc....o... ...p..................@..@......#e........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...2...rsrc$01.....R...<...rsrc$02............................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\DTInstallerResources\DEU.dll

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):288592
          Entropy (8bit):3.729619829213537
          Encrypted:false
          SSDEEP:
          MD5:6A49C0826374C804ECB0FA9522466F8F
          SHA1:91599805EF575C3A175E4956BCD932044E0CCECE
          SHA-256:E6DD78055449B60A7A7416B39B27C0B880F109EDDF30454EBD30FEA3DA946FAB
          SHA-512:4871036F17A0EEB42848B38A950DE76AB9FEF8AD66A169477A36A6D8B30DB968B4254D1C8721907B79EC12D4F04C27969B5AFA8D69CF166B3DE29FE9F97D67C8
          Malicious:true
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          • Antivirus: Virustotal, Detection: 0%, Browse
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5Q=.q0S.q0S.q0S.eO..p0S.eOQ.p0S.Richq0S.................PE..L.....#e...........!...$.....>...............................................`............@.......................................... ...;...........@..P'...........................................................................................rdata..............................@..@.rsrc....;... ...<..................@..@......#e........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...2...rsrc$01.....R..h....rsrc$02............................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\DTInstallerResources\DotSetupSDK.dll

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):29696
          Entropy (8bit):5.4768044146677495
          Encrypted:false
          SSDEEP:
          MD5:CC261B2FFEDA8BAF4ECB3513AEB454DC
          SHA1:F145A06FE4308D1D6012AA16B1CD77E1ED2CAC7C
          SHA-256:FBC1ECCB3579F03034F84093BE8E4DBE7E4DEE8DA469E917A40ED434FB58066D
          SHA-512:83EBC5E19449FAAD62F9DB91D4E231CD965924F1BA93A9F8A3A40DFCF909FFCCA6CFD2A9BD71A4D663EB931694456E16F2D89AA8081EA99576C79704EEFB9CF8
          Malicious:true
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 8%
          • Antivirus: Virustotal, Detection: 16%, Browse
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...9~.d...........!.....h............... ........... ....................................@.............................(...<...O.................................................................................... ............... ..H............text....f... ...h.................. ..`.sdata..]............l..............@....rsrc................n..............@..@.reloc...............r..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\DTInstallerResources\ENU.dll

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):230736
          Entropy (8bit):3.782387857209472
          Encrypted:false
          SSDEEP:
          MD5:48C3527B4D2D0DAB80EC92734C69B5BA
          SHA1:63DBA0182E2BE6E5E567887FED5E96DA4C7B26C7
          SHA-256:1DF3486EDDA2ECED09F56CB78116A8C0FBE87346451627FB9577454B9DA0BDF5
          SHA-512:8E730E98C42964D473D2246A76CB66CF083078FA2B1B2A4BE6A2E6D03E86324D0D88661A1D56E4D13DD092E4AA32D0588C887D26D56B870D5E8291CD118036A3
          Malicious:true
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          • Antivirus: Virustotal, Detection: 0%, Browse
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5Q=.q0S.q0S.q0S.eO..p0S.eOQ.p0S.Richq0S.................PE..L.....#e...........!...$.....\............................................................@.......................................... ...Y...........^..P'...........................................................................................rdata..............................@..@.rsrc....Y... ...Z..................@..@......#e........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...2...rsrc$01.....R..@'...rsrc$02............................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\DTInstallerResources\ESN.dll

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):276816
          Entropy (8bit):3.6699925419011015
          Encrypted:false
          SSDEEP:
          MD5:1A11198EE0D6A30F289E6B1DFA41FF2D
          SHA1:58E6E6B958BF3544EC19C402C45C791F9F835623
          SHA-256:F0B37AB74AE14F91B337121BC2F31C33D0DA44B6B6ACE2F3FB90FE6A45F757E9
          SHA-512:3A0CB54FA0644603EAD6F1D8307ABE37838505C6C2065FD05015D58E0028BF341252AD50026F655E84962D4E7C2CB811F1B0D506C33740B5BC37DBA0DA9AAE11
          Malicious:true
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          • Antivirus: Virustotal, Detection: 0%, Browse
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5Q=.q0S.q0S.q0S.eO..p0S.eOQ.p0S.Richq0S.................PE..L.....#e...........!...$.....................................................0............@.......................................... ..................P'...........................................................................................rdata..............................@..@.rsrc........ ......................@..@......#e........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...2...rsrc$01.....R.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\DTInstallerResources\FIN.dll

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):246096
          Entropy (8bit):3.736003904885438
          Encrypted:false
          SSDEEP:
          MD5:41473B6A9A3A24D099F6E1C5EFC0921C
          SHA1:27639756FFC69C9BA84E522BE2C07E61DF3FB244
          SHA-256:A5E3E24C786B70E31B2B706ABF857768839DDD33F9DF0DE468FF6E755B046C1A
          SHA-512:6799FB4C4939CC64A6513F59FAC8F86D562DD8167800FE3F15CC697CFDD16F5B2BAA15AC3AE4791E97C624943E4A4B7C9B2E9504DCDB05B287FCDED01760549B
          Malicious:true
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          • Antivirus: Virustotal, Detection: 0%, Browse
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5Q=.q0S.q0S.q0S.eO..p0S.eOQ.p0S.Richq0S.................PE..L.....#e...........!...$............................................................!.....@.......................................... ..`...............P'...........................................................................................rdata..............................@..@.rsrc...`.... ......................@..@......#e........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...2...rsrc$01.....R...b...rsrc$02............................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\DTInstallerResources\FRA.dll

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):282960
          Entropy (8bit):3.69619561965716
          Encrypted:false
          SSDEEP:
          MD5:8E78F915804131D09BCAAEDDB4CD45CB
          SHA1:EC0E911F3042D0FBF452C89C2DB99100445A4F3A
          SHA-256:1099C996D2CE4626C65CE2CAAABE82D65E74BE87BB130955082DD0CBC58A7DAF
          SHA-512:FFBD15B9D1AFBEB0BA78534F71569677E1F1FC91BFA25AD75EF041A8EB288C0F9443CAEF16FE10C2A71010526D74ADF667E36503340CA4C7ED6A2334C54115C8
          Malicious:true
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          • Antivirus: Virustotal, Detection: 1%, Browse
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5Q=.q0S.q0S.q0S.eO..p0S.eOQ.p0S.Richq0S.................PE..L.....#e...........!...$.....(...............................................P...........@.......................................... ..(%...........*..P'...........................................................................................rdata..............................@..@.rsrc...(%... ...&..................@..@......#e........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...2...rsrc$01.....R.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\DTInstallerResources\HEB.dll

