ce43a15a99c61519298ff125da343a9572adc7956ce3ae74a7d6e32a1d8a2bd5

Analysis

max time kernel
331s
max time network
321s
platform
windows10-2004_x64
resource
win10v2004-20230220-es
resource tags

arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
06/06/2023, 09:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ERViewerSetup.exe
Size

28.4MB
MD5

d95d8150b61a7cf6a3c3a3122d74ae35
SHA1

9364bc37927e5961daba914c6abeed37d54072d9
SHA256

ce43a15a99c61519298ff125da343a9572adc7956ce3ae74a7d6e32a1d8a2bd5
SHA512

833648854adc5788d2f9f9891eb9d6bc16162612175bf43eaae441b4c1fdbcef756e69bcb90d8d099566ac54faca5875d6e7b4fd6a6f5adaf125d36dcb3ea55f
SSDEEP

786432:D5uSpxousrte6g14POiaaUSuUPgNJD44lxJavdsn:1LEcZ3FUoNJDnxJkdsn

Score

7^/10

discovery upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 3 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x0003000000000743-142.dat	acprotect
behavioral1/files/0x0003000000000743-146.dat	acprotect
behavioral1/files/0x0003000000000743-144.dat	acprotect

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Control Panel\International\Geo\Nation	Setup.exe

Executes dropped EXE 5 IoCs

pid	Process
4892	vcredist_x86.exe
732	Setup.exe
4300	erviewer.exe
3776	ERViewer.exe
808	ERViewer.exe

Loads dropped DLL 64 IoCs

pid	Process
4900	ERViewerSetup.exe
4900	ERViewerSetup.exe
4900	ERViewerSetup.exe
4900	ERViewerSetup.exe
4900	ERViewerSetup.exe
4900	ERViewerSetup.exe
4900	ERViewerSetup.exe
732	Setup.exe
732	Setup.exe
732	Setup.exe
732	Setup.exe
732	Setup.exe
4900	ERViewerSetup.exe
4900	ERViewerSetup.exe
4900	ERViewerSetup.exe
4900	ERViewerSetup.exe
4900	ERViewerSetup.exe
4900	ERViewerSetup.exe
4900	ERViewerSetup.exe
4900	ERViewerSetup.exe
4900	ERViewerSetup.exe
4900	ERViewerSetup.exe
4900	ERViewerSetup.exe
4900	ERViewerSetup.exe
4900	ERViewerSetup.exe
4900	ERViewerSetup.exe
4900	ERViewerSetup.exe
4900	ERViewerSetup.exe
4900	ERViewerSetup.exe
4900	ERViewerSetup.exe
4900	ERViewerSetup.exe
4900	ERViewerSetup.exe
4900	ERViewerSetup.exe
4900	ERViewerSetup.exe
4900	ERViewerSetup.exe
4900	ERViewerSetup.exe
4900	ERViewerSetup.exe
4900	ERViewerSetup.exe
4900	ERViewerSetup.exe
4900	ERViewerSetup.exe
4900	ERViewerSetup.exe
4900	ERViewerSetup.exe
4300	erviewer.exe
4300	erviewer.exe
4300	erviewer.exe
4300	erviewer.exe
4300	erviewer.exe
4300	erviewer.exe
4300	erviewer.exe
4300	erviewer.exe
4300	erviewer.exe
4300	erviewer.exe
4300	erviewer.exe
4300	erviewer.exe
4300	erviewer.exe
4300	erviewer.exe
4300	erviewer.exe
4300	erviewer.exe
4300	erviewer.exe
4300	erviewer.exe
4300	erviewer.exe
4300	erviewer.exe
4300	erviewer.exe
4300	erviewer.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0003000000000743-142.dat	upx
behavioral1/files/0x0003000000000743-146.dat	upx
behavioral1/files/0x0003000000000743-144.dat	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe

