Overview

overview

8

Static

static

1

Win10M

windows10_x64

8

Analysis

  • max time kernel
    581s
  • max time network
    571s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    17-04-2021 17:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NS/nipperstudio-2.9.1-win64.exe

  • Size

    136.1MB

  • MD5

    cbf70f826ccdee520631f1d73cec854c

  • SHA1

    d4bca4aa0f8d116d1ccb5b10e5e16856630d5755

  • SHA256

    043659ccabb62e37b7ac1341c34418ea8202ab4b3b663ed4382b319ffde2abd4

  • SHA512

    51304f30b97648439f7f2f3e716d506f50abd752ba9954279a142de4e887823a57c638c09c6d49b810ae185c8df0dcff84931d9d9719a885d9046c2087f2e96e

Score
8/10
discoverymacropersistencexlm

Malware Config

Signatures

  • Blocklisted process makes network request 1 IoCs
  • Executes dropped EXE 13 IoCs
  • Suspicious Office macro 3 IoCs

    Office document equipped with 4.0 macros.

    macroxlm
  • Loads dropped DLL 64 IoCs
  • Modifies file permissions 1 TTPs 4 IoCs
    discovery
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 48 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 32 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 37 IoCs
  • Launches sc.exe

    Sc.exe is a Windows utlilty to control services on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 10 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 30 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 12 IoCs
  • Suspicious use of SendNotifyMessage 8 IoCs
  • Suspicious use of SetWindowsHookEx 49 IoCs
  • Suspicious use of WriteProcessMemory 50 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\NS\nipperstudio-2.9.1-win64.exe
    "C:\Users\Admin\AppData\Local\Temp\NS\nipperstudio-2.9.1-win64.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:804
    • C:\Program Files\NipperStudio\vc2010redist_x86.exe
      "C:\Program Files\NipperStudio\vc2010redist_x86.exe" /q
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:2300
      • \??\c:\fd1930c243832266cf9759ad9ba9\Setup.exe
        c:\fd1930c243832266cf9759ad9ba9\Setup.exe /q
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks processor information in registry
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:3908
    • C:\Program Files\NipperStudio\vc2013redist_x64.exe
      "C:\Program Files\NipperStudio\vc2013redist_x64.exe" /q
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:3180
      • C:\Program Files\NipperStudio\vc2013redist_x64.exe
        "C:\Program Files\NipperStudio\vc2013redist_x64.exe" /q -burn.unelevated BurnPipe.{E01D408F-0D60-4949-94A4-919BBE4209E0} {09E0D8B0-9177-4F0A-9493-02A5F039A810} 3180
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:3184
    • C:\Program Files\NipperStudio\vc2017redist_x86.exe
      "C:\Program Files\NipperStudio\vc2017redist_x86.exe" /q /norestart
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2060
      • C:\Program Files\NipperStudio\vc2017redist_x86.exe
        "C:\Program Files\NipperStudio\vc2017redist_x86.exe" /q /norestart -burn.unelevated BurnPipe.{1640E446-A434-471B-A2E7-51A07365E153} {C35F7838-0A39-44AC-8BF2-CAA88A3AC0F7} 2060
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:1340
    • C:\Program Files\NipperStudio\vc2017redist_x64.exe
      "C:\Program Files\NipperStudio\vc2017redist_x64.exe" /q /norestart
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:3968
      • C:\Program Files\NipperStudio\vc2017redist_x64.exe
        "C:\Program Files\NipperStudio\vc2017redist_x64.exe" /q /norestart -burn.unelevated BurnPipe.{0481ABE9-5296-4026-981F-969191B99A93} {6777DD01-1CD4-4E78-AFEB-0A5A18A3C9FE} 3968
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:3160
    • C:\Program Files\NipperStudio\rm-update-nipper.exe
      "C:\Program Files\NipperStudio\rm-update-nipper.exe" --organization="Titania" --application="Nipper" --update-db="C:\Program Files\NipperStudio/2.9.1/resources/rmdb.xml" --default-db="C:\Program Files\NipperStudio/resources/rmdb.xml" /q
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious use of WriteProcessMemory
      PID:3836
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Hp3836.bat" "
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:4040
        • C:\Windows\system32\icacls.exe
          icacls C:/Program Files/NipperStudio/resources/rmdb.xml /grant "everyone":M
          4⤵
          • Modifies file permissions
          PID:1492
    • C:\Windows\SysWOW64\icacls.exe
      icacls "C:\Program Files\NipperStudio\resources\rmdb.xml" /grant "everyone":M
      2⤵
      • Modifies file permissions
      PID:200
    • C:\Windows\SysWOW64\sc.exe
      sc start nipperd
      2⤵
        PID:2816
    • C:\Windows\system32\msiexec.exe
      C:\Windows\system32\msiexec.exe /V
      1⤵
      • Blocklisted process makes network request
      • Enumerates connected drives
      • Drops file in System32 directory
      • Drops file in Windows directory
      • Modifies data under HKEY_USERS
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2064
    • C:\Windows\system32\vssvc.exe
      C:\Windows\system32\vssvc.exe
      1⤵
        PID:2820
      • \??\c:\windows\system32\svchost.exe
        c:\windows\system32\svchost.exe -k netsvcs -s DsmSvc
        1⤵
        • Checks SCSI registry key(s)
        • Modifies data under HKEY_USERS
        PID:68
      • C:\Windows\system32\srtasks.exe
        C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
        1⤵
          PID:2192
        • C:\Windows\system32\msiexec.exe
          C:\Windows\system32\msiexec.exe /V
          1⤵
          • Enumerates connected drives
          • Drops file in System32 directory
          • Drops file in Windows directory
          • Modifies data under HKEY_USERS
          • Modifies registry class
          • Suspicious behavior: EnumeratesProcesses
          PID:2936
        • C:\Windows\System32\rundll32.exe
          C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
          1⤵
            PID:2444
          • C:\Users\Admin\AppData\Local\Temp\NS\NSkeygen.exe
            "C:\Users\Admin\AppData\Local\Temp\NS\NSkeygen.exe"
            1⤵
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of SetWindowsHookEx
            PID:860
          • C:\Program Files\NipperStudio\nipperstudio.exe
            "C:\Program Files\NipperStudio\nipperstudio.exe"
            1⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Modifies registry class
            • Suspicious behavior: AddClipboardFormatListener
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious behavior: GetForegroundWindowSpam
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SendNotifyMessage
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:3648
            • C:\Windows\system32\cmd.exe
              C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Hp3648.bat" "
              2⤵
              • Suspicious use of WriteProcessMemory
              PID:3140
              • C:\Windows\system32\icacls.exe
                icacls C:/Program Files/NipperStudio/resources/rmdb.xml /grant "everyone":M
                3⤵
                • Modifies file permissions
                PID:2216
            • C:\Program Files\NipperStudio\QtWebEngineProcess.exe
              "C:\Program Files\NipperStudio\QtWebEngineProcess.exe" --type=renderer --disable-accelerated-video-decode --disable-gpu-memory-buffer-video-frames --disable-shared-workers --enable-threaded-compositing --no-sandbox --disable-webrtc-hw-encoding --primordial-pipe-token=FC6FA902F0A57B4B6E9CB68B84F581BF --lang=en-US --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --disable-gpu-compositing --service-request-channel-token=FC6FA902F0A57B4B6E9CB68B84F581BF --renderer-client-id=2 --mojo-platform-channel-handle=3952 /prefetch:1
              2⤵
              • Executes dropped EXE
              • Suspicious behavior: EnumeratesProcesses
              PID:4072
          • C:\Windows\system32\OpenWith.exe
            C:\Windows\system32\OpenWith.exe -Embedding
            1⤵
            • Suspicious behavior: GetForegroundWindowSpam
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2580
            • C:\Windows\system32\NOTEPAD.EXE
              "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\activation-request.nlr
              2⤵
                PID:1308
            • C:\Program Files\NipperStudio\nipperstudio.exe
              "C:\Program Files\NipperStudio\nipperstudio.exe"
              1⤵
              • Executes dropped EXE
              • Suspicious behavior: AddClipboardFormatListener
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of FindShellTrayWindow
              • Suspicious use of SendNotifyMessage
              • Suspicious use of SetWindowsHookEx
              • Suspicious use of WriteProcessMemory
              PID:704
              • C:\Windows\system32\cmd.exe
                C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qHp704.bat" "
                2⤵
                • Suspicious use of WriteProcessMemory
                PID:3144
                • C:\Windows\system32\icacls.exe
                  icacls C:/Program Files/NipperStudio/resources/rmdb.xml /grant "everyone":M
                  3⤵
                  • Modifies file permissions
                  PID:1088
              • C:\Program Files\NipperStudio\QtWebEngineProcess.exe
                "C:\Program Files\NipperStudio\QtWebEngineProcess.exe" --type=renderer --disable-accelerated-video-decode --disable-gpu-memory-buffer-video-frames --disable-shared-workers --enable-threaded-compositing --no-sandbox --disable-webrtc-hw-encoding --primordial-pipe-token=F984D71E6727813281B7467B615D2315 --lang=en-US --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --disable-gpu-compositing --service-request-channel-token=F984D71E6727813281B7467B615D2315 --renderer-client-id=2 --mojo-platform-channel-handle=2600 /prefetch:1
                2⤵
                • Executes dropped EXE
                • Suspicious behavior: EnumeratesProcesses
                PID:2000