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):197968
          Entropy (8bit):4.382986231806683
          Encrypted:false
          SSDEEP:
          MD5:B276F6B2E62F6865E00E15293373794E
          SHA1:108C031892E6E62E4BEF7585429491B6C683D432
          SHA-256:124671B18FDA10C0E76C82E40D8E60CAD85AFB573595DF0D4925EBC8817E1CCD
          SHA-512:140643CFCA8C64571A0F2DC3A22A25473AF6440A860B5E61756EAFA5613FFBB3323E096DB231FA410510F1EAF27B99769008CDDDCC712BC722F3921B4FCE93F6
          Malicious:true
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          • Antivirus: Virustotal, Detection: 0%, Browse
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5Q=.q0S.q0S.q0S.eO..p0S.eOQ.p0S.Richq0S.................PE..L.....#e...........!...$..................................................................@.......................................... ..................P'...........................................................................................rdata..............................@..@.rsrc........ ......................@..@......#e........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...2...rsrc$01.....R.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\DTInstallerResources\HUN.dll

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):249168
          Entropy (8bit):3.9147196036891705
          Encrypted:false
          SSDEEP:
          MD5:FB988CE4249E0673802248971228CE9E
          SHA1:878C0FFB1679F3D3A43A009D22837DF71CCBADD2
          SHA-256:A6D0C943E1021C0E590F633AF59855781488D4D8DFCE7A4CB4F0702433AD02FE
          SHA-512:FF580031B9FF8C9CAD4750151ADA03075ACE5FDBF84A3EC66393EE98A7B507AE82D3B52B8B035E0827507834711ED7E3AF34A8D0AF5A1A77F4687F365BDDAD41
          Malicious:true
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          • Antivirus: Virustotal, Detection: 1%, Browse
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5Q=.q0S.q0S.q0S.eO..p0S.eOQ.p0S.Richq0S.................PE..L.....#e...........!...$............................................................s3....@.......................................... ..h...............P'...........................................................................................rdata..............................@..@.rsrc...h.... ......................@..@......#e........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...2...rsrc$01.....R...n...rsrc$02............................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\DTInstallerResources\HYE.dll

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):236880
          Entropy (8bit):4.351106095479152
          Encrypted:false
          SSDEEP:
          MD5:24ED269A4472865170B937851AF61F66
          SHA1:71488D7AAE9A9086A189CA35540744B928D4D3BA
          SHA-256:078499B1540A48605F2E4A80523C603C48FFC411A91ADB39F5FA19225D3A9ADF
          SHA-512:F8D6A63638D6D68BBABDEF1D2A6FCB6974624DD4D9AA47AF24464E411B14DB00AD52439F2E8DFAB48845735F4B5649B04F199E30B77FC0555CA06432AC4F08A8
          Malicious:true
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          • Antivirus: Virustotal, Detection: 0%, Browse
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5Q=.q0S.q0S.q0S.eO..p0S.eOQ.p0S.Richq0S.................PE..L.....#e...........!...$.....t......................................................N.....@.......................................... ...p...........v..P'...........................................................................................rdata..............................@..@.rsrc....p... ...r..................@..@......#e........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...2...rsrc$01.....R..X>...rsrc$02............................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\DTInstallerResources\ITA.dll

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):274768
          Entropy (8bit):3.670764158768169
          Encrypted:false
          SSDEEP:
          MD5:C17BCC47F6D38909ECDBC148A29EDBD8
          SHA1:DE25D31CE8C23AFD1063842210B258C042A00217
          SHA-256:0E826F68CA395B30DE8B0B443A4F50B4D770CD7BE80A08E4B2C24F9053D392C2
          SHA-512:AAA9BCF187F4294EFBBEA6A077C0EC88F02BA7CA01C87DA914D3E0F7B4781E003AD96C620CF6A68D0597DF7A58ED7BBF5D4C6367889C26CA60406C8B08FD31E4
          Malicious:true
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          • Antivirus: Virustotal, Detection: 0%, Browse
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5Q=.q0S.q0S.q0S.eO..p0S.eOQ.p0S.Richq0S.................PE..L.....#e...........!...$.....................................................0.......E....@.......................................... ..................P'...........................................................................................rdata..............................@..@.rsrc........ ......................@..@......#e........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...2...rsrc$01.....R..0....rsrc$02............................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\DTInstallerResources\JPN.dll

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):155472
          Entropy (8bit):5.546993808397
          Encrypted:false
          SSDEEP:
          MD5:2EBF4A3367FC891D60EB058C3707D189
          SHA1:D7E2A8F685AD43CB606953BF25A8541D69194DD4
          SHA-256:97DCDC205E6537D867796CC7B45D87B7A79AC2EB17ED97377020987B3C64A6A3
          SHA-512:0701D88D5F5DDE94BBEA102E01A5BC0AE2C9FCB5D487E68EF4AB99485E176B9F8F1F2C70A7E76F9F6513FC30B64876C635CA67B3452AF402562F5AE5EA2352C2
          Malicious:true
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          • Antivirus: Virustotal, Detection: 0%, Browse
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5Q=.q0S.q0S.q0S.eO..p0S.eOQ.p0S.Richq0S.................PE..L.....#e...........!...$.....6...............................................`......M<....@.......................................... ..(2...........8..P'...........................................................................................rdata..............................@..@.rsrc...(2... ...4..................@..@......#e........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...2...rsrc$01.....R.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\DTInstallerResources\KOR.dll

