ed86449699f747df89fe64a51ec54b38c8b2ed032f7b2ef39dc83f0b7c78b37c

Analysis

max time kernel
224s
max time network
245s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
17/03/2023, 22:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Affinity_Publisher.exe
Size

546.4MB
MD5

24ac9e74dbb18f85a40fdcee33f3fe85
SHA1

fa0ddda57c294801e9b508bcfa65133862a20477
SHA256

ed86449699f747df89fe64a51ec54b38c8b2ed032f7b2ef39dc83f0b7c78b37c
SHA512

2fcb12aca81506ef4ae05ce1e89447b6e9fce6d36aa63d7bce0a6075f22d7eb746d7e0f7f61f760fb9ff3f1320cc33c3250fed180a2935183c3ccc741dbbd568
SSDEEP

12582912:3IUQIkjecHjCPjFbedUH+SO4NaM790yFoI/Gqg3D/cH:YU6tOYUHTr9nv/Vg3rE

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	Publisher.exe

Executes dropped EXE 3 IoCs

pid	Process
4580	Publisher.exe
2228	crashpad_handler.exe
3128	cltest.exe

Loads dropped DLL 64 IoCs

pid	Process
2968	MsiExec.exe
3972	MsiExec.exe
3972	MsiExec.exe
3972	MsiExec.exe
3972	MsiExec.exe
3972	MsiExec.exe
4676	MsiExec.exe
4676	MsiExec.exe
4676	MsiExec.exe
4580	Publisher.exe
4580	Publisher.exe
4580	Publisher.exe
4580	Publisher.exe
4580	Publisher.exe
4580	Publisher.exe
4580	Publisher.exe
4580	Publisher.exe
4580	Publisher.exe
4580	Publisher.exe
4580	Publisher.exe
4580	Publisher.exe
4580	Publisher.exe
4580	Publisher.exe
4580	Publisher.exe
4580	Publisher.exe
4580	Publisher.exe
4580	Publisher.exe
4580	Publisher.exe
4580	Publisher.exe
4580	Publisher.exe
4580	Publisher.exe
4580	Publisher.exe
4580	Publisher.exe
4580	Publisher.exe
4580	Publisher.exe
4580	Publisher.exe
4580	Publisher.exe
4580	Publisher.exe
4580	Publisher.exe
4580	Publisher.exe
4580	Publisher.exe
4580	Publisher.exe
4580	Publisher.exe
4580	Publisher.exe
4580	Publisher.exe
4580	Publisher.exe
4580	Publisher.exe
4580	Publisher.exe
4580	Publisher.exe
4580	Publisher.exe
4580	Publisher.exe
4580	Publisher.exe
4580	Publisher.exe
4580	Publisher.exe
4580	Publisher.exe
2228	crashpad_handler.exe
2228	crashpad_handler.exe
2228	crashpad_handler.exe
4580	Publisher.exe
4580	Publisher.exe
3128	cltest.exe
4580	Publisher.exe
4580	Publisher.exe
4580	Publisher.exe

Enumerates connected drives 3 TTPs 64 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\I:	Affinity_Publisher.exe
File opened (read-only)	\??\L:	Affinity_Publisher.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\A:	Affinity_Publisher.exe
File opened (read-only)	\??\J:	Affinity_Publisher.exe
File opened (read-only)	\??\K:	Affinity_Publisher.exe
File opened (read-only)	\??\Z:	Affinity_Publisher.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\M:	Affinity_Publisher.exe
File opened (read-only)	\??\Q:	Affinity_Publisher.exe
File opened (read-only)	\??\X:	Affinity_Publisher.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\B:	Affinity_Publisher.exe
File opened (read-only)	\??\F:	Affinity_Publisher.exe
File opened (read-only)	\??\H:	Affinity_Publisher.exe
File opened (read-only)	\??\Y:	Affinity_Publisher.exe
File opened (read-only)	\??\N:	Affinity_Publisher.exe
File opened (read-only)	\??\V:	Affinity_Publisher.exe
File opened (read-only)	\??\W:	Affinity_Publisher.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\O:	Affinity_Publisher.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\E:	Affinity_Publisher.exe
File opened (read-only)	\??\R:	Affinity_Publisher.exe
File opened (read-only)	\??\U:	Affinity_Publisher.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\S:	Affinity_Publisher.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Affinity\Publisher 2\PublisherHelp\Contents\Resources\pt-BR.lproj\pages\Panels\indexPanel.html	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\PublisherHelp\Contents\Resources\shared\ui\file_hyperlink.png	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\PublisherHelp\Contents\Resources\zh-Hans.lproj\pages\Text\text_bulletsAndNumbering.html	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\Resources\String Encodings\Devanagari.txt	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\PublisherHelp\Contents\Resources\en-US.lproj\pages\Tables\createCustomTables.html	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\PublisherHelp\Contents\Resources\English.lproj\images\capitalisation_01.jpg	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\PublisherHelp\Contents\Resources\English.lproj\pages\Pages\editMasterPageContent.html	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\PublisherHelp\Contents\Resources\shared\adjustment_vibrance.jpg	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\Resources\Affinity Publisher\fr.lproj\vector_brushes.strings	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\PublisherHelp\Contents\Resources\de.lproj\images\panel_history.png	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\PublisherHelp\Contents\Resources\fr.lproj\pages\Text\indents.html	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\PublisherHelp\Contents\Resources\pt-BR.lproj\pages\LayerFX\layerFX_innerShadow.html	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\PublisherHelp\Contents\Resources\English.lproj\pages\DesignAids\snapping.html	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\PublisherHelp\Contents\Resources\English.lproj\pages\Tools\tools_calloutEllipse.html	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\PublisherHelp\Contents\Resources\ja.lproj\pages\Workspace\customizingToolsPanel.html	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\PublisherHelp\Contents\Resources\it.lproj\pages\Panels\constraintsPanel.html	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\PublisherHelp\Contents\Resources\zh-Hans.lproj\images\panel_textstyles.png	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\PublisherHelp\Contents\Resources\pt-BR.lproj\pages\Media\stockPhotos.html	