c86c7f3faa4a5d63872a3c48bac2f8f380a45b4c35ba7066c1a247bbc0daa149

Analysis

max time kernel
238s
max time network
283s
platform
windows10-1703_x64
resource
win10-20220901-en
resource tags

arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
submitted
01-01-2023 01:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SFD Setup Alpha v.1.3.4c.exe
Size

32.2MB
MD5

b244e302df39b3270c4ffb3987b02533
SHA1

91bc49dcbc41a09aa234819d3218022276b7e7be
SHA256

287e557b99f62e515b0a94f217e6a9e1fbe5cf07bf5455b0e2ad9fe43e7af404
SHA512

863414dad23aa6b362eaa49b01b88c67c072513d4d8fee07637cd256bdcf1c95487c6802758425e40912796340b5080d01f960f18bb0fb8bee6062a3bb19388e
SSDEEP

786432:ZatvWrLITK0ihqMg4CJ0yOWbNddgnP+WO1oA7T:AtvxW0iINJ0TmInP+WxM

Score

8^/10

discovery

Malware Config

Signatures

Executes dropped EXE 9 IoCs

pid	Process
1396	SFD Setup Alpha v.1.3.4c.tmp
4896	dotNetFx45_Full_setup.exe
3272	Setup.exe
204	vcredist_x86.exe
4024	Setup.exe
2336	dxsetup.exe
1156	DXSETUP.exe
4992	Superfighters Deluxe Launcher.exe
1116	Superfighters Deluxe.exe

Loads dropped DLL 52 IoCs

pid	Process
3272	Setup.exe
3272	Setup.exe
3272	Setup.exe
3272	Setup.exe
3272	Setup.exe
4024	Setup.exe
4024	Setup.exe
2336	dxsetup.exe
2336	dxsetup.exe
2336	dxsetup.exe
2336	dxsetup.exe
2336	dxsetup.exe
2336	dxsetup.exe
2336	dxsetup.exe
2336	dxsetup.exe
2336	dxsetup.exe
1156	DXSETUP.exe
1156	DXSETUP.exe
1156	DXSETUP.exe
1156	DXSETUP.exe
1156	DXSETUP.exe
1156	DXSETUP.exe
200	MsiExec.exe
1116	Superfighters Deluxe.exe
1116	Superfighters Deluxe.exe
1116	Superfighters Deluxe.exe
1116	Superfighters Deluxe.exe
1116	Superfighters Deluxe.exe
1116	Superfighters Deluxe.exe
1116	Superfighters Deluxe.exe
1116	Superfighters Deluxe.exe
1116	Superfighters Deluxe.exe
1116	Superfighters Deluxe.exe
1116	Superfighters Deluxe.exe
1116	Superfighters Deluxe.exe
1116	Superfighters Deluxe.exe
1116	Superfighters Deluxe.exe
1116	Superfighters Deluxe.exe
1116	Superfighters Deluxe.exe
1116	Superfighters Deluxe.exe
1116	Superfighters Deluxe.exe
1116	Superfighters Deluxe.exe
1116	Superfighters Deluxe.exe
1116	Superfighters Deluxe.exe
1116	Superfighters Deluxe.exe
1116	Superfighters Deluxe.exe
1116	Superfighters Deluxe.exe
1116	Superfighters Deluxe.exe
1116	Superfighters Deluxe.exe
1116	Superfighters Deluxe.exe
1116	Superfighters Deluxe.exe
1116	Superfighters Deluxe.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\$RECYCLE.BIN\S-1-5-18\desktop.ini	DXSETUP.exe

Enumerates connected drives 3 TTPs 64 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\M:	Superfighters Deluxe.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\K:	Superfighters Deluxe.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\J:	Superfighters Deluxe.exe
File opened (read-only)	\??\Q:	Superfighters Deluxe.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\R:	Superfighters Deluxe.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\U:	Superfighters Deluxe.exe
File opened (read-only)	\??\W:	Superfighters Deluxe.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\H:	Superfighters Deluxe.exe
File opened (read-only)	\??\V:	Superfighters Deluxe.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\A:	Superfighters Deluxe.exe
File opened (read-only)	\??\L:	Superfighters Deluxe.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\G:	Superfighters Deluxe.exe
File opened (read-only)	\??\S:	Superfighters Deluxe.exe
File opened (read-only)	\??\T:	Superfighters Deluxe.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\O:	Superfighters Deluxe.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\I:	Superfighters Deluxe.exe
File opened (read-only)	\??\Z:	Superfighters Deluxe.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\E:	Superfighters Deluxe.exe
File opened (read-only)	\??\F:	Superfighters Deluxe.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\B:	Superfighters Deluxe.exe
File opened (read-only)	\??\N:	Superfighters Deluxe.exe

Drops file in System32 directory 21 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\SETFE4.tmp	dxsetup.exe
File opened for modification	C:\Windows\SysWOW64\D3DX9_41.dll	dxsetup.exe
File opened for modification	C:\Windows\SysWOW64\SET1246.tmp	dxsetup.exe
File created	C:\Windows\SysWOW64\SET1246.tmp	dxsetup.exe
File opened for modification	C:\Windows\SysWOW64\XAudio2_6.dll	dxsetup.exe
File opened for modification	C:\Windows\SysWOW64\SETDF0.tmp	dxsetup.exe
File created	C:\Windows\SysWOW64\SETDF0.tmp	dxsetup.exe
File created	C:\Windows\SysWOW64\SETEDB.tmp	dxsetup.exe
File opened for modification	C:\Windows\SysWOW64\xinput1_3.dll	dxsetup.exe
File created	C:\Windows\SysWOW64\SET1256.tmp	dxsetup.exe
File created	C:\Windows\SysWOW64\SETFE4.tmp	dxsetup.exe
File opened for modification	C:\Windows\SysWOW64\SET1090.tmp	dxsetup.exe
File opened for modification	C:\Windows\SysWOW64\SET114C.tmp	dxsetup.exe
File opened for modification	C:\Windows\SysWOW64\xactengine3_6.dll	dxsetup.exe
File created	C:\Windows\SysWOW64\SET114C.tmp	dxsetup.exe
File opened for modification	C:\Windows\SysWOW64\SET1256.tmp	dxsetup.exe
File opened for modification	C:\Windows\SysWOW64\XAPOFX1_4.dll	dxsetup.exe
File opened for modification	C:\Windows\SysWOW64\d3dx9_33.dll	dxsetup.exe
File opened for modification	C:\Windows\SysWOW64\SETEDB.tmp	dxsetup.exe
File created	C:\Windows\SysWOW64\SET1090.tmp	dxsetup.exe
File opened for modification	C:\Windows\SysWOW64\X3DAudio1_7.dll	dxsetup.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Images\Tiles\Background\Common\is-STUD2.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Images\Tiles\Background\Common\is-2B1OV.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Images\Tiles\Background\Industrial\is-HO8A5.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Items\Skin\is-V2O40.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Images\Misc\is-FCLKN.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Images\Tiles\Background\Carnival\is-LMPJH.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Images\Tiles\Background\Common\is-5T5SE.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Images\Tiles\Background\Metal\is-GV7TT.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Images\Tiles\FarBG\Skyline\is-TNMIU.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Images\Tiles\Solid\Metal\TrainParts\is-4QD51.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Sounds\Impact\is-O04KE.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Fonts\is-L0IC5.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Images\Tiles\Background\Common\is-VN9KD.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Images\Editor\ScriptNodes\PlayerCommands\is-IS7MP.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Images\Tiles\Background\is-CLHPG.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Images\Tiles\Background\Common\is-GUJJN.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Images\Tiles\Background\Metal\is-SGHHL.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Images\Tiles\FarBG\NightSky\is-R8VS9.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Misc\ScriptAPI\html\is-Q24IO.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Sounds\Impact\is-F7I1N.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Images\Misc\is-K11KQ.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Images\Tiles\Background\Common\is-EGAIU.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Images\Tiles\Background\Industrial\is-AFDIO.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Images\Tiles\Background\Signs\is-HSUUQ.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Images\Tiles\Solid\is-Q9023.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Images\Tiles\Solid\Metal\TrainParts\is-39BLP.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Images\Weapons\Handgun\is-SCUFV.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Images\Editor\ScriptNodes\PlayerCommands\is-5L6P4.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Images\Tiles\Background\Industrial\is-4QDPQ.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Images\Tiles\Background\Metal\is-C42NJ.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Images\Tiles\Background\Natural\is-ONSME.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Images\Tiles\Background\Signs\Symbols\is-S5LE3.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Images\Tiles\Solid\Metal\is-S2BN1.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Images\Weapons\Rifles\is-QFFRS.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Maps\Official\vs\is-P34R6.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Images\Tiles\Background\Common\is-RAMEF.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Images\Tiles\Background\Industrial\is-82DGL.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Misc\ScriptAPI\html\is-4R6IN.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Sounds\Player\is-RQOD3.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Images\Objects\Metal\is-7E7AA.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Images\Objects\Metal\is-20IH1.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Images\Tiles\Background\Common\is-3FQ26.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Misc\Language\is-D6NBA.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Misc\ScriptAPI\html\is-GNV9V.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Images\Editor\ScriptNodes\PlayerCommands\is-IMMEP.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Images\Editor\ScriptNodes\PlayerCommands\is-5GGS0.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Images\Tiles\Solid\Metal\TrainParts\is-43OAB.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Sounds\Player\is-63BU4.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Images\Editor\ScriptNodes\PlayerCommands\is-MVRNQ.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Images\Tiles\Solid\Metal\is-H72FK.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Images\Tiles\Solid\Metal\is-9OPR0.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Images\Tiles\Solid\Metal\TrainParts\is-ROP60.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Misc\ScriptAPI\html\is-8SJS8.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Sounds\Player\is-PM6GK.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Images\Tiles\Background\Common\is-2NKQ3.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Images\Tiles\FarBG\is-9P2CQ.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Misc\ScriptAPI\html\is-4CRKS.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Images\Weapons\Other\is-ASS5E.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Misc\ScriptAPI\html\is-99KR2.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Misc\ScriptAPI\html\is-PDNOD.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Misc\ScriptAPI\html\is-93GNC.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\APR2007_xinput_x86.cab	msiexec.exe
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Images\Tiles\Background\Common\is-O79CQ.tmp	SFD Setup Alpha v.1.3.4c.tmp
File created	C:\Program Files (x86)\Superfighters Deluxe\Content\Data\Images\Tiles\Background\Industrial\is-U2SOM.tmp	SFD Setup Alpha v.1.3.4c.tmp