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):143184
          Entropy (8bit):5.814545954776753
          Encrypted:false
          SSDEEP:
          MD5:FBDD8B1966D66CCCDA3FF1267CD91054
          SHA1:59CBCA7ED43B38100A6A0989B106F77E6AC06795
          SHA-256:ECB64D4AF71C2649B943AC74554220584187FE24023C9660E4A07141A78DAF34
          SHA-512:80B085D075F200656593BCA579580138A74B8B08021D9FBD37AE4F9283A1E3E65731C0173697A2CE3BDF80853AB20A5355906AA7750601794F6FFFFEB6B061CA
          Malicious:true
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          • Antivirus: Virustotal, Detection: 0%, Browse
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5Q=.q0S.q0S.q0S.eO..p0S.eOQ.p0S.Richq0S.................PE..L.....#e...........!...$.....................................................0............@.......................................... ..................P'...........................................................................................rdata..............................@..@.rsrc........ ......................@..@......#e........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...2...rsrc$01.....R..h....rsrc$02............................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\DTInstallerResources\LVI.dll

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):252240
          Entropy (8bit):3.921940181236388
          Encrypted:false
          SSDEEP:
          MD5:23E59C9710DC2432E0B0105EF6182E91
          SHA1:091D933DA3DF66B2EF02C078D376744FFDF00CA8
          SHA-256:DB3B065C4FC1C8BFDB4DCAEBCBD49709835CD62F00608D38E8DCF8B03B907A05
          SHA-512:B8C50234336FDE9CC14722119CC4E0CC36C3E92F2F9170FFD069AD11FD2C3DCD9D58C3BC79EDA5DB31D44B8938AEF7FDCD4F39DD72F6575B3D3CA877349AFAA4
          Malicious:true
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          • Antivirus: Virustotal, Detection: 0%, Browse
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5Q=.q0S.q0S.q0S.eO..p0S.eOQ.p0S.Richq0S.................PE..L.....#e...........!...$.............................................................=....@.......................................... ..................P'...........................................................................................rdata..............................@..@.rsrc........ ......................@..@......#e........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...2...rsrc$01.....R..xy...rsrc$02............................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\DTInstallerResources\PLK.dll

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):255824
          Entropy (8bit):3.966729067973657
          Encrypted:false
          SSDEEP:
          MD5:96EAE75265CF75AA58EA47E4894AD34D
          SHA1:0E33B0E92C40BA81B1AFF96B9552A859E7AB5A78
          SHA-256:8683412FF407CFE8AAA061BE21F908000470F84317B28F23B34BA7F50EA6E39A
          SHA-512:1A8ADDBD3F0C0CCAEC31C3682DF9E6622B866906767BC49C044E80C729DA3D695F242B1CBBCD0CA4A01D6911C43A62F1F448C3B1A0D8D1924102A59F7311DE9E
          Malicious:true
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          • Antivirus: Virustotal, Detection: 0%, Browse
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5Q=.q0S.q0S.q0S.eO..p0S.eOQ.p0S.Richq0S.................PE..L.....#e...........!...$..................................................................@.......................................... ..................P'...........................................................................................rdata..............................@..@.rsrc........ ......................@..@......#e........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...2...rsrc$01.....R..x....rsrc$02............................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\DTInstallerResources\PTB.dll

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):264528
          Entropy (8bit):3.730982614236115
          Encrypted:false
          SSDEEP:
          MD5:6A3E83A087D836C83F1A1D747B81187B
          SHA1:75FE70A2E3F62B9CDEB768EB0BEEBEF7E536B607
          SHA-256:1D62990C8DCB5F194B4818E7A35F709A7370DFD2F16DA358D22CFDC29350D48A
          SHA-512:7476D04B8418DD3B472F91B0AAC49D4FF7498C18D79788C5FBC1767F75E6F351C5FE56B9097300E8B62ECD03E55724A3E33FEF40614EBAECF402C0340BD05B9A
          Malicious:true
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          • Antivirus: Virustotal, Detection: 0%, Browse
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5Q=.q0S.q0S.q0S.eO..p0S.eOQ.p0S.Richq0S.................PE..L.....#e...........!...$..................................................................@.......................................... ..................P'...........................................................................................rdata..............................@..@.rsrc........ ......................@..@......#e........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...2...rsrc$01.....R..X....rsrc$02............................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\DTInstallerResources\PTP.dll

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):272720
          Entropy (8bit):3.7167773028883855
          Encrypted:false
          SSDEEP:
          MD5:E5A073F2884745F7473D28882F85C01A
          SHA1:39AD87E18FB84B9B8E1C571BC773181706E50204
          SHA-256:FFADD9F24CA6C5C499C785856ABC96DD8F8A258A0B70EDF9F3AE281B6B5C3E74
          SHA-512:E96A11A0C5A6C6305A122D69DAA1C06FF091CBC640C342AB43C073B21184B6D5790F8B9A83DD14284971192FBC807A41137CFB58B9878A1BA4798F14F10A2AA6
          Malicious:true
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5Q=.q0S.q0S.q0S.eO..p0S.eOQ.p0S.Richq0S.................PE..L.....#e...........!...$..................................................... .......I....@.......................................... ..x...............P'...........................................................................................rdata..............................@..@.rsrc...x.... ......................@..@......#e........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...2...rsrc$01.....R.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\DTInstallerResources\RUS.dll

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):260432
          Entropy (8bit):4.269358152040156
          Encrypted:false
          SSDEEP:
          MD5:B8A5A505BF9834EC29F97FE497C381E3
          SHA1:AD2899C71DF3C1228B3C6BB38310738DA5EA5FB6
          SHA-256:0867D562ACE2992A989110A73A4E17E3867C3AB017D1FF2295B9F687826495E8
          SHA-512:14D4FD9EE02D8AB24BB3401A7C41258673721F5A3558C0D4D6C577D56B62B9DB256FD82CA93D08F73D82B98DF85BA3F53B6C14F12F12DA45ECA8DEC3526B57AB
          Malicious:true
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5Q=.q0S.q0S.q0S.eO..p0S.eOQ.p0S.Richq0S.................PE..L.....#e...........!...$.................................................................@.......................................... ..0...............P'...........................................................................................rdata..............................@..@.rsrc...0.... ......................@..@......#e........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...2...rsrc$01.....R.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\DTInstallerResources\TRK.dll