Checks system information in the registry 2 TTPs 2 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	Setup.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	Setup.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\ermlib\PROJ_DATA\etc\expro\meridian.dat	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\ermlib\PROJ_DATA\etc\Projections\UTM_Clark_1866_S.plb	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\ermlib\PROJ_DATA\etc\Projections\germany.plb	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\ermlib\PROJ_DATA\etc\Projections\uk.plb	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\ermlib\PROJ_DATA\GDAL_DATA\ellipsoid.csv	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\bin\ermapper_u.dll	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\ermlib\usr\lib\Win32Release\usercode\formula\bcet.dll	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\ermlib\PROJ_DATA\etc\expro\borneo.dat	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\ermlib\PROJ_DATA\etc\expro\dutch.dat	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\ermlib\PROJ_DATA\etc\expro\mercator.dat	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\ermlib\PROJ_DATA\etc\Projections\netherlands.plb	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\ermlib\PROJ_DATA\archome\Win32Release\bin\pe.dll	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\bin\ERViewer.exe	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\bin\NCSOTDF.dll	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\ermlib\usr\lib\Win32Release\rastertranslators\ceos_cdrom_unlicensed.dll	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\ermlib\usr\lib\Win32Release\usercode\formula\rreduce_to_pole.dll	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\ermlib\PROJ_DATA\etc\Projections\HongKong.plb	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\ermlib\PROJ_DATA\GDAL_DATA\gdalicon.png	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\bin\boost_system-vc100-mt-1_47.dll	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\bin\Spline.dll	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\ermlib\PROJ_DATA\etc\expro\datum.dat	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\ermlib\PROJ_DATA\etc\expro\orthog.dat	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\ermlib\usr\lib\Win32Release\usercode\kernel\amedian.dll	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\ermlib\PROJ_DATA\etc\expro\modstero.dat	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\ermlib\PROJ_DATA\etc\Projections\israel.plb	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\ermlib\PROJ_DATA\GDAL_DATA\stateplane.csv	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\ermlib\etc\erm\lut\rainbow.lut	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\ermlib\usr\lib\Win32Release\usercode\formula\fft_vector_deriv_i.dll	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\ermlib\usr\lib\Win32Release\usercode\formula\rvector_field.dll	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\ermlib\etc\erm\lut\blue.lut	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\ermlib\etc\erm\lut\green.lut	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\ermlib\usr\lib\Win32Release\usercode\formula\fft_highpass.dll	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\ermlib\PROJ_DATA\GDAL_DATA\s57attributes_iw.csv	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\ermlib\PROJ_DATA\etc\Projections\australia.plb	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\ermlib\PROJ_DATA\etc\Projections\ireland.plb	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\ermlib\usr\lib\Win32Release\usercode\formula\fft_lowpass.dll	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\ermlib\PROJ_DATA\etc\expro\townrang.dat	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\bin\NCSProjectionLibrary.dll	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\ermlib\PROJ_DATA\etc\expro\eckertvi.dat	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\ermlib\PROJ_DATA\etc\expro\utm.dat	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\ermlib\PROJ_DATA\GDAL_DATA\gdal_datum.csv	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\ermlib\PROJ_DATA\GDAL_DATA\vertcs.override.csv	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\bin\lmx-MD-vc10.dll	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\ermlib\usr\lib\Win32Release\usercode\formula\ivector_deriv.dll	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\ermlib\PROJ_DATA\etc\Projections\UTM_WGS_84_S.plb	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\ermlib\etc\erm\lut\red_blue.lut	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\ermlib\usr\lib\Win32Release\usercode\kernel\ruggedness.dll	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\ermlib\usr\lib\Win32Release\usercode\kernel\curvature.dll	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\ermlib\usr\lib\Win32Release\usercode\kernel\mtfk.dll	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\ermlib\PROJ_DATA\etc\expro\robinson.dat	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\ermlib\PROJ_DATA\etc\Projections\UTM_Clark_1866_N.plb	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\ermlib\PROJ_DATA\etc\Projections\non_earth.plb	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\bin\gdalplugins\gdal_ECW_JP2ECW.dll	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\ermlib\etc\erm\lut\rainbow_reversed.lut	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\ermlib\usr\lib\Win32Release\usercode\formula\inverse_pc.dll	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\license.txt	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\uninstall.exe	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\bin\boost_filesystem-vc100-mt-1_47.dll	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\bin\eCommon.dll	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\ermlib\PROJ_DATA\GDAL_DATA\cubewerx_extra.wkt	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\ermlib\PROJ_DATA\GDAL_DATA\s57attributes.csv	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\ermlib\PROJ_DATA\PcskeyProjDatum.dat	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\ermlib\PROJ_DATA\etc\expro\eckertiv.dat	ERViewerSetup.exe
File created	C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\ermlib\PROJ_DATA\etc\expro\obmerc_b.dat	ERViewerSetup.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	\??\c:\Windows\Installer\e570530.msi	msiexec.exe
File opened for modification	\??\c:\Windows\Installer\e570530.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File created	C:\Windows\AppCompat\Programs\Amcache.hve.tmp	Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Setup.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	Setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Setup.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	Setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Setup.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ERViewer.JpcFile\shell\printto	erviewer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ERViewer.ECWPFile\protocol\StdFileEditing\server\ = "C:\\Program Files (x86)\\Intergraph\\ERDAS ER Viewer 2014\\bin\\ERViewer.exe"	ERViewer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ERViewer.ERSFile\Insertable	ERViewer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC153BBE-FE61-11D0-9580-0000F87539C2}\AuxUserType\2	erviewer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC153BC4-FE61-11D0-9580-0000F87539C2}\Verb	erviewer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC153BC7-FE61-11D0-9580-0000F87539C2}\AuxUserType\3	erviewer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ERViewer.ALGfile\protocol\StdFileEditing\verb\0\ = "&Edit"	ERViewer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC153BBD-FE61-11D0-9580-0000F87539C2}\Verb\1\ = "&Open,0,2"	ERViewer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ERViewer.HDRFile\shell\print\ddeexec	erviewer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.hdr\ = "ERViewer.HDRFile"	erviewer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ERViewer.JpxFile\shell\printto	erviewer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ERViewer.J2kFile\DefaultIcon\ = "C:\\PROGRA~2\\INTERG~1\\ERDASE~1\\bin\\ERViewer.exe,11"	ERViewer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ERViewer.JpxFile\shell\open\ddeexec	ERViewer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC153BCA-FE61-11D0-9580-0000F87539C2}\ProgID	ERViewer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ERViewer.JPEGFile\protocol\StdFileEditing\server\ = "C:\\Program Files (x86)\\Intergraph\\ERDAS ER Viewer 2014\\bin\\ERViewer.exe"	ERViewer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ERViewer.DOQFile\CLSID\ = "{DC153BC8-FE61-11D0-9580-0000F87539C2}"	ERViewer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ERViewer.ALGfile\shell\open\command	erviewer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.ntf\ShellNew\NullFile	erviewer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC153BD0-FE61-11D0-9580-0000F87539C2}\DefaultIcon	erviewer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC153BC9-FE61-11D0-9580-0000F87539C2}\MiscStatus	ERViewer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC153BD0-FE61-11D0-9580-0000F87539C2}\AuxUserType\3\ = "ERViewer"	ERViewer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC153BBA-FE61-11D0-9580-0000F87539C2}\MiscStatus	erviewer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ERViewer.J2kFile\CLSID	erviewer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC153BC8-FE61-11D0-9580-0000F87539C2}\AuxUserType\2\ = "Doq File"	erviewer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ERViewer.JPEGFile\protocol\StdFileEditing\verb\0	erviewer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ERViewer.J2kFile\protocol\StdFileEditing\verb\0	erviewer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ERViewer.NTFFile\CLSID\ = "{DC153BC9-FE61-11D0-9580-0000F87539C2}"	ERViewer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC153BC4-FE61-11D0-9580-0000F87539C2}\LocalServer32\ = "C:\\Program Files (x86)\\Intergraph\\ERDAS ER Viewer 2014\\bin\\ERViewer.exe"	ERViewer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ERViewer.ECWFile\shell\print\ddeexec	ERViewer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ecwp\shell	ERViewerSetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ERViewer.ALGfile\shell\printto\command\ = "C:\\PROGRA~2\\INTERG~1\\ERDASE~1\\bin\\erviewer.exe /ddenoshow"	erviewer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC153BBA-FE61-11D0-9580-0000F87539C2}\LocalServer32\ = "C:\\Program Files (x86)\\Intergraph\\ERDAS ER Viewer 2014\\bin\\erviewer.exe"	erviewer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC153BC7-FE61-11D0-9580-0000F87539C2}\MiscStatus\ = "32"	erviewer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ERViewer.JpcFile	ERViewer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC153BC3-FE61-11D0-9580-0000F87539C2}\DefaultIcon	ERViewer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC153BC5-FE61-11D0-9580-0000F87539C2}\Insertable\	ERViewer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC153BD0-FE61-11D0-9580-0000F87539C2}\MiscStatus\ = "32"	ERViewer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.jpx\ = "ERViewer.JpxFile"	erviewer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ERViewer.JpcFile	erviewer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC153BC2-FE61-11D0-9580-0000F87539C2}\MiscStatus	erviewer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ERViewer.DOQFile\Insertable\	ERViewer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ERViewer.ECWPFile\protocol\StdFileEditing\server	ERViewer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ERViewer.ALGfile\shell\print\command\ = "C:\\PROGRA~2\\INTERG~1\\ERDASE~1\\bin\\erviewer.exe /ddenoshow"	erviewer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC153BC9-FE61-11D0-9580-0000F87539C2}\MiscStatus\ = "32"	erviewer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC153BC7-FE61-11D0-9580-0000F87539C2}\ProgID\ = "ERViewer.JpcFile"	ERViewer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ERViewer.HDRFile\shell\open\ddeexec	ERViewer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC153BC4-FE61-11D0-9580-0000F87539C2}\Verb\1\ = "&Open,0,2"	ERViewer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC153BC6-FE61-11D0-9580-0000F87539C2}\DefaultIcon	ERViewer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC153BBA-FE61-11D0-9580-0000F87539C2}\Verb\0\ = "&Edit,0,2"	erviewer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ERViewer.ALGfile\CLSID\ = "{DC153BB0-FE61-11D0-9580-0000F87539C2}"	ERViewer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC153BB0-FE61-11D0-9580-0000F87539C2}\AuxUserType\3\ = "ERViewer"	ERViewer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC153BBA-FE61-11D0-9580-0000F87539C2}\DefaultIcon\ = "C:\\Program Files (x86)\\Intergraph\\ERDAS ER Viewer 2014\\bin\\erviewer.exe,3"	erviewer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC153BB0-FE61-11D0-9580-0000F87539C2}\AuxUserType\3\ = "ERViewer"	ERViewer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC153BB0-FE61-11D0-9580-0000F87539C2}\Insertable	ERViewer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC153BC1-FE61-11D0-9580-0000F87539C2}\DefaultIcon\ = "C:\\Program Files (x86)\\Intergraph\\ERDAS ER Viewer 2014\\bin\\erviewer.exe,2"	erviewer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ERViewer.TIFFile\protocol\StdFileEditing\verb	erviewer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\.jpf\ShellNew	ERViewer.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\.ntf\ShellNew	ERViewer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ERViewer.JpfFile\shell\printto\ddeexec\ = "[printto(\"%1\",\"%2\",\"%3\",\"%4\")]"	erviewer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC153BBF-FE61-11D0-9580-0000F87539C2}\Verb\1\ = "&Open,0,2"	erviewer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ERViewer.JpcFile\shell\printto\ddeexec	ERViewer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ERViewer.TIFFile\shell\print\command\ = "C:\\PROGRA~2\\INTERG~1\\ERDASE~1\\bin\\ERViewer.exe /ddenoshow"	ERViewer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DC153BC4-FE61-11D0-9580-0000F87539C2}\LocalServer32	ERViewer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ERViewer.DOQFile\Insertable\	ERViewer.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4900	ERViewerSetup.exe
4900	ERViewerSetup.exe
732	Setup.exe
732	Setup.exe
732	Setup.exe
732	Setup.exe
732	Setup.exe
732	Setup.exe
732	Setup.exe
732	Setup.exe
732	Setup.exe
732	Setup.exe
732	Setup.exe
732	Setup.exe

