04a7eb25c4e242a14ab6876874265b85c64525ce48384be4ce830174191adc4e

Analysis

max time kernel
119s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
29/10/2023, 10:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

QuickCpuSetup-4.7.0.0-x64.msi
Size

33.7MB
MD5

09868211a3d77eb96ec66f1dfea8a4fd
SHA1

d2726ed4ffab409efe11acfbc9a902c5df78ba1f
SHA256

04a7eb25c4e242a14ab6876874265b85c64525ce48384be4ce830174191adc4e
SHA512

447fd56797d93225bae21ced9d8b40fd65c0f037c302b0155b695f907e73a135bbe2248cd5ad4e96760198ef5728df034ecfda8381cb8d1549bc0d71429b4410
SSDEEP

786432:q9oRjlZKESVAUNr8DMUZypoCtf+fZKHRrX/8:q9oRDKEs4LZypBA6o

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4864	QuickCPU.exe

Loads dropped DLL 7 IoCs

pid	Process
4056	MsiExec.exe
4380	MsiExec.exe
4056	MsiExec.exe
4864	QuickCPU.exe
4864	QuickCPU.exe
4864	QuickCPU.exe
4864	QuickCPU.exe

Blocklisted process makes network request 3 IoCs

flow	pid	Process
9	1660	msiexec.exe
12	1660	msiexec.exe
18	1660	msiexec.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe

Drops file in Program Files directory 47 IoCs

description	ioc	Process
File created	C:\Program Files\QuickCPU\icon.ico	msiexec.exe
File created	C:\Program Files\QuickCPU\DevExpress.Charts.v22.2.Core.dll	msiexec.exe
File created	C:\Program Files\QuickCPU\DevExpress.RichEdit.v22.2.Export.dll	msiexec.exe
File created	C:\Program Files\QuickCPU\Inframgmtlib.dll	msiexec.exe
File created	C:\Program Files\QuickCPU\Microsoft.Win32.TaskScheduler.dll	msiexec.exe
File created	C:\Program Files\QuickCPU\x86\SQLite.Interop.dll	msiexec.exe
File created	C:\Program Files\QuickCPU\DevExpress.Utils.v22.2.dll	msiexec.exe
File created	C:\Program Files\QuickCPU\DevExpress.XtraGrid.v22.2.dll	msiexec.exe
File created	C:\Program Files\QuickCPU\DevExpress.XtraPrinting.v22.2.dll	msiexec.exe
File created	C:\Program Files\QuickCPU\wccpmnativeapi.dll	msiexec.exe
File created	C:\Program Files\QuickCPU\hwdlink.sys	QuickCPU.exe
File opened for modification	C:\Program Files\QuickCPU\ApplicationLogs.txt.txt	QuickCPU.exe
File created	C:\Program Files\QuickCPU\DevExpress.Pdf.v22.2.Drawing.dll	msiexec.exe
File created	C:\Program Files\QuickCPU\DevExpress.Utils.v22.2.UI.dll	msiexec.exe
File created	C:\Program Files\QuickCPU\DevExpress.XtraBars.v22.2.dll	msiexec.exe
File created	C:\Program Files\QuickCPU\DevExpress.XtraDialogs.v22.2.dll	msiexec.exe
File created	C:\Program Files\QuickCPU\DevExpress.XtraEditors.v22.2.dll	msiexec.exe
File created	C:\Program Files\QuickCPU\Hwmgmtlib.dll	msiexec.exe
File created	C:\Program Files\QuickCPU\QcCustomSkins.dll	msiexec.exe
File created	C:\Program Files\QuickCPU\DevExpress.Data.v22.2.dll	msiexec.exe
File created	C:\Program Files\QuickCPU\DevExpress.Office.v22.2.Core.dll	msiexec.exe
File created	C:\Program Files\QuickCPU\DevExpress.RichEdit.v22.2.Core.dll	msiexec.exe
File created	C:\Program Files\QuickCPU\DevExpress.XtraCharts.v22.2.Extensions.dll	msiexec.exe
File created	C:\Program Files\QuickCPU\MetroFramework.dll	msiexec.exe
File created	C:\Program Files\QuickCPU\Newtonsoft.Json.dll	msiexec.exe
File created	C:\Program Files\QuickCPU\System.Data.SQLite.dll	msiexec.exe
File created	C:\Program Files\QuickCPU\QuickCPU.exe.config	msiexec.exe
File created	C:\Program Files\QuickCPU\DevExpress.Data.Desktop.v22.2.dll	msiexec.exe
File created	C:\Program Files\QuickCPU\DevExpress.Printing.v22.2.Core.dll	msiexec.exe
File created	C:\Program Files\QuickCPU\DevExpress.Sparkline.v22.2.Core.dll	msiexec.exe
File created	C:\Program Files\QuickCPU\DevExpress.XtraCharts.v22.2.UI.dll	msiexec.exe
File created	C:\Program Files\QuickCPU\DevExpress.XtraCharts.v22.2.Wizard.dll	msiexec.exe
File created	C:\Program Files\QuickCPU\DevExpress.XtraLayout.v22.2.dll	msiexec.exe
File created	C:\Program Files\QuickCPU\QuickCPU.exe	msiexec.exe
File created	C:\Program Files\QuickCPU\x64\SQLite.Interop.dll	msiexec.exe
File created	C:\Program Files\QuickCPU\Dapper.dll	msiexec.exe
File created	C:\Program Files\QuickCPU\DevExpress.Dialogs.v22.2.Core.dll	msiexec.exe
File created	C:\Program Files\QuickCPU\DevExpress.Drawing.v22.2.dll	msiexec.exe
File created	C:\Program Files\QuickCPU\DevExpress.Pdf.v22.2.Core.dll	msiexec.exe
File created	C:\Program Files\QuickCPU\DevExpress.XtraGauges.v22.2.Core.dll	msiexec.exe
File opened for modification	C:\Program Files\QuickCPU\hwdlink.sys	QuickCPU.exe
File created	C:\Program Files\QuickCPU\DevExpress.XtraCharts.v22.2.dll	msiexec.exe
File created	C:\Program Files\QuickCPU\DevExpress.XtraRichEdit.v22.2.dll	msiexec.exe
File created	C:\Program Files\QuickCPU\DevExpress.XtraTreeList.v22.2.dll	msiexec.exe
File created	C:\Program Files\QuickCPU\log4net.dll	msiexec.exe
File created	C:\Program Files\QuickCPU\DevExpress.XtraGauges.v22.2.Win.dll	msiexec.exe
File created	C:\Program Files\QuickCPU\DevExpress.XtraNavBar.v22.2.dll	msiexec.exe

