2cbf59c93f795175f3c729ac37a25ca3d7482ab50b6475f4647ae8a39abf394f

Analysis

max time kernel
86s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
02-05-2023 22:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Flash8-en.exe
Size

107.8MB
MD5

4366b8abb6c5cf54239954a2e89c4e97
SHA1

2b769067954561da9b91b87773fe9f1e2483e296
SHA256

2cbf59c93f795175f3c729ac37a25ca3d7482ab50b6475f4647ae8a39abf394f
SHA512

ddf30dbfb6504f4ebe6cf7a6cb6280a54bfd98bbd69a246757901b9c3e8d575c90b7a848413e018e6e1006524efd4c0c525094191e489b1f33f05b1a9e3c20b0
SSDEEP

3145728:JyDSUW50GQiwf64O298IydrvzjxyKGrVKgVl:JcSD50Piwip298IYrL1yKGsgT

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 7 IoCs

pid	Process
4152	FL_Client_Installer.exe
4896	IDriver.exe
1432	IDriver.exe
3460	IDriver.exe
4840	IDriver.exe
5096	IDriver.exe
1924	IDriver.exe

Loads dropped DLL 64 IoCs

pid	Process
3496	MsiExec.exe
3336	regsvr32.exe
908	regsvr32.exe
4068	regsvr32.exe
4072	regsvr32.exe
2568	regsvr32.exe
2092	regsvr32.exe
3496	MsiExec.exe
3496	MsiExec.exe
3496	MsiExec.exe
1432	IDriver.exe
1432	IDriver.exe
1432	IDriver.exe
1432	IDriver.exe
1432	IDriver.exe
1432	IDriver.exe
1432	IDriver.exe
1432	IDriver.exe
1432	IDriver.exe
3496	MsiExec.exe
3496	MsiExec.exe
1132	MsiExec.exe
4800	regsvr32.exe
4440	regsvr32.exe
3432	regsvr32.exe
624	regsvr32.exe
856	regsvr32.exe
2452	regsvr32.exe
1132	MsiExec.exe
1132	MsiExec.exe
1132	MsiExec.exe
4840	IDriver.exe
4840	IDriver.exe
4840	IDriver.exe
4840	IDriver.exe
4840	IDriver.exe
4840	IDriver.exe
4840	IDriver.exe
4840	IDriver.exe
4840	IDriver.exe
1132	MsiExec.exe
1132	MsiExec.exe
1132	MsiExec.exe
1132	MsiExec.exe
3776	MsiExec.exe
3776	MsiExec.exe
1132	MsiExec.exe
1132	MsiExec.exe
1132	MsiExec.exe
1132	MsiExec.exe
3496	MsiExec.exe
4064	MsiExec.exe
4672	regsvr32.exe
388	regsvr32.exe
3408	regsvr32.exe
2188	regsvr32.exe
1076	regsvr32.exe
5100	regsvr32.exe
4064	MsiExec.exe
4064	MsiExec.exe
4064	MsiExec.exe
1924	IDriver.exe
1924	IDriver.exe
1924	IDriver.exe

Enumerates connected drives 3 TTPs 48 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\H:	FL_Client_Installer.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\A:	FL_Client_Installer.exe
File opened (read-only)	\??\M:	FL_Client_Installer.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\B:	FL_Client_Installer.exe
File opened (read-only)	\??\J:	FL_Client_Installer.exe
File opened (read-only)	\??\O:	FL_Client_Installer.exe
File opened (read-only)	\??\V:	FL_Client_Installer.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\N:	FL_Client_Installer.exe
File opened (read-only)	\??\T:	FL_Client_Installer.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\F:	FL_Client_Installer.exe
File opened (read-only)	\??\Q:	FL_Client_Installer.exe
File opened (read-only)	\??\R:	FL_Client_Installer.exe
File opened (read-only)	\??\S:	FL_Client_Installer.exe
File opened (read-only)	\??\W:	FL_Client_Installer.exe
File opened (read-only)	\??\Y:	FL_Client_Installer.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\I:	FL_Client_Installer.exe
File opened (read-only)	\??\K:	FL_Client_Installer.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\E:	FL_Client_Installer.exe
File opened (read-only)	\??\P:	FL_Client_Installer.exe
File opened (read-only)	\??\U:	FL_Client_Installer.exe
File opened (read-only)	\??\X:	FL_Client_Installer.exe
File opened (read-only)	\??\Z:	FL_Client_Installer.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\G:	FL_Client_Installer.exe
File opened (read-only)	\??\L:	FL_Client_Installer.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\QuickTime\FLV.qtx	msiexec.exe
File created	C:\Windows\SysWOW64\QuickTime\MMxptResources.dll	msiexec.exe

Drops file in Program Files directory 52 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\temp.000	MsiExec.exe
File opened for modification	C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\IUserCnv.dll	MsiExec.exe
File created	C:\Program Files (x86)\Macromedia\Extension Manager\MFC71.dll	msiexec.exe
File opened for modification	C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\objpscnv.dll	MsiExec.exe
File created	C:\Program Files (x86)\Macromedia\Flash 8 Video Encoder\en\Flash_8_Video_Encoder.dll	msiexec.exe
File created	C:\Program Files (x86)\Macromedia\Flash 8 Video Encoder\en\FLVEncoder.chm	msiexec.exe
File opened for modification	C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\IUserCnv.dll	MsiExec.exe
File created	C:\Program Files (x86)\Common Files\Macromedia\FileMap.xml	msiexec.exe
File created	C:\Program Files (x86)\Macromedia\Extension Manager\Samples\Dreamweaver\Sample.mxi	msiexec.exe
File created	C:\Program Files (x86)\Macromedia\Extension Manager\Resources.dll	msiexec.exe
File opened for modification	C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\IDriver.exe	MsiExec.exe
File created	C:\Program Files (x86)\Macromedia\Flash 8 Video Encoder\Flash 8 Video Encoder.exe	msiexec.exe
File created	C:\Program Files (x86)\Macromedia\Flash 8 Video Encoder\en\Flash_8_Video_Extension_Resources.dll	msiexec.exe
File opened for modification	C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\IDriver.exe	MsiExec.exe
File created	C:\Program Files (x86)\Macromedia\Extension Manager\Replace.exe	msiexec.exe
File created	C:\Program Files (x86)\Macromedia\Extension Manager\msvcr71.dll	msiexec.exe
File created	C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\temp.000	MsiExec.exe
File opened for modification	C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\IUserCnv.dll	MsiExec.exe
File opened for modification	C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\IScrCnv.dll	MsiExec.exe
File opened for modification	C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\_ISRES1033.dll	MsiExec.exe
File opened for modification	C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\_ISRES1033.dll	MsiExec.exe
File created	C:\Program Files (x86)\Macromedia\Extension Manager\Help\emusing.chm	msiexec.exe
File opened for modification	C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\IScrCnv.dll	MsiExec.exe
File opened for modification	C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\_ISRES1033.dll	MsiExec.exe
File opened for modification	C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\ISRT.dll	MsiExec.exe
File created	C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\temp.000	MsiExec.exe
File created	C:\Program Files (x86)\Macromedia\Extension Manager\Samples\Dreamweaver\Blank.mxi	msiexec.exe
File created	C:\Program Files (x86)\Macromedia\Extension Manager\Samples\Flash\Sample.mxi	msiexec.exe
File created	C:\Program Files (x86)\Macromedia\Extension Manager\msvcp71.dll	msiexec.exe
File opened for modification	C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\iGdiCnv.dll	MsiExec.exe
File created	C:\Program Files (x86)\Macromedia\Flash 8 Video Encoder\License.htm	msiexec.exe
File opened for modification	C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\objpscnv.dll	MsiExec.exe
File opened for modification	C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\IScrCnv.dll	MsiExec.exe
File created	C:\Program Files (x86)\Macromedia\Extension Manager\Samples\Fireworks\Blank.mxi	msiexec.exe
File created	C:\Program Files (x86)\Macromedia\Extension Manager\Extension Manager.exe	msiexec.exe
File created	C:\Program Files (x86)\Macromedia\Extension Manager\MFC71u.dll	msiexec.exe
File created	C:\Program Files (x86)\Macromedia\Extension Manager\dbghelp.dll	msiexec.exe
File created	C:\Program Files (x86)\Macromedia\Flash 8 Video Encoder\Register.htm	msiexec.exe
File created	C:\Program Files (x86)\Macromedia\Flash 8 Video Encoder\mmxptresources.dll	msiexec.exe
File opened for modification	C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\IDriver.exe	MsiExec.exe
File created	C:\Program Files (x86)\Common Files\Macromedia\EMLaunch.dll	msiexec.exe
File created	C:\Program Files (x86)\Macromedia\Extension Manager\Samples\Dreamweaver\Sample.htm	msiexec.exe
File created	C:\Program Files (x86)\Macromedia\Extension Manager\Samples\Flash\Blank.mxi	msiexec.exe
File created	C:\Program Files (x86)\Macromedia\Extension Manager\License.htm	msiexec.exe
File created	C:\Program Files (x86)\Macromedia\Extension Manager\Readme.htm	msiexec.exe
File created	C:\Program Files (x86)\Macromedia\Extension Manager\xman.cdf	msiexec.exe
File opened for modification	C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\ISRT.dll	MsiExec.exe
File opened for modification	C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\iGdiCnv.dll	MsiExec.exe
File opened for modification	C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\ISRT.dll	MsiExec.exe
File opened for modification	C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\objpscnv.dll	MsiExec.exe
File opened for modification	C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\iGdiCnv.dll	MsiExec.exe
File created	C:\Program Files (x86)\Macromedia\Extension Manager\Samples\Flash\Sample.fla	msiexec.exe

Drops file in Windows directory 46 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSI80F6.tmp	msiexec.exe
File opened for modification	C:\Windows\Downloaded Installations\Macromedia Flash 8\Data1.cab	Flash8-en.exe
File opened for modification	C:\Windows\Installer\MSI4F98.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI644F.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI6991.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8220.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI83E7.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}\ARPPRODUCTICONFLV1.exe	msiexec.exe
File opened for modification	C:\Windows\Downloaded Installations\Macromedia Flash 8\FL_Client_Installer.exe	Flash8-en.exe
File opened for modification	C:\Windows\Downloaded Installations\Macromedia Flash 8\WindowsInstaller-KB884016-v2-x86.exe	Flash8-en.exe
File opened for modification	C:\Windows\Installer\MSI5E7E.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI6150.tmp	msiexec.exe
File created	C:\Windows\Installer\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}\EMARPPRODUCTICON.exe	msiexec.exe
File opened for modification	C:\Windows\Installer\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}\READMEICON.htm	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8511.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e5746cd.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI6DE9.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}	msiexec.exe
File created	C:\Windows\Installer\{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}\ARPPRODUCTICONFLV1.exe	msiexec.exe
File created	C:\Windows\Downloaded Installations\Macromedia Flash 8\FL_Client_Installer.exe	Flash8-en.exe
File opened for modification	C:\Windows\Installer\MSI4882.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}\EMARPPRODUCTICON.exe	msiexec.exe
File created	C:\Windows\Downloaded Installations\Macromedia Flash 8\WindowsInstaller-KB884016-v2-x86.exe	Flash8-en.exe
File opened for modification	C:\Windows\Installer\MSI6036.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI86C7.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8784.tmp	msiexec.exe
File created	C:\Windows\Downloaded Installations\Macromedia Flash 8\Macromedia Flash 8.msi	Flash8-en.exe
File created	C:\Windows\Installer\e5746cd.msi	msiexec.exe
File created	C:\Windows\Installer\e5746d4.msi	msiexec.exe
File created	C:\Windows\Installer\e5746d0.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI6663.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI66C2.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8087.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI82AD.tmp	msiexec.exe
File created	C:\Windows\Downloaded Installations\Macromedia Flash 8\Data1.cab	Flash8-en.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}	msiexec.exe
File created	C:\Windows\Installer\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}\READMEICON.htm	msiexec.exe
File created	C:\Windows\Installer\e5746d1.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e5746d1.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI6DE8.tmp	msiexec.exe
File opened for modification	C:\Windows\Downloaded Installations\Macromedia Flash 8\Macromedia Flash 8.msi	Flash8-en.exe
File opened for modification	C:\Windows\Installer\MSI4F99.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI6016.tmp	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 3 IoCs

pid	pid_target	Process	procid_target
3372	1432	WerFault.exe	101
3804	4840	WerFault.exe	114
820	1924	WerFault.exe	128