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):251216
          Entropy (8bit):3.9625535803269227
          Encrypted:false
          SSDEEP:
          MD5:24D9FFF8D37C2CC53FCF0D8CAA3AA9FC
          SHA1:BD80CF0F4119D45AFEE89A151CB7034D0986B72E
          SHA-256:9F6942E633FF657F4196777A09969B770880A30CA8A55B4E921658D1673F6948
          SHA-512:9BF20FC6F5FF69B73B2F8432E60F751496A86BC80762B9BB270E4C9E354A32BD9BBCABDEA1C667131F0BC6CD32D3183854A8620D360BDA2A3DAA65590A48229E
          Malicious:true
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5Q=.q0S.q0S.q0S.eO..p0S.eOQ.p0S.Richq0S.................PE..L.....#e...........!...$..................................................................@.......................................... ..0...............P'...........................................................................................rdata..............................@..@.rsrc...0.... ......................@..@......#e........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...2...rsrc$01.....R...v...rsrc$02............................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\DTInstallerResources\UKR.dll

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):260944
          Entropy (8bit):4.280608189918947
          Encrypted:false
          SSDEEP:
          MD5:95BE27F5D71F913D939C55C1A576D138
          SHA1:036B363FF6B5BAB22235F9BBC851C95A5A176CBA
          SHA-256:024DA1B016B16839E84A9AF5CFCE14BAA7B8999595231B098E4EC14B7BA7658E
          SHA-512:5D56505C6FE4520EE4CF98C18BD93E0B65EDC548863642211E5A30BB6F202DEB85459456DB520117FFD02F758A1E495E1C9287E8FBFBD1F57474D718758322A7
          Malicious:true
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5Q=.q0S.q0S.q0S.eO..p0S.eOQ.p0S.Richq0S.................PE..L.....#e...........!...$.............................................................&....@.......................................... ..P...............P'...........................................................................................rdata..............................@..@.rsrc...P.... ......................@..@......#e........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...2...rsrc$01.....R.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\DTInstallerResources\setuphlp.dll

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):4814160
          Entropy (8bit):6.805913788932649
          Encrypted:false
          SSDEEP:
          MD5:9825F1DFAA07A01B48950A17E476E10C
          SHA1:BFEDC905E37E85529C09CC9ECD5F6DC637439EF1
          SHA-256:0C21F30ADA2125A9AF17F82FBD2B0711FBB769535854E0AED281B826A05C4B2C
          SHA-512:102A42F38B3925E1393F198A3DC9BFDDDD601D670E872D7F05040134BC9337F3A1CCC4E502D8BE82B995120787BE34192670222AD31D5D772A6B9A9CB213D8AD
          Malicious:true
          Reputation:unknown
          Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$...........P.}.P.}.P.}...~.O.}...x...}...|.R.}...y.{.}.Y..R.}...{.R.}...y.B.}...~.K.}...x...}.P.|.B.}...|.c.}.D.t.~.}.D.y.D.}.D.x...}.D.}.Q.}.D...Q.}.P..T.}.D...Q.}.RichP.}.........PE..L.....#e...........!...$.L-.........?.........$...............................J.....2\J...@.........................0.+.......+......@:.............NI.P'....7.....A).T....................A).......(.@.............$.....D.+.@....................text.....#.......#................. ..`.rdata........$.......#.............@..@.data....(....+.......+.............@....text0.. `... ...b....,.............`..`.reloc.......7.......5.............@..@.rsrc.......@:.......8.............@..@................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\DTInstallerResources\sptdintf.dll

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):51232
          Entropy (8bit):7.020595533923927
          Encrypted:false
          SSDEEP:
          MD5:3862C98F3676F3FD8BF4759DB17CF273
          SHA1:8CE5CA251376345220FA502930E4339CFBD7721D
          SHA-256:1C7D5E42FF3BC5E1A0ECD01FA68633DC67515B3A06E660FCD2D22D6EA436A6F1
          SHA-512:1836A39AD1BF17E086836298323CC36538174D991AA2E9EE4FD8B4594E88AAD1723FD875501F2E256E2B358FC88A84CD564B5BEF79ECA2B51AF4880C9646F396
          Malicious:true
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A................R...............!..............................>............Rich....................PE..L...I..V...........!.........................@......................................8.....@.........................@@..|....A..(.......\............... 4......D... @...............................................@...............................text............................... ..`.stext..@....0...................... ....rdata..z....@......................@..@.data...4....P....... ..............@....vmp0....Z...`...\...".............. ..`.reloc..D............~..............@..@.rsrc...............................@..@................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe

          Download File
          Process:C:\Users\user\Desktop\DTLite1200-2126.exe
          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):48795472
          Entropy (8bit):7.995931618604886
          Encrypted:true
          SSDEEP:
          MD5:2D662D8F9A404CC76334BD6F8E03B22C
          SHA1:A4973801B91866E1E7BF72FF24E89204AA99E6AD
          SHA-256:3B25857FA82876DADB8CB456806F7755EC851A76FF7DA64B5E2B48D8508D39BB
          SHA-512:200CB9899CE27F5CC2F2571B31C0D9CAABD581845A2C4395A300977407A9DA58B4A78AF31121E13CFBF113AB7F280476BECFDA02B9F0F275F4870FBEF2ED5469
          Malicious:true
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....#e..............0.................. ........@.. ...............................:....`.................................<...O.......4............h..P'........................................................... ............... ..H............text...@.... ...................... ..`.rsrc...4...........................@..@.reloc...............f..............@..B................p.......H........g...?......>......0.............................................{/...*..{0...*V.(1.....}/.....}0...*...0..A........u........4.,/(2....{/....{/...o3...,.(4....{0....{0...o5...*.*.*. ..!. )UU.Z(2....{/...o6...X )UU.Z(4....{0...o7...X*...0..b........r...p......%..{/......%q.........-.&.+.......o8....%..{0......%q.........-.&.+.......o8....(9...*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(1...*>. 4......(:...*2......o;...*:........o<...*...0..

          C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe.config

          Download File
          Process:C:\Users\user\Desktop\DTLite1200-2126.exe
          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):186
          Entropy (8bit):4.942919098144707
          Encrypted:false
          SSDEEP:
          MD5:B51C130A957051BA9FB2245BF76FB6F6
          SHA1:42181E5745DAAB2A0E8CF87693142828306F9BDA
          SHA-256:7921098E47E894412FDFD0CAFE0F88CC68497740998EAC17C68C00129069D803
          SHA-512:FA2AC3EFF5D51AEA7ACC9CF6AA018A77FAE295D55C5BF808C9D7048C801BAF4626568F00FB001A9F2780C46DCE294482CFEB3045AABE139DDC557C0D3BC11640
          Malicious:false
          Reputation:unknown
          Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup> .. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.7.2"/>.. </startup>..</configuration>..