Drops file in Windows directory 11 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\{B21672C7-B575-41EE-997C-B7D4EA5FB172}\icon.ico	msiexec.exe
File created	C:\Windows\Installer\e58392e.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e58392c.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI3B2F.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{B21672C7-B575-41EE-997C-B7D4EA5FB172}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI3DB1.tmp	msiexec.exe
File created	C:\Windows\Installer\e58392c.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\{B21672C7-B575-41EE-997C-B7D4EA5FB172}\icon.ico	msiexec.exe

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000000299f28d78dcfadf0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800000299f28d0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809000299f28d000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d0299f28d000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000299f28d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1A\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1b	msiexec.exe

Modifies registry class 23 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7C27612B575BEE1499C77B4DAEF51B27\DeploymentFlags = "3"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\557AD491DA5DD1F4ABB3F8F55AF72DB6	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\557AD491DA5DD1F4ABB3F8F55AF72DB6\7C27612B575BEE1499C77B4DAEF51B27	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7C27612B575BEE1499C77B4DAEF51B27\SourceList\Media	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7C27612B575BEE1499C77B4DAEF51B27\Version = "67567616"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7C27612B575BEE1499C77B4DAEF51B27	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7C27612B575BEE1499C77B4DAEF51B27\ProductName = "Quick CPU x64"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7C27612B575BEE1499C77B4DAEF51B27\PackageCode = "EA2871524DD887F43944223081BBEA38"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7C27612B575BEE1499C77B4DAEF51B27\AdvertiseFlags = "388"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7C27612B575BEE1499C77B4DAEF51B27\ProductIcon = "C:\\Windows\\Installer\\{B21672C7-B575-41EE-997C-B7D4EA5FB172}\\icon.ico"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7C27612B575BEE1499C77B4DAEF51B27\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7C27612B575BEE1499C77B4DAEF51B27\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\7C27612B575BEE1499C77B4DAEF51B27\ProductFeature	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7C27612B575BEE1499C77B4DAEF51B27\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7C27612B575BEE1499C77B4DAEF51B27\SourceList\Media\1 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7C27612B575BEE1499C77B4DAEF51B27\SourceList\PackageName = "QuickCpuSetup-4.7.0.0-x64.msi"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7C27612B575BEE1499C77B4DAEF51B27\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7C27612B575BEE1499C77B4DAEF51B27\AuthorizedLUAApp = "0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7C27612B575BEE1499C77B4DAEF51B27\Language = "1033"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7C27612B575BEE1499C77B4DAEF51B27\Assignment = "1"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7C27612B575BEE1499C77B4DAEF51B27\InstanceType = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\7C27612B575BEE1499C77B4DAEF51B27\SourceList	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\7C27612B575BEE1499C77B4DAEF51B27	msiexec.exe