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000f9d6c693febb2fce0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000f9d6c6930000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3f000000ffffffff000000000700010000680900f9d6c693000000000000d0120000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000f9d6c69300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000f9d6c69300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\20	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1E\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1F	msiexec.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1DE0B0AC-D65A-4B47-B4E4-37C8E065D9A1}\TypeLib\ = "{01F6AFCB-2AFF-4A6F-8681-E51C4AC277B7}"	IDriver.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{46E4AEB7-19C5-4A43-AD65-FF6859E43C2B}	IDriver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AF0996A6-75B5-457D-B417-49B5FBF97E73}\ProgID\ = "ISInstallDriver.StringTable.10"	IDriver.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F1F45426-4ECC-4E2F-A2AD-3424A424B336}\TypeLib	IDriver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B23DEBC2-3C5C-47A6-8FF8-148132D193F4}\TypeLib\ = "{01F6AFCB-2AFF-4A6F-8681-E51C4AC277B7}"	IDriver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{92559C8C-F9C8-4BE7-BA9D-26AFEA5E4389}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	IDriver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{92559C8C-F9C8-4BE7-BA9D-26AFEA5E4389}\TypeLib\ = "{01F6AFCB-2AFF-4A6F-8681-E51C4AC277B7}"	IDriver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F6EE9F4A-2D30-4A78-8720-90B6ED68763B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	IDriver.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{15CF3576-8A86-4D1F-9A64-912F901F0173}	IDriver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{065BC041-955D-42E2-A767-F26CA8E5A2A3}\ = "IMsiServer"	IDriver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-mmxp\Extension = ".mxp"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\104C2FB8EC20D424CB62C6F4F94B646B\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{78994A88-276B-4F15-BAF6-FB4CD3F9E223}\ = "ISetupReboot2"	IDriver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D354A092-4A8E-4077-A738-8314F6BA0DE6}\TypeLib\Version = "1.0"	IDriver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4D3EF9D-0157-4C5F-A74B-BAEE5D6ED3AE}\ = "IMSIMsgHandler"	IDriver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5FC8AC65-FD78-4439-90A2-291175681698}\TypeLib\ = "{01F6AFCB-2AFF-4A6F-8681-E51C4AC277B7}"	IDriver.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1F74B51C-963F-420E-90FA-FD96FA7712DC}\ProxyStubClsid32	IDriver.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DBBC99EB-259B-4CD3-B167-3D75539D9E9C}\ProxyStubClsid32	IDriver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{610B9179-896D-41FC-9056-27616367AD91}\TypeLib\Version = "1.0"	IDriver.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BB7CE443-5294-42A0-8BC6-C3584A0E9E5E}\ProxyStubClsid32	IDriver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1AEFB69D-57BB-4963-AFA8-09FA9614E1CB}\TypeLib\Version = "1.0"	IDriver.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{78994A88-276B-4F15-BAF6-FB4CD3F9E223}\ProxyStubClsid32	IDriver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A351BCFD-F07F-48CB-91A0-AF69317D9D6D}\ProxyStubClsid32\ = "{1E4FB44E-D416-4243-B811-8E116F9CE39A}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{82B47390-3D18-4100-B967-7790E0199744}	IDriver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{023F4789-ADC1-4030-9DE3-7ED7F57EA2CA}\TypeLib\Version = "1.0"	IDriver.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\5BDC64552EC2B8940B95B5B38FF14CF1\SourceList\Net	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{11997148-EAEB-42A2-B3CC-B7C5A7199107}	IDriver.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9CBF197F-754C-4011-9019-1C632FD2897A}\TypeLib	IDriver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{566BECBB-A8DF-43EA-8D44-77BCC7B72F21}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	IDriver.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{85D3BD85-0A91-438D-B2F9-BC4E31A5DB34}	IDriver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EDF81340-0BD9-40B7-825C-29AEE7A64D4E}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	IDriver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1F74B51C-963F-420E-90FA-FD96FA7712DC}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	IDriver.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\104C2FB8EC20D424CB62C6F4F94B646B\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0AA8743E-3991-438C-8631-3C8C169399E6}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	IDriver.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Macromedia.Extension.Package	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\104C2FB8EC20D424CB62C6F4F94B646B\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\{2BD5C305-1B27-4D41-B690-7A61172D2FEB}\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{96EDAA2C-E90A-4ABA-AC0D-9226B8B3AB79}\TypeLib\Version = "1.0"	IDriver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{92559C8C-F9C8-4BE7-BA9D-26AFEA5E4389}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	IDriver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{184C53CC-8D6D-4A58-8108-90167678B84C}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	IDriver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CD549FD5-6590-4F67-B60E-E7422ADAF1B3}\ = "ISetupScriptError"	IDriver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{184C53CC-8D6D-4A58-8108-90167678B84C}\TypeLib\Version = "1.0"	IDriver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DBBC99EB-259B-4CD3-B167-3D75539D9E9C}\ = "ISetupDynamicLinkedLibraryController"	IDriver.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1F74B51C-963F-420E-90FA-FD96FA7712DC}	IDriver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F43DC703-046B-4FB0-8AC2-0CB24623994D}\ = "ISetupObjectHolder"	IDriver.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A5CDB19F-95A7-4DFC-A65F-D01CB17BDAA2}\ProxyStubClsid32	IDriver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1AEFB69D-57BB-4963-AFA8-09FA9614E1CB}\ = "ISetupShell"	IDriver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A10FDF47-9E29-401C-988C-A7A28434BCC2}\TypeLib\ = "{01F6AFCB-2AFF-4A6F-8681-E51C4AC277B7}"	IDriver.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{78994A88-276B-4F15-BAF6-FB4CD3F9E223}	IDriver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AF21D406-D32C-4413-81CE-B9AF860E1361}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	IDriver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{44D68E56-4A11-4C14-806B-083FFA62767C}\TypeLib\ = "{01F6AFCB-2AFF-4A6F-8681-E51C4AC277B7}"	IDriver.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5FC8AC65-FD78-4439-90A2-291175681698}	IDriver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{46E4AEB7-19C5-4A43-AD65-FF6859E43C2B}\ = "IMsiServer2001"	IDriver.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ISInstallDriver.InstallDriver	IDriver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{90FFDCC6-889E-4394-B60A-36EB3A32CED7}\TypeLib\ = "{01F6AFCB-2AFF-4A6F-8681-E51C4AC277B7}"	IDriver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AEED9AE1-AE66-4065-A274-DC7BBFEE354B}\TypeLib\Version = "1.0"	IDriver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DED5FE20-27D3-4F38-8DF3-93659038C417}\TypeLib\ = "{01F6AFCB-2AFF-4A6F-8681-E51C4AC277B7}"	IDriver.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\104C2FB8EC20D424CB62C6F4F94B646B\AdvertiseFlags = "388"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\104C2FB8EC20D424CB62C6F4F94B646B\InstanceType = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F31ADE0D-9319-4067-829A-107D25C1C131}\TypeLib\ = "{01F6AFCB-2AFF-4A6F-8681-E51C4AC277B7}"	IDriver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FF9F015D-973A-47E9-8857-EFBD6C08A318}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	IDriver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Macromedia.Extension.Information\	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99438BE3-EA31-4C13-85FD-FEB81A61AB34}\TypeLib	IDriver.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CD549FD5-6590-4F67-B60E-E7422ADAF1B3}\ProxyStubClsid32	IDriver.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2BF7C25E-DA1D-4E34-8242-5DCDD9F18245}\TypeLib\ = "{01F6AFCB-2AFF-4A6F-8681-E51C4AC277B7}"	IDriver.exe