Drops file in Windows directory 30 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\0AA7CFB2C445A3E47869763FEB56B59E\4.0.20823	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\0AA7CFB2C445A3E47869763FEB56B59E\4.0.20823\F_CENTRAL_msvcr100_x86.DF495DFD_79F6_34DF_BB1E_E58DB5BDCF2C	msiexec.exe
File created	C:\Windows\Installer\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}\ProductIcon	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\assembly\tmp\WD7BCQNA\Microsoft.Xna.Framework.Game.dll	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\0AA7CFB2C445A3E47869763FEB56B59E	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\0AA7CFB2C445A3E47869763FEB56B59E\4.0.20823\F_CENTRAL_msvcr100_x86.DF495DFD_79F6_34DF_BB1E_E58DB5BDCF2C	msiexec.exe
File created	C:\Windows\Installer\e5972b5.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e5972b5.msi	msiexec.exe
File created	C:\Windows\Installer\e5972b7.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI965C.tmp	msiexec.exe
File created	C:\Windows\assembly\tmp\IUHQX9YM\Microsoft.Xna.Framework.GamerServices.dll	msiexec.exe
File created	C:\Windows\assembly\tmp\6PACM7J2\Microsoft.Xna.Framework.Input.Touch.dll	msiexec.exe
File opened for modification	C:\Windows\Installer\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}\ProductIcon	msiexec.exe
File created	C:\Windows\assembly\GACLock.dat	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\0AA7CFB2C445A3E47869763FEB56B59E\4.0.20823\F_CENTRAL_msvcp100_x86.DF495DFD_79F6_34DF_BB1E_E58DB5BDCF2C	msiexec.exe
File opened for modification	C:\Windows\Logs\DirectX.log	dxsetup.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI75D2.tmp	msiexec.exe
File created	C:\Windows\assembly\tmp\B1EE47JM\Microsoft.Xna.Framework.Graphics.dll	msiexec.exe
File created	C:\Windows\assembly\tmp\AZAQ98WO\Microsoft.Xna.Framework.dll	msiexec.exe
File created	C:\Windows\assembly\tmp\KWP8001I\Microsoft.Xna.Framework.Xact.dll	msiexec.exe
File opened for modification	C:\Windows\Logs\DirectX.log	DXSETUP.exe
File created	C:\Windows\assembly\tmp\HQMJR6CT\Microsoft.Xna.Framework.Avatar.dll	msiexec.exe
File created	C:\Windows\assembly\tmp\HFXHPXI9\Microsoft.Xna.Framework.Net.dll	msiexec.exe
File created	C:\Windows\assembly\tmp\HWIML2QH\Microsoft.Xna.Framework.Storage.dll	msiexec.exe
File created	C:\Windows\assembly\tmp\VYYRDW7N\Microsoft.Xna.Framework.Video.dll	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\0AA7CFB2C445A3E47869763FEB56B59E\4.0.20823\F_CENTRAL_msvcp100_x86.DF495DFD_79F6_34DF_BB1E_E58DB5BDCF2C	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0064	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\300A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004C	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0064	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0051	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0064	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0055	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004A	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0055	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\DeviceDesc	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\DeviceDesc	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0058	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0058	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\300A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0055	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0055	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004C	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Mfg	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E	svchost.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Setup.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Setup.exe