            Network

            MITRE ATT&CK Enterprise v6

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Program Files\NipperStudio\Qt5Core.dll
              MD5

              ff43b6a4dbf7fecc9d32eb4dfdd42215

              SHA1

              deaad82b91053f5b52f6ce705da4c298971af73f

              SHA256

              37ca27b0220ed0552e729c0f696b1fc3c8f8814b9e6058994fd47c5675d6a673

              SHA512

              c735986ed9432295500b5b5e1fddfa715938ae515c787e3df7c5211333305507048999b54f46b274c8dec1c4cbd1e082589ab528084fafa3249cb2ddb42e805d

              Download Submit
            • C:\Program Files\NipperStudio\Qt5Network.dll
              MD5

              9baa9f1cb975feff2d728886fc183680

              SHA1

              13080536a05a8b2a869b2ae8a7ce7536c7c8e1e7

              SHA256

              a70f61d11ffec1312cd8e13523ff5746d876e3daf306a2125c6cc08a67235cae

              SHA512

              e7d5e560cc45281fd21466137e2c1d12c43fa84d3db0d8c55cc73e82fef7f1a03e953019b9868063bb8717ff4d6b84ccc6ac016696634ce5d1cd1a4a1edb31cf

              Download Submit
            • C:\Program Files\NipperStudio\Qt5Xml.dll
              MD5

              a93b0e57774a62e7c25ab75f71ea6336

              SHA1

              0367e6c5add1dc61182abe4f9a0a59d26d524969

              SHA256

              3583bf1371538718a9a268e1cbc84322a473c80bdcc4c0b05120c146f1e36088

              SHA512

              d46b7e61b7bbd4303a4cd3f3e0273e599f4e302ab12eab1c5254c228612599661f30ff23279fb72cb850cef9d6c4bd56fcfe706b4b5e29e11b590bcb00e56be5

              Download Submit
            • C:\Program Files\NipperStudio\libtitania.dll
              MD5

              8a48536dc53159139703851e35814744

              SHA1

              443f533b92c33e5236ea7193e1061aa98dcc089c

              SHA256

              5c720214e009ae40dbc3d074fea1d6ee304acdbdbc2694cf16e1a2457f12acda

              SHA512

              0dc1ce729a1a2fcb8760cda6a343d4c7ee7b464f9197d2fe99e89f25c7d9fca93aad27e62cace25a85c8ede0aef4a0644b45ed723f4363891656774d57b03e6f

              Download Submit
            • C:\Program Files\NipperStudio\rm-update-nipper.exe
              MD5

              40e4ba5a127ed8a217fd4a2adafdbc3c

              SHA1

              19ea39244c83294c07f69a8b10e4339b0132f451

              SHA256

              547004c170e4ba56c55bd652de45935521164c97895edd9fcdd703d4f463f63c

              SHA512

              d6f32229d88a55ace7e8258bb3116c70e23b3a7314eefb3abf77ecdbe3aa901fe969eb4abd04f9c13c4c8e009352d3946adfe02af5f2bab14f693f96e34e727c

              Download Submit
            • C:\Program Files\NipperStudio\rm-update-nipper.exe
              MD5