Modifies system certificate store 2 TTPs 2 IoCs

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2	FL_Client_Installer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2\Blob = 5c0000000100000004000000000400007e0000000100000008000000000010c51e92d201620000000100000020000000e7685634efacf69ace939a6b255b7b4fabef42935b50a265acb5cb6027e44e7009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030119000000010000001000000091161b894b117ecdc257628db460cc04030000000100000014000000742c3192e607e424eb4549542be1bbc53e6174e21d000000010000001000000027b3517667331ce2c1e74002b5ff2298140000000100000014000000e27f7bd877d5df9e0a3f9eb4cb0e2ea9efdb69770b000000010000004600000056006500720069005300690067006e00200043006c006100730073002000330020005000750062006c006900630020005000720069006d00610072007900200043004100000004000000010000001000000010fc635df6263e0df325be5f79cd67670f0000000100000010000000d7c63be0837dbabf881d4fbf5f986ad853000000010000002400000030223020060a2b0601040182375e010130123010060a2b0601040182373c0101030200c07a000000010000000e000000300c060a2b0601040182375e010268000000010000000800000000003db65bd9d5012000000001000000400200003082023c308201a5021070bae41d10d92934b638ca7b03ccbabf300d06092a864886f70d0101020500305f310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e31373035060355040b132e436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479301e170d3936303132393030303030305a170d3238303830313233353935395a305f310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e31373035060355040b132e436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f7269747930819f300d06092a864886f70d010101050003818d0030818902818100c95c599ef21b8a0114b410df0440dbe357af6a45408f840c0bd133d9d911cfee02581f25f72aa84405aaec031f787f9e93b99a00aa237dd6ac85a26345c77227ccf44cc67571d239ef4f42f075df0a90c68e206f980ff8ac235f702936a4c986e7b19a20cb53a585e73dbe7d9afe244533dc7615ed0fa271644c652e816845a70203010001300d06092a864886f70d010102050003818100bb4c122bcf2c26004f1413dda6fbfc0a11848cf3281c67922f7cb6c5fadff0e895bc1d8f6c2ca851cc73d8a4c053f04ed626c076015781925e21f1d1b1ffe7d02158cd6917e3441c9c194439895cdc9c000f568d0299eda290454ce4bb10a43df032030ef1cef8e8c9518ce6629fe69fc07db7729cc9363a6b9f4ea8ff640d64	FL_Client_Installer.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2624	msiexec.exe
2624	msiexec.exe
2624	msiexec.exe
2624	msiexec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4152	FL_Client_Installer.exe
Token: SeIncreaseQuotaPrivilege	4152	FL_Client_Installer.exe
Token: SeSecurityPrivilege	2624	msiexec.exe
Token: SeCreateTokenPrivilege	4152	FL_Client_Installer.exe
Token: SeAssignPrimaryTokenPrivilege	4152	FL_Client_Installer.exe
Token: SeLockMemoryPrivilege	4152	FL_Client_Installer.exe
Token: SeIncreaseQuotaPrivilege	4152	FL_Client_Installer.exe
Token: SeMachineAccountPrivilege	4152	FL_Client_Installer.exe
Token: SeTcbPrivilege	4152	FL_Client_Installer.exe
Token: SeSecurityPrivilege	4152	FL_Client_Installer.exe
Token: SeTakeOwnershipPrivilege	4152	FL_Client_Installer.exe
Token: SeLoadDriverPrivilege	4152	FL_Client_Installer.exe
Token: SeSystemProfilePrivilege	4152	FL_Client_Installer.exe
Token: SeSystemtimePrivilege	4152	FL_Client_Installer.exe
Token: SeProfSingleProcessPrivilege	4152	FL_Client_Installer.exe
Token: SeIncBasePriorityPrivilege	4152	FL_Client_Installer.exe
Token: SeCreatePagefilePrivilege	4152	FL_Client_Installer.exe
Token: SeCreatePermanentPrivilege	4152	FL_Client_Installer.exe
Token: SeBackupPrivilege	4152	FL_Client_Installer.exe
Token: SeRestorePrivilege	4152	FL_Client_Installer.exe
Token: SeShutdownPrivilege	4152	FL_Client_Installer.exe
Token: SeDebugPrivilege	4152	FL_Client_Installer.exe
Token: SeAuditPrivilege	4152	FL_Client_Installer.exe
Token: SeSystemEnvironmentPrivilege	4152	FL_Client_Installer.exe
Token: SeChangeNotifyPrivilege	4152	FL_Client_Installer.exe
Token: SeRemoteShutdownPrivilege	4152	FL_Client_Installer.exe
Token: SeUndockPrivilege	4152	FL_Client_Installer.exe
Token: SeSyncAgentPrivilege	4152	FL_Client_Installer.exe
Token: SeEnableDelegationPrivilege	4152	FL_Client_Installer.exe
Token: SeManageVolumePrivilege	4152	FL_Client_Installer.exe
Token: SeImpersonatePrivilege	4152	FL_Client_Installer.exe
Token: SeCreateGlobalPrivilege	4152	FL_Client_Installer.exe
Token: SeCreateTokenPrivilege	4152	FL_Client_Installer.exe
Token: SeAssignPrimaryTokenPrivilege	4152	FL_Client_Installer.exe
Token: SeLockMemoryPrivilege	4152	FL_Client_Installer.exe
Token: SeIncreaseQuotaPrivilege	4152	FL_Client_Installer.exe
Token: SeMachineAccountPrivilege	4152	FL_Client_Installer.exe
Token: SeTcbPrivilege	4152	FL_Client_Installer.exe
Token: SeSecurityPrivilege	4152	FL_Client_Installer.exe
Token: SeTakeOwnershipPrivilege	4152	FL_Client_Installer.exe
Token: SeLoadDriverPrivilege	4152	FL_Client_Installer.exe
Token: SeSystemProfilePrivilege	4152	FL_Client_Installer.exe
Token: SeSystemtimePrivilege	4152	FL_Client_Installer.exe
Token: SeProfSingleProcessPrivilege	4152	FL_Client_Installer.exe
Token: SeIncBasePriorityPrivilege	4152	FL_Client_Installer.exe
Token: SeCreatePagefilePrivilege	4152	FL_Client_Installer.exe
Token: SeCreatePermanentPrivilege	4152	FL_Client_Installer.exe
Token: SeBackupPrivilege	4152	FL_Client_Installer.exe
Token: SeRestorePrivilege	4152	FL_Client_Installer.exe
Token: SeShutdownPrivilege	4152	FL_Client_Installer.exe
Token: SeDebugPrivilege	4152	FL_Client_Installer.exe
Token: SeAuditPrivilege	4152	FL_Client_Installer.exe
Token: SeSystemEnvironmentPrivilege	4152	FL_Client_Installer.exe
Token: SeChangeNotifyPrivilege	4152	FL_Client_Installer.exe
Token: SeRemoteShutdownPrivilege	4152	FL_Client_Installer.exe
Token: SeUndockPrivilege	4152	FL_Client_Installer.exe
Token: SeSyncAgentPrivilege	4152	FL_Client_Installer.exe
Token: SeEnableDelegationPrivilege	4152	FL_Client_Installer.exe
Token: SeManageVolumePrivilege	4152	FL_Client_Installer.exe
Token: SeImpersonatePrivilege	4152	FL_Client_Installer.exe
Token: SeCreateGlobalPrivilege	4152	FL_Client_Installer.exe
Token: SeCreateTokenPrivilege	4152	FL_Client_Installer.exe
Token: SeAssignPrimaryTokenPrivilege	4152	FL_Client_Installer.exe
Token: SeLockMemoryPrivilege	4152	FL_Client_Installer.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4152	FL_Client_Installer.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1084 wrote to memory of 4152	1084	Flash8-en.exe	84
PID 1084 wrote to memory of 4152	1084	Flash8-en.exe	84
PID 1084 wrote to memory of 4152	1084	Flash8-en.exe	84
PID 2624 wrote to memory of 3496	2624	msiexec.exe	91
PID 2624 wrote to memory of 3496	2624	msiexec.exe	91
PID 2624 wrote to memory of 3496	2624	msiexec.exe	91
PID 3496 wrote to memory of 3336	3496	MsiExec.exe	92
PID 3496 wrote to memory of 3336	3496	MsiExec.exe	92
PID 3496 wrote to memory of 3336	3496	MsiExec.exe	92
PID 3496 wrote to memory of 4896	3496	MsiExec.exe	93
PID 3496 wrote to memory of 4896	3496	MsiExec.exe	93
PID 3496 wrote to memory of 4896	3496	MsiExec.exe	93
PID 3496 wrote to memory of 908	3496	MsiExec.exe	94
PID 3496 wrote to memory of 908	3496	MsiExec.exe	94
PID 3496 wrote to memory of 908	3496	MsiExec.exe	94
PID 3496 wrote to memory of 4068	3496	MsiExec.exe	96
PID 3496 wrote to memory of 4068	3496	MsiExec.exe	96
PID 3496 wrote to memory of 4068	3496	MsiExec.exe	96
PID 3496 wrote to memory of 4072	3496	MsiExec.exe	97
PID 3496 wrote to memory of 4072	3496	MsiExec.exe	97
PID 3496 wrote to memory of 4072	3496	MsiExec.exe	97
PID 3496 wrote to memory of 2568	3496	MsiExec.exe	99
PID 3496 wrote to memory of 2568	3496	MsiExec.exe	99
PID 3496 wrote to memory of 2568	3496	MsiExec.exe	99
PID 3496 wrote to memory of 2092	3496	MsiExec.exe	100
PID 3496 wrote to memory of 2092	3496	MsiExec.exe	100
PID 3496 wrote to memory of 2092	3496	MsiExec.exe	100
PID 1432 wrote to memory of 348	1432	IDriver.exe	105
PID 1432 wrote to memory of 348	1432	IDriver.exe	105
PID 1432 wrote to memory of 348	1432	IDriver.exe	105
PID 2624 wrote to memory of 1132	2624	msiexec.exe	106
PID 2624 wrote to memory of 1132	2624	msiexec.exe	106
PID 2624 wrote to memory of 1132	2624	msiexec.exe	106
PID 1132 wrote to memory of 4800	1132	MsiExec.exe	107
PID 1132 wrote to memory of 4800	1132	MsiExec.exe	107
PID 1132 wrote to memory of 4800	1132	MsiExec.exe	107
PID 1132 wrote to memory of 3460	1132	MsiExec.exe	108
PID 1132 wrote to memory of 3460	1132	MsiExec.exe	108
PID 1132 wrote to memory of 3460	1132	MsiExec.exe	108
PID 1132 wrote to memory of 4440	1132	MsiExec.exe	109
PID 1132 wrote to memory of 4440	1132	MsiExec.exe	109
PID 1132 wrote to memory of 4440	1132	MsiExec.exe	109
PID 1132 wrote to memory of 3432	1132	MsiExec.exe	110
PID 1132 wrote to memory of 3432	1132	MsiExec.exe	110
PID 1132 wrote to memory of 3432	1132	MsiExec.exe	110
PID 1132 wrote to memory of 624	1132	MsiExec.exe	111
PID 1132 wrote to memory of 624	1132	MsiExec.exe	111
PID 1132 wrote to memory of 624	1132	MsiExec.exe	111
PID 1132 wrote to memory of 856	1132	MsiExec.exe	112
PID 1132 wrote to memory of 856	1132	MsiExec.exe	112
PID 1132 wrote to memory of 856	1132	MsiExec.exe	112
PID 1132 wrote to memory of 2452	1132	MsiExec.exe	113
PID 1132 wrote to memory of 2452	1132	MsiExec.exe	113
PID 1132 wrote to memory of 2452	1132	MsiExec.exe	113
PID 2624 wrote to memory of 3776	2624	msiexec.exe	117
PID 2624 wrote to memory of 3776	2624	msiexec.exe	117
PID 2624 wrote to memory of 3776	2624	msiexec.exe	117
PID 1432 wrote to memory of 312	1432	IDriver.exe	119
PID 1432 wrote to memory of 312	1432	IDriver.exe	119
PID 1432 wrote to memory of 312	1432	IDriver.exe	119
PID 2624 wrote to memory of 4064	2624	msiexec.exe	120
PID 2624 wrote to memory of 4064	2624	msiexec.exe	120
PID 2624 wrote to memory of 4064	2624	msiexec.exe	120
PID 4064 wrote to memory of 4672	4064	MsiExec.exe	121

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\Flash8-en.exe
"C:\Users\Admin\AppData\Local\Temp\Flash8-en.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1084
- C:\Windows\Downloaded Installations\Macromedia Flash 8\FL_Client_Installer.exe
  "C:\Windows\Downloaded Installations\Macromedia Flash 8\FL_Client_Installer.exe"
  2⤵
  - Executes dropped EXE
  - Enumerates connected drives
  - Modifies system certificate store
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:4152