Suspicious use of AdjustPrivilegeToken 39 IoCs

description	pid	Process
Token: SeShutdownPrivilege	732	Setup.exe
Token: SeIncreaseQuotaPrivilege	732	Setup.exe
Token: SeSecurityPrivilege	2108	msiexec.exe
Token: SeCreateTokenPrivilege	732	Setup.exe
Token: SeAssignPrimaryTokenPrivilege	732	Setup.exe
Token: SeLockMemoryPrivilege	732	Setup.exe
Token: SeIncreaseQuotaPrivilege	732	Setup.exe
Token: SeMachineAccountPrivilege	732	Setup.exe
Token: SeTcbPrivilege	732	Setup.exe
Token: SeSecurityPrivilege	732	Setup.exe
Token: SeTakeOwnershipPrivilege	732	Setup.exe
Token: SeLoadDriverPrivilege	732	Setup.exe
Token: SeSystemProfilePrivilege	732	Setup.exe
Token: SeSystemtimePrivilege	732	Setup.exe
Token: SeProfSingleProcessPrivilege	732	Setup.exe
Token: SeIncBasePriorityPrivilege	732	Setup.exe
Token: SeCreatePagefilePrivilege	732	Setup.exe
Token: SeCreatePermanentPrivilege	732	Setup.exe
Token: SeBackupPrivilege	732	Setup.exe
Token: SeRestorePrivilege	732	Setup.exe
Token: SeShutdownPrivilege	732	Setup.exe
Token: SeDebugPrivilege	732	Setup.exe
Token: SeAuditPrivilege	732	Setup.exe
Token: SeSystemEnvironmentPrivilege	732	Setup.exe
Token: SeChangeNotifyPrivilege	732	Setup.exe
Token: SeRemoteShutdownPrivilege	732	Setup.exe
Token: SeUndockPrivilege	732	Setup.exe
Token: SeSyncAgentPrivilege	732	Setup.exe
Token: SeEnableDelegationPrivilege	732	Setup.exe
Token: SeManageVolumePrivilege	732	Setup.exe
Token: SeImpersonatePrivilege	732	Setup.exe
Token: SeCreateGlobalPrivilege	732	Setup.exe
Token: SeRestorePrivilege	2108	msiexec.exe
Token: SeTakeOwnershipPrivilege	2108	msiexec.exe
Token: SeRestorePrivilege	732	Setup.exe
Token: SeBackupPrivilege	732	Setup.exe
Token: SeBackupPrivilege	732	Setup.exe
Token: SeBackupPrivilege	732	Setup.exe
Token: SeBackupPrivilege	732	Setup.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
4300	erviewer.exe
4300	erviewer.exe
3776	ERViewer.exe
3776	ERViewer.exe
808	ERViewer.exe
808	ERViewer.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 4900 wrote to memory of 4892	4900	ERViewerSetup.exe	91
PID 4900 wrote to memory of 4892	4900	ERViewerSetup.exe	91
PID 4900 wrote to memory of 4892	4900	ERViewerSetup.exe	91
PID 4892 wrote to memory of 732	4892	vcredist_x86.exe	92
PID 4892 wrote to memory of 732	4892	vcredist_x86.exe	92
PID 4892 wrote to memory of 732	4892	vcredist_x86.exe	92
PID 4900 wrote to memory of 4300	4900	ERViewerSetup.exe	97
PID 4900 wrote to memory of 4300	4900	ERViewerSetup.exe	97
PID 4900 wrote to memory of 4300	4900	ERViewerSetup.exe	97

C:\Users\Admin\AppData\Local\Temp\ERViewerSetup.exe
"C:\Users\Admin\AppData\Local\Temp\ERViewerSetup.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4900
- C:\Users\Admin\AppData\Local\Temp\ervinst\vcredist_x86.exe
  "C:\Users\Admin\AppData\Local\Temp\ervinst\vcredist_x86.exe" /passive /norestart /repair
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:4892
- - \??\c:\e3cba6698132502d1fbf940f\Setup.exe
    c:\e3cba6698132502d1fbf940f\Setup.exe /passive /norestart /repair
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks system information in the registry
    - Drops file in Windows directory
    - Checks processor information in registry
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:732
- C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\bin\erviewer.exe
  "C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\bin\erviewer.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:4300

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:2108

C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\bin\ERViewer.exe
"C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\bin\ERViewer.exe"
1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3776

C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\bin\ERViewer.exe
"C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\bin\ERViewer.exe"
1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:808

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Intergraph\ERDAS ER Viewer 2014\bin\ERViewer.exe

Filesize
2.6MB

MD5
929f020c99fd110a746245ab3b0e931c

SHA1
12bffab05df8c8e30493374c90ed9f644a787da1

SHA256
084a7f6bc17885c79f2e8c5941208839f89dbd25f38298467949aa8819a127d2

SHA512
da5f5dc13b90ad8fac384564c4c5d02dd351c1ae84a23bbd42ac31a59e6875a8d924be554e00dfc92fcd6bac4a4924e435392a7a27ac1a0c46ad56427e861b44

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_20230606_093821704-MSI_vc_red.msi.txt

Filesize
1KB

MD5
c1b3d23a096701590c96ef2498f9e78b

SHA1
be4f04cd38c94c03602d7f333b9532909c9ebca1

SHA256
5f198918395fc72ab9003ea73b684af498138aba925a3c77d2037840ab3b81aa

SHA512
f7f87ee539f91ae1d5036e724650c7d7a45471b33486af67c2abee5ba3aaea91e8b754f82d1377e920247e64e0635b1a3377580a8ef5b709db5e3900c1b44fb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_20230606_093821704-MSI_vc_red.msi.txt

Filesize
42KB

MD5
df49bb39cbf8659ea2bde54d353709b0

SHA1
454cba5bd873d301897f06f616b6072d8781ee1e

SHA256
66d753900f70a27713750a565aab5af811ae73aaf623b0fbe8f35bae64a9e402

SHA512
850b285e9a4f8a18db072fede033a69f9c291543e7fa6b27bc140496f3fa410bb277a0c5cce5c5f168db4dd4a7cbf1fd5abb82463027ebcb9e236643f1df8637

Download Submit
C:\Users\Admin\AppData\Local\Temp\Setup_20230606_093820891.html

Filesize
15KB

MD5
cd131d41791a543cc6f6ed1ea5bd257c

SHA1
f42a2708a0b42a13530d26515274d1fcdbfe8490

SHA256
e139af8858fe90127095ac1c4685bcd849437ef0df7c416033554703f5d864bb

SHA512
a6ee9af8f8c2c7acd58dd3c42b8d70c55202b382ffc5a93772af7bf7d7740c1162bb6d38a4307b1802294a18eb52032d410e128072af7d4f9d54f415be020c9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ervinst\vcredist_x86.exe

Filesize
4.8MB

MD5
b88228d5fef4b6dc019d69d4471f23ec

SHA1
372d9c1670343d3fb252209ba210d4dc4d67d358

SHA256
8162b2d665ca52884507ede19549e99939ce4ea4a638c537fa653539819138c8

SHA512
cdd218d211a687dde519719553748f3fb36d4ac618670986a6dadb4c45b34a9c6262ba7bab243a242f91d867b041721f22330170a74d4d0b2c354aec999dbff8

Download Submit
C:\Users\Admin\AppData\Local\Temp\ervinst\vcredist_x86.exe

Filesize
4.8MB

MD5
b88228d5fef4b6dc019d69d4471f23ec

SHA1
372d9c1670343d3fb252209ba210d4dc4d67d358

SHA256
8162b2d665ca52884507ede19549e99939ce4ea4a638c537fa653539819138c8

SHA512
cdd218d211a687dde519719553748f3fb36d4ac618670986a6dadb4c45b34a9c6262ba7bab243a242f91d867b041721f22330170a74d4d0b2c354aec999dbff8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nscA724.tmp\FindProcDLL.dll

Filesize
31KB

MD5
83cd62eab980e3d64c131799608c8371

SHA1
5b57a6842a154997e31fab573c5754b358f5dd1c

SHA256
a6122e80f1c51dc72770b4f56c7c482f7a9571143fbf83b19c4d141d0cb19294

SHA512
91cfbcc125600ec341f5571dcf1e4a814cf7673f82cf42f32155bd54791bbf32619f2bb14ae871d7996e9ddecdfcc5db40caa0979d6dfba3e73cfe8e69c163c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nscA724.tmp\FindProcDLL.dll

Filesize
31KB

MD5
83cd62eab980e3d64c131799608c8371

SHA1
5b57a6842a154997e31fab573c5754b358f5dd1c

SHA256
a6122e80f1c51dc72770b4f56c7c482f7a9571143fbf83b19c4d141d0cb19294

SHA512
91cfbcc125600ec341f5571dcf1e4a814cf7673f82cf42f32155bd54791bbf32619f2bb14ae871d7996e9ddecdfcc5db40caa0979d6dfba3e73cfe8e69c163c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nscA724.tmp\GetVersion.dll