              40e4ba5a127ed8a217fd4a2adafdbc3c

              SHA1

              19ea39244c83294c07f69a8b10e4339b0132f451

              SHA256

              547004c170e4ba56c55bd652de45935521164c97895edd9fcdd703d4f463f63c

              SHA512

              d6f32229d88a55ace7e8258bb3116c70e23b3a7314eefb3abf77ecdbe3aa901fe969eb4abd04f9c13c4c8e009352d3946adfe02af5f2bab14f693f96e34e727c

              Download Submit
            • C:\Program Files\NipperStudio\vc2010redist_x86.exe
              MD5

              b88228d5fef4b6dc019d69d4471f23ec

              SHA1

              372d9c1670343d3fb252209ba210d4dc4d67d358

              SHA256

              8162b2d665ca52884507ede19549e99939ce4ea4a638c537fa653539819138c8

              SHA512

              cdd218d211a687dde519719553748f3fb36d4ac618670986a6dadb4c45b34a9c6262ba7bab243a242f91d867b041721f22330170a74d4d0b2c354aec999dbff8

              Download Submit
            • C:\Program Files\NipperStudio\vc2010redist_x86.exe
              MD5

              b88228d5fef4b6dc019d69d4471f23ec

              SHA1

              372d9c1670343d3fb252209ba210d4dc4d67d358

              SHA256

              8162b2d665ca52884507ede19549e99939ce4ea4a638c537fa653539819138c8

              SHA512

              cdd218d211a687dde519719553748f3fb36d4ac618670986a6dadb4c45b34a9c6262ba7bab243a242f91d867b041721f22330170a74d4d0b2c354aec999dbff8

              Download Submit
            • C:\Program Files\NipperStudio\vc2013redist_x64.exe
              MD5

              96b61b8e069832e6b809f24ea74567ba

              SHA1

              8bf41ba9eef02d30635a10433817dbb6886da5a2

              SHA256

              e554425243e3e8ca1cd5fe550db41e6fa58a007c74fad400274b128452f38fb8

              SHA512

              3a55dce14bbd455808bd939a5008b67c9c7111cab61b1339528308022e587726954f8c55a597c6974dc543964bdb6532fe433556fbeeaf9f8cb4d95f2bbffc12

              Download Submit
            • C:\Program Files\NipperStudio\vc2013redist_x64.exe
              MD5

              96b61b8e069832e6b809f24ea74567ba

              SHA1

              8bf41ba9eef02d30635a10433817dbb6886da5a2

              SHA256

              e554425243e3e8ca1cd5fe550db41e6fa58a007c74fad400274b128452f38fb8

              SHA512

              3a55dce14bbd455808bd939a5008b67c9c7111cab61b1339528308022e587726954f8c55a597c6974dc543964bdb6532fe433556fbeeaf9f8cb4d95f2bbffc12

              Download Submit
            • C:\Program Files\NipperStudio\vc2013redist_x64.exe
              MD5

              96b61b8e069832e6b809f24ea74567ba

              SHA1

              8bf41ba9eef02d30635a10433817dbb6886da5a2

              SHA256

              e554425243e3e8ca1cd5fe550db41e6fa58a007c74fad400274b128452f38fb8

              SHA512

              3a55dce14bbd455808bd939a5008b67c9c7111cab61b1339528308022e587726954f8c55a597c6974dc543964bdb6532fe433556fbeeaf9f8cb4d95f2bbffc12

              Download Submit
            • C:\Program Files\NipperStudio\vc2017redist_x64.exe
              MD5

              6b83b62d7fd5354074bdffc2dd7dd6c2

              SHA1

              007064d974a55940838f19cd0b0e3aaf27ca06a7

              SHA256

              b7aa971227e2d68a82186c2c55bdca3ba5293f01528fda98925cdc0d6516062a

              SHA512

              4a188d78211c43c02c37053f2509a0e269a4d97d92f13f41cc90f0a25557a149874bbab55cc86554d01e269fb65460c2ad1df4164f41f565ce9ed77d4c310796

              Download Submit
            • C:\Program Files\NipperStudio\vc2017redist_x64.exe
              MD5

              6b83b62d7fd5354074bdffc2dd7dd6c2

              SHA1

              007064d974a55940838f19cd0b0e3aaf27ca06a7

              SHA256

              b7aa971227e2d68a82186c2c55bdca3ba5293f01528fda98925cdc0d6516062a

              SHA512

              4a188d78211c43c02c37053f2509a0e269a4d97d92f13f41cc90f0a25557a149874bbab55cc86554d01e269fb65460c2ad1df4164f41f565ce9ed77d4c310796

              Download Submit
            • C:\Program Files\NipperStudio\vc2017redist_x64.exe
              MD5

              6b83b62d7fd5354074bdffc2dd7dd6c2

              SHA1

              007064d974a55940838f19cd0b0e3aaf27ca06a7

              SHA256

              b7aa971227e2d68a82186c2c55bdca3ba5293f01528fda98925cdc0d6516062a

              SHA512

              4a188d78211c43c02c37053f2509a0e269a4d97d92f13f41cc90f0a25557a149874bbab55cc86554d01e269fb65460c2ad1df4164f41f565ce9ed77d4c310796

              Download Submit
            • C:\Program Files\NipperStudio\vc2017redist_x86.exe
              MD5

              4c34a474900344483aab8c0db7ed884f

              SHA1

              ba1f7e7cace62f7c55ab948cd3b29acc4e8e2329

              SHA256

              4eedd7d12c83165620653a892066ad0eb53e021a0665ac54c6a8f438f73a660b

              SHA512

              383160a5a7bfd1a9e05081245752eceadf662f504b24cac037834a2241ba374d39e20b5ec57e15e940c731b886c2e1beb46a076993f13a9d941f47a58299f3e8

              Download Submit
            • C:\Program Files\NipperStudio\vc2017redist_x86.exe
              MD5

              4c34a474900344483aab8c0db7ed884f

              SHA1

              ba1f7e7cace62f7c55ab948cd3b29acc4e8e2329

              SHA256

              4eedd7d12c83165620653a892066ad0eb53e021a0665ac54c6a8f438f73a660b

              SHA512

              383160a5a7bfd1a9e05081245752eceadf662f504b24cac037834a2241ba374d39e20b5ec57e15e940c731b886c2e1beb46a076993f13a9d941f47a58299f3e8