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2624
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 370328490333DEB4036255E48CEF0C4A C
  2⤵
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Suspicious use of WriteProcessMemory
  PID:3496
- - C:\Windows\SysWOW64\regsvr32.exe
    regsvr32 /s "C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\_ISRES~1.DLL"
    3⤵
    - Loads dropped DLL
    PID:3336
- - C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\IDriver.exe
    "C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\IDriver.exe" /RegServer
    3⤵
    - Executes dropped EXE
    - Modifies registry class
    PID:4896
- - C:\Windows\SysWOW64\regsvr32.exe
    regsvr32 /s "C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IUserCnv.dll"
    3⤵
    - Loads dropped DLL
    PID:908
- - C:\Windows\SysWOW64\regsvr32.exe
    regsvr32 /s "C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\ISRT.dll"
    3⤵
    - Loads dropped DLL
    PID:4068
- - C:\Windows\SysWOW64\regsvr32.exe
    regsvr32 /s "C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\objpscnv.dll"
    3⤵
    - Loads dropped DLL
    - Modifies registry class
    PID:4072
- - C:\Windows\SysWOW64\regsvr32.exe
    regsvr32 /s "C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IScrCnv.dll"
    3⤵
    - Loads dropped DLL
    PID:2568
- - C:\Windows\SysWOW64\regsvr32.exe
    regsvr32 /s "C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\iGdiCnv.dll"
    3⤵
    - Loads dropped DLL
    PID:2092
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 060418117DFCBFD1C539E89574F56D9C
  2⤵
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Suspicious use of WriteProcessMemory
  PID:1132
- - C:\Windows\SysWOW64\regsvr32.exe
    regsvr32 /s "C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\_ISRES~1.DLL"
    3⤵
    - Loads dropped DLL
    PID:4800
- - C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\IDriver.exe
    "C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\IDriver.exe" /RegServer
    3⤵
    - Executes dropped EXE
    PID:3460
- - C:\Windows\SysWOW64\regsvr32.exe
    regsvr32 /s "C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IUserCnv.dll"
    3⤵
    - Loads dropped DLL
    PID:4440
- - C:\Windows\SysWOW64\regsvr32.exe
    regsvr32 /s "C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\ISRT.dll"
    3⤵
    - Loads dropped DLL
    PID:3432
- - C:\Windows\SysWOW64\regsvr32.exe
    regsvr32 /s "C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\objpscnv.dll"
    3⤵
    - Loads dropped DLL
    PID:624
- - C:\Windows\SysWOW64\regsvr32.exe
    regsvr32 /s "C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IScrCnv.dll"
    3⤵
    - Loads dropped DLL
    PID:856
- - C:\Windows\SysWOW64\regsvr32.exe
    regsvr32 /s "C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\iGdiCnv.dll"
    3⤵
    - Loads dropped DLL
    PID:2452
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 32372A53D718F3E8443FC1661120A037 E Global\MSI0000
  2⤵
  - Loads dropped DLL
  PID:3776
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding D0469F27D90FB470944B22DF9B330DA7
  2⤵
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Suspicious use of WriteProcessMemory
  PID:4064
- - C:\Windows\SysWOW64\regsvr32.exe
    regsvr32 /s "C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\_ISRES~1.DLL"
    3⤵
    - Loads dropped DLL
    PID:4672
- - C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\IDriver.exe
    "C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\IDriver.exe" /RegServer
    3⤵
    - Executes dropped EXE
    - Modifies registry class
    PID:5096
- - C:\Windows\SysWOW64\regsvr32.exe
    regsvr32 /s "C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IUserCnv.dll"
    3⤵
    - Loads dropped DLL
    PID:388
- - C:\Windows\SysWOW64\regsvr32.exe
    regsvr32 /s "C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\ISRT.dll"
    3⤵
    - Loads dropped DLL
    PID:3408
- - C:\Windows\SysWOW64\regsvr32.exe
    regsvr32 /s "C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\objpscnv.dll"
    3⤵
    - Loads dropped DLL
    PID:2188
- - C:\Windows\SysWOW64\regsvr32.exe
    regsvr32 /s "C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IScrCnv.dll"
    3⤵
    - Loads dropped DLL
    PID:1076
- - C:\Windows\SysWOW64\regsvr32.exe
    regsvr32 /s "C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\iGdiCnv.dll"
    3⤵
    - Loads dropped DLL
    PID:5100
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding A45E8AC0AF2A7CE4BA96E7E7156B0BA5 E Global\MSI0000
  2⤵
  PID:1536

C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe
C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe -Embedding
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1432
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1432 -s 1156
  2⤵
  - Program crash
  PID:3372
- C:\Windows\SysWOW64\msiexec.exe
  msiexec /i C:\Users\Admin\AppData\Local\Temp\{2BD5C305-1B27-4D41-B690-7A61172D2FEB}\Macromedia_Extension_Manager.msi /qn MM_STUDIO=0 MACROMEDIA="C:\Program Files (x86)\Macromedia"
  2⤵
  PID:348
- C:\Windows\SysWOW64\msiexec.exe
  msiexec /i "C:\Users\Admin\AppData\Local\Temp\{2BD5C305-1B27-4D41-B690-7A61172D2FEB}\Macromedia Flash 8 Video Encoder.msi" /qn MM_STUDIO=0 MACROMEDIA="C:\Program Files (x86)\Macromedia"
  2⤵
  PID:312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 1432 -ip 1432
1⤵
PID:3912

C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe
C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe -Embedding
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4840
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4840 -s 1192
  2⤵
  - Program crash
  PID:3804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 4840 -ip 4840
1⤵
PID:460

C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe
C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe -Embedding
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1924
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 1152
  2⤵
  - Program crash
  PID:820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 1924 -ip 1924
1⤵
PID:2264

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
PID:5108

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e5746cf.rbs

Filesize
24KB

MD5
c453c99187903c103f56efc26906e0d3

SHA1
37d5351c0258fe880bd6f0df55ca50d22ce813e8

SHA256
0cdaf544c138c37ce2b0ade278ae561c715f0b12600876a40bfd50cdf780ac13

SHA512
f5a1352272addb8fce891432ec552a0f2de72805bb47cfbe1e70a3cb3eee77b4db343c3dd28735e745b5a491fa3e605401c049910c3279a1a970db2ee9b73800

Download Submit
C:\Config.Msi\e5746d3.rbs

Filesize
12KB

MD5
d202b4c811e7b817290d00fc2a427a7e

SHA1
8e2355bac982cfd1b1f0c9c340cd99425021ef89

SHA256
8e0f0615642871f99e8d78cb5e56ce6ca834e514daf9067dc30bf7efe9b72863

SHA512
ac3083fdd41390c04cf78249a3fa0ed4bfb3da434298f22cc6487e7a241ba9e89b650ad1426bbbdc53b6e18eeccd1bb5d487c17be741e88a4a038f7a5267d7e0

Download Submit
C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\ISRT.dll

Filesize
400KB

MD5
db28ca3ba3c2045aa7b6e59aa9831c68

SHA1
55b44ea55f3a04b916339c81e1cc3f3db62d54cc

SHA256
ca41725fb64338211a9f9740f45f1b0c4d80e6c7e84a1d2e5580dcecbf87e489

SHA512
82c409611e61acad6b2986372ff72682e611b7ee5a88e74fec9c7864ce50c7494adba4165a44f2cc99b93daee33ad67320aed4fd5f85ef2fbc4779bf69f55efb

Download Submit
C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IScrCnv.dll

Filesize
260KB

MD5
f6aabdf85821a9c61c61dec9408f40cc

SHA1
ddac695de73be7a67357aea89c7b9c2ca21fc4e1

SHA256
9ee23586d456db53d59fbaa8669e817461aeaf94f81237ead3f2c23cac8c40fa

SHA512
73d2e4352c4055c8d08ad5499fc4495ff6fa7613970f9c0a3cf73dae645fc9102e62cf9c7dd046d6bc3c909cbafd06a30812d1d9bcf8f34c4a253c09d628b538

Download Submit
C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IUserCnv.dll

Filesize
168KB

MD5
197c2ce7cf2a98ae895ece98d88b8245

SHA1
f734d8dc508138501e79b384fe1a689920c6ba93

SHA256
260924991dff4fbd2f691913007aee1f3136708671ef3309b4f9ec8687da6f1e

SHA512
a7ff5f0d56a13d340d9ec1b977f9e995bf7dc61f6bf4b8ecd7369793d39032a43e587146e6b9a9084be5a9cc709876bf971983a218c2af631d3950cd3391cd47

Download Submit
C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\_ISRES~1.DLL

Filesize
528KB

MD5
1c1332bf83f505cb60e06c76fe111cdd

SHA1
3c80e9bd5a41ac3f8fa129d61261ea07db29f801

SHA256
9602fafb7de17b14a3474c64944db928ef6c23e20935c0e82e918fa2447cc979

SHA512
bd7cb4113f5b6067c55e7df1f6dac6b4058a0bdc9b0e7d6875f1718bdcc84d315ea8a2d373a45c47c82326a74cbce41a508f493eac59db99f7cd5e4f33ac575f

Download Submit
C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\iGdiCnv.dll

Filesize
176KB

MD5
afdfec6679ce99596261ff182afbe9e6

SHA1
3289711e3ce8bb72bd84bb0bc33f95d958648f4c

SHA256
81b931aaf908e1e372802db04dfbe5256209d488bfe88d58841fc13acadedfd6

SHA512
c8ce4617d03084f37b8766f0505922a8f380e0d2745658864197535c43c3b2f985c4a2bac2228752857782181cd41167bfa4b784c7ce3e8a94932d58d099753a

Download Submit
C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\objpscnv.dll

Filesize
32KB

MD5
aba70b81a5811e7b140271595d66f06f

SHA1
42ef824151e67cf921d861d83872c9ef13b500e6

SHA256
26d4765c2461fccd669e455d33659397d6f82fe261ece256c3f19b831dcfa0ba

SHA512
8780d68124e309b8ec2dbbbac18be3291fefabfd6ed9154645eddfb4dd8076e2fda97168d7c5ea9b378b54ee900f75bd409736cfc1262e0d167e0ff62078de0a

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\IDriver.exe

Filesize
744KB

MD5
a9d3658c5be72816812a5a32e4560ba3

SHA1
649003292ee74d2407fae441fb92b605a0d91f90

SHA256
b2527d1e2297506796f898e90907fb4c8c7e063f2898194e74152fa9ca21923f

SHA512
b80283aafbe8cd59720979d51a5524a1d53b001e59c6fe9693c754b238101ac6058122130e0be97ce22dc4f7edce9cd84aa4fde869bf728cff8fba1733638c5b

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\IDriver.exe

Filesize
744KB

MD5
a9d3658c5be72816812a5a32e4560ba3

SHA1
649003292ee74d2407fae441fb92b605a0d91f90

SHA256
b2527d1e2297506796f898e90907fb4c8c7e063f2898194e74152fa9ca21923f

SHA512
b80283aafbe8cd59720979d51a5524a1d53b001e59c6fe9693c754b238101ac6058122130e0be97ce22dc4f7edce9cd84aa4fde869bf728cff8fba1733638c5b

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\IDriver.exe

Filesize
744KB

MD5
a9d3658c5be72816812a5a32e4560ba3

SHA1
649003292ee74d2407fae441fb92b605a0d91f90

SHA256
b2527d1e2297506796f898e90907fb4c8c7e063f2898194e74152fa9ca21923f

SHA512
b80283aafbe8cd59720979d51a5524a1d53b001e59c6fe9693c754b238101ac6058122130e0be97ce22dc4f7edce9cd84aa4fde869bf728cff8fba1733638c5b