Filesize
5KB

MD5
b1e657d03702bfaedaddfa7547adbc02

SHA1
effa16ce36c73c5ce49020fded94a840c6c35482

SHA256
5bf39b775220802f1e8f1f7fa5a2a704b28175f265e38d581af6a94f76117fcc

SHA512
72ad823cbdc302080ae645eb4d4de44b6080f9138e8683e830476295976b75c5dc4e7f3765ae435bf6d564ace7076b3470d8ff1226f5ce4d3a885fcaba30e66a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nscA724.tmp\GetVersion.dll

Filesize
5KB

MD5
b1e657d03702bfaedaddfa7547adbc02

SHA1
effa16ce36c73c5ce49020fded94a840c6c35482

SHA256
5bf39b775220802f1e8f1f7fa5a2a704b28175f265e38d581af6a94f76117fcc

SHA512
72ad823cbdc302080ae645eb4d4de44b6080f9138e8683e830476295976b75c5dc4e7f3765ae435bf6d564ace7076b3470d8ff1226f5ce4d3a885fcaba30e66a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nscA724.tmp\GetVersion.dll

Filesize
5KB

MD5
b1e657d03702bfaedaddfa7547adbc02

SHA1
effa16ce36c73c5ce49020fded94a840c6c35482

SHA256
5bf39b775220802f1e8f1f7fa5a2a704b28175f265e38d581af6a94f76117fcc

SHA512
72ad823cbdc302080ae645eb4d4de44b6080f9138e8683e830476295976b75c5dc4e7f3765ae435bf6d564ace7076b3470d8ff1226f5ce4d3a885fcaba30e66a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nscA724.tmp\GetVersion.dll

Filesize
5KB

MD5
b1e657d03702bfaedaddfa7547adbc02

SHA1
effa16ce36c73c5ce49020fded94a840c6c35482

SHA256
5bf39b775220802f1e8f1f7fa5a2a704b28175f265e38d581af6a94f76117fcc

SHA512
72ad823cbdc302080ae645eb4d4de44b6080f9138e8683e830476295976b75c5dc4e7f3765ae435bf6d564ace7076b3470d8ff1226f5ce4d3a885fcaba30e66a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nscA724.tmp\GetVersion.dll

Filesize
5KB

MD5
b1e657d03702bfaedaddfa7547adbc02

SHA1
effa16ce36c73c5ce49020fded94a840c6c35482

SHA256
5bf39b775220802f1e8f1f7fa5a2a704b28175f265e38d581af6a94f76117fcc

SHA512
72ad823cbdc302080ae645eb4d4de44b6080f9138e8683e830476295976b75c5dc4e7f3765ae435bf6d564ace7076b3470d8ff1226f5ce4d3a885fcaba30e66a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nscA724.tmp\GetVersion.dll

Filesize
5KB

MD5
b1e657d03702bfaedaddfa7547adbc02

SHA1
effa16ce36c73c5ce49020fded94a840c6c35482

SHA256
5bf39b775220802f1e8f1f7fa5a2a704b28175f265e38d581af6a94f76117fcc

SHA512
72ad823cbdc302080ae645eb4d4de44b6080f9138e8683e830476295976b75c5dc4e7f3765ae435bf6d564ace7076b3470d8ff1226f5ce4d3a885fcaba30e66a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nscA724.tmp\GetVersion.dll

Filesize
5KB

MD5
b1e657d03702bfaedaddfa7547adbc02

SHA1
effa16ce36c73c5ce49020fded94a840c6c35482

SHA256
5bf39b775220802f1e8f1f7fa5a2a704b28175f265e38d581af6a94f76117fcc

SHA512
72ad823cbdc302080ae645eb4d4de44b6080f9138e8683e830476295976b75c5dc4e7f3765ae435bf6d564ace7076b3470d8ff1226f5ce4d3a885fcaba30e66a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nscA724.tmp\GetVersion.dll

Filesize
5KB

MD5
b1e657d03702bfaedaddfa7547adbc02

SHA1
effa16ce36c73c5ce49020fded94a840c6c35482

SHA256
5bf39b775220802f1e8f1f7fa5a2a704b28175f265e38d581af6a94f76117fcc

SHA512
72ad823cbdc302080ae645eb4d4de44b6080f9138e8683e830476295976b75c5dc4e7f3765ae435bf6d564ace7076b3470d8ff1226f5ce4d3a885fcaba30e66a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nscA724.tmp\GetVersion.dll

Filesize
5KB

MD5
b1e657d03702bfaedaddfa7547adbc02

SHA1
effa16ce36c73c5ce49020fded94a840c6c35482

SHA256
5bf39b775220802f1e8f1f7fa5a2a704b28175f265e38d581af6a94f76117fcc

SHA512
72ad823cbdc302080ae645eb4d4de44b6080f9138e8683e830476295976b75c5dc4e7f3765ae435bf6d564ace7076b3470d8ff1226f5ce4d3a885fcaba30e66a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nscA724.tmp\GetVersion.dll

Filesize
5KB

MD5
b1e657d03702bfaedaddfa7547adbc02

SHA1
effa16ce36c73c5ce49020fded94a840c6c35482

SHA256
5bf39b775220802f1e8f1f7fa5a2a704b28175f265e38d581af6a94f76117fcc

SHA512
72ad823cbdc302080ae645eb4d4de44b6080f9138e8683e830476295976b75c5dc4e7f3765ae435bf6d564ace7076b3470d8ff1226f5ce4d3a885fcaba30e66a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nscA724.tmp\GetVersion.dll

Filesize
5KB

MD5
b1e657d03702bfaedaddfa7547adbc02

SHA1
effa16ce36c73c5ce49020fded94a840c6c35482

SHA256
5bf39b775220802f1e8f1f7fa5a2a704b28175f265e38d581af6a94f76117fcc

SHA512
72ad823cbdc302080ae645eb4d4de44b6080f9138e8683e830476295976b75c5dc4e7f3765ae435bf6d564ace7076b3470d8ff1226f5ce4d3a885fcaba30e66a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nscA724.tmp\InstallOptions.dll

Filesize
14KB

MD5
325b008aec81e5aaa57096f05d4212b5

SHA1
27a2d89747a20305b6518438eff5b9f57f7df5c3

SHA256
c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

SHA512
18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nscA724.tmp\InstallOptions.dll

Filesize
14KB

MD5
325b008aec81e5aaa57096f05d4212b5

SHA1
27a2d89747a20305b6518438eff5b9f57f7df5c3

SHA256
c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

SHA512
18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nscA724.tmp\StartMenu.dll

Filesize
7KB

MD5
a4173b381625f9f12aadb4e1cdaefdb8

SHA1
cf1680c2bc970d5675adbf5e89292a97e6724713

SHA256
7755ff2707ca19344d489a5acec02d9e310425fa6e100d2f13025761676b875b

SHA512
fcac79d42862da6bdd3ecad9d887a975cdff2301a8322f321be58f754a26b27077b452faa4751bbd09cd3371b4afce65255fbbb443e2c93dd2cba0ba652f4a82

Download Submit
C:\Users\Admin\AppData\Local\Temp\nscA724.tmp\StartMenu.dll

Filesize
7KB

MD5
a4173b381625f9f12aadb4e1cdaefdb8

SHA1
cf1680c2bc970d5675adbf5e89292a97e6724713

SHA256
7755ff2707ca19344d489a5acec02d9e310425fa6e100d2f13025761676b875b

SHA512
fcac79d42862da6bdd3ecad9d887a975cdff2301a8322f321be58f754a26b27077b452faa4751bbd09cd3371b4afce65255fbbb443e2c93dd2cba0ba652f4a82

Download Submit
C:\Users\Admin\AppData\Local\Temp\nscA724.tmp\StartMenu.dll

Filesize
7KB

MD5
a4173b381625f9f12aadb4e1cdaefdb8

SHA1
cf1680c2bc970d5675adbf5e89292a97e6724713

SHA256
7755ff2707ca19344d489a5acec02d9e310425fa6e100d2f13025761676b875b

SHA512
fcac79d42862da6bdd3ecad9d887a975cdff2301a8322f321be58f754a26b27077b452faa4751bbd09cd3371b4afce65255fbbb443e2c93dd2cba0ba652f4a82

Download Submit
C:\Users\Admin\AppData\Local\Temp\nscA724.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nscA724.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nscA724.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nscA724.tmp\UserInfo.dll