          C:\Users\user\AppData\Local\Temp\{61b2a228-9030-a742-87fe-0942fcb33003}\SET526E.tmp

          Download File
          Process:C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
          File Type:data
          Category:dropped
          Size (bytes):10778
          Entropy (8bit):7.222382118330689
          Encrypted:false
          SSDEEP:
          MD5:B88C742D87A353C2AE2A26575E15A12E
          SHA1:6E1399D98B33146765684B8FDA1A657200C9071C
          SHA-256:DDA7D95B6F10A65D4F3F1C30B603AE0A7D6ECA5832ECBB7D0AD2BB149B4B5C6E
          SHA-512:03D69FA6F3A30A2D00101C427A731EACB1723B54C23739A92F8CB616C4B71EB81A0CB795340B0D9D796CF085AAD207DDDCEE6F1D375D6CAF38B98D9A79BDDB70
          Malicious:false
          Reputation:unknown
          Preview:0.*...*.H........*.0.*....1.0...`.H.e......0.....+.....7.....q0..m0...+.....7........M.S%O....G....210726185602Z0...+.....7.....0..x0.....Z..9|Y...n).d..Z..1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0D..+.....7...1604...F.i.l.e......."d.t.l.i.t.e.u.s.b.b.u.s...s.y.s...0.... ..-....vo......`....~.v...0gr)1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0D..+.....7...1604...F.i.l.e......."d.t.l.i.t.e.u.s.b.b.u.s...s.y.s...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... ..-....vo......`....~.v...0gr)0.......@.....95I....U:.61..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0D..+.....7...1604...F.i.l.e......."d.t.l.i.t.e.u.s.b.b.u.s...i.n.f...0.... .&...t@.S.RNV...p`w..D.......t.1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0D..+.....7...1604...F.i.l.e......."d.t.l.i.t.e.u.s.b.b.u.s...i.n.f...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... .&...t@.S.R

          C:\Users\user\AppData\Local\Temp\{61b2a228-9030-a742-87fe-0942fcb33003}\dtliteusbbus.cat (copy)

          Download File
          Process:C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:B88C742D87A353C2AE2A26575E15A12E
          SHA1:6E1399D98B33146765684B8FDA1A657200C9071C
          SHA-256:DDA7D95B6F10A65D4F3F1C30B603AE0A7D6ECA5832ECBB7D0AD2BB149B4B5C6E
          SHA-512:03D69FA6F3A30A2D00101C427A731EACB1723B54C23739A92F8CB616C4B71EB81A0CB795340B0D9D796CF085AAD207DDDCEE6F1D375D6CAF38B98D9A79BDDB70
          Malicious:false
          Reputation:unknown
          Preview:0.*...*.H........*.0.*....1.0...`.H.e......0.....+.....7.....q0..m0...+.....7........M.S%O....G....210726185602Z0...+.....7.....0..x0.....Z..9|Y...n).d..Z..1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0D..+.....7...1604...F.i.l.e......."d.t.l.i.t.e.u.s.b.b.u.s...s.y.s...0.... ..-....vo......`....~.v...0gr)1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0D..+.....7...1604...F.i.l.e......."d.t.l.i.t.e.u.s.b.b.u.s...s.y.s...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... ..-....vo......`....~.v...0gr)0.......@.....95I....U:.61..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0D..+.....7...1604...F.i.l.e......."d.t.l.i.t.e.u.s.b.b.u.s...i.n.f...0.... .&...t@.S.RNV...p`w..D.......t.1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0D..+.....7...1604...F.i.l.e......."d.t.l.i.t.e.u.s.b.b.u.s...i.n.f...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... .&...t@.S.R

          C:\Users\user\AppData\Local\Temp\~DFE43E68E5263853D1.TMP

          Download File
          Process:C:\Users\user\AppData\Local\Temp\DT_INSTALL_TMP\DTInstaller.exe
          File Type:Composite Document File V2 Document, Cannot read section info
          Category:dropped
          Size (bytes):46592
          Entropy (8bit):6.400783353080994
          Encrypted:false
          SSDEEP:
          MD5:08B003E30EBFFE739C179047B3771BC9
          SHA1:684CAAE9BB352757A4D5ED7C5301F4DCE533FB40
          SHA-256:0AA3AB447A980028772B0FD7363E9F1C570EBB384DB33AA1B88E45F327B5958A
          SHA-512:914E18D71D569A31BD8D94F20EB1F586456137F4D489727E4D80A2B5A734679E80F1E36BE7BC94C1C2B976F641B88C1CEBC8798A5F76A6E231D81B12ADD9ACEA
          Malicious:false
          Reputation:unknown
          Preview:......................>...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................%...........................*................... ...!..."...#...$...&...6...'...(...)...+...:...,...-......./...0...1...2...3...4...5...7...I...8...9...;...H...<...=...>...?...@...A...B...C...D...E...F...G...J...V.......K...L...M...N...O...P...Q...R...S...T...U...W.......X...Y.......................................................................................................................................