Modifies data under HKEY_USERS 56 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume	DXSETUP.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	DXSETUP.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\20	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DXSETUP.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{b79df8d1-0000-0000-0000-d01200000000}\MaxCapacity = "15140"	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer	DXSETUP.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1F	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DXSETUP.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{b79df8d1-0000-0000-0000-d01200000000}	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DXSETUP.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{b79df8d1-0000-0000-0000-d01200000000}\NukeOnDelete = "0"	DXSETUP.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\TelemetrySalt = "7"	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	DXSETUP.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\DirectShow\MediaObjects\a8122ff4-9e52-4374-b3d9-b4063e77109d\ = "XnaVisualizerDmo"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248d8a3b-6256-44d3-a018-2ac96c459f47}	dxsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0AA7CFB2C445A3E47869763FEB56B59E\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\500BB8FAD5F3D2A4D9EFC01E0702D939\0AA7CFB2C445A3E47869763FEB56B59E	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3eda9b49-2085-498b-9bb2-39a6778493de}\InProcServer32\ = "C:\\Windows\\SysWow64\\XAudio2_6.dll"	DXSETUP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3eda9b49-2085-498b-9bb2-39a6778493de}\InProcServer32\ThreadingModel = "Both"	DXSETUP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\.sfdm\OpenWithProgids\SuperfightersDeluxe	SFD Setup Alpha v.1.3.4c.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0AA7CFB2C445A3E47869763FEB56B59E\ProductName = "Microsoft XNA Framework Redistributable 4.0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0AA7CFB2C445A3E47869763FEB56B59E\Language = "1033"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\DirectShow\MediaObjects\a8122ff4-9e52-4374-b3d9-b4063e77109d\InputTypes = 6175647300001000800000aa00389b710100000000001000800000aa00389b71	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3eda9b49-2085-498b-9bb2-39a6778493de}\InProcServer32\ThreadingModel = "Both"	dxsetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{e48c5a3f-93ef-43bb-a092-2c7ceb946f27}\InProcServer32\ = "C:\\Windows\\SysWow64\\XAudio2_6.dll"	dxsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0AA7CFB2C445A3E47869763FEB56B59E\SourceList\Net	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248d8a3b-6256-44d3-a018-2ac96c459f47}\InProcServer32	DXSETUP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{e48c5a3f-93ef-43bb-a092-2c7ceb946f27}\InProcServer32\ = "C:\\Windows\\SysWow64\\XAudio2_6.dll"	DXSETUP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{cecec95a-d894-491a-bee3-5e106fb59f2d}\InProcServer32\ = "C:\\Windows\\SysWow64\\XAudio2_6.dll"	DXSETUP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\0AA7CFB2C445A3E47869763FEB56B59E\DXRedist	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\500BB8FAD5F3D2A4D9EFC01E0702D939	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{e48c5a3f-93ef-43bb-a092-2c7ceb946f27}\InProcServer32	DXSETUP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A8122FF4-9E52-4374-B3D9-B4063E77109D}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0AA7CFB2C445A3E47869763FEB56B59E\Clients = 3a0000000000	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\.sfdm	SFD Setup Alpha v.1.3.4c.tmp
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\SuperfightersDeluxe\shell\open\command	SFD Setup Alpha v.1.3.4c.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{cecec95a-d894-491a-bee3-5e106fb59f2d}\InProcServer32	dxsetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{cecec95a-d894-491a-bee3-5e106fb59f2d}\InProcServer32\ThreadingModel = "Both"	dxsetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\0AA7CFB2C445A3E47869763FEB56B59E\XNAFrameworkRedist	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0AA7CFB2C445A3E47869763FEB56B59E\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\SuperfightersDeluxe\shell\open\command\ = "\"C:\\Program Files (x86)\\Superfighters Deluxe\\Superfighters Deluxe.exe\" \"%1\""	SFD Setup Alpha v.1.3.4c.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3eda9b49-2085-498b-9bb2-39a6778493de}\InProcServer32	dxsetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{e48c5a3f-93ef-43bb-a092-2c7ceb946f27}\InProcServer32\ThreadingModel = "Both"	DXSETUP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248d8a3b-6256-44d3-a018-2ac96c459f47}\InProcServer32\ThreadingModel = "Both"	dxsetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3eda9b49-2085-498b-9bb2-39a6778493de}\InProcServer32\ = "C:\\Windows\\SysWow64\\XAudio2_6.dll"	dxsetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global\Microsoft.Xna.Framework.Storage,fileVersion="4.0.20823.0",version="4.0.0.00000",culture="neutral",publicKeyToken="842CF8BE1DE50553",processorArchitecture="MSIL" = 6c00660060002e003200510046002b00300041004c0048005600370077003800680027002100740058004e0041004600720061006d00650077006f0072006b005200650064006900730074003e007b0072006100690027004a006300710041003d00550070005d002e0026004d0043007a007100590000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\0AA7CFB2C445A3E47869763FEB56B59E	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\SuperfightersDeluxe\shell	SFD Setup Alpha v.1.3.4c.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{cecec95a-d894-491a-bee3-5e106fb59f2d}	dxsetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global\Microsoft.Xna.Framework,fileVersion="4.0.20823.0",version="4.0.0.00000",culture="neutral",publicKeyToken="842CF8BE1DE50553",processorArchitecture="x86" = 6c00660060002e003200510046002b00300041004c0048005600370077003800680027002100740058004e0041004600720061006d00650077006f0072006b005200650064006900730074003e0065006a0036002d0051005b002d0065003900400060004a003d006e0079005e005b005d002a00710000000000	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global\Microsoft.Xna.Framework.Xact,fileVersion="4.0.20823.0",version="4.0.0.00000",culture="neutral",publicKeyToken="842CF8BE1DE50553",processorArchitecture="x86" = 6c00660060002e003200510046002b00300041004c0048005600370077003800680027002100740058004e0041004600720061006d00650077006f0072006b005200650064006900730074003e0058003600520051006200610026006500470040005b002d003200630041007600560064007300740000000000	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0AA7CFB2C445A3E47869763FEB56B59E\InstanceType = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0AA7CFB2C445A3E47869763FEB56B59E\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\is-LSO8U.tmp\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{cecec95a-d894-491a-bee3-5e106fb59f2d}	DXSETUP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\DirectShow\MediaObjects\a8122ff4-9e52-4374-b3d9-b4063e77109d	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248d8a3b-6256-44d3-a018-2ac96c459f47}\InProcServer32\ = "C:\\Windows\\SysWow64\\xactengine3_6.dll"	dxsetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{cecec95a-d894-491a-bee3-5e106fb59f2d}\InProcServer32\ = "C:\\Windows\\SysWow64\\XAudio2_6.dll"	dxsetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global\Microsoft.Xna.Framework.Net,fileVersion="4.0.20823.0",version="4.0.0.00000",culture="neutral",publicKeyToken="842CF8BE1DE50553",processorArchitecture="MSIL" = 6c00660060002e003200510046002b00300041004c0048005600370077003800680027002100740058004e0041004600720061006d00650077006f0072006b005200650064006900730074003e00440072005900520072006c002d004a003d0041006b00390052007a005500210029006f005e00380000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0AA7CFB2C445A3E47869763FEB56B59E	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0AA7CFB2C445A3E47869763FEB56B59E\AdvertiseFlags = "388"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248d8a3b-6256-44d3-a018-2ac96c459f47}\InProcServer32\ = "C:\\Windows\\SysWow64\\xactengine3_6.dll"	DXSETUP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\SuperfightersDeluxe\shell\open\command\ = "\"C:\\Program Files (x86)\\Superfighters Deluxe\\Superfighters Deluxe.exe\" \"%1\""	Superfighters Deluxe.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A8122FF4-9E52-4374-B3D9-B4063E77109D}\InprocServer32\ = "C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\XNA\\Framework\\Shared\\xnavisualizer.dll"	MsiExec.exe
Key created	\REGISTRY\USER\S-1-5-21-2368682536-4045190062-1465778271-1000_Classes\SuperfightersDeluxe\shell\open	SFD Setup Alpha v.1.3.4c.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3eda9b49-2085-498b-9bb2-39a6778493de}	dxsetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0AA7CFB2C445A3E47869763FEB56B59E\PackageCode = "CC1B48CD503865840BBC69BD0DED73A5"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0AA7CFB2C445A3E47869763FEB56B59E\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0AA7CFB2C445A3E47869763FEB56B59E\SourceList\Media\1 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{e48c5a3f-93ef-43bb-a092-2c7ceb946f27}\ = "AudioVolumeMeter"	DXSETUP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A8122FF4-9E52-4374-B3D9-B4063E77109D}\InprocServer32	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{e48c5a3f-93ef-43bb-a092-2c7ceb946f27}\InProcServer32	dxsetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global\Microsoft.Xna.Framework.Game,fileVersion="4.0.20823.0",version="4.0.0.00000",culture="neutral",publicKeyToken="842CF8BE1DE50553",processorArchitecture="x86" = 6c00660060002e003200510046002b00300041004c0048005600370077003800680027002100740058004e0041004600720061006d00650077006f0072006b005200650064006900730074003e0048006100380066004c0049004f0071007b003f00380032003100310034002e002400740052006c0000000000	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0AA7CFB2C445A3E47869763FEB56B59E\Version = "67129687"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0AA7CFB2C445A3E47869763FEB56B59E\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0AA7CFB2C445A3E47869763FEB56B59E\SourceList\PackageName = "xnafx40_redist.msi"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\DirectShow\MediaObjects\Categories\f3602b3f-0592-48df-a4cd-674721e7ebeb	MsiExec.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
1396	SFD Setup Alpha v.1.3.4c.tmp
1396	SFD Setup Alpha v.1.3.4c.tmp
3272	Setup.exe
3272	Setup.exe
3272	Setup.exe
3272	Setup.exe
3272	Setup.exe
3272	Setup.exe
3272	Setup.exe
3272	Setup.exe
4024	Setup.exe
4024	Setup.exe
4024	Setup.exe
4024	Setup.exe
4024	Setup.exe
4024	Setup.exe
4024	Setup.exe
4024	Setup.exe
3664	msiexec.exe
3664	msiexec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeBackupPrivilege	1508	vssvc.exe
Token: SeRestorePrivilege	1508	vssvc.exe
Token: SeAuditPrivilege	1508	vssvc.exe
Token: SeBackupPrivilege	3564	srtasks.exe
Token: SeRestorePrivilege	3564	srtasks.exe
Token: SeSecurityPrivilege	3564	srtasks.exe
Token: SeTakeOwnershipPrivilege	3564	srtasks.exe
Token: SeBackupPrivilege	3564	srtasks.exe
Token: SeRestorePrivilege	3564	srtasks.exe
Token: SeSecurityPrivilege	3564	srtasks.exe
Token: SeTakeOwnershipPrivilege	3564	srtasks.exe
Token: SeShutdownPrivilege	1660	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1660	msiexec.exe
Token: SeSecurityPrivilege	3664	msiexec.exe
Token: SeCreateTokenPrivilege	1660	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1660	msiexec.exe
Token: SeLockMemoryPrivilege	1660	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1660	msiexec.exe
Token: SeMachineAccountPrivilege	1660	msiexec.exe
Token: SeTcbPrivilege	1660	msiexec.exe
Token: SeSecurityPrivilege	1660	msiexec.exe
Token: SeTakeOwnershipPrivilege	1660	msiexec.exe
Token: SeLoadDriverPrivilege	1660	msiexec.exe
Token: SeSystemProfilePrivilege	1660	msiexec.exe
Token: SeSystemtimePrivilege	1660	msiexec.exe
Token: SeProfSingleProcessPrivilege	1660	msiexec.exe
Token: SeIncBasePriorityPrivilege	1660	msiexec.exe
Token: SeCreatePagefilePrivilege	1660	msiexec.exe
Token: SeCreatePermanentPrivilege	1660	msiexec.exe
Token: SeBackupPrivilege	1660	msiexec.exe
Token: SeRestorePrivilege	1660	msiexec.exe
Token: SeShutdownPrivilege	1660	msiexec.exe
Token: SeDebugPrivilege	1660	msiexec.exe
Token: SeAuditPrivilege	1660	msiexec.exe
Token: SeSystemEnvironmentPrivilege	1660	msiexec.exe
Token: SeChangeNotifyPrivilege	1660	msiexec.exe
Token: SeRemoteShutdownPrivilege	1660	msiexec.exe
Token: SeUndockPrivilege	1660	msiexec.exe
Token: SeSyncAgentPrivilege	1660	msiexec.exe
Token: SeEnableDelegationPrivilege	1660	msiexec.exe
Token: SeManageVolumePrivilege	1660	msiexec.exe
Token: SeImpersonatePrivilege	1660	msiexec.exe
Token: SeCreateGlobalPrivilege	1660	msiexec.exe
Token: SeRestorePrivilege	3664	msiexec.exe
Token: SeTakeOwnershipPrivilege	3664	msiexec.exe
Token: SeRestorePrivilege	3664	msiexec.exe
Token: SeTakeOwnershipPrivilege	3664	msiexec.exe
Token: SeRestorePrivilege	3664	msiexec.exe
Token: SeTakeOwnershipPrivilege	3664	msiexec.exe
Token: SeRestorePrivilege	3664	msiexec.exe
Token: SeTakeOwnershipPrivilege	3664	msiexec.exe
Token: SeRestorePrivilege	3664	msiexec.exe
Token: SeTakeOwnershipPrivilege	3664	msiexec.exe
Token: SeRestorePrivilege	3664	msiexec.exe
Token: SeTakeOwnershipPrivilege	3664	msiexec.exe
Token: SeRestorePrivilege	3664	msiexec.exe
Token: SeTakeOwnershipPrivilege	3664	msiexec.exe
Token: SeRestorePrivilege	3664	msiexec.exe
Token: SeTakeOwnershipPrivilege	3664	msiexec.exe
Token: SeRestorePrivilege	3664	msiexec.exe
Token: SeTakeOwnershipPrivilege	3664	msiexec.exe
Token: SeRestorePrivilege	3664	msiexec.exe
Token: SeTakeOwnershipPrivilege	3664	msiexec.exe
Token: SeRestorePrivilege	3664	msiexec.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
1396	SFD Setup Alpha v.1.3.4c.tmp
1660	msiexec.exe
1660	msiexec.exe
4992	Superfighters Deluxe Launcher.exe