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\PublisherHelp\Contents\Resources\pt-BR.lproj\pages\Text\importText.html	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\PublisherHelp\Contents\Resources\shared\ui\decoration_left.png	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\Resources\Affinity Publisher\fr.lproj\preflight_presets.strings	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\PublisherHelp\Contents\Resources\de.lproj\pages\ObjectControl\pinning.html	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\PublisherHelp\Contents\Resources\English.lproj\pages\Layers\layerBlendModes.html	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\PublisherHelp\Contents\Resources\it.lproj\pages\Adjustments\adjustment_whiteBalance.html	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\PublisherHelp\Contents\Resources\English.lproj\pages\Workspace\accessibility.html	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\PublisherHelp\Contents\Resources\ja.lproj\images\panel_history.png	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\PublisherHelp\Contents\Resources\shared\divide_illus_knockout.png	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\PublisherHelp\Contents\Resources\zh-Hans.lproj\images\panel_pages.png	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\PublisherHelp\Contents\Resources\de.lproj\pages\Clr\aboutClrSpaces.html	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\PublisherHelp\Contents\Resources\English.lproj\images\myaccount_02.png	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\PublisherHelp\Contents\Resources\English.lproj\pages\Panels\stylesPanel.html	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\PublisherHelp\Contents\Resources\fr.lproj\pages\Advanced\syncingChapters.html	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\PublisherHelp\Contents\Resources\shared\ui\tear_tool.png	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\PublisherHelp\Contents\Resources\shared\ui\rename_preset.png	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\ucrtbase.dll	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\PublisherHelp\Contents\Resources\ja.lproj\pages\GetStarted\documentUnits.html	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\PublisherHelp\Contents\Resources\shared\pathtext_section2.png	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\PublisherHelp\Contents\Resources\de.lproj\pages\Clr\aboutClr.html	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\PublisherHelp\Contents\Resources\ja.lproj\pages\Adjustments\adjustment_posterize.html	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\PublisherHelp\Contents\Resources\pt-BR.lproj\pages\GetStarted\view.html	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\PublisherHelp\Contents\Resources\de.lproj\pages\Pages\migrateMasterPages.html	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\PublisherHelp\Contents\Resources\fr.lproj\stylesheets\translation.css	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\PublisherHelp\Contents\Resources\zh-Hans.lproj\pages\Tools\tools_diamond.html	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\PublisherHelp\Contents\Resources\en-US.lproj\images\panel_layerfx.png	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\PublisherHelp\Contents\Resources\pt-BR.lproj\pages\CurvesShapes\draw_geometricShapes.html	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\PublisherHelp\Contents\Resources\shared\ui\fill_reverse_gradient.png	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\PublisherHelp\Contents\Resources\shared\ui\inline_in_text.png	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\d3dcompiler_47.dll	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\Newtonsoft.Json.dll	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\PublisherHelp\Contents\Resources\English.lproj\pages\DesignAids\clipToCanvas.html	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\PublisherHelp\Contents\Resources\English.lproj\pages\LayerFX\layerFX_innerGlow.html	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\PublisherHelp\Contents\Resources\fr.lproj\pages\Introduction\switchingPersonas.html	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\PublisherHelp\Contents\Resources\it.lproj\pages\Adjustments\adjustment_posterize.html	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\PublisherHelp\Contents\Resources\it.lproj\pages\Panels\preflightPanel.html	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\PublisherHelp\Contents\Resources\pt-BR.lproj\pages\Layers\selectEditLayers.html	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\PublisherHelp\Contents\Resources\de.lproj\pages\ObjectControl\align.html	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\PublisherHelp\Contents\Resources\de.lproj\pages\ObjectControl\join.html	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\PublisherHelp\Contents\Resources\English.lproj\pages\LayerFX\layerFX_gradientOverlay.html	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\PublisherHelp\Contents\Resources\shared\layerfx_gaussianblur_02.jpg	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\PublisherHelp\Contents\Resources\shared\subtract_illus_keyobject.png	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\PublisherHelp\Contents\Resources\shared\leading_before.jpg	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\PublisherHelp\Contents\Resources\shared\ui\pen_redrag_cursor.png	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\api-ms-win-core-file-l2-1-0.dll	msiexec.exe
File created	C:\Program Files\Affinity\Publisher 2\PublisherHelp\Contents\Resources\de.lproj\pages\Publishing\share.html	msiexec.exe