              Download Submit
            • C:\Program Files\NipperStudio\vc2017redist_x86.exe
              MD5

              4c34a474900344483aab8c0db7ed884f

              SHA1

              ba1f7e7cace62f7c55ab948cd3b29acc4e8e2329

              SHA256

              4eedd7d12c83165620653a892066ad0eb53e021a0665ac54c6a8f438f73a660b

              SHA512

              383160a5a7bfd1a9e05081245752eceadf662f504b24cac037834a2241ba374d39e20b5ec57e15e940c731b886c2e1beb46a076993f13a9d941f47a58299f3e8

              Download Submit
            • C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\state.rsm
              MD5

              ca735178c1bb5170dc51f7936e8e8b7b

              SHA1

              1b2795b12ee31dd9e3846efd3fb2987eb5f7cc25

              SHA256

              11cea7d46ad7a9f8c59f6566c329fc0652f9eec4866cd72a3e15e607309ef8e0

              SHA512

              d4c2594e995ed38229e732026c0f0930bc43d8e2c0f678683545632f0b078c28008c33be090a7fa4e378ca1edad0e887566dcfae9eee9c78a5ab61f66010a147

              Download Submit
            • C:\ProgramData\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe
              MD5

              e16e6d68ce1949c9721656390f47ce07

              SHA1

              9009cca5dc05e22f4cf0d8529a473f19b363103b

              SHA256

              18e6d3d96fcd39ba069c0e6ebc108881ec5bb07e29a24b0177688ce391dac526

              SHA512

              63a179e4db0cb7954ddc9aee9e3c7aecae9e160154243b248b94647eb8defafb7041ee291f6f880dc3ca7f298dd548e4b3cf0b650e9a7e34f34d2d2f0dd36127

              Download Submit
            • C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_20210417_191358742-MSI_vc_red.msi.txt
              MD5

              ff17b95d2eacdd3a894fbfe5cdcf8dfb

              SHA1

              992ff89ff0a21f48a404372e7900a20aa6e9ac53

              SHA256

              2276d6dbd1a2397bc500368565e455f697414c1c8df0634ba3a5ccb200d04dd2

              SHA512

              b22e46c6a7f41afc63b3a36b6fdb820fe07cfeb083bf259fe2a7e95058d6e3821413091b2cc94a9fffb8b4e1808d8d7a3734583f87adfdeb9ef237e39850cc47

              Download Submit
            • C:\Users\Admin\AppData\Local\Temp\dd_vcredist_x86_20210417191424_000_vcRuntimeMinimum_x86.log
              MD5

              c8aecad622ba3d2e8aff64c82eaa30f1

              SHA1

              d9c5c3766f64819bbd584ae74c70fce4880c913d

              SHA256

              a04608d5ba931f72ed727b5791aef5d00034317fe9edc2bc99cc5ceb3757817c

              SHA512

              b2a3289cbcdf556d851d08e1c62474525d4a03c3f09d2140adba04902d0ddbceee0dece84db569f9411568797e88d7c0bb5df120f95723136349585fd33b6255

              Download Submit
            • C:\Users\Admin\AppData\Local\Temp\dd_vcredist_x86_20210417191424_001_vcRuntimeAdditional_x86.log
              MD5

              e546f6022f1087d8b101acf930ac193b

              SHA1

              638d1d79419bed88f62f24b01657e810d5e30c41

              SHA256

              879f2e7c3ad805c986fc35a32af9cf58dab1164a12709c38666a844c4aba3b43

              SHA512

              7624e98de3f541488704307912dd93c9e3767b5f863c37f13c10c52545f44fa8160507744fbf843615d8396aee7d2680a4c4e539a4624bd38139983155219d16

              Download Submit
            • C:\Users\Admin\AppData\Local\Temp\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\.be\vcredist_x64.exe
              MD5

              e16e6d68ce1949c9721656390f47ce07

              SHA1

              9009cca5dc05e22f4cf0d8529a473f19b363103b

              SHA256

              18e6d3d96fcd39ba069c0e6ebc108881ec5bb07e29a24b0177688ce391dac526

              SHA512

              63a179e4db0cb7954ddc9aee9e3c7aecae9e160154243b248b94647eb8defafb7041ee291f6f880dc3ca7f298dd548e4b3cf0b650e9a7e34f34d2d2f0dd36127

              Download Submit
            • C:\Users\Admin\AppData\Local\Temp\{c239cea1-d49e-4e16-8e87-8c055765f7ec}\.be\VC_redist.x86.exe
              MD5

              80c132947ca8c65408509a2a53dc0474

              SHA1

              92ca544a39274f4ab2248856bf0da523ac5e1913

              SHA256

              be2d9b00798b5cae43cb31df29223de5c3fe1d2bc9249a5af38d0a00a97123a8

              SHA512

              7150f2cb36bc1457d3a526a8c6b7a606689ba34de1e913d87915daa24806855e3cbb00ac75116913ed16443b5143c6146b4e961cedfac2478cd7da8ec2ae3d97

              Download Submit
            • C:\Users\Admin\AppData\Local\Temp\{c239cea1-d49e-4e16-8e87-8c055765f7ec}\cab54A5CABBE7274D8A22EB58060AAB7623
              MD5

              dbe99ce19fd1d96e61855978550b052e

              SHA1

              cacd4d2a1990d28817cf864f892c03c2bef5c0c2

              SHA256

              d2fe9491aa5a63d839245fd34b101580d436c7d678c1b12ca9e40ac726f4c84b

              SHA512

              6586279ebe12d3c630d8fe5d048650f03b7920ccdbdbec96608b1574a19dc2d157618c983d03c4b289760c6925c75c6af42da5c7b06820167daaee249a136105

              Download Submit
            • C:\Users\Admin\AppData\Local\Temp\{c239cea1-d49e-4e16-8e87-8c055765f7ec}\cabB3E1576D1FEFBB979E13B1A5379E0B16
              MD5

              905d8b9b3bdded6591ce0d077fe361fd

              SHA1

              c088122ecc2ea64deefba294dd7fe4c735ea06a0

              SHA256

              f4c70d6263722c79aca5bcedf7fbb7aabb5cbbfdae6f06056fdda00f50b9a9dd

              SHA512

              19c139e7a03b908eabbe3c6de252423ad547ed191b67dd4105184569d8ca2bc9cf89e10def0b911d2e35431b6a0a0f1633da4e8131e78a3d856957f5a97fad9d