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\IDriver.exe

Filesize
744KB

MD5
a9d3658c5be72816812a5a32e4560ba3

SHA1
649003292ee74d2407fae441fb92b605a0d91f90

SHA256
b2527d1e2297506796f898e90907fb4c8c7e063f2898194e74152fa9ca21923f

SHA512
b80283aafbe8cd59720979d51a5524a1d53b001e59c6fe9693c754b238101ac6058122130e0be97ce22dc4f7edce9cd84aa4fde869bf728cff8fba1733638c5b

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\IDriver.exe

Filesize
744KB

MD5
a9d3658c5be72816812a5a32e4560ba3

SHA1
649003292ee74d2407fae441fb92b605a0d91f90

SHA256
b2527d1e2297506796f898e90907fb4c8c7e063f2898194e74152fa9ca21923f

SHA512
b80283aafbe8cd59720979d51a5524a1d53b001e59c6fe9693c754b238101ac6058122130e0be97ce22dc4f7edce9cd84aa4fde869bf728cff8fba1733638c5b

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\ISRT.dll

Filesize
400KB

MD5
db28ca3ba3c2045aa7b6e59aa9831c68

SHA1
55b44ea55f3a04b916339c81e1cc3f3db62d54cc

SHA256
ca41725fb64338211a9f9740f45f1b0c4d80e6c7e84a1d2e5580dcecbf87e489

SHA512
82c409611e61acad6b2986372ff72682e611b7ee5a88e74fec9c7864ce50c7494adba4165a44f2cc99b93daee33ad67320aed4fd5f85ef2fbc4779bf69f55efb

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\ISRT.dll

Filesize
400KB

MD5
db28ca3ba3c2045aa7b6e59aa9831c68

SHA1
55b44ea55f3a04b916339c81e1cc3f3db62d54cc

SHA256
ca41725fb64338211a9f9740f45f1b0c4d80e6c7e84a1d2e5580dcecbf87e489

SHA512
82c409611e61acad6b2986372ff72682e611b7ee5a88e74fec9c7864ce50c7494adba4165a44f2cc99b93daee33ad67320aed4fd5f85ef2fbc4779bf69f55efb

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\ISRT.dll

Filesize
400KB

MD5
db28ca3ba3c2045aa7b6e59aa9831c68

SHA1
55b44ea55f3a04b916339c81e1cc3f3db62d54cc

SHA256
ca41725fb64338211a9f9740f45f1b0c4d80e6c7e84a1d2e5580dcecbf87e489

SHA512
82c409611e61acad6b2986372ff72682e611b7ee5a88e74fec9c7864ce50c7494adba4165a44f2cc99b93daee33ad67320aed4fd5f85ef2fbc4779bf69f55efb

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\ISRT.dll

Filesize
400KB

MD5
db28ca3ba3c2045aa7b6e59aa9831c68

SHA1
55b44ea55f3a04b916339c81e1cc3f3db62d54cc

SHA256
ca41725fb64338211a9f9740f45f1b0c4d80e6c7e84a1d2e5580dcecbf87e489

SHA512
82c409611e61acad6b2986372ff72682e611b7ee5a88e74fec9c7864ce50c7494adba4165a44f2cc99b93daee33ad67320aed4fd5f85ef2fbc4779bf69f55efb

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\ISRT.dll

Filesize
400KB

MD5
db28ca3ba3c2045aa7b6e59aa9831c68

SHA1
55b44ea55f3a04b916339c81e1cc3f3db62d54cc

SHA256
ca41725fb64338211a9f9740f45f1b0c4d80e6c7e84a1d2e5580dcecbf87e489

SHA512
82c409611e61acad6b2986372ff72682e611b7ee5a88e74fec9c7864ce50c7494adba4165a44f2cc99b93daee33ad67320aed4fd5f85ef2fbc4779bf69f55efb

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\ISRT.dll

Filesize
400KB

MD5
db28ca3ba3c2045aa7b6e59aa9831c68

SHA1
55b44ea55f3a04b916339c81e1cc3f3db62d54cc

SHA256
ca41725fb64338211a9f9740f45f1b0c4d80e6c7e84a1d2e5580dcecbf87e489

SHA512
82c409611e61acad6b2986372ff72682e611b7ee5a88e74fec9c7864ce50c7494adba4165a44f2cc99b93daee33ad67320aed4fd5f85ef2fbc4779bf69f55efb

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\IScrCnv.dll

Filesize
260KB

MD5
f6aabdf85821a9c61c61dec9408f40cc

SHA1
ddac695de73be7a67357aea89c7b9c2ca21fc4e1

SHA256
9ee23586d456db53d59fbaa8669e817461aeaf94f81237ead3f2c23cac8c40fa

SHA512
73d2e4352c4055c8d08ad5499fc4495ff6fa7613970f9c0a3cf73dae645fc9102e62cf9c7dd046d6bc3c909cbafd06a30812d1d9bcf8f34c4a253c09d628b538

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\IScrCnv.dll

Filesize
260KB

MD5
f6aabdf85821a9c61c61dec9408f40cc

SHA1
ddac695de73be7a67357aea89c7b9c2ca21fc4e1

SHA256
9ee23586d456db53d59fbaa8669e817461aeaf94f81237ead3f2c23cac8c40fa

SHA512
73d2e4352c4055c8d08ad5499fc4495ff6fa7613970f9c0a3cf73dae645fc9102e62cf9c7dd046d6bc3c909cbafd06a30812d1d9bcf8f34c4a253c09d628b538

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\IScrCnv.dll

Filesize
260KB

MD5
f6aabdf85821a9c61c61dec9408f40cc

SHA1
ddac695de73be7a67357aea89c7b9c2ca21fc4e1

SHA256
9ee23586d456db53d59fbaa8669e817461aeaf94f81237ead3f2c23cac8c40fa

SHA512
73d2e4352c4055c8d08ad5499fc4495ff6fa7613970f9c0a3cf73dae645fc9102e62cf9c7dd046d6bc3c909cbafd06a30812d1d9bcf8f34c4a253c09d628b538

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\IScrCnv.dll

Filesize
260KB

MD5
f6aabdf85821a9c61c61dec9408f40cc

SHA1
ddac695de73be7a67357aea89c7b9c2ca21fc4e1

SHA256
9ee23586d456db53d59fbaa8669e817461aeaf94f81237ead3f2c23cac8c40fa

SHA512
73d2e4352c4055c8d08ad5499fc4495ff6fa7613970f9c0a3cf73dae645fc9102e62cf9c7dd046d6bc3c909cbafd06a30812d1d9bcf8f34c4a253c09d628b538

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\IUserCnv.dll

Filesize
168KB

MD5
197c2ce7cf2a98ae895ece98d88b8245

SHA1
f734d8dc508138501e79b384fe1a689920c6ba93

SHA256
260924991dff4fbd2f691913007aee1f3136708671ef3309b4f9ec8687da6f1e

SHA512
a7ff5f0d56a13d340d9ec1b977f9e995bf7dc61f6bf4b8ecd7369793d39032a43e587146e6b9a9084be5a9cc709876bf971983a218c2af631d3950cd3391cd47

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\IUserCnv.dll

Filesize
168KB

MD5
197c2ce7cf2a98ae895ece98d88b8245

SHA1
f734d8dc508138501e79b384fe1a689920c6ba93

SHA256
260924991dff4fbd2f691913007aee1f3136708671ef3309b4f9ec8687da6f1e

SHA512
a7ff5f0d56a13d340d9ec1b977f9e995bf7dc61f6bf4b8ecd7369793d39032a43e587146e6b9a9084be5a9cc709876bf971983a218c2af631d3950cd3391cd47

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\IUserCnv.dll

Filesize
168KB

MD5
197c2ce7cf2a98ae895ece98d88b8245

SHA1
f734d8dc508138501e79b384fe1a689920c6ba93

SHA256
260924991dff4fbd2f691913007aee1f3136708671ef3309b4f9ec8687da6f1e

SHA512
a7ff5f0d56a13d340d9ec1b977f9e995bf7dc61f6bf4b8ecd7369793d39032a43e587146e6b9a9084be5a9cc709876bf971983a218c2af631d3950cd3391cd47

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\IUserCnv.dll

Filesize
168KB

MD5
197c2ce7cf2a98ae895ece98d88b8245

SHA1
f734d8dc508138501e79b384fe1a689920c6ba93

SHA256
260924991dff4fbd2f691913007aee1f3136708671ef3309b4f9ec8687da6f1e

SHA512
a7ff5f0d56a13d340d9ec1b977f9e995bf7dc61f6bf4b8ecd7369793d39032a43e587146e6b9a9084be5a9cc709876bf971983a218c2af631d3950cd3391cd47

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\IUserCnv.dll

Filesize
168KB

MD5
197c2ce7cf2a98ae895ece98d88b8245

SHA1
f734d8dc508138501e79b384fe1a689920c6ba93

SHA256
260924991dff4fbd2f691913007aee1f3136708671ef3309b4f9ec8687da6f1e

SHA512
a7ff5f0d56a13d340d9ec1b977f9e995bf7dc61f6bf4b8ecd7369793d39032a43e587146e6b9a9084be5a9cc709876bf971983a218c2af631d3950cd3391cd47

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\IUserCnv.dll

Filesize
168KB

MD5
197c2ce7cf2a98ae895ece98d88b8245

SHA1
f734d8dc508138501e79b384fe1a689920c6ba93

SHA256
260924991dff4fbd2f691913007aee1f3136708671ef3309b4f9ec8687da6f1e

SHA512
a7ff5f0d56a13d340d9ec1b977f9e995bf7dc61f6bf4b8ecd7369793d39032a43e587146e6b9a9084be5a9cc709876bf971983a218c2af631d3950cd3391cd47

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\_ISRES1033.dll

Filesize
528KB

MD5
1c1332bf83f505cb60e06c76fe111cdd

SHA1
3c80e9bd5a41ac3f8fa129d61261ea07db29f801

SHA256
9602fafb7de17b14a3474c64944db928ef6c23e20935c0e82e918fa2447cc979

SHA512
bd7cb4113f5b6067c55e7df1f6dac6b4058a0bdc9b0e7d6875f1718bdcc84d315ea8a2d373a45c47c82326a74cbce41a508f493eac59db99f7cd5e4f33ac575f

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\_ISRES1033.dll

Filesize
528KB

MD5
1c1332bf83f505cb60e06c76fe111cdd

SHA1
3c80e9bd5a41ac3f8fa129d61261ea07db29f801

SHA256
9602fafb7de17b14a3474c64944db928ef6c23e20935c0e82e918fa2447cc979

SHA512
bd7cb4113f5b6067c55e7df1f6dac6b4058a0bdc9b0e7d6875f1718bdcc84d315ea8a2d373a45c47c82326a74cbce41a508f493eac59db99f7cd5e4f33ac575f

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\iGdiCnv.dll

Filesize
176KB

MD5
afdfec6679ce99596261ff182afbe9e6

SHA1
3289711e3ce8bb72bd84bb0bc33f95d958648f4c

SHA256
81b931aaf908e1e372802db04dfbe5256209d488bfe88d58841fc13acadedfd6

SHA512
c8ce4617d03084f37b8766f0505922a8f380e0d2745658864197535c43c3b2f985c4a2bac2228752857782181cd41167bfa4b784c7ce3e8a94932d58d099753a