Suspicious use of WriteProcessMemory 44 IoCs

description	pid	Process	procid_target
PID 2416 wrote to memory of 1396	2416	SFD Setup Alpha v.1.3.4c.exe	66
PID 2416 wrote to memory of 1396	2416	SFD Setup Alpha v.1.3.4c.exe	66
PID 2416 wrote to memory of 1396	2416	SFD Setup Alpha v.1.3.4c.exe	66
PID 1396 wrote to memory of 4896	1396	SFD Setup Alpha v.1.3.4c.tmp	67
PID 1396 wrote to memory of 4896	1396	SFD Setup Alpha v.1.3.4c.tmp	67
PID 1396 wrote to memory of 4896	1396	SFD Setup Alpha v.1.3.4c.tmp	67
PID 4896 wrote to memory of 3272	4896	dotNetFx45_Full_setup.exe	69
PID 4896 wrote to memory of 3272	4896	dotNetFx45_Full_setup.exe	69
PID 4896 wrote to memory of 3272	4896	dotNetFx45_Full_setup.exe	69
PID 1396 wrote to memory of 204	1396	SFD Setup Alpha v.1.3.4c.tmp	72
PID 1396 wrote to memory of 204	1396	SFD Setup Alpha v.1.3.4c.tmp	72
PID 1396 wrote to memory of 204	1396	SFD Setup Alpha v.1.3.4c.tmp	72
PID 204 wrote to memory of 4024	204	vcredist_x86.exe	73
PID 204 wrote to memory of 4024	204	vcredist_x86.exe	73
PID 204 wrote to memory of 4024	204	vcredist_x86.exe	73
PID 1396 wrote to memory of 2336	1396	SFD Setup Alpha v.1.3.4c.tmp	74
PID 1396 wrote to memory of 2336	1396	SFD Setup Alpha v.1.3.4c.tmp	74
PID 1396 wrote to memory of 2336	1396	SFD Setup Alpha v.1.3.4c.tmp	74
PID 1396 wrote to memory of 1660	1396	SFD Setup Alpha v.1.3.4c.tmp	82
PID 1396 wrote to memory of 1660	1396	SFD Setup Alpha v.1.3.4c.tmp	82
PID 1396 wrote to memory of 1660	1396	SFD Setup Alpha v.1.3.4c.tmp	82
PID 3664 wrote to memory of 1156	3664	msiexec.exe	85
PID 3664 wrote to memory of 1156	3664	msiexec.exe	85
PID 3664 wrote to memory of 1156	3664	msiexec.exe	85
PID 3664 wrote to memory of 200	3664	msiexec.exe	87
PID 3664 wrote to memory of 200	3664	msiexec.exe	87
PID 3664 wrote to memory of 200	3664	msiexec.exe	87
PID 1396 wrote to memory of 4992	1396	SFD Setup Alpha v.1.3.4c.tmp	89
PID 1396 wrote to memory of 4992	1396	SFD Setup Alpha v.1.3.4c.tmp	89
PID 4992 wrote to memory of 1116	4992	Superfighters Deluxe Launcher.exe	91
PID 4992 wrote to memory of 1116	4992	Superfighters Deluxe Launcher.exe	91
PID 4992 wrote to memory of 1116	4992	Superfighters Deluxe Launcher.exe	91
PID 1116 wrote to memory of 4564	1116	Superfighters Deluxe.exe	93
PID 1116 wrote to memory of 4564	1116	Superfighters Deluxe.exe	93
PID 1116 wrote to memory of 4564	1116	Superfighters Deluxe.exe	93
PID 1116 wrote to memory of 3628	1116	Superfighters Deluxe.exe	95
PID 1116 wrote to memory of 3628	1116	Superfighters Deluxe.exe	95
PID 1116 wrote to memory of 3628	1116	Superfighters Deluxe.exe	95
PID 4564 wrote to memory of 4316	4564	csc.exe	97
PID 4564 wrote to memory of 4316	4564	csc.exe	97
PID 4564 wrote to memory of 4316	4564	csc.exe	97
PID 3628 wrote to memory of 4068	3628	csc.exe	98
PID 3628 wrote to memory of 4068	3628	csc.exe	98
PID 3628 wrote to memory of 4068	3628	csc.exe	98

C:\Users\Admin\AppData\Local\Temp\SFD Setup Alpha v.1.3.4c.exe
"C:\Users\Admin\AppData\Local\Temp\SFD Setup Alpha v.1.3.4c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2416
- C:\Users\Admin\AppData\Local\Temp\is-DO9E7.tmp\SFD Setup Alpha v.1.3.4c.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-DO9E7.tmp\SFD Setup Alpha v.1.3.4c.tmp" /SL5="$300DA,33406605,57344,C:\Users\Admin\AppData\Local\Temp\SFD Setup Alpha v.1.3.4c.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1396
- - C:\Users\Admin\AppData\Local\Temp\is-LSO8U.tmp\dotNetFx45_Full_setup.exe
    "C:\Users\Admin\AppData\Local\Temp\is-LSO8U.tmp\dotNetFx45_Full_setup.exe" /noreboot
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:4896
  - - C:\50fde7d65fa20968b0\Setup.exe
      C:\50fde7d65fa20968b0\\Setup.exe /noreboot /x86 /x64 /web
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks processor information in registry
      Suspicious behavior: EnumeratesProcesses
      PID:3272
- - C:\Users\Admin\AppData\Local\Temp\is-LSO8U.tmp\vcredist_x86.exe
    "C:\Users\Admin\AppData\Local\Temp\is-LSO8U.tmp\vcredist_x86.exe" /q
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:204
  - - \??\c:\b43d6abfedaa31a3a0db4027a1\Setup.exe
      c:\b43d6abfedaa31a3a0db4027a1\Setup.exe /q
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks processor information in registry
      Suspicious behavior: EnumeratesProcesses
      PID:4024
- - C:\Users\Admin\AppData\Local\Temp\is-LSO8U.tmp\dxsetup.exe
    "C:\Users\Admin\AppData\Local\Temp\is-LSO8U.tmp\dxsetup.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in System32 directory
    - Drops file in Windows directory
    - Modifies registry class
    PID:2336
- - C:\Windows\SysWOW64\msiexec.exe
    "msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\is-LSO8U.tmp\xnafx40_redist.msi"
    3⤵
    - Enumerates connected drives
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    PID:1660
- - C:\Program Files (x86)\Superfighters Deluxe\Superfighters Deluxe Launcher.exe
    "C:\Program Files (x86)\Superfighters Deluxe\Superfighters Deluxe Launcher.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:4992
  - - C:\Program Files (x86)\Superfighters Deluxe\Superfighters Deluxe.exe
      "C:\Program Files (x86)\Superfighters Deluxe\Superfighters Deluxe.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Enumerates connected drives
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:1116
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\xvo4kfwv\xvo4kfwv.cmdline"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:4564
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2FFA.tmp" "c:\Users\Admin\AppData\Local\Temp\xvo4kfwv\CSC3123DFEC1AAC49BC973EB5AA655CF8C1.TMP"
        6⤵
        
        PID:4316
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\iyrlysgw\iyrlysgw.cmdline"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:3628
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES349E.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC65058FC5A1E74B9782E27BEC5DDB8221.TMP"
        6⤵
        
        PID:4068

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1508

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -s DsmSvc
1⤵
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:3264

C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3564

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3664
- C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe
  "C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe" /silent
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops desktop.ini file(s)
  - Drops file in Windows directory
  - Modifies data under HKEY_USERS
  - Modifies registry class
  PID:1156
- C:\Windows\syswow64\MsiExec.exe
  "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\Framework\Shared\xnavisualizer.dll"
  2⤵
  - Loads dropped DLL
  - Modifies registry class
  PID:200

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3e8
1⤵
PID:4864

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\50fde7d65fa20968b0\1025\LocalizedData.xml

Filesize
49KB

MD5
d84db0827e0f455f607ef501108557d0

SHA1
d275924654f617ddaf01b032cf0bf26374fc6cd5

SHA256
a8d9fd3c7ebb7fee5adb3cafe6190131cebfcbeff7f0046a428c243f78eac559

SHA512
1b08115a4ea03217ce7a4d365899bd311a60490b7271db209d1e5979a612d95c853be33d895570e0fb0414ab16eb8fd822fe4e3396019a9edd0d0c7ff9e57232

Download Submit
C:\50fde7d65fa20968b0\1028\LocalizedData.xml

Filesize
41KB

MD5
ff41100cc12e45a327d670652f0d6b87

SHA1
cb53d671cb66d28b6eb7247a1a0c70a114d07e6b

SHA256
ef3de7ab3d80a4d2865b9e191d2311112b4870103d383ae21882f251bbde7f0a

SHA512
f8a2f8db5957a43aa82bd7d193b2ff2a151bba6a9d0ad2d39e120909a0f8939123b389ebb4244a417f9e4d8e46629c49ac193c320231cb614253612af45281a8

Download Submit
C:\50fde7d65fa20968b0\1029\LocalizedData.xml

Filesize
53KB

MD5
51130f3479df72fe12b05a7aba1891d3

SHA1
fbaf9c0269d532a3ce00d725cd40772bc0ad8f09

SHA256
8845d0f0fadfdf51b540d389bbb0a8a9655cf65055e55dcd54fa655576dd70a1

SHA512
b641e22b81babbde85a6f324851d35f47bd769fc0cff74911010ae620cf682f9c7bc4d946d2f80a46a9851f3cc912625991c8a3876f1d958ea4d49d8791d1815

Download Submit
C:\50fde7d65fa20968b0\1030\LocalizedData.xml

Filesize
52KB

MD5
53aa67d27c43a35c6f61552ee9865f55

SHA1
504035de2fe6432d54bc69f0d126516f363e1905

SHA256
5d08b297b867179d8d2ec861dbf7e1dfdb283573430a55644e134ee39083157a

SHA512
7a284076f6f204e5be41eab3c3abb1983fbbc21669130cc7e6961a7b858f30caf83fbcb2ef44cfe712341ab664347df29d58b650f004608b015e61e4f5d4f47b

Download Submit
C:\50fde7d65fa20968b0\1031\LocalizedData.xml

Filesize
55KB

MD5
f8e3a846d4aca062413094f1d953075e

SHA1
09f2aa5b5ef693051862965c7c1063d31623f433

SHA256
5a929328125673d922e7f969769b003f5cb6942daa92818a384d50ac755174c2

SHA512
95fead89ac87c700615deef0b5c75aa818172cb387fb5e7178d0a96adb4a60abe86c3793f1174ad27b3a12fe29a371682a032d83d2c63f50a223e37a9d5fc7c6

Download Submit
C:\50fde7d65fa20968b0\1032\LocalizedData.xml

Filesize
56KB

MD5
8ecac4ca4cc3405929b06872e3f78e99

SHA1
805250d3aa16183dc2801558172633f718a839c4

SHA256
b9e9740a1f29eeaf213e1e0e01f189b6be1d8d44a2ab6df746eebe9cb772f588

SHA512
6f681c35a38a822f4747d6d2bcacefc49a07c9ca28a6b8eed38b8d760327419b5b469698bed37366c2480a4f118d4d36c6ae0f3c645f185e39a90ff26e749062