Modifies system certificate store 2 TTPs 7 IoCs

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\329B78A5C9EBC2043242DE90CE1B7C6B1BA6C692	QuickCPU.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\329B78A5C9EBC2043242DE90CE1B7C6B1BA6C692\Blob = 030000000100000014000000329b78a5c9ebc2043242de90ce1b7c6b1ba6c69214000000010000001400000032eb929aff3596482f284042702036915c1785e60400000001000000100000002aa320982e00193fad3bd0ea5406e4cd0f0000000100000030000000a229d2722bc6091d73b1d979b81088c977cb028a6f7cbf264bb81d5cc8f099f87d7c296e48bf09d7ebe275f5498661a41900000001000000100000000e8c3d8a006eb5c23a7725464ad10a8c5c0000000100000004000000001000001800000001000000100000002aa1c05e2ae606f198c2c5e937c97aa22000000001000000730500003082056f30820457a003020102021048fc93b46055948d36a7c98a89d69416300d06092a864886f70d01010c0500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3231303532353030303030305a170d3238313233313233353935395a3056310b300906035504061302474231183016060355040a130f5365637469676f204c696d69746564312d302b060355040313245365637469676f205075626c696320436f6465205369676e696e6720526f6f742052343630820222300d06092a864886f70d01010105000382020f003082020a02820201008de79412220424742eff162302928ab6ae3685ac47d423912b3edc7de231a0516fac8491e3528ab5e296ded0876324898affef12933b7dbbb68abdbd057f279b6b65d3a50c69b1bc49399af16d6eaae4a08327da9a0d2b50e94b5bb3b86436a47e4a3da971ab61b373b33c0b0cefdb3357e5be3437e3971b5dfd1f123d820376e6fb3f66d2943169fa6db334acc17a78dc9250f264c7aa2d04abc36aeae02fa7a7dc6ed7e8ffda21ab40bfb9ee0d9ec6d99e99efc6de1fa90c76b32720a1d6bafd80e701d2efeb822995708dffbb15cffed10f36a22e4f329074466b4735137705334f632eb82de1bf65a7046b18d871facc08f26d899910b1addb3e2ce4aa18b0c607017567de6de963631e367f6989beaa453e6e5a5f8fa15bcb9d308630e803b340c60d0f38cd67a85388fab83065fa6fc7e71db18374693eacc4683bb1e667339ab608e080054840eef6826446a8f573b00695f26c659fbf555b1c9c571ac778467c70aa941b8217ac87e9b6c90e811c40d6161729fc5c9c182bea45f5efbdd5674f285e05ee904c7ae7c6f4d0fcfacd3e32461320368a04eab7aa07469c0d933a096699585c29a3b90ca630383cd04636357c9cbaeec3d5f90a76fa7e051b40ca9235e9d57ad1b57f00aea990aac57f019c10b116fccc6e18dc6f62fea650a7b87bb89d153ffe200c75c8225a1395199000e91ad5c286f1e38eec5ff4e50203010001a38201123082010e301f0603551d23041830168014a0110a233e96f107ece2af29ef82a57fd030a4b4301d0603551d0e0416041432eb929aff3596482f284042702036915c1785e6300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30130603551d25040c300a06082b06010505070303301b0603551d200414301230060604551d20003008060667810c01040130430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010c0500038201010012bfa1ef8b749a9844b86946b5ab240a0ca48a67b83a81bf458a7d5207a88d1f4e218539a36b5e2d2086bf10b8ae793b53cdb4fbd844be06d95c6367d44016874486722ad63215f51283c2f9e15d114067f6422772c523e202381a4c20e2db01f7cd464f26a27c66c05136b6890254c7fc58fb6c00eefe98a62e95a10c53291f6fd819a64f9ef7ac09ea5d82c68baf80a7bd8148528431da32ec15e4a64c3d6c3973d40b853920e0851a68e1a74838a9d1362577c18d1916c5884c667d2f63ce98e869dfac3ca85d9dc91c5baed8f32f74cfb87ef6d7839d1196629aae4513da7fdc47fbdfc3529fe60655e99d8cf23a6251bcec240f29d4588084e4457b5ad8	QuickCPU.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	QuickCPU.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	QuickCPU.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	QuickCPU.exe