Drops file in Windows directory 11 IoCs

description	ioc	Process
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI83E8.tmp	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI4FB6.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI50C2.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{26966342-EFD9-49E0-84D7-853DB4F7637E}	msiexec.exe
File created	C:\Windows\Installer\e574f2b.msi	msiexec.exe
File created	C:\Windows\Installer\e574f29.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e574f29.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI5063.tmp	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 000000000400000027c70fafd0cbe6b20000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff00000000270101000008000027c70faf0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3f000000ffffffff00000000070001000068090027c70faf000000000000d0120000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000000000000000000027c70faf00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000000000000000000027c70faf00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Publisher.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	Publisher.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1E\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e	msiexec.exe

Modifies registry class 23 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\DE3F9A77DA3F9AC4181C90CE4DC99B4A	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\243669629DFE0E94487D58D34B7F36E7\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\243669629DFE0E94487D58D34B7F36E7\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Roaming\\Affinity\\Publisher 2 2.0.4.1701\\install\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\243669629DFE0E94487D58D34B7F36E7\ProductName = "Publisher 2"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\243669629DFE0E94487D58D34B7F36E7\Language = "1033"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\243669629DFE0E94487D58D34B7F36E7\Version = "33554436"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\243669629DFE0E94487D58D34B7F36E7\AuthorizedLUAApp = "0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\243669629DFE0E94487D58D34B7F36E7\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\243669629DFE0E94487D58D34B7F36E7\SourceList\Media\1 = "Disk1;Disk1"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\243669629DFE0E94487D58D34B7F36E7\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\243669629DFE0E94487D58D34B7F36E7\MainFeature	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\243669629DFE0E94487D58D34B7F36E7\AdvertiseFlags = "388"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\243669629DFE0E94487D58D34B7F36E7\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\243669629DFE0E94487D58D34B7F36E7\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Roaming\\Affinity\\Publisher 2 2.0.4.1701\\install\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\243669629DFE0E94487D58D34B7F36E7	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\243669629DFE0E94487D58D34B7F36E7	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\243669629DFE0E94487D58D34B7F36E7\InstanceType = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\DE3F9A77DA3F9AC4181C90CE4DC99B4A\243669629DFE0E94487D58D34B7F36E7	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\243669629DFE0E94487D58D34B7F36E7\SourceList\PackageName = "Publisher 2.msi"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\243669629DFE0E94487D58D34B7F36E7\PackageCode = "AF4368F7E2AFFC74FA2A07545B7FD9A4"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\243669629DFE0E94487D58D34B7F36E7\Assignment = "1"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\243669629DFE0E94487D58D34B7F36E7\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\243669629DFE0E94487D58D34B7F36E7\SourceList\Media\DiskPrompt = "[1]"	msiexec.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4664	msiexec.exe
4664	msiexec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeSecurityPrivilege	4664	msiexec.exe
Token: SeCreateTokenPrivilege	1208	Affinity_Publisher.exe
Token: SeAssignPrimaryTokenPrivilege	1208	Affinity_Publisher.exe
Token: SeLockMemoryPrivilege	1208	Affinity_Publisher.exe
Token: SeIncreaseQuotaPrivilege	1208	Affinity_Publisher.exe
Token: SeMachineAccountPrivilege	1208	Affinity_Publisher.exe
Token: SeTcbPrivilege	1208	Affinity_Publisher.exe
Token: SeSecurityPrivilege	1208	Affinity_Publisher.exe
Token: SeTakeOwnershipPrivilege	1208	Affinity_Publisher.exe
Token: SeLoadDriverPrivilege	1208	Affinity_Publisher.exe
Token: SeSystemProfilePrivilege	1208	Affinity_Publisher.exe
Token: SeSystemtimePrivilege	1208	Affinity_Publisher.exe
Token: SeProfSingleProcessPrivilege	1208	Affinity_Publisher.exe
Token: SeIncBasePriorityPrivilege	1208	Affinity_Publisher.exe
Token: SeCreatePagefilePrivilege	1208	Affinity_Publisher.exe
Token: SeCreatePermanentPrivilege	1208	Affinity_Publisher.exe
Token: SeBackupPrivilege	1208	Affinity_Publisher.exe
Token: SeRestorePrivilege	1208	Affinity_Publisher.exe
Token: SeShutdownPrivilege	1208	Affinity_Publisher.exe
Token: SeDebugPrivilege	1208	Affinity_Publisher.exe
Token: SeAuditPrivilege	1208	Affinity_Publisher.exe
Token: SeSystemEnvironmentPrivilege	1208	Affinity_Publisher.exe
Token: SeChangeNotifyPrivilege	1208	Affinity_Publisher.exe
Token: SeRemoteShutdownPrivilege	1208	Affinity_Publisher.exe
Token: SeUndockPrivilege	1208	Affinity_Publisher.exe
Token: SeSyncAgentPrivilege	1208	Affinity_Publisher.exe
Token: SeEnableDelegationPrivilege	1208	Affinity_Publisher.exe
Token: SeManageVolumePrivilege	1208	Affinity_Publisher.exe
Token: SeImpersonatePrivilege	1208	Affinity_Publisher.exe
Token: SeCreateGlobalPrivilege	1208	Affinity_Publisher.exe
Token: SeCreateTokenPrivilege	1208	Affinity_Publisher.exe
Token: SeAssignPrimaryTokenPrivilege	1208	Affinity_Publisher.exe
Token: SeLockMemoryPrivilege	1208	Affinity_Publisher.exe
Token: SeIncreaseQuotaPrivilege	1208	Affinity_Publisher.exe
Token: SeMachineAccountPrivilege	1208	Affinity_Publisher.exe
Token: SeTcbPrivilege	1208	Affinity_Publisher.exe
Token: SeSecurityPrivilege	1208	Affinity_Publisher.exe
Token: SeTakeOwnershipPrivilege	1208	Affinity_Publisher.exe
Token: SeLoadDriverPrivilege	1208	Affinity_Publisher.exe
Token: SeSystemProfilePrivilege	1208	Affinity_Publisher.exe
Token: SeSystemtimePrivilege	1208	Affinity_Publisher.exe
Token: SeProfSingleProcessPrivilege	1208	Affinity_Publisher.exe
Token: SeIncBasePriorityPrivilege	1208	Affinity_Publisher.exe
Token: SeCreatePagefilePrivilege	1208	Affinity_Publisher.exe
Token: SeCreatePermanentPrivilege	1208	Affinity_Publisher.exe
Token: SeBackupPrivilege	1208	Affinity_Publisher.exe
Token: SeRestorePrivilege	1208	Affinity_Publisher.exe
Token: SeShutdownPrivilege	1208	Affinity_Publisher.exe
Token: SeDebugPrivilege	1208	Affinity_Publisher.exe
Token: SeAuditPrivilege	1208	Affinity_Publisher.exe
Token: SeSystemEnvironmentPrivilege	1208	Affinity_Publisher.exe
Token: SeChangeNotifyPrivilege	1208	Affinity_Publisher.exe
Token: SeRemoteShutdownPrivilege	1208	Affinity_Publisher.exe
Token: SeUndockPrivilege	1208	Affinity_Publisher.exe
Token: SeSyncAgentPrivilege	1208	Affinity_Publisher.exe
Token: SeEnableDelegationPrivilege	1208	Affinity_Publisher.exe
Token: SeManageVolumePrivilege	1208	Affinity_Publisher.exe
Token: SeImpersonatePrivilege	1208	Affinity_Publisher.exe
Token: SeCreateGlobalPrivilege	1208	Affinity_Publisher.exe
Token: SeCreateTokenPrivilege	1208	Affinity_Publisher.exe
Token: SeAssignPrimaryTokenPrivilege	1208	Affinity_Publisher.exe
Token: SeLockMemoryPrivilege	1208	Affinity_Publisher.exe
Token: SeIncreaseQuotaPrivilege	1208	Affinity_Publisher.exe
Token: SeMachineAccountPrivilege	1208	Affinity_Publisher.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
1208	Affinity_Publisher.exe
1132	msiexec.exe
1132	msiexec.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 4664 wrote to memory of 2968	4664	msiexec.exe	92
PID 4664 wrote to memory of 2968	4664	msiexec.exe	92
PID 4664 wrote to memory of 2968	4664	msiexec.exe	92
PID 1208 wrote to memory of 1132	1208	Affinity_Publisher.exe	93
PID 1208 wrote to memory of 1132	1208	Affinity_Publisher.exe	93
PID 1208 wrote to memory of 1132	1208	Affinity_Publisher.exe	93
PID 4664 wrote to memory of 3972	4664	msiexec.exe	94
PID 4664 wrote to memory of 3972	4664	msiexec.exe	94
PID 4664 wrote to memory of 3972	4664	msiexec.exe	94
PID 4664 wrote to memory of 3792	4664	msiexec.exe	103
PID 4664 wrote to memory of 3792	4664	msiexec.exe	103
PID 4664 wrote to memory of 4676	4664	msiexec.exe	106
PID 4664 wrote to memory of 4676	4664	msiexec.exe	106
PID 4664 wrote to memory of 4676	4664	msiexec.exe	106

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\Affinity_Publisher.exe
"C:\Users\Admin\AppData\Local\Temp\Affinity_Publisher.exe"
1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1208
- C:\Windows\SysWOW64\msiexec.exe
  "C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\Affinity\Publisher 2 2.0.4.1701\install\Publisher 2.msi" AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\Affinity_Publisher.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1678854811 "
  2⤵
  - Enumerates connected drives
  - Suspicious use of FindShellTrayWindow
  PID:1132

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4664
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 40A91D8D7EDCBFB2DC0DE68D54883BD1 C
  2⤵
  - Loads dropped DLL
  PID:2968
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 0491EB4BBF1821D5CBBE993655D342AE C
  2⤵
  - Loads dropped DLL
  PID:3972
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:3792
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 0A7468B273170189EE3D2558FBC40D1A
  2⤵
  - Loads dropped DLL
  PID:4676