Download Submit
C:\50fde7d65fa20968b0\1033\LocalizedData.xml

Filesize
51KB

MD5
24fde6338ea1a937945c3feb0b7b2281

SHA1
6b8b437cd3692207e891e205c246f64e3d81fdd5

SHA256
63d37577f760339ed4e40dc699308b25217ce678ce0be50c5f9ce540bb08e0a7

SHA512
9a51c7057de4f2ec607bb9820999c676c01c9baf49524011bb5669225d80154119757e8eb92d1952832a6cb20ea0e7da192b4b9ddf813fa4c2780200b3d7ba67

Download Submit
C:\50fde7d65fa20968b0\1033\SetupResources.dll

Filesize
27KB

MD5
541d0525f83b665b9237bfe3e3483031

SHA1
ddc3b3dbf0524c38328b1dcbb7207e265b7d67cc

SHA256
6612a68898b89bcc6f1b74c11d4ec33a4b230ab567aed78d31e0120509ef2990

SHA512
bf6f131b0d26c6785991e1b4c460668e82e01fe949dbe94bd0ed4fb2be0cc38d50dc266f03ef491f33f447b7d724e045a486410e265561b77c3205964cab55ff

Download Submit
C:\50fde7d65fa20968b0\1035\LocalizedData.xml

Filesize
52KB

MD5
de5ccb392face873eae6abc827d2d3a7

SHA1
50eab784e31d1462a6e760f39751e7e238ba46a2

SHA256
6638228cb95fc08eebc9026a2978d5c68852255571941a3828d9948251ca087d

SHA512
b615a69b49404d97ce0459412fbd53415dfbc1792ed95c1f1bd30f963790f3f219e028f559706e8b197ce0223a2c2d9f2e1cac7e3b50372ebef0d050100c6d10

Download Submit
C:\50fde7d65fa20968b0\1036\LocalizedData.xml

Filesize
55KB

MD5
75bf2db655ca2442ae41495e158149c9

SHA1
514a48371362dfa2033ba99ecab80727f7e4b0ee

SHA256
1938c4ffedfbb7fea0636238abb7f8a8db53db62537437ff1ec0e12dca2abfab

SHA512
1b697d0621f47bb66d45ae85183a02ec78dd2b6458ef2b0897d5bbbd2892e15eaf90384bc351800b5d00cb0c3682db234fac2a75214d8ade4748fc100b1c85b2

Download Submit
C:\50fde7d65fa20968b0\1037\LocalizedData.xml

Filesize
48KB

MD5
94f3480d829cee3470d2ba1046f2f613

SHA1
9a8ffc781afb5f087b39abe82c11e20d3e08b4f3

SHA256
eceb759e0f06e5d4f30bc8a982f099c6c268cff4a1459222da794d639c74f97f

SHA512
436d52da9c6c853616cf088c83b55032e491d6d76eeca0bf0cb40b7a84383a1fcffcb8ac0793cdea6af04d02acf5c1654d6b9461506ee704d95a9469581e8eaf

Download Submit
C:\50fde7d65fa20968b0\1038\LocalizedData.xml

Filesize
54KB

MD5
818e35b3eb2e23785decef4e58d74433

SHA1
41b43d0b3f81a3a294aa941279a96f0764761547

SHA256
3d8b2c8079cf8117340a8fc363dceb9be102d6eb1a72881b0c43e1e4b934303e

SHA512
98ae09da1be0ebe609d0e11d868258ab322cdc631e3105296c8ce243d821b415f3c487cbb4cd366bb4bdb7f0f9447a25836e53320b424a9ff817cac728ff4ae2

Download Submit
C:\50fde7d65fa20968b0\1040\LocalizedData.xml

Filesize
53KB

MD5
5e805353cb010fc22f51c1f15b8bcaa1

SHA1
9360f229aee4fed6897d4f9f239072aa22d6da9e

SHA256
02b83ebd2689e22668a5ee55a213091fdc090dfee42c0be9386f530d48af8950

SHA512
275d7c7c952a352417fe896c5be07f5a4c50ff51569cb04ab615cda6a880a8e83f651c87f226a1eb79d8286f777488bfaac2636a1a2057cf5db83037b3e1214f

Download Submit
C:\50fde7d65fa20968b0\1041\LocalizedData.xml

Filesize
45KB

MD5
5ab13768b6c897eff96e35f91b834d25

SHA1
54f04c73a57a409e4c1fe317a825ee2ed4ddcd10

SHA256
87b5ce86b0134ea82215dcf04ffbf7f5c8a570f814f82b4c7ba6106195924c6b

SHA512
ee98f34723a1593ef12589ea9657f8d9a3c9dc8a3fb5eed6f8bb026c6656a3ca6fec8243745ed7fbf406019b6e2b42762c1ee74d26c0f70cc9da272291fe680f

Download Submit
C:\50fde7d65fa20968b0\1042\LocalizedData.xml

Filesize
44KB

MD5
ad25367f86144f29946df3b3866e7dbe

SHA1
cc8470dbe0bfe9394742d639d9caeec961a27928

SHA256
90d0885f929059358fe76e61b560b3d188abbe7c041babefc82038f6faebb7eb

SHA512
66a343d1405e377bf2d303b0ec896814a46248c05dfe61a2c3167ed1c915964f7f57b335bd7fae324461e65e5ee6bc2384eff28f71c4325eb3c4f89611659afb

Download Submit
C:\50fde7d65fa20968b0\1043\LocalizedData.xml

Filesize
53KB

MD5
898d2a1a5fac4d1a028aa11e0ed9f9b4

SHA1
343795fbc1bbf1b0982dc9e70501721433fba892

SHA256
73130da9b103f1812ca69cfffdf5750e74b0228cd40e0325a7f14e799aaf21a3

SHA512
fac3fd81d803c1029df6a3cd93060c950b0ba399fe074d438c4867d55468e7de9aa77bbd7b51fe866f6849684408c853d70956e94de39d4f61019825028a25e4

Download Submit
C:\50fde7d65fa20968b0\1044\LocalizedData.xml

Filesize
53KB

MD5
a459afdbe20f5d4c904d3e3700ee9191

SHA1
22570b1de34c11796390057537269145a2c63438

SHA256
0ac4bcf5cee39ad42070e34393303ffe3ef27e71c8d9522f3dc01e12f93dda03

SHA512
b01536c774121ba9fe25014bb802b45449ba46529af8ad59f3ff93e339e7443238b268716ac051d24ac9eba093e5d66fd5c5faa2ca17bf744ec31e50627159ce

Download Submit
C:\50fde7d65fa20968b0\1045\LocalizedData.xml

Filesize
53KB

MD5
95c6472f2c8329ec1c10f7df3a31c154

SHA1
624d46235912dc169913ba77caa7889219e2c394

SHA256
197722527d1ad65a10a29ecec04f029abc549eb5d05bc07a68107ad6dd4bd35b

SHA512
28149ab0c041dc35f717435f3c2218700090fc38723219c1cd40ec7f777c68d99dd08b6a42014ead8fb1e309637b6c33aa5dec0518dc1b72273c7a6fd7ef06c0

Download Submit
C:\50fde7d65fa20968b0\1046\LocalizedData.xml

Filesize
52KB

MD5
c13b50e2a7f6e7e9343500771cf2d247

SHA1
0b679d20dda94224a5ddd80863a2a32de1cc6f1e

SHA256
3f9bf4eee9ece4a0181ea344344230d73d711aba2fa9248834e3b7547a3062cf

SHA512
32daea597a34f60ca5b73648d66663e4723c0d588af4ce08f76240aabbecd3a35abfbfd5e22abd8eac8ca64a9f2b3edadb8d1c24bc31f53ce5cd902dba3fc5da

Download Submit
C:\50fde7d65fa20968b0\1049\LocalizedData.xml

Filesize
53KB

MD5
1c8ad8f7aacde7ac59bfd9730cfcae80

SHA1
815c79113429b37d34c7ddff46ceccfe58b4cddc

SHA256
4faa58922f623685f05386ce518c0243e3f310db5ac64c58e5b4e91a3e4477b7

SHA512
27d5871f862756945c66397d539c79bf6032ec0d6a06255ad6b57ad1df3c1e8c87dc55dcc3febfb4bd1ce4eb24f3268fab30b1df3fd1c035d66410337db73785

Download Submit
C:\50fde7d65fa20968b0\1053\LocalizedData.xml

Filesize
52KB

MD5
984229d90d2e75f49cd9de5df014e484

SHA1
fc32854972f189305a38c11a62ef457cd94026c6

SHA256
c884f515f337e977d4cf1a19ff693c753813ede2e52a9dbe8f6ef25184ccae8d

SHA512
23101cc1b6c17f10a8d53c59c4e9bf6d24d03d781fa1a36fcb89315f2257ea4a1bd652bdbc81845479a88f00f1db52b35a0bba311a9885c7503689f9c25e49c2

Download Submit
C:\50fde7d65fa20968b0\1055\LocalizedData.xml

Filesize
52KB

MD5
ddb64b6c4fc498c27d291edaaf65a536

SHA1
e312eef1e9a485c5c6fe4578bbe1dd0cadbb1e3e

SHA256
027180d93ceb875227a1d76a018b870cd1d09e143ffa1632b31c322b92dd6a35

SHA512
ddb55169000052fb27caeeb349939925c7df1535c5c697da7cc2be3224c2c8ebe64328d865d1dfdbad4c1e0588853c5309e31de747f71b7f3bc9b6a9eb4335c1