Filesize
4KB

MD5
7579ade7ae1747a31960a228ce02e666

SHA1
8ec8571a296737e819dcf86353a43fcf8ec63351

SHA256
564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5

SHA512
a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nscA724.tmp\UserInfo.dll

Filesize
4KB

MD5
7579ade7ae1747a31960a228ce02e666

SHA1
8ec8571a296737e819dcf86353a43fcf8ec63351

SHA256
564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5

SHA512
a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nscA724.tmp\file_associations.ini

Filesize
942B

MD5
ab4d3510c6468c8ecf648fe3f99a4016

SHA1
11071830c87eff6c1e683ed141d91fd83a1a3613

SHA256
02699947abc0359256bf5b8f6f1759bbd6d2cc7cbc4fdec24e962c38ea2e684c

SHA512
ab378cd73fef73e1ff09d86c21dc3077999b60c2ec03a45df23a53b2160b72580e3a6f62157cb267842e83f82792a8ea63a56af08d6daf6a725f606f65be3f52

Download Submit
C:\Users\Admin\AppData\Local\Temp\nscA724.tmp\file_associations.ini

Filesize
1KB

MD5
98a5c1251a4851585db9187c39245a87

SHA1
8074aadf21a74ab4b4b858b13e3f6ba5c536069d

SHA256
431ed5035a2b8c84f1f0af876614f5eeeac5219d1f424fe8209234a696ed0ec6

SHA512
368b2817438e01c543e9adf61ce47431fd21f309b630b210e8d03f6250d9db245362757b999b7927ae6e6539d07e81467fc2eabb3953f0a5abcf47c82df27021

Download Submit
C:\Users\Admin\AppData\Local\Temp\nscA724.tmp\file_associations.ini

Filesize
1KB

MD5
7b5011ba783f71b650ddceb3e92d8004

SHA1
7e0127d43dd3ee3f8d4a3b2e51183724019bed77

SHA256
66a867160948d4cad8689c15d045037bbfaff3c853b02bbae009503bc23238ba

SHA512
93c7125e5869eaeb30b9af2eaf5f0d5d3a93b36155774deb0ae7a0dccbb9000ec54a0d1674f5cb545cf9fe7e6d5e574c75c9ced030e20ded48a8778ec230cc9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nscA724.tmp\ioSpecial.ini

Filesize
801B

MD5
fd821eded9c708feaa43bf70aac7f76e

SHA1
07eba947fd7d1debcb968929f6a377becc982041

SHA256
6364f176ea62ce8a4cc11ce49b5b3c0a3aff04a860068862670c98efb339d566

SHA512
e38936df3de8f59eefd34822401bd9b20f751dcc2e8c93e5a7905d8eeba3774ea9843e9dc369c6a3ba2492ed051f9a18d9d8cad81d1158491d9f684d8b940c80

Download Submit
C:\Users\Admin\AppData\Local\Temp\nscA724.tmp\ioSpecial.ini

Filesize
624B

MD5
107add99bb90659d92a8e04c93da3fba

SHA1
ae39c6a5ba93ceabf48ac691b83236ff5f1e86b3

SHA256
2d20da4693ce9b0a568348522557a1333e52a0651e9ab4502acd6069d078ed43

SHA512
361c556f9d9500fd52fc730edf5dab1d78d65e52494a1d1fd2dfb5559e0a883fb62bfd719b5e3122209a0a70f9ff39122e37af545852f033a5a0641cc224ece2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nscA724.tmp\version.dll

Filesize
6KB

MD5
ebc5bb904cdac1c67ada3fa733229966

SHA1
3c6abfa0ddef7f3289f38326077a5041389b15d2

SHA256
3eba921ef649b71f98d9378dee8105b38d2464c9ccde37a694e4a0cd77d22a75

SHA512
fa71afcc166093fbd076a84f10d055f5a686618711d053ab60d8bd060e78cb2fdc15fa35f363822c9913413251c718d01ddd6432ab128816d98f9aabf5612c9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nscA724.tmp\version.dll

Filesize
6KB

MD5
ebc5bb904cdac1c67ada3fa733229966

SHA1
3c6abfa0ddef7f3289f38326077a5041389b15d2

SHA256
3eba921ef649b71f98d9378dee8105b38d2464c9ccde37a694e4a0cd77d22a75

SHA512
fa71afcc166093fbd076a84f10d055f5a686618711d053ab60d8bd060e78cb2fdc15fa35f363822c9913413251c718d01ddd6432ab128816d98f9aabf5612c9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nscA724.tmp\version.dll

Filesize
6KB

MD5
ebc5bb904cdac1c67ada3fa733229966

SHA1
3c6abfa0ddef7f3289f38326077a5041389b15d2

SHA256
3eba921ef649b71f98d9378dee8105b38d2464c9ccde37a694e4a0cd77d22a75

SHA512
fa71afcc166093fbd076a84f10d055f5a686618711d053ab60d8bd060e78cb2fdc15fa35f363822c9913413251c718d01ddd6432ab128816d98f9aabf5612c9f

Download Submit
C:\e3cba6698132502d1fbf940f\3082\SetupResources.dll

Filesize
18KB

MD5
b057315a8c04df29b7e4fd2b257b75f4

SHA1
d674d066df8d1041599fcbdb3ba113600c67ae93

SHA256
51b174ae7ee02d8e84c152d812e35f140a61814f3aecd64e0514c3950060e9fe

SHA512
f1cd510182de7bbf8d45068d1b3f72de58c7b419efc9768765df6c180ab3e2d94f3c058143095a66c05bcb70b589d1a5061e5fee566282e5db49ffbdea3c672f

Download Submit
C:\e3cba6698132502d1fbf940f\3082\SetupResources.dll

Filesize
18KB

MD5
b057315a8c04df29b7e4fd2b257b75f4

SHA1
d674d066df8d1041599fcbdb3ba113600c67ae93

SHA256
51b174ae7ee02d8e84c152d812e35f140a61814f3aecd64e0514c3950060e9fe

SHA512
f1cd510182de7bbf8d45068d1b3f72de58c7b419efc9768765df6c180ab3e2d94f3c058143095a66c05bcb70b589d1a5061e5fee566282e5db49ffbdea3c672f

Download Submit
C:\e3cba6698132502d1fbf940f\Setup.exe

Filesize
76KB

MD5
006f8a615020a4a17f5e63801485df46

SHA1
78c82a80ebf9c8bf0c996dd8bc26087679f77fea

SHA256
d273460aa4d42f0b5764383e2ab852ab9af6fecb3ed866f1783869f2f155d8be

SHA512
c603ed6f3611eb7049a43a190ed223445a9f7bd5651100a825917198b50c70011e950fa968d3019439afa0a416752517b1c181ee9445e02da3904f4e4b73ce76

Download Submit
C:\e3cba6698132502d1fbf940f\SetupEngine.dll

Filesize
788KB

MD5
84c1daf5f30ff99895ecab3a55354bcf

SHA1
7e25ba36bcc7deed89f3c9568016ddb3156c9c5a

SHA256
7a0d281fa802d615ea1207bd2e9ebb98f3b74f9833bba3cb964ba7c7e0fb67fd

SHA512
e4fb7e4d39f094463fdcdc4895ab2ea500eb51a32b6909cec80a526bbf34d5c0eb98f47ee256c0f0865bf3169374937f047bf5c4d6762779c8ca3332b4103be3

Download Submit
C:\e3cba6698132502d1fbf940f\SetupUi.dll

Filesize
288KB

MD5
eb881e3dddc84b20bd92abcec444455f

SHA1
e2c32b1c86d4f70e39de65e9ebc4f361b24ff4a1

SHA256
11565d97287c01d22ad2e46c78d8a822fa3e6524561d4c02dfc87e8d346c44e7

SHA512
5750cec73b36a3f19bfb055f880f3b6498a7ae589017333f6272d26f1c72c6f475a3308826268a098372bbb096b43fbd1e06e93eecc0a81046668228bc179a75

Download Submit
C:\e3cba6698132502d1fbf940f\sqmapi.dll

Filesize
141KB

MD5
3f0363b40376047eff6a9b97d633b750

SHA1
4eaf6650eca5ce931ee771181b04263c536a948b

SHA256
bd6395a58f55a8b1f4063e813ce7438f695b9b086bb965d8ac44e7a97d35a93c

SHA512
537be86e2f171e0b2b9f462ac7f62c4342beb5d00b68451228f28677d26a525014758672466ad15ed1fd073be38142dae478df67718908eae9e6266359e1f9e8