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\iGdiCnv.dll

Filesize
176KB

MD5
afdfec6679ce99596261ff182afbe9e6

SHA1
3289711e3ce8bb72bd84bb0bc33f95d958648f4c

SHA256
81b931aaf908e1e372802db04dfbe5256209d488bfe88d58841fc13acadedfd6

SHA512
c8ce4617d03084f37b8766f0505922a8f380e0d2745658864197535c43c3b2f985c4a2bac2228752857782181cd41167bfa4b784c7ce3e8a94932d58d099753a

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\iGdiCnv.dll

Filesize
176KB

MD5
afdfec6679ce99596261ff182afbe9e6

SHA1
3289711e3ce8bb72bd84bb0bc33f95d958648f4c

SHA256
81b931aaf908e1e372802db04dfbe5256209d488bfe88d58841fc13acadedfd6

SHA512
c8ce4617d03084f37b8766f0505922a8f380e0d2745658864197535c43c3b2f985c4a2bac2228752857782181cd41167bfa4b784c7ce3e8a94932d58d099753a

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\iGdiCnv.dll

Filesize
176KB

MD5
afdfec6679ce99596261ff182afbe9e6

SHA1
3289711e3ce8bb72bd84bb0bc33f95d958648f4c

SHA256
81b931aaf908e1e372802db04dfbe5256209d488bfe88d58841fc13acadedfd6

SHA512
c8ce4617d03084f37b8766f0505922a8f380e0d2745658864197535c43c3b2f985c4a2bac2228752857782181cd41167bfa4b784c7ce3e8a94932d58d099753a

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\objpscnv.dll

Filesize
32KB

MD5
aba70b81a5811e7b140271595d66f06f

SHA1
42ef824151e67cf921d861d83872c9ef13b500e6

SHA256
26d4765c2461fccd669e455d33659397d6f82fe261ece256c3f19b831dcfa0ba

SHA512
8780d68124e309b8ec2dbbbac18be3291fefabfd6ed9154645eddfb4dd8076e2fda97168d7c5ea9b378b54ee900f75bd409736cfc1262e0d167e0ff62078de0a

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\objpscnv.dll

Filesize
32KB

MD5
aba70b81a5811e7b140271595d66f06f

SHA1
42ef824151e67cf921d861d83872c9ef13b500e6

SHA256
26d4765c2461fccd669e455d33659397d6f82fe261ece256c3f19b831dcfa0ba

SHA512
8780d68124e309b8ec2dbbbac18be3291fefabfd6ed9154645eddfb4dd8076e2fda97168d7c5ea9b378b54ee900f75bd409736cfc1262e0d167e0ff62078de0a

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\objpscnv.dll

Filesize
32KB

MD5
aba70b81a5811e7b140271595d66f06f

SHA1
42ef824151e67cf921d861d83872c9ef13b500e6

SHA256
26d4765c2461fccd669e455d33659397d6f82fe261ece256c3f19b831dcfa0ba

SHA512
8780d68124e309b8ec2dbbbac18be3291fefabfd6ed9154645eddfb4dd8076e2fda97168d7c5ea9b378b54ee900f75bd409736cfc1262e0d167e0ff62078de0a

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\objpscnv.dll

Filesize
32KB

MD5
aba70b81a5811e7b140271595d66f06f

SHA1
42ef824151e67cf921d861d83872c9ef13b500e6

SHA256
26d4765c2461fccd669e455d33659397d6f82fe261ece256c3f19b831dcfa0ba

SHA512
8780d68124e309b8ec2dbbbac18be3291fefabfd6ed9154645eddfb4dd8076e2fda97168d7c5ea9b378b54ee900f75bd409736cfc1262e0d167e0ff62078de0a

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\objpscnv.dll

Filesize
32KB

MD5
aba70b81a5811e7b140271595d66f06f

SHA1
42ef824151e67cf921d861d83872c9ef13b500e6

SHA256
26d4765c2461fccd669e455d33659397d6f82fe261ece256c3f19b831dcfa0ba

SHA512
8780d68124e309b8ec2dbbbac18be3291fefabfd6ed9154645eddfb4dd8076e2fda97168d7c5ea9b378b54ee900f75bd409736cfc1262e0d167e0ff62078de0a

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\temp.000

Filesize
528KB

MD5
8f287079d126ad3b2487d704844ce497

SHA1
c42c7b96714750c497ae9bc2a4d4c64141ea7058

SHA256
14d8231e716b79e66d2ef1a971f74ff6244af0c89717977e7131e7cf7de2072b

SHA512
f56e39852fb60ce94a7040644c5368cb15110b56e5b774edea14c4f2286d2087191276b4af860b320fe875f72f8df5214457ea12a7152e419b8848e578ffff54

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\temp.000

Filesize
744KB

MD5
5e73b8fb3ddbba8565d9c4705c14ba3d

SHA1
ffce57f44298ebfea425f42696227054d5c5cd0b

SHA256
e398cb00486e49de8f3dfa278cce395fd4c02a4795fb61b2e73653cbcdb75eea

SHA512
8bc0261c0a92d9caa76ec90583ea01a4ab743a084f0e4e0f6debdaf0bfdc252d95d6929e3ec66be5ad95ae593685fb50da2b9be0a1d457b8acb7c137e3cdab79

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\temp.000

Filesize
168KB

MD5
07096e9f097b44b3c24c15a6724de866

SHA1
a4cd6828554e295d0758ef2e35e35b0569afd44a

SHA256
820a03405d4a7a0ddc20f7be3c79266d1bbc6a7778c791c6de260ac9c51e77ec

SHA512
2f3e7ce2b0d51100b2a61b5b0d4a3b5434095a411f92360818a0e3926d6203e85ec2b54d4a5ac01405aeaf1a570dc1d5a088f1654210d7cdbacae5b566092e6e

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\temp.000

Filesize
400KB

MD5
22ee6fa7a604a5e7298acd95bc7c80f7

SHA1
31e6809bd9929b594d087b7cac8558b8117484c9

SHA256
dce057a7eeea266a1cbc630505d08eed458284b30e25dab4f7c7ae142835b660

SHA512
3e13f7e2032228f1d6a84566b49cb5aa6845ee9bcc83d350eba382492db19c3cdeac8ab75ea285b1b1f285c373fc829a2c9571b0b64e22c216470875458a56a5

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\temp.000

Filesize
32KB

MD5
3f84ebead9f9dbbaeb27bac67e585c17

SHA1
87ec9c20274e6b48e75fd0e3e12df0bdc263d1dd

SHA256
dbe6d61dbd15894aa2a304d36c2a6ec0e8e3e78438df35124ba2bd58df9e6e6a

SHA512
4a64a0d9fc37f96a045652c67f48fdc943ccd4b84c6c81dc9571ed20105ca7e8bbbe4a46c849d9fa6d9e27c04254de85a044e1a8e8be7ba1ac0bb4f2e6ed8fe9

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\temp.000

Filesize
256KB

MD5
926a5bfcf2173b178a4d080d47efbf2a

SHA1
c24a62c2b26e12879a9c013c3d0b8054828e8ac5

SHA256
02a761aa2c05fe1b3f95284557bd55ac9d6a82ab72a18de70dac1820c6f03751

SHA512
4a5fe52827068e9852e65a5570c105b183fa35dba342e715850ada258cb440b033dcc47047b59eac83401d9690979f661c77200fae0ea69a9944558b5265b1b3

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\temp.000

Filesize
176KB

MD5
771bd5c8b8f219f5d9af0cb1a406a399

SHA1
1ded7e1eaeba25961aca784174f05755f6770a31

SHA256
aa86d6fa20a0be2d41aec48a47b5d94f316acb4c4b7d8c6054d9988b27d108d7

SHA512
5c843ddfee3a808bf4ba189243cda130557d7527416636a00586818ffa73b941fb0a34024966fb3316f6c913e73f2615927606258288dbb821736aeb645cfd39

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI452B.tmp

Filesize
108KB

MD5
9478ddb628b317ce7e95097511cd898b

SHA1
1edc57f15628fbd5bc86d0a480f89b027984be4a

SHA256
970d8dbed67b3fd79e20077ab80650f9851985c6179d8d71f9108526c9303cf4

SHA512
794a9659d929390c15aff8e72f2b241f75c463dd17a3783530b1590ddf8a857e8335d81e9e2ca63bb32fb5e7fefa96848d6fa240d563fb50b02a8fb925cafd92

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI452B.tmp

Filesize
108KB

MD5
9478ddb628b317ce7e95097511cd898b

SHA1
1edc57f15628fbd5bc86d0a480f89b027984be4a

SHA256
970d8dbed67b3fd79e20077ab80650f9851985c6179d8d71f9108526c9303cf4

SHA512
794a9659d929390c15aff8e72f2b241f75c463dd17a3783530b1590ddf8a857e8335d81e9e2ca63bb32fb5e7fefa96848d6fa240d563fb50b02a8fb925cafd92

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI452B.tmp

Filesize
108KB

MD5
9478ddb628b317ce7e95097511cd898b

SHA1
1edc57f15628fbd5bc86d0a480f89b027984be4a

SHA256
970d8dbed67b3fd79e20077ab80650f9851985c6179d8d71f9108526c9303cf4

SHA512
794a9659d929390c15aff8e72f2b241f75c463dd17a3783530b1590ddf8a857e8335d81e9e2ca63bb32fb5e7fefa96848d6fa240d563fb50b02a8fb925cafd92

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIB897.tmp

Filesize
76KB

MD5
de19ccdac19f2e454719f3f59e51169c

SHA1
0479204efaa2076d5c12dca17ea2c37154aeb1fe

SHA256
83cc9b0d75ce4a843f28f79fe9471aac8e34ae3683484c9cb024e2292d432662

SHA512
c4f09a76e60ebdfb13ecc3f5e07c4440259514ad130e9aef70d844097988d8f010d64c818d74c56e2fd56696bf118e5a81e7e0726f9f879070972b75f3de8f1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIB897.tmp

Filesize
76KB

MD5
de19ccdac19f2e454719f3f59e51169c

SHA1
0479204efaa2076d5c12dca17ea2c37154aeb1fe

SHA256
83cc9b0d75ce4a843f28f79fe9471aac8e34ae3683484c9cb024e2292d432662

SHA512
c4f09a76e60ebdfb13ecc3f5e07c4440259514ad130e9aef70d844097988d8f010d64c818d74c56e2fd56696bf118e5a81e7e0726f9f879070972b75f3de8f1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIC401.tmp

Filesize
108KB

MD5
9478ddb628b317ce7e95097511cd898b

SHA1
1edc57f15628fbd5bc86d0a480f89b027984be4a

SHA256
970d8dbed67b3fd79e20077ab80650f9851985c6179d8d71f9108526c9303cf4

SHA512
794a9659d929390c15aff8e72f2b241f75c463dd17a3783530b1590ddf8a857e8335d81e9e2ca63bb32fb5e7fefa96848d6fa240d563fb50b02a8fb925cafd92