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
PID:1484

C:\Program Files\Affinity\Publisher 2\Publisher.exe
"C:\Program Files\Affinity\Publisher 2\Publisher.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
PID:4580
- C:\Program Files\Affinity\Publisher 2\crashpad_handler.exe
  "C:\Program Files\Affinity\Publisher 2\crashpad_handler.exe" --attachment=attachment_Log.txt=C:\Users\Admin\.affinity\Publisher\2.0\Log.txt --database=C:\Users\Admin\.affinity\Publisher\2.0\CrashReports --metrics-dir=C:\Users\Admin\.affinity\Publisher\2.0\CrashReports --url=https://seriflabs.sp.backtrace.io:6098 --annotation=format=minidump --annotation=product.name=Publisher --annotation=product.type=retail --annotation=token=261a09b9dec3672bad6cbc9d5061853c27ef603ea8d91962f74297e834ad4968 --annotation=version.build=1701 --annotation=version.full=2.0.4.1701 --annotation=version.semver=2.0.4 --initial-client-data=0x51c,0x520,0x524,0x514,0x530,0x7ffb1bbff130,0x7ffb1bbff148,0x7ffb1bbff160
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2228
- C:\Program Files\Affinity\Publisher 2\cltest.exe
  "C:\Program Files\Affinity\Publisher 2\cltest.exe" platform
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3128

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e574f2a.rbs

Filesize
616KB

MD5
1c0fb94290e5b18c1f21bb89e1143780

SHA1
7f1ee742cd7040730d2266670b47248b927c58cd

SHA256
5198ce157bb6a255c60bb3995c8bf04530ebbe6fef1b7bb1be83b1d0a6aa5dce

SHA512
795b6ba1d092b8db271335480d9675fdbcc71c20130cac2e228c1566a71b2dc1c4170139444acc770c32d5d8713e6d6a5d4852eb59e1cd9641fb74e9b9ec2ad2

Download Submit
C:\Program Files\Affinity\Publisher 2\Publisher.exe

Filesize
2.5MB

MD5
942290df5a74958a6ae3446685d1ee42

SHA1
8ae7e0dd3792446ccbdddd2a10b529ba32bfd5df

SHA256
58ec02a496ca66707ed56ed3b669739a7465a8bd73e2ebdb52899106e59287ac

SHA512
21e1c9d544dc36c077c265e645edc0d0ffb68d4398e8cc9e5fbc0036d502628121337ff5c79385f41308f0b41b0996e20bb2d01e064c4652c67fb6439501dfbf

Download Submit
C:\Program Files\Affinity\Publisher 2\PublisherHelp\Contents\Resources\shared\adjustment_base05.jpg

Filesize
46KB

MD5
6ea56319ea4c6f5cbae1616ecd6b4b06

SHA1
056917bff6a5f10ec364c264553752a2c7f473c6

SHA256
7cf20d3950c0086c2df257df6f72a6fe3ba1eb7dc9b0b13f105f0afde455b72b

SHA512
66abf5be42c41af9d6a71bdb0e32c3f09a78ffc9645e84d4dca98e355c6a904b0b741be747270f8a0bd8bef9474065a77fddcdf18fcecd72110e8fffa6960987

Download Submit
C:\Program Files\Affinity\Publisher 2\Serif.Affinity.dll

Filesize
14.5MB

MD5
1a5f1379f88ef1774982d2230eb2c6b6

SHA1
564898145120c533b93dbf0f8a1c5f2311b77351

SHA256
854d7022ceb0eab8af9f750fb3d408c42b1467271d37cf332bb09c1465bf51f0

SHA512
2fc6527eba6c079dd1ee2feefc212f9ea21361fbd376ef6254425f896eb28f52e1b0dd35b0d0781faf617af3c6edc0b69659a3faaac0c29eb0dd677725e0d18a

Download Submit
C:\Program Files\Affinity\Publisher 2\Serif.Affinity.dll

Filesize
14.5MB

MD5
1a5f1379f88ef1774982d2230eb2c6b6

SHA1
564898145120c533b93dbf0f8a1c5f2311b77351

SHA256
854d7022ceb0eab8af9f750fb3d408c42b1467271d37cf332bb09c1465bf51f0

SHA512
2fc6527eba6c079dd1ee2feefc212f9ea21361fbd376ef6254425f896eb28f52e1b0dd35b0d0781faf617af3c6edc0b69659a3faaac0c29eb0dd677725e0d18a

Download Submit
C:\Program Files\Affinity\Publisher 2\Serif.Interop.Persona.dll

Filesize
51.8MB

MD5
bfbfe623c08b35a17e2bd5fd8508c894

SHA1
609c62ac0a77e43959bbf2410d37861e936c7c62

SHA256
0944800c66aaf16000c4f06cef96d216b568dde00c980ab34534a54761f4b968

SHA512
6c20207ef6be2c792566a937768b1ecb1e69b88f5b9a1c06f5488bc47101dbd78370c428406a8542a976d09b6fa7826dd6608b268d96117e07574ae84cd10218

Download Submit
C:\Program Files\Affinity\Publisher 2\Serif.Interop.Persona.dll

Filesize
51.8MB

MD5
bfbfe623c08b35a17e2bd5fd8508c894

SHA1
609c62ac0a77e43959bbf2410d37861e936c7c62

SHA256
0944800c66aaf16000c4f06cef96d216b568dde00c980ab34534a54761f4b968

SHA512
6c20207ef6be2c792566a937768b1ecb1e69b88f5b9a1c06f5488bc47101dbd78370c428406a8542a976d09b6fa7826dd6608b268d96117e07574ae84cd10218

Download Submit
C:\Program Files\Affinity\Publisher 2\Serif.Interop.Persona.dll

Filesize
51.8MB

MD5
bfbfe623c08b35a17e2bd5fd8508c894

SHA1
609c62ac0a77e43959bbf2410d37861e936c7c62

SHA256
0944800c66aaf16000c4f06cef96d216b568dde00c980ab34534a54761f4b968

SHA512
6c20207ef6be2c792566a937768b1ecb1e69b88f5b9a1c06f5488bc47101dbd78370c428406a8542a976d09b6fa7826dd6608b268d96117e07574ae84cd10218

Download Submit
C:\Program Files\Affinity\Publisher 2\libStory.dll

Filesize
4.7MB

MD5
9077281e50b96ff233289bb7480c3aab

SHA1
4e99035f0aa688d90c224d0658fd72d26255ec72

SHA256
f5cde3cecd6c73ded6d4420b459919aadb010ffe291740d16e09979671b12fb2

SHA512
85d1b520f17e09387001885540cc338c8b69728eead1ac04ec43511f485ac4a6e70115ab4b2b37a10167bab71cbd32403792617da57bde634c15f796bb0d4bad

Download Submit
C:\Program Files\Affinity\Publisher 2\libacs.dll

Filesize
2.8MB

MD5
67178815fa6291f1205af2a74c476699

SHA1
88ad0db4f48756d9c43fdd0b22e26bc9e5d69cf7

SHA256
74e2c868286defb891ca2b631470a909898e7a9ffda4f00bc568d7509e485cee

SHA512
21991df686b9a6b4fed16b6cc7e9eb3bc372033953bbb8674646e1e007a459416ec21a0c15a492607402d1b35d7e401a2c840b178df4decbd96a8a24af56de59