Download Submit
C:\50fde7d65fa20968b0\2052\LocalizedData.xml

Filesize
41KB

MD5
759eb338d738ca6c531b9d5b06591b3b

SHA1
c9ed5ada615ccacd887a0d07ee25dfe1d7fbc00c

SHA256
a4c3bc545fc028935ad6ec4bd8ce51a300fab8a0b128cca89a8c14923d437b16

SHA512
82e6b969dedfdda477f6fb7fcb50a0acad0b26b9b4cca9f1adab5323c6c144da6c0bff34e39e0ef7b39f37ab5808f0064eace99867f7cd258e91aeb5aa5baef2

Download Submit
C:\50fde7d65fa20968b0\2070\LocalizedData.xml

Filesize
54KB

MD5
6930ce4e8e28f54a0db5d919b6babd0e

SHA1
0278bf717168c061709e60ca754c8dc6e32b92d1

SHA256
4bbb7f8a9743a5a21711156dc978dc8683b3edcd9ca32e4c6a38dbe6f5001e04

SHA512
904dc390c6cad81e60159683fadc5e8556585b32f1f9482accfedf3ee6b14cd8240e2225e3ce8a0338da93162cef601c4e9798327a1bc390e62b4eb2fc59cd4c

Download Submit
C:\50fde7d65fa20968b0\3082\LocalizedData.xml

Filesize
53KB

MD5
e58efac53fe2a16be9b99d0aa33baa3d

SHA1
7f2fecb6c4ebe9374a04f374d43465d968b3e33f

SHA256
64baa04b7ebb5ee833f43493497e99a6f2584bdc763a7c24700693cb89b35a0c

SHA512
b9b2e07e845e6bb509d4471cbe3c848836938e507308293f7c083c54cef61911a06110a5616c216ec72c39ce887b2e7f5961688809a2dad787d131ef2780d22e

Download Submit
C:\50fde7d65fa20968b0\DHTMLHeader.html

Filesize
15KB

MD5
cd131d41791a543cc6f6ed1ea5bd257c

SHA1
f42a2708a0b42a13530d26515274d1fcdbfe8490

SHA256
e139af8858fe90127095ac1c4685bcd849437ef0df7c416033554703f5d864bb

SHA512
a6ee9af8f8c2c7acd58dd3c42b8d70c55202b382ffc5a93772af7bf7d7740c1162bb6d38a4307b1802294a18eb52032d410e128072af7d4f9d54f415be020c9a

Download Submit
C:\50fde7d65fa20968b0\ParameterInfo.xml

Filesize
731KB

MD5
4925613d29bc7350130c7076e4c92c1c

SHA1
2821351d3be08f982431ba789f034b9f028ca922

SHA256
9157a0afe34576dfea4ba64db5737867742b4e9346a1f2c149b98b6805d45e31

SHA512
3e69650e4101a14ef69f94fa54b02d8d305039165a0bffc519b3cf96f2dcbcf46845e4669d29ccc5ceb887b2f95fc4756265b19d5c17aa176d3d6dc53ed83f77

Download Submit
C:\50fde7d65fa20968b0\Setup.exe

Filesize
85KB

MD5
8b3ecf4d59a85dae0960d3175865a06d

SHA1
fc81227ec438adc3f23e03a229a263d26bcf9092

SHA256
2b088aefcc76d0baa0bff0843bf458db27bacc47a8e698c9948e53ffc471828b

SHA512
a58a056a3a5814a13153b4c594ed72796b4598f8e715771fc31e60c60a2e26250768b8f36b18675b91e7ecc777ef27c7554f7a0e92c2dfaba74531e669c38263

Download Submit
C:\50fde7d65fa20968b0\Setup.exe

Filesize
85KB

MD5
8b3ecf4d59a85dae0960d3175865a06d

SHA1
fc81227ec438adc3f23e03a229a263d26bcf9092

SHA256
2b088aefcc76d0baa0bff0843bf458db27bacc47a8e698c9948e53ffc471828b

SHA512
a58a056a3a5814a13153b4c594ed72796b4598f8e715771fc31e60c60a2e26250768b8f36b18675b91e7ecc777ef27c7554f7a0e92c2dfaba74531e669c38263

Download Submit
C:\50fde7d65fa20968b0\SetupEngine.dll

Filesize
868KB

MD5
43bc7b5dfd2e45751d6d2ca7274063e4

SHA1
a8955033d0e94d33114a1205fe7038c6ae2f54f1

SHA256
a11af883273ddbd24bfed4a240c43f41ce3d8c7962ec970da2d4c7e13b563d04

SHA512
3f3068e660fea932e91e4d141d8202466b72447107ff43f90dea9557fc188696617025531220bc113dc19fdd7adf313a47ac5f2a4ce94c65f9aeb2d7deda7f36

Download Submit
C:\50fde7d65fa20968b0\SetupUi.dll

Filesize
299KB

MD5
c6760e8b45ffa0cd56b843bc498b919d

SHA1
9faa762fcd06b2c216122c31a387d6d9cf5a6558

SHA256
26f324b3d8e7af4994459e118d20ef5b0abb332075432dd42c6597833486e269

SHA512
b83f7eab3ee1ef167f81c3ddfa6a578540fb0da2efd15b54650fcf5b35cdb6f54229e04887a6f66a78c4e20cdc21119db4e0f0ed3799eeea3d2e4a308ff3f54a

Download Submit
C:\50fde7d65fa20968b0\SetupUi.xsd

Filesize
29KB

MD5
2fadd9e618eff8175f2a6e8b95c0cacc

SHA1
9ab1710a217d15b192188b19467932d947b0a4f8

SHA256
222211e8f512edf97d78bc93e1f271c922d5e91fa899e092b4a096776a704093

SHA512
a3a934a8572ff9208d38cf381649bd83de227c44b735489fd2a9dc5a636ead9bb62459c9460ee53f61f0587a494877cd3a3c2611997be563f3137f8236ffc4ca

Download Submit
C:\50fde7d65fa20968b0\SplashScreen.bmp

Filesize
40KB

MD5
0966fcd5a4ab0ddf71f46c01eff3cdd5

SHA1
8f4554f079edad23bcd1096e6501a61cf1f8ec34

SHA256
31c13ecfc0eb27f34036fb65cc0e735cd444eec75376eea2642f926ac162dcb3

SHA512
a9e70a2fb5a9899acf086474d71d0e180e2234c40e68bcadb9bf4fe145774680cb55584b39fe53cc75de445c6bf5741fc9b15b18385cbbe20fc595fe0ff86fce

Download Submit
C:\50fde7d65fa20968b0\Strings.xml

Filesize
13KB

MD5
8a28b474f4849bee7354ba4c74087cea

SHA1
c17514dfc33dd14f57ff8660eb7b75af9b2b37b0

SHA256
2a7a44fb25476886617a1ec294a20a37552fd0824907f5284fade3e496ed609b

SHA512
a7927700d8050623bc5c761b215a97534c2c260fcab68469b7a61c85e2dff22ed9cf57e7cb5a6c8886422abe7ac89b5c71e569741db74daa2dcb4152f14c2369

Download Submit
C:\50fde7d65fa20968b0\UiInfo.xml

Filesize
37KB

MD5
d8f565bd1492ef4a7c4bc26a641cd1ea

SHA1
d4c9c49b47be132944288855dc61dbf8539ec876

SHA256
6a0e20df2075c9a58b870233509321372e283ccccc6afaa886e12ba377546e64

SHA512
ecf57cc6f3f8c4b677246a451ad71835438d587fadc12d95ef1605eb9287b120068938576da95c10edc6d1d033b5968333a5f8b25ce97ecd347a42716cd2a102

Download Submit
C:\50fde7d65fa20968b0\graphics\print.ico

Filesize
1KB

MD5
7e55ddc6d611176e697d01c90a1212cf

SHA1
e2620da05b8e4e2360da579a7be32c1b225deb1b

SHA256
ff542e32330b123486797b410621e19eafb39df3997e14701afa4c22096520ed

SHA512
283d381aa396820b7e15768b20099d67688da1f6315ec9f7938c2fcc3167777502cded0d1beddf015a34cc4e5d045bcb665ffd28ba2fbb6faf50fdd38b31d16e

Download Submit
C:\50fde7d65fa20968b0\graphics\save.ico

Filesize
1KB

MD5
7d62e82d960a938c98da02b1d5201bd5

SHA1
194e96b0440bf8631887e5e9d3cc485f8e90fbf5

SHA256
ae041c8764f56fd89277b34982145d16fc59a4754d261c861b19371c3271c6e5

SHA512
ab06b2605f0c1f6b71ef69563c0c977d06c6ea84d58ef7f2baecba566d6037d1458c2b58e6bfd70ddef47dccbdea6d9c2f2e46dea67ea9e92457f754d7042f67

Download Submit
C:\50fde7d65fa20968b0\graphics\setup.ico

Filesize
35KB

MD5
3d25d679e0ff0b8c94273dcd8b07049d

SHA1
a517fc5e96bc68a02a44093673ee7e076ad57308

SHA256
288e9ad8f0201e45bc187839f15aca79d6b9f76a7d3c9274c80f5d4a4c219c0f

SHA512
3bde668004ca7e28390862d0ae9903c756c16255bdbb3f7e73a5b093ce6a57a3165d6797b0a643b254493149231aca7f7f03e0af15a0cbe28aff02f0071ec255

Download Submit
C:\50fde7d65fa20968b0\graphics\warn.ico

Filesize
9KB

MD5
b2b1d79591fca103959806a4bf27d036

SHA1
481fd13a0b58299c41b3e705cb085c533038caf5

SHA256
fe4d06c318701bf0842d4b87d1bad284c553baf7a40987a7451338099d840a11

SHA512
5fe232415a39e0055abb5250b120ccdcd565ab102aa602a3083d4a4705ac6775d45e1ef0c2b787b3252232e9d4673fc3a77aab19ec79a3ff8b13c4d7094530d2