          C:\Windows\INF\oem5.inf

          Download File
          Process:C:\Windows\System32\drvinst.exe
          File Type:Windows setup INFormation
          Category:dropped
          Size (bytes):1092
          Entropy (8bit):5.382483732545899
          Encrypted:false
          SSDEEP:
          MD5:41231A8B97AFBFB28A4A85311506A321
          SHA1:8EBA9D4008B6980A8E393549C8E1FF87553A1636
          SHA-256:BB26DA15FB7440DF53CF524E5601F4D37060778DC6BC4415FFEA0C87BE177485
          SHA-512:FE48D167F6795A8D4163E733630ED43D770AA0980D2BD88B28DE8004E61F4D4D63AE40130B58488078FA2577AA7BA35DF87758B26BB12EB565B6DEA907C56753
          Malicious:false
          Reputation:unknown
          Preview:[Version]..signature = "$WINDOWS NT$"..Class = USB..ClassGUID = {36FC9E60-C465-11CF-8056-444553540000}..Provider = %DiscSoft%..DriverVer = 07/25/2021,3.06.0.0..CatalogFile = dtliteusbbus.cat....[DestinationDirs]..DefaultDestDir = 12....[SourceDisksNames.amd64]..1 = %DisplayName%....[SourceDisksFiles]..dtliteusbbus.sys = 1....[Manufacturer]..%DiscSoft% = DiscSoft, NTamd64....[DiscSoft.NTamd64]..%DisplayName% = Install, root\dtliteusbbus....[Install.NTamd64]..CopyFiles = Drivers_Dir....[Install.NTamd64.HW]..AddReg = Security_Reg....[Security_Reg]..HKR,,DeviceCharacteristics,0x10001,0x0100..HKR,,Security,,"D:P(A;;GA;;;SY)(A;;GA;;;BA)"....[Install.NTamd64.Services]..AddService = dtliteusbbus, 2, Service_Inst....[Service_Inst]..DisplayName = %DisplayName%..Description = %Description%..ServiceType = 1..StartType = 3..ErrorControl = 1..ServiceBinary = %12%\dtliteusbbus.sys....[Drivers_Dir]..dtliteusbbus.sys....[Strings]..DisplayName = "DAEMON Tools Lite Virtual U

          C:\Windows\INF\setupapi.dev.log

          Download File
          Process:C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
          File Type:Generic INItialization configuration [BeginLog]
          Category:dropped
          Size (bytes):2516081
          Entropy (8bit):5.219998140517523
          Encrypted:false
          SSDEEP:
          MD5:F8BB3306B3CBE7714C8C4C2DF28BAB3C
          SHA1:F8D398C59EFB62043FA2F92DACBACA909243C02B
          SHA-256:546F6CB535E3A3E5CD2B70C4D78E690F5DC99663272D16A65BB0CE39CED3F2E1
          SHA-512:57BAE24B60B94C828EE0C6635E23ED60B70A2CA88CC69C0B103140464008EA86B7AAF55B8501E57AA92FDB20347C20E2AF9D22B4AA233A33843F07CD9E5EC021
          Malicious:false
          Reputation:unknown
          Preview:[Device Install Log].. OS Version = 10.0.19045.. Service Pack = 0.0.. Suite = 0x0100.. ProductType = 1.. Architecture = amd64....[BeginLog]....[Boot Session: 2023/10/03 09:57:02.288]....>>> [Setup Import Driver Package - C:\Windows\system32\spool\tools\Microsoft Print To PDF\prnms009.Inf]..>>> Section start 2023/10/03 09:57:37.904.. cmd: C:\Windows\System32\spoolsv.exe.. inf: Provider: Microsoft.. inf: Class GUID: {4D36E979-E325-11CE-BFC1-08002BE10318}.. inf: Driver Version: 06/21/2006,10.0.19041.1806.. inf: Catalog File: prnms009.cat.. ump: Import flags: 0x0000000D.. pol: {Driver package policy check} 09:57:37.920.. pol: {Driver package policy check - exit(0x00000000)} 09:57:37.920.. sto: {Stage Driver Package: C:\Windows\system32\spool\tools\Microsoft Print To PDF\prnms009.Inf} 09:57:37.920.. inf: {Query Configurability: C:\Windows\system32\spool\tools\Microsoft Print To PDF\prnms009.Inf} 09:57:37.920.. inf:

          C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log

          Download File
          Process:C:\Program Files\Windows Defender\MpCmdRun.exe
          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
          Category:modified
          Size (bytes):4926
          Entropy (8bit):3.245364911011215
          Encrypted:false
          SSDEEP:
          MD5:07FAA3047908A7C2115C255D6402D9BB
          SHA1:7A242063505155AB4B149E5932FFAB658A05C76F
          SHA-256:765760ECD750AAF1774C1BE31B99E4A1435005750AA68521820EC31A89FBE855
          SHA-512:8D2F1157F467B9A0CF0B8D2695B0E136FC4CBB5D14B4CB4BAC527FBD0A85EB32066B9994179D84AD99F700ACF19CD5E2A171F43105A64C7D6F40ED22937B8240
          Malicious:false
          Reputation:unknown
          Preview:..........-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.....M.p.C.m.d.R.u.n.:. .C.o.m.m.a.n.d. .L.i.n.e.:. .".C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.\.m.p.c.m.d.r.u.n...e.x.e.". .-.w.d.e.n.a.b.l.e..... .S.t.a.r.t. .T.i.m.e.:. .. F.r.i. .. O.c.t. .. 0.6. .. 2.0.2.3. .1.1.:.3.5.:.2.9.........M.p.E.n.s.u.r.e.P.r.o.c.e.s.s.M.i.t.i.g.a.t.i.o.n.P.o.l.i.c.y.:. .h.r. .=. .0.x.1.....W.D.E.n.a.b.l.e.....*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*. .W.S.C. .S.t.a.t.e. .I.n.f.o. .*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.....*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*. .A.n.t.i.V.i.r.u.s.P.r.o.d.u.c.t. .*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.....d.i.s.p.l.a.y.N.a.m.e. .=. .[.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.].....p.a.t.h.T.o.S.i.g.n.e.d.P.r.o.d.u.c.t.E.x.e. .=. .[.w.i.n.d.o.w.s.d.

          C:\Windows\System32\DriverStore\Temp\{3b4f7933-ad24-274e-9e1c-bd2fb7fb3a0d}\SET5B3.tmp