              Download Submit
            • C:\Users\Admin\AppData\Local\Temp\{c239cea1-d49e-4e16-8e87-8c055765f7ec}\vcRuntimeAdditional_x86
              MD5

              65b4359a0b67244fa4fb781da3f7b0e9

              SHA1

              afc2875b0f4929a972a297b13c4486665cef962c

              SHA256

              d85e9cc5888fb87775d04393e53d4e9f5134f544f809d8e9306547e7eca9bc47

              SHA512

              2e7d168f7f73ef7e67912ee2fbf8c7a383c531a5f453bb407e51bd87d4e981e68f9984746403cf0268cdeb7e5a69a14f5792aedb2c93c807c5850bf15e1f25fe

              Download Submit
            • C:\Users\Admin\AppData\Local\Temp\{c239cea1-d49e-4e16-8e87-8c055765f7ec}\vcRuntimeMinimum_x86
              MD5

              222277b9db9011d0253f618c21a35738

              SHA1

              f3e6399829bfbde282e683309178a1f788cb8d74

              SHA256

              216517f2b80a6e4b5cbc663dd3995f64db16dee3f0599cc99d38ffb6cb33ad0a

              SHA512

              ec6c393049c0ff5cf1e980174cbcd0bc14d1dbc0395ab32c2638004b32b23e56dac8f7ed035e30172c36568427a756030a883e406c62b7797b2a52ba25e01765

              Download Submit
            • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
              MD5

              e55a6c3142ca87afb7414d8012af6e83

              SHA1

              456118b54bfa36d1016bc9b2c1372fb2b6241cdf

              SHA256

              6c534e47e322e87d913cb501d9ae3ece79319b4b988b98ee6e0a9841039e5081

              SHA512

              983c809269c1f4f4b81e505fa9b28099feca1d355d457cee07f0ba7b26a3dcc53f2b59cce3ae11dd0e74ec087c1d82bbe44280a7616c6e8f2a7ea6041168c6af

              Download Submit
            • C:\fd1930c243832266cf9759ad9ba9\Setup.exe
              MD5

              006f8a615020a4a17f5e63801485df46

              SHA1

              78c82a80ebf9c8bf0c996dd8bc26087679f77fea

              SHA256

              d273460aa4d42f0b5764383e2ab852ab9af6fecb3ed866f1783869f2f155d8be

              SHA512

              c603ed6f3611eb7049a43a190ed223445a9f7bd5651100a825917198b50c70011e950fa968d3019439afa0a416752517b1c181ee9445e02da3904f4e4b73ce76

              Download Submit
            • \??\c:\fd1930c243832266cf9759ad9ba9\1028\LocalizedData.xml
              MD5

              7fc06a77d9aafca9fb19fafa0f919100

              SHA1

              e565740e7d582cd73f8d3b12de2f4579ff18bb41

              SHA256

              a27f809211ea1a2d5224cd01101aa3a59bf7853168e45de28a16ef7ed6acd46a

              SHA512

              466dcc6a5fb015be1619f5725fa62ca46eb0fb428e11f93fd9d82e5df61c3950b3fb62d4db7746cc4a2be199e5e69eaa30b6f3354e0017cfa14d127fad52f8cf

              Download Submit
            • \??\c:\fd1930c243832266cf9759ad9ba9\1031\LocalizedData.xml
              MD5

              b83c3803712e61811c438f6e98790369

              SHA1

              61a0bc59388786ced045acd82621bee8578cae5a

              SHA256

              2aa6e8d402e44d9ee895b18195f46bf90259de1b6f44efd46a7075b110f2dcd6

              SHA512

              e020f93e3a082476087e690ad051f1feb210e0915924bb4548cc9f53a7ee2760211890eb6036ce9e5e4a311abc0300e89e25efbbb894c2a621ffbc9d64cc8a38

              Download Submit
            • \??\c:\fd1930c243832266cf9759ad9ba9\1033\LocalizedData.xml
              MD5

              d642e322d1e8b739510ca540f8e779f9

              SHA1

              36279c76d9f34c09ebddc84fd33fcc7d4b9a896c

              SHA256

              5d90345ff74e177f6da8fb6459c1cfcac080e698215ca75feb130d0d1f2a76b9

              SHA512

              e1e16ae14bc7cc1608e1a08d3c92b6d0518b5fabd27f2c0eb514c87afc3d6192bf7a793a583afc65f1899f03dc419263b29174456e1ec9ab0f0110e0258e0f0d

              Download Submit
            • \??\c:\fd1930c243832266cf9759ad9ba9\1036\LocalizedData.xml
              MD5

              e382abc19294f779d2833287242e7bc6

              SHA1

              1ceae32d6b24a3832f9244f5791382865b668a72

              SHA256

              43f913ff28d677316f560a0f45221f35f27cfaf5fc5bd645974a82dca589edbf

              SHA512

              06054c8048cade36a3af54f9a07fd8fa5eb4f3228790996d2abea7ee1ee7eb563d46bd54ff97441f9610e778194082c44e66c5f566c9c50a042aba9eb9cae25e

              Download Submit
            • \??\c:\fd1930c243832266cf9759ad9ba9\1040\LocalizedData.xml
              MD5

              0af948fe4142e34092f9dd47a4b8c275

              SHA1

              b3d6dd5c126280398d9055f90e2c2c26dbae4eaa

              SHA256

              c4c7c0ddaa6d6a3a1dc260e9c5a24bdfaa98c427c69e8a65427dd7cac0a4b248

              SHA512

              d97b5fe2553ca78a3019d53e33d2db80c9fa1cf1d8d2501d9ddf0576c7e6ea38dab754fe4712123abf34b97e10b18fb4bbd1c76d3dacb87b4682e501f93423d9

              Download Submit
            • \??\c:\fd1930c243832266cf9759ad9ba9\1041\LocalizedData.xml
              MD5

              7fcfbc308b0c42dcbd8365ba62bada05

              SHA1

              18a0f0e89b36818c94de0ad795cc593d0e3e29a9

              SHA256

              01e7d24dd8e00b5c333e96d1bb83813e02e96f89aad0c2f28f84551d28abbbe2

              SHA512

              cd6f912a037e86d9e1982c73f0f8b3c4d5a9a6b5b108a7b89a46e6691e430a7cb55718de9a0c05650bb194c8d4a2e309ad6221d638cfca8e16aa5920881ba649