Download Submit
C:\50fde7d65fa20968b0\sqmapi.dll

Filesize
191KB

MD5
d475bbd6fef8db2dde0da7ccfd2c9042

SHA1
80887bdb64335762a3b1d78f7365c4ee9cfaeab5

SHA256
8e9d77a216d8dd2be2b304e60edf85ce825309e67262fcff1891aede63909599

SHA512
f760e02d4d336ac384a0125291b9deac88c24f457271be686b6d817f01ea046d286c73deddbf0476dcc2ade3b3f5329563abd8f2f1e40aee817fee1e3766d008

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DO9E7.tmp\SFD Setup Alpha v.1.3.4c.tmp

Filesize
696KB

MD5
504af421f6142c82ebe9d141be4a8ddf

SHA1
1f22462833218550c31ffef42b0fe486902d4475

SHA256
2bcab69a2dc594b6d97872b7b3974717e19f6aa23e2d4d0598aae8a483dc7163

SHA512
a91c9221f1b4c4a83c2f8afc8aace947d8a8d40dbbb7d4a860f086c73b268211fff810ea77e297da628c847b355a6aa32d3a23ce22d73e3133aeb20d20023bc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DO9E7.tmp\SFD Setup Alpha v.1.3.4c.tmp

Filesize
696KB

MD5
504af421f6142c82ebe9d141be4a8ddf

SHA1
1f22462833218550c31ffef42b0fe486902d4475

SHA256
2bcab69a2dc594b6d97872b7b3974717e19f6aa23e2d4d0598aae8a483dc7163

SHA512
a91c9221f1b4c4a83c2f8afc8aace947d8a8d40dbbb7d4a860f086c73b268211fff810ea77e297da628c847b355a6aa32d3a23ce22d73e3133aeb20d20023bc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-LSO8U.tmp\dotNetFx45_Full_setup.exe

Filesize
982KB

MD5
9e8253f0a993e53b4809dbd74b335227

SHA1
f6ba6f03c65c3996a258f58324a917463b2d6ff4

SHA256
e434828818f81e6e1f5955e84caec08662bd154a80b24a71a2eda530d8b2f66a

SHA512
404d67d59fcd767e65d86395b38d1a531465cee5bb3c5cf3d1205975ff76d27d477fe8cc3842b8134f17b61292d8e2ffba71134fe50a36afd60b189b027f5af0

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-LSO8U.tmp\dotNetFx45_Full_setup.exe

Filesize
982KB

MD5
9e8253f0a993e53b4809dbd74b335227

SHA1
f6ba6f03c65c3996a258f58324a917463b2d6ff4

SHA256
e434828818f81e6e1f5955e84caec08662bd154a80b24a71a2eda530d8b2f66a

SHA512
404d67d59fcd767e65d86395b38d1a531465cee5bb3c5cf3d1205975ff76d27d477fe8cc3842b8134f17b61292d8e2ffba71134fe50a36afd60b189b027f5af0

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-LSO8U.tmp\vcredist_x86.exe

Filesize
4.8MB

MD5
b88228d5fef4b6dc019d69d4471f23ec

SHA1
372d9c1670343d3fb252209ba210d4dc4d67d358

SHA256
8162b2d665ca52884507ede19549e99939ce4ea4a638c537fa653539819138c8

SHA512
cdd218d211a687dde519719553748f3fb36d4ac618670986a6dadb4c45b34a9c6262ba7bab243a242f91d867b041721f22330170a74d4d0b2c354aec999dbff8

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-LSO8U.tmp\vcredist_x86.exe

Filesize
4.8MB

MD5
b88228d5fef4b6dc019d69d4471f23ec

SHA1
372d9c1670343d3fb252209ba210d4dc4d67d358

SHA256
8162b2d665ca52884507ede19549e99939ce4ea4a638c537fa653539819138c8

SHA512
cdd218d211a687dde519719553748f3fb36d4ac618670986a6dadb4c45b34a9c6262ba7bab243a242f91d867b041721f22330170a74d4d0b2c354aec999dbff8

Download Submit
C:\b43d6abfedaa31a3a0db4027a1\Setup.exe

Filesize
76KB

MD5
006f8a615020a4a17f5e63801485df46

SHA1
78c82a80ebf9c8bf0c996dd8bc26087679f77fea

SHA256
d273460aa4d42f0b5764383e2ab852ab9af6fecb3ed866f1783869f2f155d8be

SHA512
c603ed6f3611eb7049a43a190ed223445a9f7bd5651100a825917198b50c70011e950fa968d3019439afa0a416752517b1c181ee9445e02da3904f4e4b73ce76

Download Submit
\50fde7d65fa20968b0\1033\SetupResources.dll

Filesize
27KB

MD5
541d0525f83b665b9237bfe3e3483031

SHA1
ddc3b3dbf0524c38328b1dcbb7207e265b7d67cc

SHA256
6612a68898b89bcc6f1b74c11d4ec33a4b230ab567aed78d31e0120509ef2990

SHA512
bf6f131b0d26c6785991e1b4c460668e82e01fe949dbe94bd0ed4fb2be0cc38d50dc266f03ef491f33f447b7d724e045a486410e265561b77c3205964cab55ff

Download Submit
\50fde7d65fa20968b0\1033\SetupResources.dll

Filesize
27KB

MD5
541d0525f83b665b9237bfe3e3483031

SHA1
ddc3b3dbf0524c38328b1dcbb7207e265b7d67cc

SHA256
6612a68898b89bcc6f1b74c11d4ec33a4b230ab567aed78d31e0120509ef2990

SHA512
bf6f131b0d26c6785991e1b4c460668e82e01fe949dbe94bd0ed4fb2be0cc38d50dc266f03ef491f33f447b7d724e045a486410e265561b77c3205964cab55ff

Download Submit
\50fde7d65fa20968b0\SetupEngine.dll

Filesize
868KB

MD5
43bc7b5dfd2e45751d6d2ca7274063e4

SHA1
a8955033d0e94d33114a1205fe7038c6ae2f54f1

SHA256
a11af883273ddbd24bfed4a240c43f41ce3d8c7962ec970da2d4c7e13b563d04

SHA512
3f3068e660fea932e91e4d141d8202466b72447107ff43f90dea9557fc188696617025531220bc113dc19fdd7adf313a47ac5f2a4ce94c65f9aeb2d7deda7f36

Download Submit
\50fde7d65fa20968b0\SetupUi.dll

Filesize
299KB

MD5
c6760e8b45ffa0cd56b843bc498b919d

SHA1
9faa762fcd06b2c216122c31a387d6d9cf5a6558

SHA256
26f324b3d8e7af4994459e118d20ef5b0abb332075432dd42c6597833486e269

SHA512
b83f7eab3ee1ef167f81c3ddfa6a578540fb0da2efd15b54650fcf5b35cdb6f54229e04887a6f66a78c4e20cdc21119db4e0f0ed3799eeea3d2e4a308ff3f54a

Download Submit
\50fde7d65fa20968b0\sqmapi.dll

Filesize
191KB

MD5
d475bbd6fef8db2dde0da7ccfd2c9042

SHA1
80887bdb64335762a3b1d78f7365c4ee9cfaeab5

SHA256
8e9d77a216d8dd2be2b304e60edf85ce825309e67262fcff1891aede63909599

SHA512
f760e02d4d336ac384a0125291b9deac88c24f457271be686b6d817f01ea046d286c73deddbf0476dcc2ade3b3f5329563abd8f2f1e40aee817fee1e3766d008

Download Submit
\??\c:\b43d6abfedaa31a3a0db4027a1\1028\LocalizedData.xml

Filesize
29KB

MD5
7fc06a77d9aafca9fb19fafa0f919100

SHA1
e565740e7d582cd73f8d3b12de2f4579ff18bb41

SHA256
a27f809211ea1a2d5224cd01101aa3a59bf7853168e45de28a16ef7ed6acd46a

SHA512
466dcc6a5fb015be1619f5725fa62ca46eb0fb428e11f93fd9d82e5df61c3950b3fb62d4db7746cc4a2be199e5e69eaa30b6f3354e0017cfa14d127fad52f8cf

Download Submit
\??\c:\b43d6abfedaa31a3a0db4027a1\1031\LocalizedData.xml

Filesize
40KB

MD5
b83c3803712e61811c438f6e98790369

SHA1
61a0bc59388786ced045acd82621bee8578cae5a

SHA256
2aa6e8d402e44d9ee895b18195f46bf90259de1b6f44efd46a7075b110f2dcd6

SHA512
e020f93e3a082476087e690ad051f1feb210e0915924bb4548cc9f53a7ee2760211890eb6036ce9e5e4a311abc0300e89e25efbbb894c2a621ffbc9d64cc8a38

Download Submit
\??\c:\b43d6abfedaa31a3a0db4027a1\1033\LocalizedData.xml

Filesize
38KB

MD5
d642e322d1e8b739510ca540f8e779f9

SHA1
36279c76d9f34c09ebddc84fd33fcc7d4b9a896c

SHA256
5d90345ff74e177f6da8fb6459c1cfcac080e698215ca75feb130d0d1f2a76b9

SHA512
e1e16ae14bc7cc1608e1a08d3c92b6d0518b5fabd27f2c0eb514c87afc3d6192bf7a793a583afc65f1899f03dc419263b29174456e1ec9ab0f0110e0258e0f0d

Download Submit
\??\c:\b43d6abfedaa31a3a0db4027a1\1036\LocalizedData.xml

Filesize
40KB

MD5
e382abc19294f779d2833287242e7bc6

SHA1
1ceae32d6b24a3832f9244f5791382865b668a72

SHA256
43f913ff28d677316f560a0f45221f35f27cfaf5fc5bd645974a82dca589edbf

SHA512
06054c8048cade36a3af54f9a07fd8fa5eb4f3228790996d2abea7ee1ee7eb563d46bd54ff97441f9610e778194082c44e66c5f566c9c50a042aba9eb9cae25e