          Download File
          Process:C:\Windows\System32\drvinst.exe
          File Type:Windows setup INFormation
          Category:dropped
          Size (bytes):1138
          Entropy (8bit):5.3631783514286155
          Encrypted:false
          SSDEEP:
          MD5:3D5C289FDE3AE2B2B643933544A37557
          SHA1:46D274F9205D0C4D7912A75CB65377844B16B03D
          SHA-256:FC8509854337242C4F3B55907DCE9A5A53DD175D166B82C4B2E8EBF67A4D1DF4
          SHA-512:9AB0C90D64E7DF0E35AE11AD16E9F32B90892556EF62FC59131C43BAD2576341D818D4EDF3B4DEF346C1F21BD305D63B047C61F4A40016FA4ABC52C7264EDD4C
          Malicious:false
          Reputation:unknown
          Preview:[Version]..signature = "$WINDOWS NT$"..Class = SCSIAdapter..ClassGUID = {4D36E97B-E325-11CE-BFC1-08002BE10318}..Provider = %DiscSoft%..DriverVer=11/13/2018,5.29.0.0..CatalogFile = dtlitescsibus.cat....[DestinationDirs]..DefaultDestDir = 12....[SourceDisksNames.amd64]..1 = %DisplayName%....[SourceDisksFiles]..dtlitescsibus.sys = 1....[Manufacturer]..%DiscSoft% = DiscSoft, NTamd64....[DiscSoft.NTamd64]..%DisplayName% = Install, root\dtlitescsibus....[Install.NTamd64]..CopyFiles = Drivers_Dir....[Install.NTamd64.HW]..AddReg = Security_Reg....[Security_Reg]..HKR,,DeviceCharacteristics,0x10001,0x0100..HKR,,Security,,"D:P(A;;GA;;;SY)(A;;GA;;;BA)"....[Install.NTamd64.Services]..AddService = dtlitescsibus, 2, Service_Inst....[Service_Inst]..DisplayName = %DisplayName%..Description = %Description%..ServiceType = 1..StartType = 3..ErrorControl = 1..ServiceBinary = %12%\dtlitescsibus.sys..LoadOrderGroup = SCSI Miniport....[Drivers_Dir]..dtlitescsibus.sys....[Strings]

          C:\Windows\System32\DriverStore\Temp\{3b4f7933-ad24-274e-9e1c-bd2fb7fb3a0d}\dtlitescsibus.inf (copy)

          Download File
          Process:C:\Windows\System32\drvinst.exe
          File Type:Windows setup INFormation
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:3D5C289FDE3AE2B2B643933544A37557
          SHA1:46D274F9205D0C4D7912A75CB65377844B16B03D
          SHA-256:FC8509854337242C4F3B55907DCE9A5A53DD175D166B82C4B2E8EBF67A4D1DF4
          SHA-512:9AB0C90D64E7DF0E35AE11AD16E9F32B90892556EF62FC59131C43BAD2576341D818D4EDF3B4DEF346C1F21BD305D63B047C61F4A40016FA4ABC52C7264EDD4C
          Malicious:false
          Reputation:unknown
          Preview:[Version]..signature = "$WINDOWS NT$"..Class = SCSIAdapter..ClassGUID = {4D36E97B-E325-11CE-BFC1-08002BE10318}..Provider = %DiscSoft%..DriverVer=11/13/2018,5.29.0.0..CatalogFile = dtlitescsibus.cat....[DestinationDirs]..DefaultDestDir = 12....[SourceDisksNames.amd64]..1 = %DisplayName%....[SourceDisksFiles]..dtlitescsibus.sys = 1....[Manufacturer]..%DiscSoft% = DiscSoft, NTamd64....[DiscSoft.NTamd64]..%DisplayName% = Install, root\dtlitescsibus....[Install.NTamd64]..CopyFiles = Drivers_Dir....[Install.NTamd64.HW]..AddReg = Security_Reg....[Security_Reg]..HKR,,DeviceCharacteristics,0x10001,0x0100..HKR,,Security,,"D:P(A;;GA;;;SY)(A;;GA;;;BA)"....[Install.NTamd64.Services]..AddService = dtlitescsibus, 2, Service_Inst....[Service_Inst]..DisplayName = %DisplayName%..Description = %Description%..ServiceType = 1..StartType = 3..ErrorControl = 1..ServiceBinary = %12%\dtlitescsibus.sys..LoadOrderGroup = SCSI Miniport....[Drivers_Dir]..dtlitescsibus.sys....[Strings]

          C:\Windows\System32\catroot2\dberr.txt

          Download File
          Process:C:\Windows\System32\drvinst.exe
          File Type:ASCII text, with CRLF line terminators
          Category:modified
          Size (bytes):74117
          Entropy (8bit):5.390329350548511
          Encrypted:false
          SSDEEP:
          MD5:60F56012CB9B43C4F5A8E55F3C5CE2C9
          SHA1:E0FCF9C5668EB577CDABED320229B286F5F7725B
          SHA-256:DD30FA08C3712736A4C7E19126258D7E0CCF01D52AECEF339ADEAA49DC7497AA
          SHA-512:F9C44F670DAEB2536D055D82EC15A9828EB013781AAB06501205B22FEE629B65E86AED39CD7FCFDC0302AA4C7D3DB49F0AAD142CE44567DEAECE81A14D6ABD25
          Malicious:false
          Reputation:unknown
          Preview:CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #6041 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #6699 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #4398 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #6041 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #6699 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #4398 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #2083 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #2459 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: SyncAllDBs Corruption or Schema Change..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #891 encountered JET error -1409..CatalogDB: 08:57:12 03/10/2023: catdbsvc.cpp at line #1307 encountered JET error -1601..CatalogDB: 08:57:12 03/10/2023: SyncDB:: Sync sta

          C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\bff24d08d319d799a185f4217860a567\System.Data.Entity.ni.dll.aux.tmp

          Download File
          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
          File Type:Matlab v4 mat-file (little endian) X, rows 1880, columns 11, imaginary
          Category:dropped
          Size (bytes):1888
          Entropy (8bit):5.558276985560503
          Encrypted:false
          SSDEEP:
          MD5:8B1AEFC6A6CB434BF74AA79CC000DE5D
          SHA1:E4DE63265D0A007A54E3E167F8DD2B5FC577F8AC
          SHA-256:F829422CC64477300D4F56EA9EB14DA42D21999211611B277C5CDDB7FC39D591
          SHA-512:12A8910210CC9845B36C7E4817CE9C7FF4EFF3AE14ABC461E45D9BF596E69D546F6F542084077ECBB9C1AC934119546746757EF59E4C13CAF00BD0D77056664E
          Malicious:false
          Reputation:unknown
          Preview:....X...............X...System.Data.Entity, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089.......................j.0............=.....................[....tM.....d|....l.......L...mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089...........?W..L].....A.....p.......P...System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089...........L&yI.T.J..a8.......l.......L...System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089............8...hfKSa.R.*..............P...System.Data, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089.............<I~............5........................~..2K..}...0............X...System.Transactions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089...........5(7..................................V.}...@...i...............`...System.Runtime.Serialization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089.........p.{+/.......