              Download Submit
            • \??\c:\fd1930c243832266cf9759ad9ba9\1042\LocalizedData.xml
              MD5

              71dfd70ae141f1d5c1366cb661b354b2

              SHA1

              c4b22590e6f6dd5d39e5158b831ae217ce17a776

              SHA256

              cccda55294aeb4af166a8c0449bca2189ddf5aa9a43d5e939dd3803e61738331

              SHA512

              5000d62f3de41c3fb0ed8a8e9c37dbf4eb427c4f1e3ad3823d4716c6fe62250bac11b7987a302b8a45d91aabcf332457f7aff7d99f15edeffe540639e9440e8a

              Download Submit
            • \??\c:\fd1930c243832266cf9759ad9ba9\1049\LocalizedData.xml
              MD5

              0eeb554d0b9f9fcdb22401e2532e9cd0

              SHA1

              08799520b72a1ef92ac5b94a33509d1eddf6caf8

              SHA256

              beef0631c17a4fb1ff0b625c50c6cb6c8ce90a1ae62c5e60e14bf3d915ad509c

              SHA512

              2180e46a5a2ea1f59c879b729806ca02a232c66660f29c338c1fa7fbee2afa4b13d8777d1f7b63cf831eb42f3e55282d70aa8e53f40616b8a6e4d695c36e313d

              Download Submit
            • \??\c:\fd1930c243832266cf9759ad9ba9\2052\LocalizedData.xml
              MD5

              52b1dc12ce4153aa759fb3bbe04d01fc

              SHA1

              bf21f8591c473d1fce68a9faf1e5942f486f6eba

              SHA256

              d1735c8cfd8e10ba019d70818c19fa865e7c72f30ab6421a3748408f85fb96c3

              SHA512

              418903ae9a7baebf73d055e4774ff1917fbaab9ee7ed8c120c34bb10e7303f6dd7b7dae701596d4626387a30ae1b4d329a9af49b8718b360e2ff619c56c19623

              Download Submit
            • \??\c:\fd1930c243832266cf9759ad9ba9\3082\LocalizedData.xml
              MD5

              5397a12d466d55d566b4209e0e4f92d3

              SHA1

              fcffd8961fb487995543fc173521fdf5df6e243b

              SHA256

              f124d318138ff084b6484deb354cca0f72296e1341bf01169792b3e060c89e89

              SHA512

              7708f5a2ad3e4c90c4c216600435af87a1557f60caf880a3dd9b5f482e17399af9f0b9de03ff1dbdd210583e0fec5b466e35794ac24d6d37f9bbc094e52fc77b

              Download Submit
            • \??\c:\fd1930c243832266cf9759ad9ba9\DHTMLHeader.html
              MD5

              cd131d41791a543cc6f6ed1ea5bd257c

              SHA1

              f42a2708a0b42a13530d26515274d1fcdbfe8490

              SHA256

              e139af8858fe90127095ac1c4685bcd849437ef0df7c416033554703f5d864bb

              SHA512

              a6ee9af8f8c2c7acd58dd3c42b8d70c55202b382ffc5a93772af7bf7d7740c1162bb6d38a4307b1802294a18eb52032d410e128072af7d4f9d54f415be020c9a

              Download Submit
            • \??\c:\fd1930c243832266cf9759ad9ba9\ParameterInfo.xml
              MD5

              66590f13f4c9ba563a9180bdf25a5b80

              SHA1

              d6d9146faeec7824b8a09dd6978e5921cc151906

              SHA256

              bf787b8c697ce418f9d4c07260f56d1145ca70db1cc4b1321d37840837621e8f

              SHA512

              aba67c66c2f3d9b3c9d71d64511895f15f696be8be0eedd2d6908e1203c4b0cf318b366f9f3cd9c3b3b8c0770462f83e6eea73e304c43f88d0cbedf69e7c92b3

              Download Submit
            • \??\c:\fd1930c243832266cf9759ad9ba9\Setup.exe
              MD5

              006f8a615020a4a17f5e63801485df46

              SHA1

              78c82a80ebf9c8bf0c996dd8bc26087679f77fea

              SHA256

              d273460aa4d42f0b5764383e2ab852ab9af6fecb3ed866f1783869f2f155d8be

              SHA512

              c603ed6f3611eb7049a43a190ed223445a9f7bd5651100a825917198b50c70011e950fa968d3019439afa0a416752517b1c181ee9445e02da3904f4e4b73ce76

              Download Submit
            • \??\c:\fd1930c243832266cf9759ad9ba9\SetupEngine.dll
              MD5

              84c1daf5f30ff99895ecab3a55354bcf

              SHA1

              7e25ba36bcc7deed89f3c9568016ddb3156c9c5a

              SHA256

              7a0d281fa802d615ea1207bd2e9ebb98f3b74f9833bba3cb964ba7c7e0fb67fd

              SHA512

              e4fb7e4d39f094463fdcdc4895ab2ea500eb51a32b6909cec80a526bbf34d5c0eb98f47ee256c0f0865bf3169374937f047bf5c4d6762779c8ca3332b4103be3

              Download Submit
            • \??\c:\fd1930c243832266cf9759ad9ba9\UiInfo.xml
              MD5

              812f8d2e53f076366fa3a214bb4cf558

              SHA1

              35ae734cfb99bb139906b5f4e8efbf950762f6f0

              SHA256

              0d36a884a8381778bea71f5f9f0fc60cacadebd3f814679cb13414b8e7dbc283

              SHA512

              1dcc3ef8c390ca49fbcd50c02accd8cc5700db3594428e2129f79feb81e4cbbeef1b4a10628b2cd66edf31a69ed39ca2f4e252ad8aa13d2f793fca5b9a1eaf23

              Download Submit
            • \??\c:\fd1930c243832266cf9759ad9ba9\sqmapi.dll
              MD5

              3f0363b40376047eff6a9b97d633b750

              SHA1

              4eaf6650eca5ce931ee771181b04263c536a948b

              SHA256

              bd6395a58f55a8b1f4063e813ce7438f695b9b086bb965d8ac44e7a97d35a93c

              SHA512

              537be86e2f171e0b2b9f462ac7f62c4342beb5d00b68451228f28677d26a525014758672466ad15ed1fd073be38142dae478df67718908eae9e6266359e1f9e8