Download Submit
\??\c:\b43d6abfedaa31a3a0db4027a1\DHTMLHeader.html

Filesize
15KB

MD5
cd131d41791a543cc6f6ed1ea5bd257c

SHA1
f42a2708a0b42a13530d26515274d1fcdbfe8490

SHA256
e139af8858fe90127095ac1c4685bcd849437ef0df7c416033554703f5d864bb

SHA512
a6ee9af8f8c2c7acd58dd3c42b8d70c55202b382ffc5a93772af7bf7d7740c1162bb6d38a4307b1802294a18eb52032d410e128072af7d4f9d54f415be020c9a

Download Submit
\??\c:\b43d6abfedaa31a3a0db4027a1\ParameterInfo.xml

Filesize
8KB

MD5
66590f13f4c9ba563a9180bdf25a5b80

SHA1
d6d9146faeec7824b8a09dd6978e5921cc151906

SHA256
bf787b8c697ce418f9d4c07260f56d1145ca70db1cc4b1321d37840837621e8f

SHA512
aba67c66c2f3d9b3c9d71d64511895f15f696be8be0eedd2d6908e1203c4b0cf318b366f9f3cd9c3b3b8c0770462f83e6eea73e304c43f88d0cbedf69e7c92b3

Download Submit
\??\c:\b43d6abfedaa31a3a0db4027a1\Setup.exe

Filesize
76KB

MD5
006f8a615020a4a17f5e63801485df46

SHA1
78c82a80ebf9c8bf0c996dd8bc26087679f77fea

SHA256
d273460aa4d42f0b5764383e2ab852ab9af6fecb3ed866f1783869f2f155d8be

SHA512
c603ed6f3611eb7049a43a190ed223445a9f7bd5651100a825917198b50c70011e950fa968d3019439afa0a416752517b1c181ee9445e02da3904f4e4b73ce76

Download Submit
\??\c:\b43d6abfedaa31a3a0db4027a1\SetupEngine.dll

Filesize
788KB

MD5
84c1daf5f30ff99895ecab3a55354bcf

SHA1
7e25ba36bcc7deed89f3c9568016ddb3156c9c5a

SHA256
7a0d281fa802d615ea1207bd2e9ebb98f3b74f9833bba3cb964ba7c7e0fb67fd

SHA512
e4fb7e4d39f094463fdcdc4895ab2ea500eb51a32b6909cec80a526bbf34d5c0eb98f47ee256c0f0865bf3169374937f047bf5c4d6762779c8ca3332b4103be3

Download Submit
\??\c:\b43d6abfedaa31a3a0db4027a1\UiInfo.xml

Filesize
35KB

MD5
812f8d2e53f076366fa3a214bb4cf558

SHA1
35ae734cfb99bb139906b5f4e8efbf950762f6f0

SHA256
0d36a884a8381778bea71f5f9f0fc60cacadebd3f814679cb13414b8e7dbc283

SHA512
1dcc3ef8c390ca49fbcd50c02accd8cc5700db3594428e2129f79feb81e4cbbeef1b4a10628b2cd66edf31a69ed39ca2f4e252ad8aa13d2f793fca5b9a1eaf23

Download Submit
\??\c:\b43d6abfedaa31a3a0db4027a1\sqmapi.dll

Filesize
141KB

MD5
3f0363b40376047eff6a9b97d633b750

SHA1
4eaf6650eca5ce931ee771181b04263c536a948b

SHA256
bd6395a58f55a8b1f4063e813ce7438f695b9b086bb965d8ac44e7a97d35a93c

SHA512
537be86e2f171e0b2b9f462ac7f62c4342beb5d00b68451228f28677d26a525014758672466ad15ed1fd073be38142dae478df67718908eae9e6266359e1f9e8

Download Submit
\b43d6abfedaa31a3a0db4027a1\SetupEngine.dll

Filesize
788KB

MD5
84c1daf5f30ff99895ecab3a55354bcf

SHA1
7e25ba36bcc7deed89f3c9568016ddb3156c9c5a

SHA256
7a0d281fa802d615ea1207bd2e9ebb98f3b74f9833bba3cb964ba7c7e0fb67fd

SHA512
e4fb7e4d39f094463fdcdc4895ab2ea500eb51a32b6909cec80a526bbf34d5c0eb98f47ee256c0f0865bf3169374937f047bf5c4d6762779c8ca3332b4103be3

Download Submit
\b43d6abfedaa31a3a0db4027a1\sqmapi.dll

Filesize
141KB

MD5
3f0363b40376047eff6a9b97d633b750

SHA1
4eaf6650eca5ce931ee771181b04263c536a948b

SHA256
bd6395a58f55a8b1f4063e813ce7438f695b9b086bb965d8ac44e7a97d35a93c

SHA512
537be86e2f171e0b2b9f462ac7f62c4342beb5d00b68451228f28677d26a525014758672466ad15ed1fd073be38142dae478df67718908eae9e6266359e1f9e8

Download Submit
memory/1116-1341-0x0000000005260000-0x00000000052CC000-memory.dmp

Filesize
432KB

Download
memory/1116-1384-0x000000000D070000-0x000000000D096000-memory.dmp

Filesize
152KB

Download
memory/1116-1356-0x0000000005680000-0x0000000005712000-memory.dmp

Filesize
584KB

Download
memory/1116-1340-0x0000000009AE0000-0x0000000009FDE000-memory.dmp

Filesize
5.0MB

Download
memory/1116-1338-0x00000000050E0000-0x00000000050F4000-memory.dmp

Filesize
80KB

Download
memory/1116-1362-0x0000000005720000-0x00000000057BC000-memory.dmp

Filesize
624KB

Download
memory/1116-1363-0x0000000005670000-0x000000000567C000-memory.dmp

Filesize
48KB

Download
memory/1116-1368-0x00000000059C0000-0x00000000059CA000-memory.dmp

Filesize
40KB

Download
memory/1116-1382-0x0000000009AB0000-0x0000000009ABA000-memory.dmp

Filesize
40KB

Download
memory/1116-1328-0x0000000000690000-0x0000000000946000-memory.dmp

Filesize
2.7MB

Download
memory/1116-1572-0x0000000015930000-0x0000000015938000-memory.dmp

Filesize
32KB

Download
memory/1116-1383-0x000000000CE50000-0x000000000CE74000-memory.dmp

Filesize
144KB

Download
memory/1116-1347-0x00000000052D0000-0x000000000537A000-memory.dmp

Filesize
680KB

Download
memory/1116-1385-0x000000000D050000-0x000000000D05C000-memory.dmp

Filesize
48KB

Download
memory/1116-1386-0x000000000D0D0000-0x000000000D0E4000-memory.dmp

Filesize
80KB

Download
memory/1116-1388-0x000000000CE20000-0x000000000CE34000-memory.dmp

Filesize
80KB

Download
memory/1116-1389-0x000000000D0A0000-0x000000000D0A8000-memory.dmp

Filesize
32KB

Download
memory/1116-1390-0x000000000DBD0000-0x000000000DBE8000-memory.dmp

Filesize
96KB

Download
memory/1116-1391-0x00000000075F0000-0x00000000075FC000-memory.dmp

Filesize
48KB

Download
memory/1116-1401-0x0000000007410000-0x000000000748A000-memory.dmp

Filesize
488KB

Download
memory/1116-1428-0x0000000015D80000-0x0000000015E4E000-memory.dmp

Filesize
824KB

Download
memory/1116-1463-0x000000000CA20000-0x000000000CA2A000-memory.dmp

Filesize
40KB

Download
memory/1116-1557-0x000000000DE10000-0x000000000DE18000-memory.dmp

Filesize
32KB

Download
memory/1396-167-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/1396-175-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/1396-160-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/1396-163-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/1396-186-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/1396-185-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/1396-184-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/1396-183-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/1396-181-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/1396-182-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/1396-179-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/1396-180-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/1396-178-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/1396-177-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/1396-176-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/1396-161-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/1396-174-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/1396-172-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/1396-173-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/1396-171-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/1396-170-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/1396-169-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/1396-168-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/1396-159-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/1396-165-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/1396-164-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/1396-162-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-139-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-127-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-120-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-166-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/2416-156-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-155-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-154-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-153-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-151-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/2416-150-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-149-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-148-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-147-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-215-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/2416-121-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-122-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-135-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-123-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-124-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-125-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-126-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-134-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-128-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-129-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-130-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-146-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-145-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-131-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-132-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-133-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-1294-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/2416-144-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-143-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-142-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-141-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-140-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-138-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-136-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-137-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/3664-977-0x0000000000C60000-0x0000000000D0A000-memory.dmp

Filesize
680KB

Download
memory/3664-980-0x0000000000D10000-0x0000000000D7C000-memory.dmp

Filesize
432KB

Download
memory/3664-976-0x00000238EB0B0000-0x00000238EB0BC000-memory.dmp

Filesize
48KB

Download
memory/3664-978-0x00000238EB460000-0x00000238EB478000-memory.dmp

Filesize
96KB

Download
memory/3664-986-0x0000000000D80000-0x0000000000D96000-memory.dmp

Filesize
88KB

Download
memory/3664-985-0x00000238EB4A0000-0x00000238EB4AA000-memory.dmp

Filesize
40KB

Download
memory/3664-984-0x00000238EB450000-0x00000238EB45C000-memory.dmp

Filesize
48KB

Download
memory/3664-983-0x00000238EB4C0000-0x00000238EB4D4000-memory.dmp

Filesize
80KB

Download
memory/3664-982-0x00000238EB440000-0x00000238EB44C000-memory.dmp

Filesize
48KB

Download
memory/3664-979-0x00000238EB480000-0x00000238EB498000-memory.dmp

Filesize
96KB

Download
memory/4992-1283-0x0000000001290000-0x00000000012AA000-memory.dmp

Filesize
104KB

Download
memory/4992-1282-0x0000000000B60000-0x0000000000BAC000-memory.dmp

Filesize
304KB

Download