Download Submit
C:\Program Files\Affinity\Publisher 2\libaffinity.dll

Filesize
8.0MB

MD5
46f26ff5a7151a5f8d237d8513c94bb1

SHA1
c1fb95efce61f488c9bfc68e189418ced58b6740

SHA256
a2d55b00385fd626da00cfe23c2ea09f3dcf13fc439eb3ac1268f8e954d2e721

SHA512
2121979697e5b1c1d734746fb8771ed3e2089b0186a54b7cea075f2a72d3600d336d0e7b7bcb47377324f70e779bc800edbda44d02814869d1f3f02759d8b426

Download Submit
C:\Program Files\Affinity\Publisher 2\libbmp.dll

Filesize
103KB

MD5
fbd914939b1f13a01dc00f51bb6f6996

SHA1
3cc6cd451b493010c0de3f3716d83c0bfd3c173f

SHA256
32745dc470e748885c720b2cc06d7010b400892fdf7932d8a5bc6458e1b98809

SHA512
b71bb5c14e41072238018f6c63dc36b1d7ed713bb2a5317b9f1ced916e95c69dabc5433e87cdeafa32844f94ba9965447c5a750e73f1a8ae05360f147a589249

Download Submit
C:\Program Files\Affinity\Publisher 2\libbook.dll

Filesize
1.8MB

MD5
6f8e318405864bc48779d5b064f1b83c

SHA1
7bc2c125612c0150e24471d4e8bbb87441bbb229

SHA256
3f46c892e73aca4b6121be0916cebcd6dc84a1ef4756e8d6755e48af762568af

SHA512
768f746c87cea8041a2c6d5a6b6c43d8b6417a05f274d252858d133afc35e26c0be63ee1aed912a214dfd1c2833df4ac0e0829e32bd45745b142b03dba67f9f5

Download Submit
C:\Program Files\Affinity\Publisher 2\libcommands.dll

Filesize
3.5MB

MD5
bafe12af6a32af39d2654d33e47e9eb9

SHA1
dba68c864e703dc34ada91b34cc8512f06d07600

SHA256
a4552f6b5e46926c069c80f96ecb5a70657908b2fcf1bedbe5b3639915c137db

SHA512
36b958505f3f2dc1c7a9fdf794a7834800b985ce5863953a5c0739e0fa67054ae52c9add928f8290d874885417febe135df772c2bfe0a10e6387bed85dd343b3

Download Submit
C:\Program Files\Affinity\Publisher 2\libcrashpad.dll

Filesize
204KB

MD5
bf07ce3de3ef1f21eddd61354e157bbd

SHA1
6dac02af5318779ee48096ca368b6f37c9bc84af

SHA256
c7c48901bd4f212bc49ced7a79bd6c83fa0f2fee154d780a89e7a1eea1772af8

SHA512
e44728c8d688584b1d55b33cdf5c8083e24e6f59538f85d74150df3432ccd9cd6b2213cdb0c0139aec17b96f9c5629697891d7263efb4a902413a12ad02e3bbd

Download Submit
C:\Program Files\Affinity\Publisher 2\libdwgimport.dll

Filesize
28.8MB

MD5
b1ea5b108af97f2fab8d3a9256d62439

SHA1
da3a4a0c9abc99523bd82a720dced3a397e16754

SHA256
9d93f9e482c9183c826b6344be0208d6e1ee34c4a21bf62fb7c2c0d7c58e3985

SHA512
d49199b6994fffa33e91cd145076f50333f77221a66648dd9849078def1d7dde72ff51c195a3aadff580223eb73f0211baa1090276e5324c8e43205bd268b768

Download Submit
C:\Program Files\Affinity\Publisher 2\libdxcore.dll

Filesize
52KB

MD5
9d2e7bbbe7b7a335202202d79265f55d

SHA1
31f10a215dfab8605ab583f37ef03dddfb50cc02

SHA256
ec8557ae42e438a7a6d51eac914c39b22263303c334f4feefcfb814124fc0ea7

SHA512
ca75dd2386c9f5d07b93713ce3886fee3f6004cff7b8db86f105a45604f101744788b3756190a617e9589756f60abc883ccefbb7af6a9dedd30c5a08eb009246

Download Submit
C:\Program Files\Affinity\Publisher 2\libgeometry.dll

Filesize
2.8MB

MD5
4b5cbd671b96f8e2307a7f42d2989937

SHA1
5e490c9d7d475348e6e7218aa9aa679e336aeb7c

SHA256
32e921e52eac4d337445837e789fcec44880e6d4c4f36f17c2e745d1b748cc2c

SHA512
64e5637dba7bc4e6b1c0c740b513c45d970c45b8926084051aaafcf270d4590e9c837c3b8f0dbb7d6bb5c1a007d01ec36e86c89d47825bf64a8547be956a111e

Download Submit
C:\Program Files\Affinity\Publisher 2\libheif.dll

Filesize
719KB

MD5
f1e412777777b1654992d4708627ade8

SHA1
82df896ed13e1f71d3f03b8eb224bc14a9d023ba

SHA256
b13862b267282cb6b643ffc5c1665c5bda92c3aa86b7ff0a77e1f44b6544949d

SHA512
f566c705609013121048f1a1aac0af014c12fe66885ecc9f94587f3d5bd686444bac2c2216e917d99213f8d08b6f113f7d96e02707df885b2b88cdafb31d1249

Download Submit
C:\Program Files\Affinity\Publisher 2\libhunspell.dll

Filesize
744KB

MD5
540a209450e25a0a84126d5f704df3b8

SHA1
f635c7b4020649c36727e77338a210899f412ef2

SHA256
8acac2bca6cdf08123569201450f6ef46340c1f8ae537d2a0ead9c3e5ad286bf

SHA512
eafebfd30a5afa8df79ada280aea1ea91eb19dc382e9db8259ea8646dd6a8eafc1e996921f68b56bd632028b7db4247a7fe12a90b94720b172546a3adb70f21d

Download Submit
C:\Program Files\Affinity\Publisher 2\libicu.dll

Filesize
5.5MB

MD5
9f51f075e529eec089f8ed281dd55440

SHA1
57652fc2efa8b50f3ad5714243447c61c408b642

SHA256
5646fa640c93f1af0a0efd4f1208b6d367ac73ec44eeda3cbf2d356fb467cee4

SHA512
d1d6f6b5690e0794797d6a20cd6d00e1546a442bd96de7187c55ad933446df7c51fc13a3e1edc3447ad6c9b1da334b49cf0f146637411cb04b240f5fc3e52611