Download Submit
\??\c:\e3cba6698132502d1fbf940f\1028\LocalizedData.xml

Filesize
29KB

MD5
7fc06a77d9aafca9fb19fafa0f919100

SHA1
e565740e7d582cd73f8d3b12de2f4579ff18bb41

SHA256
a27f809211ea1a2d5224cd01101aa3a59bf7853168e45de28a16ef7ed6acd46a

SHA512
466dcc6a5fb015be1619f5725fa62ca46eb0fb428e11f93fd9d82e5df61c3950b3fb62d4db7746cc4a2be199e5e69eaa30b6f3354e0017cfa14d127fad52f8cf

Download Submit
\??\c:\e3cba6698132502d1fbf940f\1031\LocalizedData.xml

Filesize
40KB

MD5
b83c3803712e61811c438f6e98790369

SHA1
61a0bc59388786ced045acd82621bee8578cae5a

SHA256
2aa6e8d402e44d9ee895b18195f46bf90259de1b6f44efd46a7075b110f2dcd6

SHA512
e020f93e3a082476087e690ad051f1feb210e0915924bb4548cc9f53a7ee2760211890eb6036ce9e5e4a311abc0300e89e25efbbb894c2a621ffbc9d64cc8a38

Download Submit
\??\c:\e3cba6698132502d1fbf940f\1033\LocalizedData.xml

Filesize
38KB

MD5
d642e322d1e8b739510ca540f8e779f9

SHA1
36279c76d9f34c09ebddc84fd33fcc7d4b9a896c

SHA256
5d90345ff74e177f6da8fb6459c1cfcac080e698215ca75feb130d0d1f2a76b9

SHA512
e1e16ae14bc7cc1608e1a08d3c92b6d0518b5fabd27f2c0eb514c87afc3d6192bf7a793a583afc65f1899f03dc419263b29174456e1ec9ab0f0110e0258e0f0d

Download Submit
\??\c:\e3cba6698132502d1fbf940f\1036\LocalizedData.xml

Filesize
40KB

MD5
e382abc19294f779d2833287242e7bc6

SHA1
1ceae32d6b24a3832f9244f5791382865b668a72

SHA256
43f913ff28d677316f560a0f45221f35f27cfaf5fc5bd645974a82dca589edbf

SHA512
06054c8048cade36a3af54f9a07fd8fa5eb4f3228790996d2abea7ee1ee7eb563d46bd54ff97441f9610e778194082c44e66c5f566c9c50a042aba9eb9cae25e

Download Submit
\??\c:\e3cba6698132502d1fbf940f\1040\LocalizedData.xml

Filesize
39KB

MD5
0af948fe4142e34092f9dd47a4b8c275

SHA1
b3d6dd5c126280398d9055f90e2c2c26dbae4eaa

SHA256
c4c7c0ddaa6d6a3a1dc260e9c5a24bdfaa98c427c69e8a65427dd7cac0a4b248

SHA512
d97b5fe2553ca78a3019d53e33d2db80c9fa1cf1d8d2501d9ddf0576c7e6ea38dab754fe4712123abf34b97e10b18fb4bbd1c76d3dacb87b4682e501f93423d9

Download Submit
\??\c:\e3cba6698132502d1fbf940f\1041\LocalizedData.xml

Filesize
33KB

MD5
7fcfbc308b0c42dcbd8365ba62bada05

SHA1
18a0f0e89b36818c94de0ad795cc593d0e3e29a9

SHA256
01e7d24dd8e00b5c333e96d1bb83813e02e96f89aad0c2f28f84551d28abbbe2

SHA512
cd6f912a037e86d9e1982c73f0f8b3c4d5a9a6b5b108a7b89a46e6691e430a7cb55718de9a0c05650bb194c8d4a2e309ad6221d638cfca8e16aa5920881ba649

Download Submit
\??\c:\e3cba6698132502d1fbf940f\1042\LocalizedData.xml

Filesize
32KB

MD5
71dfd70ae141f1d5c1366cb661b354b2

SHA1
c4b22590e6f6dd5d39e5158b831ae217ce17a776

SHA256
cccda55294aeb4af166a8c0449bca2189ddf5aa9a43d5e939dd3803e61738331

SHA512
5000d62f3de41c3fb0ed8a8e9c37dbf4eb427c4f1e3ad3823d4716c6fe62250bac11b7987a302b8a45d91aabcf332457f7aff7d99f15edeffe540639e9440e8a

Download Submit
\??\c:\e3cba6698132502d1fbf940f\1049\LocalizedData.xml

Filesize
39KB

MD5
0eeb554d0b9f9fcdb22401e2532e9cd0

SHA1
08799520b72a1ef92ac5b94a33509d1eddf6caf8

SHA256
beef0631c17a4fb1ff0b625c50c6cb6c8ce90a1ae62c5e60e14bf3d915ad509c

SHA512
2180e46a5a2ea1f59c879b729806ca02a232c66660f29c338c1fa7fbee2afa4b13d8777d1f7b63cf831eb42f3e55282d70aa8e53f40616b8a6e4d695c36e313d

Download Submit
\??\c:\e3cba6698132502d1fbf940f\2052\LocalizedData.xml

Filesize
30KB

MD5
52b1dc12ce4153aa759fb3bbe04d01fc

SHA1
bf21f8591c473d1fce68a9faf1e5942f486f6eba

SHA256
d1735c8cfd8e10ba019d70818c19fa865e7c72f30ab6421a3748408f85fb96c3

SHA512
418903ae9a7baebf73d055e4774ff1917fbaab9ee7ed8c120c34bb10e7303f6dd7b7dae701596d4626387a30ae1b4d329a9af49b8718b360e2ff619c56c19623

Download Submit
\??\c:\e3cba6698132502d1fbf940f\3082\LocalizedData.xml

Filesize
39KB

MD5
5397a12d466d55d566b4209e0e4f92d3

SHA1
fcffd8961fb487995543fc173521fdf5df6e243b

SHA256
f124d318138ff084b6484deb354cca0f72296e1341bf01169792b3e060c89e89

SHA512
7708f5a2ad3e4c90c4c216600435af87a1557f60caf880a3dd9b5f482e17399af9f0b9de03ff1dbdd210583e0fec5b466e35794ac24d6d37f9bbc094e52fc77b

Download Submit
\??\c:\e3cba6698132502d1fbf940f\3082\SetupResources.dll

Filesize
18KB

MD5
b057315a8c04df29b7e4fd2b257b75f4

SHA1
d674d066df8d1041599fcbdb3ba113600c67ae93

SHA256
51b174ae7ee02d8e84c152d812e35f140a61814f3aecd64e0514c3950060e9fe

SHA512
f1cd510182de7bbf8d45068d1b3f72de58c7b419efc9768765df6c180ab3e2d94f3c058143095a66c05bcb70b589d1a5061e5fee566282e5db49ffbdea3c672f

Download Submit
\??\c:\e3cba6698132502d1fbf940f\DHTMLHeader.html

Filesize
15KB

MD5
cd131d41791a543cc6f6ed1ea5bd257c

SHA1
f42a2708a0b42a13530d26515274d1fcdbfe8490

SHA256
e139af8858fe90127095ac1c4685bcd849437ef0df7c416033554703f5d864bb

SHA512
a6ee9af8f8c2c7acd58dd3c42b8d70c55202b382ffc5a93772af7bf7d7740c1162bb6d38a4307b1802294a18eb52032d410e128072af7d4f9d54f415be020c9a

Download Submit
\??\c:\e3cba6698132502d1fbf940f\ParameterInfo.xml

Filesize
8KB

MD5
66590f13f4c9ba563a9180bdf25a5b80

SHA1
d6d9146faeec7824b8a09dd6978e5921cc151906

SHA256
bf787b8c697ce418f9d4c07260f56d1145ca70db1cc4b1321d37840837621e8f

SHA512
aba67c66c2f3d9b3c9d71d64511895f15f696be8be0eedd2d6908e1203c4b0cf318b366f9f3cd9c3b3b8c0770462f83e6eea73e304c43f88d0cbedf69e7c92b3