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIC401.tmp

Filesize
108KB

MD5
9478ddb628b317ce7e95097511cd898b

SHA1
1edc57f15628fbd5bc86d0a480f89b027984be4a

SHA256
970d8dbed67b3fd79e20077ab80650f9851985c6179d8d71f9108526c9303cf4

SHA512
794a9659d929390c15aff8e72f2b241f75c463dd17a3783530b1590ddf8a857e8335d81e9e2ca63bb32fb5e7fefa96848d6fa240d563fb50b02a8fb925cafd92

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIC401.tmp

Filesize
108KB

MD5
9478ddb628b317ce7e95097511cd898b

SHA1
1edc57f15628fbd5bc86d0a480f89b027984be4a

SHA256
970d8dbed67b3fd79e20077ab80650f9851985c6179d8d71f9108526c9303cf4

SHA512
794a9659d929390c15aff8e72f2b241f75c463dd17a3783530b1590ddf8a857e8335d81e9e2ca63bb32fb5e7fefa96848d6fa240d563fb50b02a8fb925cafd92

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIC402.tmp

Filesize
108KB

MD5
9478ddb628b317ce7e95097511cd898b

SHA1
1edc57f15628fbd5bc86d0a480f89b027984be4a

SHA256
970d8dbed67b3fd79e20077ab80650f9851985c6179d8d71f9108526c9303cf4

SHA512
794a9659d929390c15aff8e72f2b241f75c463dd17a3783530b1590ddf8a857e8335d81e9e2ca63bb32fb5e7fefa96848d6fa240d563fb50b02a8fb925cafd92

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIC402.tmp

Filesize
108KB

MD5
9478ddb628b317ce7e95097511cd898b

SHA1
1edc57f15628fbd5bc86d0a480f89b027984be4a

SHA256
970d8dbed67b3fd79e20077ab80650f9851985c6179d8d71f9108526c9303cf4

SHA512
794a9659d929390c15aff8e72f2b241f75c463dd17a3783530b1590ddf8a857e8335d81e9e2ca63bb32fb5e7fefa96848d6fa240d563fb50b02a8fb925cafd92

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSID74D.tmp

Filesize
48KB

MD5
fa13aa9996fe8d85aa680e9f5e4f23e8

SHA1
cbc23243a9a595b6d91431c4c275c1ab2adc6642

SHA256
8f40c1dc28323a3c5310bf21372b9756ca547c20c7cf63197e071a9e1e66b31b

SHA512
9f4bd08583dbaadaec281d05d79c11a1dc1651d2d96cc4ecddd68e74178c3eec843e43bea14c546ba18b371177684dde0c21211e8fdb0369bbeeb5e31fdbe87e

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSID74D.tmp

Filesize
48KB

MD5
fa13aa9996fe8d85aa680e9f5e4f23e8

SHA1
cbc23243a9a595b6d91431c4c275c1ab2adc6642

SHA256
8f40c1dc28323a3c5310bf21372b9756ca547c20c7cf63197e071a9e1e66b31b

SHA512
9f4bd08583dbaadaec281d05d79c11a1dc1651d2d96cc4ecddd68e74178c3eec843e43bea14c546ba18b371177684dde0c21211e8fdb0369bbeeb5e31fdbe87e

Download Submit
C:\Users\Admin\AppData\Local\Temp\pft8CB6.tmp\pftw1.pkg

Filesize
107.5MB

MD5
67007ef10cefa3eea1e7b61935f417af

SHA1
c6ea866c481d9139da120edf45c001ec5c07cbb8

SHA256
f9cc23c511fbadfe48eb39327761f9bb92d0ffd0ac03f26abe93e3c312051ea2

SHA512
ccc87bc8d3fb31ae58474c3161dab94f6092428ee08a9e94728b4b94be1ca353fe70d36e460454d23ddab6b587549dfdcf89065136a6ec5093bea743db84583d

Download Submit
C:\Users\Admin\AppData\Local\Temp\plf8B8B.tmp

Filesize
5KB

MD5
9efcc61a0baa38a6d7c67a05a97c7b87

SHA1
72b713a72ef7e972dfd5be5f79da8e9aacedb296

SHA256
7ccb3a50ca08c66a220e4da614cbaba1d05157359edd174223c788b86d929edf

SHA512
ac57100b76826af9f7650417dd765c23b522e31a1f3b44bfe9e70ed520bf6c6eb1978118a8147c99487b05a7a4c4afc964f457b79f921ff8236e4d60561b1238

Download Submit
C:\Users\Admin\AppData\Local\Temp\{1DE75F69-B6DF-4C63-A391-CFCADDBEEE71}\IDriver.exe

Filesize
744KB

MD5
a9d3658c5be72816812a5a32e4560ba3

SHA1
649003292ee74d2407fae441fb92b605a0d91f90

SHA256
b2527d1e2297506796f898e90907fb4c8c7e063f2898194e74152fa9ca21923f

SHA512
b80283aafbe8cd59720979d51a5524a1d53b001e59c6fe9693c754b238101ac6058122130e0be97ce22dc4f7edce9cd84aa4fde869bf728cff8fba1733638c5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{1DE75F69-B6DF-4C63-A391-CFCADDBEEE71}\ISRT.dll

Filesize
400KB

MD5
db28ca3ba3c2045aa7b6e59aa9831c68

SHA1
55b44ea55f3a04b916339c81e1cc3f3db62d54cc

SHA256
ca41725fb64338211a9f9740f45f1b0c4d80e6c7e84a1d2e5580dcecbf87e489

SHA512
82c409611e61acad6b2986372ff72682e611b7ee5a88e74fec9c7864ce50c7494adba4165a44f2cc99b93daee33ad67320aed4fd5f85ef2fbc4779bf69f55efb

Download Submit
C:\Users\Admin\AppData\Local\Temp\{1DE75F69-B6DF-4C63-A391-CFCADDBEEE71}\IScrCnv.dll

Filesize
260KB

MD5
f6aabdf85821a9c61c61dec9408f40cc

SHA1
ddac695de73be7a67357aea89c7b9c2ca21fc4e1

SHA256
9ee23586d456db53d59fbaa8669e817461aeaf94f81237ead3f2c23cac8c40fa

SHA512
73d2e4352c4055c8d08ad5499fc4495ff6fa7613970f9c0a3cf73dae645fc9102e62cf9c7dd046d6bc3c909cbafd06a30812d1d9bcf8f34c4a253c09d628b538

Download Submit
C:\Users\Admin\AppData\Local\Temp\{1DE75F69-B6DF-4C63-A391-CFCADDBEEE71}\IUserCnv.dll

Filesize
168KB

MD5
197c2ce7cf2a98ae895ece98d88b8245

SHA1
f734d8dc508138501e79b384fe1a689920c6ba93

SHA256
260924991dff4fbd2f691913007aee1f3136708671ef3309b4f9ec8687da6f1e

SHA512
a7ff5f0d56a13d340d9ec1b977f9e995bf7dc61f6bf4b8ecd7369793d39032a43e587146e6b9a9084be5a9cc709876bf971983a218c2af631d3950cd3391cd47

Download Submit
C:\Users\Admin\AppData\Local\Temp\{1DE75F69-B6DF-4C63-A391-CFCADDBEEE71}\_ISRES1033.dll

Filesize
528KB

MD5
1c1332bf83f505cb60e06c76fe111cdd

SHA1
3c80e9bd5a41ac3f8fa129d61261ea07db29f801

SHA256
9602fafb7de17b14a3474c64944db928ef6c23e20935c0e82e918fa2447cc979

SHA512
bd7cb4113f5b6067c55e7df1f6dac6b4058a0bdc9b0e7d6875f1718bdcc84d315ea8a2d373a45c47c82326a74cbce41a508f493eac59db99f7cd5e4f33ac575f

Download Submit
C:\Users\Admin\AppData\Local\Temp\{1DE75F69-B6DF-4C63-A391-CFCADDBEEE71}\iGdiCnv.dll

Filesize
176KB

MD5
afdfec6679ce99596261ff182afbe9e6

SHA1
3289711e3ce8bb72bd84bb0bc33f95d958648f4c

SHA256
81b931aaf908e1e372802db04dfbe5256209d488bfe88d58841fc13acadedfd6

SHA512
c8ce4617d03084f37b8766f0505922a8f380e0d2745658864197535c43c3b2f985c4a2bac2228752857782181cd41167bfa4b784c7ce3e8a94932d58d099753a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{1DE75F69-B6DF-4C63-A391-CFCADDBEEE71}\objpscnv.dll

Filesize
32KB

MD5
aba70b81a5811e7b140271595d66f06f

SHA1
42ef824151e67cf921d861d83872c9ef13b500e6

SHA256
26d4765c2461fccd669e455d33659397d6f82fe261ece256c3f19b831dcfa0ba

SHA512
8780d68124e309b8ec2dbbbac18be3291fefabfd6ed9154645eddfb4dd8076e2fda97168d7c5ea9b378b54ee900f75bd409736cfc1262e0d167e0ff62078de0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{2BD5C305-1B27-4D41-B690-7A61172D2FEB}\IsConfig.INI

Filesize
362B

MD5
62361c106b120e78aef61d7268519d65

SHA1
0ecb7b4a2d3238572422189224f919153e5114f6

SHA256
8ae30a64aed3b28ff365066f1e435d0b182b1897738ee07d31c62c315a8ed58a

SHA512
d896bd2919bb87bde1c153f478a68f618c3112206681a9b8e7044fd754802cd4c8863b5449333ddc5fc7f6df71c16adfa1b52d19723bc4429d24a7805b13114c

Download Submit
C:\Users\Admin\AppData\Local\Temp\{2BD5C305-1B27-4D41-B690-7A61172D2FEB}\Macromedia_Extension_Manager.msi

Filesize
5.6MB

MD5
bcc9728f9fca259d8e3bcc330949209f

SHA1
d32dc74cf5464d9e9b391ccbe161b14a66fe56ec

SHA256
dfedb15dab49a8f335ffb6117e04d4baca09639c685b3040e4d38cac97ab30bb

SHA512
310429dd09f64228f20875f676b43c330bad4cc97c9c26e09ae9f18b7b7a051849df933810a2ed6f885266ab38a24d9fa6cbec0aacfee812ffc903c2e5f5305d

Download Submit
C:\Users\Admin\AppData\Local\Temp\{2BD5C305-1B27-4D41-B690-7A61172D2FEB}\String1033.txt

Filesize
95KB

MD5
f546ab518190982e7b91367f3606d3ad

SHA1
9abe582e10a1fb3b2dbde084e7aea785ff6a23ac

SHA256
cdc1fae9e2d849f46110f4561f1698bcd5b557a8cf573bc08cad6e08b6dea55f

SHA512
d4a36a0f71fa862857fb1553cde41c1c61245494938d1f24feded2159db3472e50442a50ec3d56f07271ab6941fa5caffbd2ea70bd67cef97a12b17ed3be4dac

Download Submit
C:\Users\Admin\AppData\Local\Temp\{2BD5C305-1B27-4D41-B690-7A61172D2FEB}\setup.inx