          C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\1574-0\System.Data.Entity.dll

          Download File
          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
          File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):14283264
          Entropy (8bit):6.6636210139381005
          Encrypted:false
          SSDEEP:
          MD5:A854750574D36C6AF62E8D033FFCE880
          SHA1:F7CF769CAA669CA1C3C2EDF8E509940FBB24DDCA
          SHA-256:CDB530B0B6915EA8C565B7BE81594C69EDAE73DD824217E2A73D814DCDDF32D1
          SHA-512:B19A6B22B8100F86E35C4199B966717509BA016FAB9A4E64B83DC6C84C8552ECB4EC2F92DA8C58C7B440C266C5BAE7AA18A13D0B459DEB7A8A060C4FD0C9357C
          Malicious:true
          Reputation:unknown
          Preview:MZ......................@.......................................................................................................PE..L....>.]...........!...............................`......................................@...........................................0.L.......................$S.. ...8...........................................................P.0.H............data.....0.......0.................@....text........0......0............. ..`.reloc..$S.......T..................@..B....................................~=.......................................................................................................................................................................................................T.a............$..ade.a0...H................Y.a........D......a........................Hh.a.I.............a..a2....b...............`.a6"..................................h..`.......a..........................................a........V...d..a..a....H...............

          Static File Info

          General

          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
          Entropy (8bit):7.99347655484332
          TrID:
          • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
          • Win32 Executable (generic) a (10002005/4) 49.97%
          • Generic Win/DOS Executable (2004/3) 0.01%
          • DOS Executable Generic (2002/1) 0.01%
          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
          File name:DTLite1200-2126.exe
          File size:49'105'232 bytes
          MD5:418747f6c138cef786bb250b9d8b655d
          SHA1:d497cfc9b09438c152812c92931255865a7bb003
          SHA256:524786246019f9e19f329297eb933d574ebb672eebd7104b4756d2004967f6f0
          SHA512:cbca6db7fb8b3c00123fa0e3419d5d3eb91a9047ada763887499aa87bd82f12a8021737edad0bf5802a28706e6f0c9ea41a820cb24b447c7ebefba5b2a35e561
          SSDEEP:786432:1juBsfdFewgyAGIm+Vgfza4/YRhXMY/x436gSikSuWcGKU5eQc+e+dobO+iFgWvm:VuyZlUPxfA6gnkSuWKCRcnlqdFpvm
          TLSH:74B7225868838944F55AB23AF1EC4C3EBEA72DFE1D70401E5B95B8491EF19C94CF01AB
          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....[I..........."...0..H...........f... ........@.. ............................../.....`................................

          File Icon

          Icon Hash:3633717971311b0e

          Static PE Info

          General

          Entrypoint:0x32b6692
          Entrypoint Section:.text
          Digitally signed:true
          Imagebase:0x400000
          Subsystem:windows gui
          Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
          DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Time Stamp:0xE8495B15 [Mon Jun 29 13:45:57 2093 UTC]
          TLS Callbacks:
          CLR (.Net) Version:v4.0.30319
          OS Version Major:4
          OS Version Minor:0
          File Version Major:4
          File Version Minor:0
          Subsystem Version Major:4
          Subsystem Version Minor:0
          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

          Authenticode Signature

          Signature Valid:true
          Signature Issuer:CN=Sectigo RSA Code Signing CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB
          Signature Validation Error:The operation completed successfully
          Error Number:0
          Not Before, Not After
          • 11/03/2021 01:00:00 11/03/2024 00:59:59
          Subject Chain
          • CN="AVB Disc Soft, SIA", O="AVB Disc Soft, SIA", STREET=Turaidas iela 65A, L=Jrmala, PostalCode=2015, C=LV
          Version:3
          Thumbprint MD5:FC09A45051197ECCFCF5D2993CC03264
          Thumbprint SHA-1:9A8EC24D4552F8EB8902FAB19EAF95DC2A2EA407
          Thumbprint SHA-256:C7D1E635892A16F119C93BCBAAA09B8E01896C265D6C0626AE4F37998232721A
          Serial:73098091AB520B92B7825CB8493B55DC

          Entrypoint Preview

          Instruction
          jmp dword ptr [00402000h]
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al
          add byte ptr [eax], al

          Data Directories

          NameVirtual AddressVirtual Size Is in Section
          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IMPORT0x2eb663f0x4f.text
          IMAGE_DIRECTORY_ENTRY_RESOURCE0x2eb80000x1d42c.rsrc
          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
          IMAGE_DIRECTORY_ENTRY_SECURITY0x2ed22000x2750.rsrc
          IMAGE_DIRECTORY_ENTRY_BASERELOC0x2ed60000xc.reloc
          IMAGE_DIRECTORY_ENTRY_DEBUG0x2eb65940x38.text
          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

          Sections

          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
          .text0x20000x2eb46980x2eb4800d056b630b9dec4025252cedda82fd1dbunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          .rsrc0x2eb80000x1d42c0x1d60038fcdac148e173596feb0112f2a587caFalse0.2369597739361702data4.005229326253368IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
          .reloc0x2ed60000xc0x200e48ef4b45dd88409e982990115b002bbFalse0.044921875data0.12227588125913882IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

          Resources

          NameRVASizeTypeLanguageCountryZLIB Complexity
          RT_ICON0x2eb81c00x3370PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9915704738760632
          RT_ICON0x2ebb5400x10828Device independent bitmap graphic, 128 x 256 x 32, image size 675840.09487755826333846
          RT_ICON0x2ecbd780x4228Device independent bitmap graphic, 64 x 128 x 32, image size 168960.16072272083136513
          RT_ICON0x2ecffb00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 96000.19553941908713693
          RT_ICON0x2ed25680x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 42240.26946529080675424
          RT_ICON0x2ed36200x988Device independent bitmap graphic, 24 x 48 x 32, image size 24000.3909836065573771
          RT_ICON0x2ed3fb80x468Device independent bitmap graphic, 16 x 32 x 32, image size 10880.44680851063829785
          RT_GROUP_ICON0x2ed44300x68data0.7596153846153846
          RT_VERSION0x2ed44a80x3d4data0.413265306122449
          RT_MANIFEST0x2ed488c0xb9cXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.38593539703903096

          Imports

          DLLImport
          mscoree.dll_CorExeMain