Download Submit
\??\c:\e3cba6698132502d1fbf940f\Setup.exe

Filesize
76KB

MD5
006f8a615020a4a17f5e63801485df46

SHA1
78c82a80ebf9c8bf0c996dd8bc26087679f77fea

SHA256
d273460aa4d42f0b5764383e2ab852ab9af6fecb3ed866f1783869f2f155d8be

SHA512
c603ed6f3611eb7049a43a190ed223445a9f7bd5651100a825917198b50c70011e950fa968d3019439afa0a416752517b1c181ee9445e02da3904f4e4b73ce76

Download Submit
\??\c:\e3cba6698132502d1fbf940f\SetupEngine.dll

Filesize
788KB

MD5
84c1daf5f30ff99895ecab3a55354bcf

SHA1
7e25ba36bcc7deed89f3c9568016ddb3156c9c5a

SHA256
7a0d281fa802d615ea1207bd2e9ebb98f3b74f9833bba3cb964ba7c7e0fb67fd

SHA512
e4fb7e4d39f094463fdcdc4895ab2ea500eb51a32b6909cec80a526bbf34d5c0eb98f47ee256c0f0865bf3169374937f047bf5c4d6762779c8ca3332b4103be3

Download Submit
\??\c:\e3cba6698132502d1fbf940f\SetupUi.dll

Filesize
288KB

MD5
eb881e3dddc84b20bd92abcec444455f

SHA1
e2c32b1c86d4f70e39de65e9ebc4f361b24ff4a1

SHA256
11565d97287c01d22ad2e46c78d8a822fa3e6524561d4c02dfc87e8d346c44e7

SHA512
5750cec73b36a3f19bfb055f880f3b6498a7ae589017333f6272d26f1c72c6f475a3308826268a098372bbb096b43fbd1e06e93eecc0a81046668228bc179a75

Download Submit
\??\c:\e3cba6698132502d1fbf940f\SetupUi.xsd

Filesize
29KB

MD5
2fadd9e618eff8175f2a6e8b95c0cacc

SHA1
9ab1710a217d15b192188b19467932d947b0a4f8

SHA256
222211e8f512edf97d78bc93e1f271c922d5e91fa899e092b4a096776a704093

SHA512
a3a934a8572ff9208d38cf381649bd83de227c44b735489fd2a9dc5a636ead9bb62459c9460ee53f61f0587a494877cd3a3c2611997be563f3137f8236ffc4ca

Download Submit
\??\c:\e3cba6698132502d1fbf940f\Strings.xml

Filesize
13KB

MD5
332adf643747297b9bfa9527eaefe084

SHA1
670f933d778eca39938a515a39106551185205e9

SHA256
e49545feeae22198728ad04236e31e02035af7cc4d68e10cbecffd08669cbeca

SHA512
bea95ce35c4c37b4b2e36cc1e81fc297cc4a8e17b93f10423a02b015ddb593064541b5eb7003560fbeee512ed52869a113a6fb439c1133af01f884a0db0344b0

Download Submit
\??\c:\e3cba6698132502d1fbf940f\UiInfo.xml

Filesize
35KB

MD5
812f8d2e53f076366fa3a214bb4cf558

SHA1
35ae734cfb99bb139906b5f4e8efbf950762f6f0

SHA256
0d36a884a8381778bea71f5f9f0fc60cacadebd3f814679cb13414b8e7dbc283

SHA512
1dcc3ef8c390ca49fbcd50c02accd8cc5700db3594428e2129f79feb81e4cbbeef1b4a10628b2cd66edf31a69ed39ca2f4e252ad8aa13d2f793fca5b9a1eaf23

Download Submit
\??\c:\e3cba6698132502d1fbf940f\graphics\Rotate1.ico

Filesize
894B

MD5
26a00597735c5f504cf8b3e7e9a7a4c1

SHA1
d913cb26128d5ca1e1ac3dab782de363c9b89934

SHA256
37026c4ea2182d7908b3cf0cef8a6f72bddca5f1cfbc702f35b569ad689cf0af

SHA512
08cefc5a2b625f261668f70cc9e1536dc4878d332792c751884526e49e7fee1ecfa6fccfddf7be80910393421cc088c0fd0b0c27c7a7eff2ae03719e06022fdf

Download Submit
\??\c:\e3cba6698132502d1fbf940f\graphics\Rotate2.ico

Filesize
894B

MD5
8419caa81f2377e09b7f2f6218e505ae

SHA1
2cf5ad8c8da4f1a38aab433673f4dddc7ae380e9

SHA256
db89d8a45c369303c04988322b2774d2c7888da5250b4dab2846deef58a7de22

SHA512
74e504d2c3a8e82925110b7cfb45fde8a4e6df53a188e47cf22d664cbb805eba749d2db23456fc43a86e57c810bc3d9166e7c72468fbd736da6a776f8ca015d1

Download Submit
\??\c:\e3cba6698132502d1fbf940f\graphics\Rotate3.ico

Filesize
894B

MD5
924fd539523541d42dad43290e6c0db5

SHA1
19a161531a2c9dbc443b0f41b97cbde7375b8983

SHA256
02a7fe932029c6fa24d1c7cc06d08a27e84f43a0cbc47b7c43cac59424b3d1f6

SHA512
86a4c5d981370efa20183cc4a52c221467692e91539ac38c8def1cc200140f6f3d9412b6e62faf08ca6668df401d8b842c61b1f3c2a4c4570f3b2cec79c9ee8b

Download Submit
\??\c:\e3cba6698132502d1fbf940f\graphics\Rotate4.ico

Filesize
894B

MD5
bb55b5086a9da3097fb216c065d15709

SHA1
1206c708bd08231961f17da3d604a8956addccfe

SHA256
8d82ff7970c9a67da8134686560fe3a6c986a160ced9d1cc1392f2ba75c698ab

SHA512
de9226064680da6696976a4a320e08c41f73d127fbb81bf142048996df6206ddb1c2fe347c483cc8e0e50a00dab33db9261d03f1cd7ca757f5ca7bb84865fca9

Download Submit
\??\c:\e3cba6698132502d1fbf940f\graphics\Rotate5.ico

Filesize
894B

MD5
3b4861f93b465d724c60670b64fccfcf

SHA1
c672d63c62e00e24fbb40da96a0cc45b7c5ef7f0

SHA256
7237051d9af5db972a1fecf0b35cd8e9021471740782b0dbf60d3801dc9f5f75

SHA512
2e798b0c9e80f639571525f39c2f50838d5244eeda29b18a1fae6c15d939d5c8cd29f6785d234b54bda843a645d1a95c7339707991a81946b51f7e8d5ed40d2c

Download Submit
\??\c:\e3cba6698132502d1fbf940f\graphics\Rotate6.ico

Filesize
894B

MD5
70006bf18a39d258012875aefb92a3d1

SHA1
b47788f3f8c5c305982eb1d0e91c675ee02c7beb

SHA256
19abcedf93d790e19fb3379cb3b46371d3cbff48fe7e63f4fdcc2ac23a9943e4

SHA512
97fdbdd6efadbfb08161d8546299952470228a042bd2090cd49896bc31ccb7c73dab8f9de50cdaf6459f7f5c14206af7b90016deeb1220943d61c7324541fe2c

Download Submit
\??\c:\e3cba6698132502d1fbf940f\graphics\Rotate7.ico

Filesize
894B

MD5
fb4dfebe83f554faf1a5cec033a804d9

SHA1
6c9e509a5d1d1b8d495bbc8f57387e1e7e193333

SHA256
4f46a9896de23a92d2b5f963bcfb3237c3e85da05b8f7660641b3d1d5afaae6f

SHA512
3caeb21177685b9054b64dec997371c4193458ff8607bce67e4fbe72c4af0e6808d344dd0d59d3d0f5ce00e4c2b8a4ffca0f7d9352b0014b9259d76d7f03d404

Download Submit
\??\c:\e3cba6698132502d1fbf940f\graphics\Rotate8.ico

Filesize
894B

MD5
d1c53003264dce4effaf462c807e2d96

SHA1
92562ad5876a5d0cb35e2d6736b635cb5f5a91d9

SHA256
5fb03593071a99c7b3803fe8424520b8b548b031d02f2a86e8f5412ac519723c

SHA512
c34f8c05a50dc0de644d1f9d97696cdb0a1961c7c7e412eb3df2fd57bbd34199cf802962ca6a4b5445a317d9c7875e86e8e62f6c1df8cc3415afc0bd26e285bd