Download Submit
C:\Program Files\Affinity\Publisher 2\libidmlimport.dll

Filesize
679KB

MD5
0a279bf2b7bd8e4f40e1b539736bc4c4

SHA1
80b6e73de8298fb53eafa58bc21449a2d8d24c04

SHA256
722792cb5a0093eab87c393c43b3b27699d82607ef7b4d3e58081b096c7d7545

SHA512
25833958ca1e2e6704d63b1807e5fe6653b3c5a39265708738764e8817e7dddc3afa8a18786be8e19af4b7b1bcc410724bed29305320fb40f5e24db6fd06655c

Download Submit
C:\Program Files\Affinity\Publisher 2\libipc.dll

Filesize
263KB

MD5
c3bb936d40ade2623c622d1f94c97f1e

SHA1
c5ae684e4faf24b2b5480f6eb3910d55a0301797

SHA256
b7a46a800ae08cb1987fbfc0c73544b0edcd2087e660ea3dc9c09d08be5dd8db

SHA512
2ab384df566365811dd0eaf053816c114bd0deee849ef5e551aeb315a4939b94ddf76f694705ac590eaee1d158892c023a32d811e56870d2e1320039a1555fab

Download Submit
C:\Program Files\Affinity\Publisher 2\libjbig2dec.dll

Filesize
163KB

MD5
d462ca4c533c4b6d0fbc0bb7f169e2b9

SHA1
be54da31fd2a8abfd0d923773ed4aad33dc21b68

SHA256
821bb57e1a451c5604923568c2c0e1007c8613e750e1620e1551da0925d278a4

SHA512
fffeb2fd5342fe94a153a176da1a5b2deafb260955fe7495fef09d74bd9adc791ec7194669ec1fb7ed27553084e8b3cbcfbb53036faaef4aab284234ac7d24ff

Download Submit
C:\Program Files\Affinity\Publisher 2\libkernel.dll

Filesize
5.2MB

MD5
b56045ad02709e481dfe990b824a32fe

SHA1
4e5516605ab8d4d8364b68eb764c8d6601345635

SHA256
c2f7f61bd249f77efe18738b7e330927a6213b1b1648db1b7c59606c1c7aa49a

SHA512
72c86c52bace77c23248f9c662abfccf9f66f6db330110dd0ff888625792c572f7f56afd942431134b29690d7c5f06c16e91b668dd262ce33b27746042980bcc

Download Submit
C:\Program Files\Affinity\Publisher 2\liblf.dll

Filesize
709KB

MD5
8b0675d259ce6dd0a4ec108017290cfe

SHA1
0e2005a3373457166bdcc121d0b899d5f2c2378a

SHA256
691b3ca3d45f285d39555e2b144fba7e7c25a23778f28176c1449dff3638776e

SHA512
ee1c6b198cc8aa8808eb642f715125a75748a7d61d903e3ae060405b4f7c4d1ea3c54841ef92e9c1544068fef7de7e15ac933362d3fe898d0f5b14c6142c1fe5

Download Submit
C:\Program Files\Affinity\Publisher 2\libmetadata.dll

Filesize
4.6MB

MD5
e2af4d334597acc442bba94ff5f9317e

SHA1
df7b6043e2756562ba3d617254eca2eff4b46c4b

SHA256
7b6efc1ea436d84a8a5707ca166bb6ead7001f5c776a5bf1870176e1a5294949

SHA512
b5b7de9dfeb002ae24399c5ebfe4f9d765a611b23cd64c4ad61d2d46bd7472745d3361f58e3da22cba299a0010795a5889ecd46ce16e6d54b61945f8181b83b9

Download Submit
C:\Program Files\Affinity\Publisher 2\libnetwork.dll

Filesize
831KB

MD5
77831dbf16e043af1a6762dced423fae

SHA1
0a2959430fcd08eb7ec232cd0717984d8a4a11e1

SHA256
66e925c20ec92d9c3b159d5d0528d9c642230c5b79eebeaaeeaa2e4850e031a8

SHA512
829f66f65818e81f5262fe24dc30c95331504bdb061caf8882f03818f7b121e3995efd1953ccdb1c39c878e90476ab69766d201e10ea98877c10fb86dc23796b

Download Submit
C:\Program Files\Affinity\Publisher 2\libocio.dll

Filesize
798KB

MD5
d8df25dc6469c4c55908436c5a92a2a6

SHA1
bff0f5e7da9f045eed8132f8281609d2def4a72c

SHA256
0b453f4919b1d707b1e28495ed1c381d5e6d5c42d7d0161805bba730667333d7

SHA512
24e13bfa4da94fda62efecd1340512fc36ad78eb02a45a82b974af82a18b4528f109146eb8abb690cadd501d6285c62b0b087d34d9ed0b739195e9b0e5209089

Download Submit
C:\Program Files\Affinity\Publisher 2\libpdfimport.dll

Filesize
10.6MB

MD5
7cab79a34769954afcff608c5ec7ec74

SHA1
688c1b83b75d2ff96b3dafaaf4980a690bc08ad9

SHA256
a70c33c0fcb329668ea9de039c963dbdcf2c62acb83a4b3a8a7bdf20af45c016

SHA512
b639e6670dde9d9f7fe1511dc453a5caca66d893cfa9e184df9a8c622bc81230484e96554ae1fed5605f7ad5d1c929c1a1add13afb525bfc9e3ab51d0357db54

Download Submit
C:\Program Files\Affinity\Publisher 2\libpdfium.dll

Filesize
5.4MB

MD5
01e1db8ae51153930cd71b7ca8b5d45b

SHA1
9ba1a398f22c40758e8dcb96689b6b9a155271b4

SHA256
574b4abe73d210f9259e9a17355610d3922721bda161ab25b5d00427265f6842

SHA512
a858e740795f91eda9fed84a002d4351dbfc00c43796999b9a3eec85497f45f8b9702e0e4a4636a2da09b253d09e8a0cc40afaf63c3d100525481512b89614d4

Download Submit
C:\Program Files\Affinity\Publisher 2\libpersona.dll

Filesize
295.6MB

MD5
1bb9191eddf60cea5c48980969d5ad1a

SHA1
a23dbf184f2754ef32f55f7983185cc3cde95c43

SHA256
1513e798f926b0f30c1acc238539eec45c2286f709765ad8d036981e4465c157

SHA512
a5744bd6d4332436484c0c4502a7c20f43f9f03de6fb95c7b25ce301b79e51c14a812061d6389abf27d534d423fd38e90a194f331db1da89288088eaa69605a0

Download Submit
C:\Program Files\Affinity\Publisher 2\libpersona.dll

Filesize
295.6MB

MD5
1bb9191eddf60cea5c48980969d5ad1a

SHA1
a23dbf184f2754ef32f55f7983185cc3cde95c43

SHA256
1513e798f926b0f30c1acc238539eec45c2286f709765ad8d036981e4465c157

SHA512
a5744bd6d4332436484c0c4502a7c20f43f9f03de6fb95c7b25ce301b79e51c14a812061d6389abf27d534d423fd38e90a194f331db1da89288088eaa69605a0