Filesize
287KB

MD5
20b1f50b5760bd1c3510690a350a5432

SHA1
8a0289cb8ccee48b0c259106c5b50ea09cf8ae02

SHA256
2b69e53eaa83a483d8b2ab80f88a396f050a34dda0a84bd75b03f1d2ad840094

SHA512
6df7f078fae20699f3c0221835a99fd039cfcf08dc3ee2ec899025e562e38401ff5a709872134c9b47d35bdbd2cec2215676909a4a007b9af75e9b6d602fa4f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}\setup.inx

Filesize
239KB

MD5
2d7444437af5a4990f6f6daca3518d6b

SHA1
b0394b5e153d95dae267985e9ae4fc5459f2eb00

SHA256
4c235afa7c5a5f1d6aac5681836562b561be6bb5f91e7eaee1598e91c5ce5b7b

SHA512
3ab7b5fe01610af498602b03b69f20d1788c2296c22d7385633a6f3403507828d31784c6b9be43a6fa53e273a152be4aa36e9529e7b6e6cfca2120d8e47e39bd

Download Submit
C:\Windows\Downloaded Installations\Macromedia Flash 8\FL_Client_Installer.exe

Filesize
117KB

MD5
7c7f6ecbea0a9efa788a1721a97ed3c1

SHA1
9c57fbad160dc7e79fa238b0381a17e993ac2d3a

SHA256
76c7b68a7406763ddf348e0adcf69d1224f2344574022178ac0b01402aeaf5a0

SHA512
491fbc1cdfa68796402b57606782e189edea57749dcfae8c764f15a41886777fb363d6ce04f2ef3a3cd58d27c418d1f3c69ecf8d119c59acf2e244f985d359a3

Download Submit
C:\Windows\Downloaded Installations\Macromedia Flash 8\FL_Client_Installer.exe

Filesize
117KB

MD5
7c7f6ecbea0a9efa788a1721a97ed3c1

SHA1
9c57fbad160dc7e79fa238b0381a17e993ac2d3a

SHA256
76c7b68a7406763ddf348e0adcf69d1224f2344574022178ac0b01402aeaf5a0

SHA512
491fbc1cdfa68796402b57606782e189edea57749dcfae8c764f15a41886777fb363d6ce04f2ef3a3cd58d27c418d1f3c69ecf8d119c59acf2e244f985d359a3

Download Submit
C:\Windows\Downloaded Installations\Macromedia Flash 8\Macromedia Flash 8.msi

Filesize
22.8MB

MD5
76f5202cc91e743aca5fcd8406d3b822

SHA1
3db06724cbb8846befc7e5160e38a77076258226

SHA256
94c3625c061675d69cef758d7269e108867b39566fc678b03a9a70cc39caea46

SHA512
a449fb5eead86390fb1326c2f69afbeb300c7419aa512726581106bc1f9e4f9e85c676e72988a5ee2b468983c1698357b64a6d599b51c3449e9a4b0da6c5b171

Download Submit
C:\Windows\Installer\MSI4882.tmp

Filesize
76KB

MD5
de19ccdac19f2e454719f3f59e51169c

SHA1
0479204efaa2076d5c12dca17ea2c37154aeb1fe

SHA256
83cc9b0d75ce4a843f28f79fe9471aac8e34ae3683484c9cb024e2292d432662

SHA512
c4f09a76e60ebdfb13ecc3f5e07c4440259514ad130e9aef70d844097988d8f010d64c818d74c56e2fd56696bf118e5a81e7e0726f9f879070972b75f3de8f1b

Download Submit
C:\Windows\Installer\MSI4882.tmp

Filesize
76KB

MD5
de19ccdac19f2e454719f3f59e51169c

SHA1
0479204efaa2076d5c12dca17ea2c37154aeb1fe

SHA256
83cc9b0d75ce4a843f28f79fe9471aac8e34ae3683484c9cb024e2292d432662

SHA512
c4f09a76e60ebdfb13ecc3f5e07c4440259514ad130e9aef70d844097988d8f010d64c818d74c56e2fd56696bf118e5a81e7e0726f9f879070972b75f3de8f1b

Download Submit
C:\Windows\Installer\MSI4F98.tmp

Filesize
108KB

MD5
fd431b66df8c14c817c830118ffe138c

SHA1
f12384abcf2e07c0bdd7d9ec85b30bf20d5368a0

SHA256
7778c3f44f62e339cea9153c44cb467ff9733beb7791fe1433adba26602ba358

SHA512
65f95eaa5c24717a9f5d184a1600cf56d664b2e57e4959a6f92c865d2d37e22e5a55dc19445993d2b49d6570bdb633c179e1e87310d269d8642a715e9388fb21

Download Submit
C:\Windows\Installer\MSI4F98.tmp

Filesize
108KB

MD5
fd431b66df8c14c817c830118ffe138c

SHA1
f12384abcf2e07c0bdd7d9ec85b30bf20d5368a0

SHA256
7778c3f44f62e339cea9153c44cb467ff9733beb7791fe1433adba26602ba358

SHA512
65f95eaa5c24717a9f5d184a1600cf56d664b2e57e4959a6f92c865d2d37e22e5a55dc19445993d2b49d6570bdb633c179e1e87310d269d8642a715e9388fb21

Download Submit
C:\Windows\Installer\MSI4F99.tmp

Filesize
108KB

MD5
fd431b66df8c14c817c830118ffe138c

SHA1
f12384abcf2e07c0bdd7d9ec85b30bf20d5368a0

SHA256
7778c3f44f62e339cea9153c44cb467ff9733beb7791fe1433adba26602ba358

SHA512
65f95eaa5c24717a9f5d184a1600cf56d664b2e57e4959a6f92c865d2d37e22e5a55dc19445993d2b49d6570bdb633c179e1e87310d269d8642a715e9388fb21

Download Submit
C:\Windows\Installer\MSI4F99.tmp

Filesize
108KB

MD5
fd431b66df8c14c817c830118ffe138c

SHA1
f12384abcf2e07c0bdd7d9ec85b30bf20d5368a0

SHA256
7778c3f44f62e339cea9153c44cb467ff9733beb7791fe1433adba26602ba358

SHA512
65f95eaa5c24717a9f5d184a1600cf56d664b2e57e4959a6f92c865d2d37e22e5a55dc19445993d2b49d6570bdb633c179e1e87310d269d8642a715e9388fb21

Download Submit
C:\Windows\Installer\MSI4F99.tmp

Filesize
108KB

MD5
fd431b66df8c14c817c830118ffe138c

SHA1
f12384abcf2e07c0bdd7d9ec85b30bf20d5368a0

SHA256
7778c3f44f62e339cea9153c44cb467ff9733beb7791fe1433adba26602ba358

SHA512
65f95eaa5c24717a9f5d184a1600cf56d664b2e57e4959a6f92c865d2d37e22e5a55dc19445993d2b49d6570bdb633c179e1e87310d269d8642a715e9388fb21

Download Submit
C:\Windows\Installer\MSI6036.tmp

Filesize
108KB

MD5
fd431b66df8c14c817c830118ffe138c

SHA1
f12384abcf2e07c0bdd7d9ec85b30bf20d5368a0

SHA256
7778c3f44f62e339cea9153c44cb467ff9733beb7791fe1433adba26602ba358

SHA512
65f95eaa5c24717a9f5d184a1600cf56d664b2e57e4959a6f92c865d2d37e22e5a55dc19445993d2b49d6570bdb633c179e1e87310d269d8642a715e9388fb21

Download Submit
C:\Windows\Installer\MSI6991.tmp

Filesize
76KB

MD5
de19ccdac19f2e454719f3f59e51169c

SHA1
0479204efaa2076d5c12dca17ea2c37154aeb1fe

SHA256
83cc9b0d75ce4a843f28f79fe9471aac8e34ae3683484c9cb024e2292d432662

SHA512
c4f09a76e60ebdfb13ecc3f5e07c4440259514ad130e9aef70d844097988d8f010d64c818d74c56e2fd56696bf118e5a81e7e0726f9f879070972b75f3de8f1b

Download Submit
C:\Windows\Installer\MSI86C7.tmp

Filesize
48KB

MD5
fa13aa9996fe8d85aa680e9f5e4f23e8

SHA1
cbc23243a9a595b6d91431c4c275c1ab2adc6642

SHA256
8f40c1dc28323a3c5310bf21372b9756ca547c20c7cf63197e071a9e1e66b31b

SHA512
9f4bd08583dbaadaec281d05d79c11a1dc1651d2d96cc4ecddd68e74178c3eec843e43bea14c546ba18b371177684dde0c21211e8fdb0369bbeeb5e31fdbe87e

Download Submit
C:\Windows\Installer\e5746d0.msi

Filesize
5.6MB

MD5
bcc9728f9fca259d8e3bcc330949209f

SHA1
d32dc74cf5464d9e9b391ccbe161b14a66fe56ec

SHA256
dfedb15dab49a8f335ffb6117e04d4baca09639c685b3040e4d38cac97ab30bb

SHA512
310429dd09f64228f20875f676b43c330bad4cc97c9c26e09ae9f18b7b7a051849df933810a2ed6f885266ab38a24d9fa6cbec0aacfee812ffc903c2e5f5305d

Download Submit
C:\Windows\Installer\e5746d4.msi

Filesize
6.6MB

MD5
2cdc9a6f4e33a91ed48d4da1f06e3bac

SHA1
2f8cc53983de9b00ab8abcf63a35d20a2e476c63

SHA256
b3a1cab13bb06c484764c3f31561b189fd3dd804d015a50bbf3009ed9f884738

SHA512
8178d0d684be6711aa5c9c4fc118ee02515c6bcc9d7ca8181ebb35dc5c5dedc6ba683ccc732636f5c51e46b91c2d445464c7c7c3d429b57d47cff0c3dde15510

Download Submit
memory/1132-408-0x0000000000860000-0x000000000086D000-memory.dmp

Filesize
52KB

Download
memory/1132-388-0x0000000002750000-0x000000000276D000-memory.dmp

Filesize
116KB

Download
memory/1432-286-0x0000000003240000-0x000000000326E000-memory.dmp

Filesize
184KB

Download
memory/1432-280-0x00000000031C0000-0x00000000031EC000-memory.dmp

Filesize
176KB

Download
memory/1432-276-0x0000000003050000-0x00000000030B6000-memory.dmp

Filesize
408KB

Download
memory/1924-536-0x0000000003150000-0x00000000031B6000-memory.dmp

Filesize
408KB

Download
memory/1924-538-0x0000000003330000-0x000000000335C000-memory.dmp

Filesize
176KB

Download
memory/1924-540-0x0000000003380000-0x00000000033AE000-memory.dmp

Filesize
184KB

Download
memory/3496-266-0x00000000033B0000-0x00000000033CD000-memory.dmp

Filesize
116KB

Download
memory/4064-531-0x0000000002920000-0x000000000293D000-memory.dmp

Filesize
116KB

Download
memory/4064-544-0x0000000002920000-0x000000000292D000-memory.dmp

Filesize
52KB

Download
memory/4840-402-0x00000000031F0000-0x000000000321C000-memory.dmp

Filesize
176KB

Download
memory/4840-398-0x0000000003010000-0x0000000003076000-memory.dmp

Filesize
408KB

Download