Download Submit
\??\c:\e3cba6698132502d1fbf940f\graphics\print.ico

Filesize
1KB

MD5
7e55ddc6d611176e697d01c90a1212cf

SHA1
e2620da05b8e4e2360da579a7be32c1b225deb1b

SHA256
ff542e32330b123486797b410621e19eafb39df3997e14701afa4c22096520ed

SHA512
283d381aa396820b7e15768b20099d67688da1f6315ec9f7938c2fcc3167777502cded0d1beddf015a34cc4e5d045bcb665ffd28ba2fbb6faf50fdd38b31d16e

Download Submit
\??\c:\e3cba6698132502d1fbf940f\graphics\save.ico

Filesize
1KB

MD5
7d62e82d960a938c98da02b1d5201bd5

SHA1
194e96b0440bf8631887e5e9d3cc485f8e90fbf5

SHA256
ae041c8764f56fd89277b34982145d16fc59a4754d261c861b19371c3271c6e5

SHA512
ab06b2605f0c1f6b71ef69563c0c977d06c6ea84d58ef7f2baecba566d6037d1458c2b58e6bfd70ddef47dccbdea6d9c2f2e46dea67ea9e92457f754d7042f67

Download Submit
\??\c:\e3cba6698132502d1fbf940f\graphics\setup.ico

Filesize
35KB

MD5
3d25d679e0ff0b8c94273dcd8b07049d

SHA1
a517fc5e96bc68a02a44093673ee7e076ad57308

SHA256
288e9ad8f0201e45bc187839f15aca79d6b9f76a7d3c9274c80f5d4a4c219c0f

SHA512
3bde668004ca7e28390862d0ae9903c756c16255bdbb3f7e73a5b093ce6a57a3165d6797b0a643b254493149231aca7f7f03e0af15a0cbe28aff02f0071ec255

Download Submit
\??\c:\e3cba6698132502d1fbf940f\header.bmp

Filesize
7KB

MD5
3ad1a8c3b96993bcdf45244be2c00eef

SHA1
308f98e199f74a43d325115a8e7072d5f2c6202d

SHA256
133b86a4f1c67a159167489fdaeab765bfa1050c23a7ae6d5c517188fb45f94a

SHA512
133442c4a65269f817675adf01adcf622e509aa7ec7583bca8cd9a7eb6018d2aab56066054f75657038efb947cd3b3e5dc4fe7f0863c8b3b1770a8fa4fe2e658

Download Submit
\??\c:\e3cba6698132502d1fbf940f\sqmapi.dll

Filesize
141KB

MD5
3f0363b40376047eff6a9b97d633b750

SHA1
4eaf6650eca5ce931ee771181b04263c536a948b

SHA256
bd6395a58f55a8b1f4063e813ce7438f695b9b086bb965d8ac44e7a97d35a93c

SHA512
537be86e2f171e0b2b9f462ac7f62c4342beb5d00b68451228f28677d26a525014758672466ad15ed1fd073be38142dae478df67718908eae9e6266359e1f9e8

Download Submit
\??\c:\e3cba6698132502d1fbf940f\vc_red.cab

Filesize
4.0MB

MD5
6c59fecf51931fb4540e571ae0310098

SHA1
db5b0e9f7d20d2b1ccd61320ecca7a60e118619b

SHA256
08e4d5bad48c0203fdf02fdc28794f820dfb1d4480bdcac562e7bc6e15ffaad3

SHA512
d9cc7c6ef54105c981aacaafde890019af766b53417e765fa7636c3b8a4400ce6f987ccef1a54b4521412a8e45c011476c065cebc892688aeed1b027e3e761ba

Download Submit
\??\c:\e3cba6698132502d1fbf940f\vc_red.msi

Filesize
151KB

MD5
cd2b99bb86ba6a499110c72b78b9324e

SHA1
7a288418b36e681093b33dc169e4d27c2ee33edd

SHA256
41f6b61e0c070c86e32d8777629dfc8e860848865fefa0ba7d69e9fef0a3b174

SHA512
17174b8f0186f05be1e20215aafd64797ec4f831a0d3e0e97ade3f0a25cb6f78d1d8bf568dfea1b2de2add3a9d64aaa5b4319f7927301d5d73bbab1b0eaae3d5

Download Submit
\??\c:\e3cba6698132502d1fbf940f\watermark.bmp

Filesize
301KB

MD5
1a5caafacfc8c7766e404d019249cf67

SHA1
35d4878db63059a0f25899f4be00b41f430389bf

SHA256
2e87d5742413254db10f7bd0762b6cdb98ff9c46ca9acddfd9b1c2e5418638f2

SHA512
202c13ded002d234117f08b18ca80d603246e6a166e18ba422e30d394ada7e47153dd3cce9728affe97128fdd797fe6302c74dc6882317e2ba254c8a6db80f46

Download Submit
memory/732-810-0x0000000003680000-0x0000000003681000-memory.dmp

Filesize
4KB

Download
memory/3776-1115-0x00000000045E0000-0x0000000004619000-memory.dmp

Filesize
228KB

Download
memory/3776-1112-0x00000000014C0000-0x00000000014EF000-memory.dmp

Filesize
188KB

Download
memory/3776-1111-0x00000000014A0000-0x00000000014B2000-memory.dmp

Filesize
72KB

Download
memory/3776-1108-0x0000000001390000-0x00000000013AE000-memory.dmp

Filesize
120KB

Download
memory/3776-1103-0x00000000011A0000-0x00000000011DD000-memory.dmp

Filesize
244KB

Download
memory/3776-1104-0x00000000011F0000-0x0000000001246000-memory.dmp

Filesize
344KB

Download
memory/3776-1098-0x0000000000CB0000-0x0000000000CBC000-memory.dmp

Filesize
48KB

Download
memory/3776-1099-0x0000000000BB0000-0x0000000000C98000-memory.dmp

Filesize
928KB

Download
memory/3776-1100-0x0000000000CD0000-0x0000000001181000-memory.dmp

Filesize
4.7MB

Download
memory/3776-1097-0x0000000000B50000-0x0000000000B80000-memory.dmp

Filesize
192KB

Download
memory/4300-1072-0x0000000003DC0000-0x0000000003DCF000-memory.dmp

Filesize
60KB

Download
memory/4300-1059-0x0000000001340000-0x000000000135E000-memory.dmp

Filesize
120KB

Download
memory/4300-1064-0x0000000001450000-0x0000000001467000-memory.dmp

Filesize
92KB

Download
memory/4300-1066-0x00000000014D0000-0x00000000014E2000-memory.dmp

Filesize
72KB

Download
memory/4300-1067-0x0000000001480000-0x00000000014AF000-memory.dmp

Filesize
188KB

Download
memory/4300-1070-0x0000000003DC0000-0x0000000003DF9000-memory.dmp

Filesize
228KB

Download
memory/4300-1062-0x0000000001370000-0x00000000013AD000-memory.dmp

Filesize
244KB

Download
memory/4300-1078-0x0000000003DC0000-0x0000000003DD4000-memory.dmp

Filesize
80KB

Download
memory/4300-1084-0x0000000003DC0000-0x0000000003DCE000-memory.dmp

Filesize
56KB

Download
memory/4300-1086-0x0000000003E20000-0x0000000003EFC000-memory.dmp

Filesize
880KB

Download
memory/4300-1056-0x00000000012E0000-0x0000000001336000-memory.dmp

Filesize
344KB

Download
memory/4300-1054-0x0000000000E10000-0x00000000012C1000-memory.dmp

Filesize
4.7MB

Download
memory/4300-1055-0x0000000000D00000-0x0000000000DE8000-memory.dmp

Filesize
928KB

Download
memory/4300-1051-0x0000000000CD0000-0x0000000000D00000-memory.dmp

Filesize
192KB

Download
memory/4300-1053-0x0000000000E00000-0x0000000000E0C000-memory.dmp

Filesize
48KB

Download
memory/4900-1052-0x00000000039A0000-0x00000000039A7000-memory.dmp

Filesize
28KB

Download
memory/4900-165-0x00000000039A0000-0x00000000039AC000-memory.dmp

Filesize
48KB

Download
memory/4900-231-0x00000000039A0000-0x00000000039AC000-memory.dmp

Filesize
48KB

Download
memory/4900-257-0x00000000039A0000-0x00000000039AC000-memory.dmp

Filesize
48KB

Download
memory/4900-357-0x00000000039A0000-0x00000000039AC000-memory.dmp

Filesize
48KB

Download