Download Submit
C:\Program Files\Affinity\Publisher 2\libpk.dll

Filesize
41KB

MD5
396f1cf3bafe522fa12c3253b81e4c5b

SHA1
f0af00176b3be09535d22a725e2d297544d94b7d

SHA256
8a7ccb8400f309c198fffb25df68d76331387b6537a5d7a7fea937a7b121a61a

SHA512
cc891a8673f30d5a57d6a2bd19af060b3858c4d54a7123d6cc8694acb2ebe353e035f7661271077bf4a380099430ef1df5a4756ebc8c4c348ff169fbb2933a37

Download Submit
C:\Program Files\Affinity\Publisher 2\libpsd.dll

Filesize
3.0MB

MD5
abe5d1f23c31770c51cc5cdb6b229d4a

SHA1
60b16217b093655a2a927df34cb4ea885eccd413

SHA256
98ba1ba0e2cdc4f50bd795418778a7c9ae92e9860076e3087cdd4a4dade94c84

SHA512
09ed3d363a50d6520b6cc153c13e20f1af091ca9bab58077100b21fa81e50022e3dc38d37c81a49d8b98518fe42745345d68bad9d71e7d22612d7ba6c861381a

Download Submit
C:\Program Files\Affinity\Publisher 2\libraster.dll

Filesize
56.3MB

MD5
5a3f18e2b2b9010ee25299a48fe62d22

SHA1
f5588e79fe3f946d243a3eea49f4eeaca8293d26

SHA256
468cb575ab8219f087fea9eb83abda16c3da92564ee494898ca0a87120977fb9

SHA512
4bd577e142325c17bf49d296c379fb12dde239ca81360ebbe1f48d4206dc7cdc885f62b337e47b7a2030c57360f4a2e98ca516e8c94035a809bba7f55b36cf83

Download Submit
C:\Program Files\Affinity\Publisher 2\librastertools.dll

Filesize
96.2MB

MD5
dd2a5946a289d044c7c7445e3fe2a492

SHA1
9ecd107d84ac9938d864c56dd11393a0c9754cf5

SHA256
3aa06ad545138bf7ca0cb8aa6f61bac714d19ed6770a9616dc87edc7e73d07b1

SHA512
07f70328a3b5a92ac3a36a41c3b1303d114282a1b8d7ecfd984e80c5062ac3f4012f2af1194101e3484ac9c345b1a8849ff09d457e24388708827ecf0accf8c8

Download Submit
C:\Program Files\Affinity\Publisher 2\librenderer.dll

Filesize
54.5MB

MD5
081003e625abb07ba7e63d73108c4b91

SHA1
1ab95dc52f5acff520554ec6a3fa7eca1c51ef01

SHA256
34924b16612e899bc62c97b3fbe4fb8fb32a407a7983b3eb6a9229257e2e3084

SHA512
4c5b21594bd9417c3414717f22022b9ec764fd7b48838f431be6d2e50b312016b98ba4ca2f0c17714cffd0f27b44d863a46fa892a4ef847a9b032b8a61d37860

Download Submit
C:\Program Files\Affinity\Publisher 2\libscripting.dll

Filesize
57KB

MD5
92736b944f7dc4fa8e45730f75108ff2

SHA1
b5c582962f5efaf57ecf43ba5dfb6314db9b94ce

SHA256
152674b41864b2ad4ec47389e49c9efd48b518bc86bb80dcde083651b290da2c

SHA512
9828a0a08b44576df34547225da3739b01d6814a832fd86d85ea42c0a4767cea28e2c5f0806085931f1de3ef9a67f08a5af013f1f3f967ec3b444ecefb7c0720

Download Submit
C:\Program Files\Affinity\Publisher 2\libxmp.dll

Filesize
1.2MB

MD5
56a7b61e860db19009fabd7297ef30ed

SHA1
ac615269e961393e572165e6290c9d17bf864929

SHA256
ae903659227651b52e28b7934a265e60f3de79e061ceea99c4a1038c0a77c239

SHA512
60ea104d2c40748c3e2851e00b83fd96f0258bfe7ee39d36d16bace7573a1a2b46dba034ca638603220f4f41e0952aa4475186b647c8dc59c158f790838bbe41

Download Submit
C:\Program Files\Affinity\Publisher 2\msvcp140.dll

Filesize
557KB

MD5
7db24201efea565d930b7ec3306f4308

SHA1
880c8034b1655597d0eebe056719a6f79b60e03c

SHA256
72fe4598f0b75d31ce2dc621e8ef161338c6450bb017cd06895745690603729e

SHA512
bac5729a3eb53e9bc7b680671d028cabef5ea102dfaa48a7c453b67f8ecb358db9f8fb16b3b1d9ea5a2dff34f459f6ac87f3a563c736d81d31048766198ff11e

Download Submit
C:\Program Files\Affinity\Publisher 2\pdflib.dll

Filesize
4.7MB

MD5
cba20d3f289521db03e44c6147d4ac7d

SHA1
3dcea206076db79498716ed9653f7033fef53571

SHA256
d6a0d4560fdaee315ca819276201e6cde7abb7c19cd38cbe0999dc3095dbcaff

SHA512
aa7c19f3b27bd23a06d1719b1213c360c0d78ed81a8cfaaf3e5df8739fe98394e47b3e5fd0a64c630273d1c0f13a844ddf1927e810dde85ddcee865bddc60d0e

Download Submit
C:\Program Files\Affinity\Publisher 2\vcruntime140.dll

Filesize
96KB

MD5
f12681a472b9dd04a812e16096514974

SHA1
6fd102eb3e0b0e6eef08118d71f28702d1a9067c

SHA256
d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8

SHA512
7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

Download Submit
C:\Program Files\Affinity\Publisher 2\vcruntime140_1.dll

Filesize
37KB

MD5
75e78e4bf561031d39f86143753400ff

SHA1
324c2a99e39f8992459495182677e91656a05206

SHA256
1758085a61527b427c4380f0c976d29a8bee889f2ac480c356a3f166433bf70e

SHA512
ce4daf46bce44a89d21308c63e2de8b757a23be2630360209c4a25eb13f1f66a04fbb0a124761a33bbf34496f2f2a02b8df159b4b62f1b6241e1dbfb0e5d9756