              Download Submit
            • \??\c:\fd1930c243832266cf9759ad9ba9\vc_red.cab
              MD5

              6c59fecf51931fb4540e571ae0310098

              SHA1

              db5b0e9f7d20d2b1ccd61320ecca7a60e118619b

              SHA256

              08e4d5bad48c0203fdf02fdc28794f820dfb1d4480bdcac562e7bc6e15ffaad3

              SHA512

              d9cc7c6ef54105c981aacaafde890019af766b53417e765fa7636c3b8a4400ce6f987ccef1a54b4521412a8e45c011476c065cebc892688aeed1b027e3e761ba

              Download Submit
            • \??\c:\fd1930c243832266cf9759ad9ba9\vc_red.msi
              MD5

              cd2b99bb86ba6a499110c72b78b9324e

              SHA1

              7a288418b36e681093b33dc169e4d27c2ee33edd

              SHA256

              41f6b61e0c070c86e32d8777629dfc8e860848865fefa0ba7d69e9fef0a3b174

              SHA512

              17174b8f0186f05be1e20215aafd64797ec4f831a0d3e0e97ade3f0a25cb6f78d1d8bf568dfea1b2de2add3a9d64aaa5b4319f7927301d5d73bbab1b0eaae3d5

              Download Submit
            • \Program Files\NipperStudio\Qt5Core.dll
              MD5

              ff43b6a4dbf7fecc9d32eb4dfdd42215

              SHA1

              deaad82b91053f5b52f6ce705da4c298971af73f

              SHA256

              37ca27b0220ed0552e729c0f696b1fc3c8f8814b9e6058994fd47c5675d6a673

              SHA512

              c735986ed9432295500b5b5e1fddfa715938ae515c787e3df7c5211333305507048999b54f46b274c8dec1c4cbd1e082589ab528084fafa3249cb2ddb42e805d

              Download Submit
            • \Program Files\NipperStudio\Qt5Network.dll
              MD5

              9baa9f1cb975feff2d728886fc183680

              SHA1

              13080536a05a8b2a869b2ae8a7ce7536c7c8e1e7

              SHA256

              a70f61d11ffec1312cd8e13523ff5746d876e3daf306a2125c6cc08a67235cae

              SHA512

              e7d5e560cc45281fd21466137e2c1d12c43fa84d3db0d8c55cc73e82fef7f1a03e953019b9868063bb8717ff4d6b84ccc6ac016696634ce5d1cd1a4a1edb31cf

              Download Submit
            • \Program Files\NipperStudio\libtitania.dll
              MD5

              8a48536dc53159139703851e35814744

              SHA1

              443f533b92c33e5236ea7193e1061aa98dcc089c

              SHA256

              5c720214e009ae40dbc3d074fea1d6ee304acdbdbc2694cf16e1a2457f12acda

              SHA512

              0dc1ce729a1a2fcb8760cda6a343d4c7ee7b464f9197d2fe99e89f25c7d9fca93aad27e62cace25a85c8ede0aef4a0644b45ed723f4363891656774d57b03e6f

              Download Submit
            • \Users\Admin\AppData\Local\Temp\nsy9AB0.tmp\InstallOptions.dll
              MD5

              5f35212d7e90ee622b10be39b09bd270

              SHA1

              c4bc9593902adf6daaef37e456dc6100d50d0925

              SHA256

              31944b93e44301974d9c6f810d2da792e34a53dcacd619a08cb0385ac59e513d

              SHA512

              7514810367f56d994c6d5703b56ac16124fab5dfdcfbe337d4413274c1ff9037a2ee623e49ab2fb6227412ab29fcc49a3ada1391910d44c2b5de0adeb3e7c2f0

              Download Submit
            • \Users\Admin\AppData\Local\Temp\nsy9AB0.tmp\StartMenu.dll
              MD5

              26836307758e048d1ce0afe754d6a972

              SHA1

              23a8f45cf5e2ad78add3c4dd3b3cf15fffced2cc

              SHA256

              a6919f5f3b53a9c8c015413babe7a9872491a2583e49bb3c261e60785c3c3534

              SHA512

              aaf7cfbb9c6951b65bd377db401617812f1d47960a01ae99164183c642fbd8f1ce08720bc92d26b642da5433b80720dfcd96280a162decf678139966be132746

              Download Submit
            • \Users\Admin\AppData\Local\Temp\nsy9AB0.tmp\UserInfo.dll
              MD5

              acbda33dd5700c122e2fe48e3d4351fd

              SHA1

              2c154baf7c64052ee712b7cdf9c36b7697dd3fc8

              SHA256

              943b33829f9013e4d361482a5c8981ba20a7155c78691dbe02a8f8cd2a02efa0

              SHA512

              d090adf65a74ac5b910b18bb67e989714335e7b4778cd771cff154d7186351a1bebbc7103cca849bdfa2709c991947ffff6c1d8fdf16a74f4dfb614bce3ff6fd

              Download Submit
            • \Users\Admin\AppData\Local\Temp\nsy9AB0.tmp\UserInfo.dll
              MD5

              acbda33dd5700c122e2fe48e3d4351fd

              SHA1

              2c154baf7c64052ee712b7cdf9c36b7697dd3fc8

              SHA256

              943b33829f9013e4d361482a5c8981ba20a7155c78691dbe02a8f8cd2a02efa0

              SHA512

              d090adf65a74ac5b910b18bb67e989714335e7b4778cd771cff154d7186351a1bebbc7103cca849bdfa2709c991947ffff6c1d8fdf16a74f4dfb614bce3ff6fd

              Download Submit
            • \Users\Admin\AppData\Local\Temp\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\.ba1\wixstdba.dll
              MD5

              a52e5220efb60813b31a82d101a97dcb

              SHA1

              56e16e4df0944cb07e73a01301886644f062d79b

              SHA256

              e7c8e7edd9112137895820e789baaaeca41626b01fb99fede82968ddb66d02cf

              SHA512

              d6565ba18b5b9795d6bde3ef94d8f7cd77bf8bb69ba3fe7adefb80fc7c5d888cdfdc79238d86a0839846aea4a1e51fc0caed3d62f7054885e8b15fad9f6c654e

              Download Submit
            • \Users\Admin\AppData\Local\Temp\{c239cea1-d49e-4e16-8e87-8c055765f7ec}\.ba1\wixstdba.dll
              MD5

              a973cfa4951d519e032f42dc98a198b0

              SHA1

              2ba0f1e1570bc2d84f9824d58e77b9192ea5dd94

              SHA256

              25ee85c14c9be619b4f0bf783963ace1dc0af0e802014728c2a2ca8da213d31d

              SHA512

              b4a8c4f08a51bdd9ce7708fe8e2477182a52f1d853954eb5af0430c2df99839b6076a7d93b00391a73d446a6ad9da3ed77ef79c8b23353d32c72fc540415b8ef

              Download Submit
            • \Users\Admin\AppData\Local\Temp\{f1e7e313-06df-4c56-96a9-99fdfd149c51}\.ba1\wixstdba.dll
              MD5

              a973cfa4951d519e032f42dc98a198b0

              SHA1

              2ba0f1e1570bc2d84f9824d58e77b9192ea5dd94

              SHA256

              25ee85c14c9be619b4f0bf783963ace1dc0af0e802014728c2a2ca8da213d31d

              SHA512

              b4a8c4f08a51bdd9ce7708fe8e2477182a52f1d853954eb5af0430c2df99839b6076a7d93b00391a73d446a6ad9da3ed77ef79c8b23353d32c72fc540415b8ef

              Download Submit
            • \fd1930c243832266cf9759ad9ba9\SetupEngine.dll
              MD5

              84c1daf5f30ff99895ecab3a55354bcf

              SHA1

              7e25ba36bcc7deed89f3c9568016ddb3156c9c5a

              SHA256

              7a0d281fa802d615ea1207bd2e9ebb98f3b74f9833bba3cb964ba7c7e0fb67fd

              SHA512

              e4fb7e4d39f094463fdcdc4895ab2ea500eb51a32b6909cec80a526bbf34d5c0eb98f47ee256c0f0865bf3169374937f047bf5c4d6762779c8ca3332b4103be3

              Download Submit
            • \fd1930c243832266cf9759ad9ba9\sqmapi.dll
              MD5

              3f0363b40376047eff6a9b97d633b750

              SHA1

              4eaf6650eca5ce931ee771181b04263c536a948b

              SHA256

              bd6395a58f55a8b1f4063e813ce7438f695b9b086bb965d8ac44e7a97d35a93c

              SHA512

              537be86e2f171e0b2b9f462ac7f62c4342beb5d00b68451228f28677d26a525014758672466ad15ed1fd073be38142dae478df67718908eae9e6266359e1f9e8

              Download Submit
            • memory/200-189-0x0000000000000000-mapping.dmp
              Download
            • memory/704-211-0x000000006BF60000-0x000000006C4BC000-memory.dmp
              Filesize

              5.4MB

              Download
            • memory/704-209-0x00007FF74C350000-0x00007FF74D2A0000-memory.dmp
              Filesize

              15.3MB

              Download
            • memory/704-210-0x00007FF9BABB0000-0x00007FF9BAF06000-memory.dmp
              Filesize

              3.3MB

              Download
            • memory/860-198-0x0000000000400000-0x0000000000B06000-memory.dmp
              Filesize

              7.0MB

              Download
            • memory/860-200-0x0000000002B30000-0x0000000002B31000-memory.dmp
              Filesize

              4KB

              Download
            • memory/860-192-0x0000000000B90000-0x0000000000B91000-memory.dmp
              Filesize

              4KB

              Download
            • memory/860-197-0x0000000001210000-0x0000000001211000-memory.dmp
              Filesize

              4KB

              Download
            • memory/860-196-0x0000000001200000-0x0000000001201000-memory.dmp
              Filesize

              4KB

              Download
            • memory/860-195-0x00000000011F0000-0x00000000011F1000-memory.dmp
              Filesize

              4KB

              Download
            • memory/860-194-0x00000000011E0000-0x00000000011E1000-memory.dmp
              Filesize

              4KB

              Download
            • memory/860-193-0x0000000000C80000-0x0000000000C81000-memory.dmp
              Filesize

              4KB

              Download
            • memory/860-191-0x00000000001E0000-0x00000000001E1000-memory.dmp
              Filesize

              4KB

              Download
            • memory/1088-213-0x0000000000000000-mapping.dmp
              Download
            • memory/1308-206-0x0000000000000000-mapping.dmp
              Download
            • memory/1340-156-0x0000000000000000-mapping.dmp
              Download
            • memory/1492-188-0x0000000000000000-mapping.dmp
              Download
            • memory/2000-215-0x00007FF9BABB0000-0x00007FF9BAF06000-memory.dmp
              Filesize

              3.3MB

              Download
            • memory/2000-214-0x0000000000000000-mapping.dmp
              Download
            • memory/2060-153-0x0000000000000000-mapping.dmp
              Download
            • memory/2216-205-0x0000000000000000-mapping.dmp
              Download
            • memory/2300-118-0x0000000000000000-mapping.dmp
              Download
            • memory/2816-190-0x0000000000000000-mapping.dmp
              Download
            • memory/3140-204-0x0000000000000000-mapping.dmp
              Download
            • memory/3144-212-0x0000000000000000-mapping.dmp
              Download
            • memory/3160-174-0x0000000000000000-mapping.dmp
              Download
            • memory/3180-146-0x0000000000000000-mapping.dmp
              Download
            • memory/3184-149-0x0000000000000000-mapping.dmp
              Download
            • memory/3648-201-0x00007FF74C350000-0x00007FF74D2A0000-memory.dmp
              Filesize

              15.3MB

              Download
            • memory/3648-202-0x000000006BF60000-0x000000006C4BC000-memory.dmp
              Filesize

              5.4MB

              Download
            • memory/3648-203-0x00007FF9BA870000-0x00007FF9BABC6000-memory.dmp
              Filesize

              3.3MB

              Download
            • memory/3836-177-0x0000000000000000-mapping.dmp
              Download
            • memory/3908-121-0x0000000000000000-mapping.dmp
              Download
            • memory/3968-171-0x0000000000000000-mapping.dmp
              Download
            • memory/4040-187-0x0000000000000000-mapping.dmp
              Download
            • memory/4072-207-0x0000000000000000-mapping.dmp
              Download
            • memory/4072-208-0x00007FF9BA870000-0x00007FF9BABC6000-memory.dmp
              Filesize

              3.3MB

              Download