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSICC6E.tmp

Filesize
391KB

MD5
a32decee57c661563b038d4f324e2b42

SHA1
3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2

SHA256
fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04

SHA512
e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSICC6E.tmp

Filesize
391KB

MD5
a32decee57c661563b038d4f324e2b42

SHA1
3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2

SHA256
fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04

SHA512
e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSICFE7.tmp

Filesize
391KB

MD5
a32decee57c661563b038d4f324e2b42

SHA1
3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2

SHA256
fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04

SHA512
e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSICFE7.tmp

Filesize
391KB

MD5
a32decee57c661563b038d4f324e2b42

SHA1
3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2

SHA256
fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04

SHA512
e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSID0E2.tmp

Filesize
391KB

MD5
a32decee57c661563b038d4f324e2b42

SHA1
3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2

SHA256
fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04

SHA512
e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSID0E2.tmp

Filesize
391KB

MD5
a32decee57c661563b038d4f324e2b42

SHA1
3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2

SHA256
fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04

SHA512
e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSID0E2.tmp

Filesize
391KB

MD5
a32decee57c661563b038d4f324e2b42

SHA1
3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2

SHA256
fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04

SHA512
e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSID170.tmp

Filesize
391KB

MD5
a32decee57c661563b038d4f324e2b42

SHA1
3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2

SHA256
fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04

SHA512
e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSID170.tmp

Filesize
391KB

MD5
a32decee57c661563b038d4f324e2b42

SHA1
3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2

SHA256
fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04

SHA512
e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSID1EE.tmp

Filesize
391KB

MD5
a32decee57c661563b038d4f324e2b42

SHA1
3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2

SHA256
fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04

SHA512
e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSID1EE.tmp

Filesize
391KB

MD5
a32decee57c661563b038d4f324e2b42

SHA1
3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2

SHA256
fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04

SHA512
e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSID3E3.tmp

Filesize
391KB

MD5
a32decee57c661563b038d4f324e2b42

SHA1
3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2

SHA256
fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04

SHA512
e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSID3E3.tmp

Filesize
391KB

MD5
a32decee57c661563b038d4f324e2b42

SHA1
3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2

SHA256
fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04

SHA512
e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9

Download Submit
C:\Users\Admin\AppData\Roaming\Affinity\Publisher 2 2.0.4.1701\install\Publisher 2.msi

Filesize
1.6MB

MD5
09502ca66d04e4ca1e78ba428e114f0b

SHA1
25ddeb008f876f2d8200ff6f653a5ae1c01b8f39

SHA256
9f3522ee519f6208f644d90fe030f10e28aea6fbb14721b9c6f4dd0c1a805dad

SHA512
e277e5945f2f0804a42ced7dc2982e519964463bc1fb04abbcf19eeaa424275c075605fd81ad810cb11c204f48137c75117a7650fc0c0ae164e11f41e223f56e

Download Submit
C:\Users\Admin\AppData\Roaming\Affinity\Publisher 2 2.0.4.1701\install\Publisher 2.msi

Filesize
1.6MB

MD5
09502ca66d04e4ca1e78ba428e114f0b

SHA1
25ddeb008f876f2d8200ff6f653a5ae1c01b8f39

SHA256
9f3522ee519f6208f644d90fe030f10e28aea6fbb14721b9c6f4dd0c1a805dad

SHA512
e277e5945f2f0804a42ced7dc2982e519964463bc1fb04abbcf19eeaa424275c075605fd81ad810cb11c204f48137c75117a7650fc0c0ae164e11f41e223f56e

Download Submit
C:\Users\Admin\AppData\Roaming\Affinity\Publisher 2 2.0.4.1701\install\Publisher 21.cab

Filesize
542.7MB

MD5
dddc82f114bc67fc542ad2f198e631d1

SHA1
d1d207d7efc9e492a62f799cdfa3d34ebf092162

SHA256
55c4e7180bd4ef4a9a37bff4739e7ce80a97e42f054640f782e3d3f39dde4ef7

SHA512
0757cfe0bc6c6895d30d40ad0a8dd162c8a21fdc7d40c91c2436d3a5f81ba369fb3d2464b0d8d74af60c09e54fa1b884c0b83cef9c9eeec7332548783f624b58

Download Submit
C:\Windows\Installer\MSI4FB6.tmp

Filesize
391KB

MD5
a32decee57c661563b038d4f324e2b42

SHA1
3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2

SHA256
fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04

SHA512
e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9

Download Submit
C:\Windows\Installer\MSI4FB6.tmp

Filesize
391KB

MD5
a32decee57c661563b038d4f324e2b42

SHA1
3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2

SHA256
fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04

SHA512
e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9

Download Submit
C:\Windows\Installer\MSI5063.tmp

Filesize
391KB

MD5
a32decee57c661563b038d4f324e2b42

SHA1
3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2

SHA256
fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04

SHA512
e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9

Download Submit
C:\Windows\Installer\MSI5063.tmp

Filesize
391KB

MD5
a32decee57c661563b038d4f324e2b42

SHA1
3f381a7e31f450a40c8c2cf2c40c36a61fb7a4c2

SHA256
fcf24b9b574ed026d3f68b7b70aa6533806ba7fc566c476ccb62e6493ac28f04

SHA512
e17c125adad4702c9a30639858e22a2f0dc4f2926fca89758d544c62fe1fb95360dabd5bd2de2f62a607158bd9ef108c60d8cb5ce709c634668ee509988214f9

Download Submit
C:\Windows\Installer\MSI50C2.tmp

Filesize
569KB

MD5
0be7cdee6c5103c740539d18a94acbd0

SHA1
a364c342ff150f69b471b922c0d065630a0989bb

SHA256
41abe8eb54a1910e6fc97fcea4de37a67058b7527badae8f39fba3788c46de14

SHA512
f96ef5458fdc985501e0dca9cac3c912b3f2308be29eb8e6a305a3b02a3c61b129c4db2c98980b32fd01779566fa5173b2d841755d3cb30885e2f130e4ad6e2c

Download Submit
C:\Windows\Installer\MSI50C2.tmp

Filesize
569KB

MD5
0be7cdee6c5103c740539d18a94acbd0

SHA1
a364c342ff150f69b471b922c0d065630a0989bb

SHA256
41abe8eb54a1910e6fc97fcea4de37a67058b7527badae8f39fba3788c46de14

SHA512
f96ef5458fdc985501e0dca9cac3c912b3f2308be29eb8e6a305a3b02a3c61b129c4db2c98980b32fd01779566fa5173b2d841755d3cb30885e2f130e4ad6e2c

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
23.0MB

MD5
0fee5f967b608ecd712a3c177ef19aa3

SHA1
e5a3884c7933888c8273000d35a1f96d71818e25

SHA256
6a6f2130e4ac0c99e745ca59e5d42e7f2774d11e2daa98d6962df3d121c073fc

SHA512
218bed23fc914705018697be08449ec1cd7a81a3655accf6ebdc54377c5b0572d5f07c88e19fe2fa7702fef351961760dceb28d1d33f961590fce9848b4461b4

Download Submit
\??\Volume{af0fc727-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{fabd9c0b-941b-42de-a9f5-69d51ed5143a}_OnDiskSnapshotProp

Filesize
5KB

MD5
a18e67eb36f271148a32aad9a2c270ea

SHA1
f35e25268be16e1a7db33cc1b176508762082480

SHA256
164906308374644cdd2c4b3b79ec11ffc45dbf7af70ea5a85d66bbd53822ca20

SHA512
63556be514a905313819fc437156b1da4e148f76bfa40ab13807ec173f717797fe9bec6de1f3db1f8977979d31c96c53ad92e5bc84a379d101c16d80952c50e5

Download Submit