Key created	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\0185FF9961FF0AA2E431817948C28E83D3F3EC70	QuickCPU.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\0185FF9961FF0AA2E431817948C28E83D3F3EC70\Blob = 0300000001000000140000000185ff9961ff0aa2e431817948c28e83d3f3ec70140000000100000014000000813292412b28cd46c8c4a2c62a3912ec48a93f14040000000100000010000000d386d4056a495dd632c4c9c8be8574060f0000000100000030000000f55821c081b58e86eaa202923e715e1524c422c7be0469b13a9e7a319e50d70cb5b67e864273029a79250f9dc3203cbd19000000010000001000000079d9deaeb2dbf0e37e8750aa80b4cdfa5c0000000100000004000000000c00001800000001000000100000000e8c3d8a006eb5c23a7725464ad10a8c2000000001000000200600003082061c30820404a003020102021033d708a891405319e2a5bbd339b9ad6e300d06092a864886f70d01010c05003056310b300906035504061302474231183016060355040a130f5365637469676f204c696d69746564312d302b060355040313245365637469676f205075626c696320436f6465205369676e696e6720526f6f7420523436301e170d3231303332323030303030305a170d3336303332313233353935395a3057310b300906035504061302474231183016060355040a130f5365637469676f204c696d69746564312e302c060355040313255365637469676f205075626c696320436f6465205369676e696e6720434120455620523336308201a2300d06092a864886f70d01010105000382018f003082018a0282018100bbd1fe1eb7425b78f590a7ae2c83f18d21d33086857bdfd3cdd9164bac85c5bb01cfe28c28117204762c81c5ab127a404ac510e88114391b5f4f07f63030307f3525e5c0733d400994e8a8f8eb390b55d5b60c8b1e27f8de3e22c1bfef65ee73ee65dd28ddbb1f7d9b327fb7995517aab249a83c106a3ac321b299a843d73b82a81961b53e6a5a5db8bc9e13d00a9ef55b8f693868eaa51f5bca23ee0bedbcd01e43436eb0538cc2732a44316ebe8fb8c602f6bb820415790c5220e898277161ef2fe4f802fb3359b5f4c355e7dff60822aeb6d10959ec019f7389b7434fd5f2d9bd565909ddb717f6c47480ba8746ac06dbdb040dd54ebaee8c093419951be670130425df8fb8d784338c6ca60ceb68ba954f7c44e8d4698d2579c321f13577f84fb6125595d056e81802d5ee79c886a169f11b4e94136a0762f0d06b99a597509e1c33a11eee618b05681c8ef5ee269083d6fe7185a79af20d143e36b512ad77757acce746366a9053cbc69471de073a21f9d63267e09c6e5486a064a083cb0203010001a38201633082015f301f0603551d2304183016801432eb929aff3596482f284042702036915c1785e6301d0603551d0e04160414813292412b28cd46c8c4a2c62a3912ec48a93f14300e0603551d0f0101ff04040302018630120603551d130101ff040830060101ff02010030130603551d25040c300a06082b06010505070303301a0603551d200413301130060604551d20003007060567810c0103304b0603551d1f044430423040a03ea03c863a687474703a2f2f63726c2e7365637469676f2e636f6d2f5365637469676f5075626c6963436f64655369676e696e67526f6f745234362e63726c307b06082b06010505070101046f306d304606082b06010505073002863a687474703a2f2f6372742e7365637469676f2e636f6d2f5365637469676f5075626c6963436f64655369676e696e67526f6f745234362e703763302306082b060105050730018617687474703a2f2f6f6373702e7365637469676f2e636f6d300d06092a864886f70d01010c050003820201005f36acfbf9f6725a14b7f00b1dded8fd9701d2fd01ee992d86e8f6b7f039ffd6814a5aa7424a0a2d159de694fdc5694ab2d74bf116124cf6be9066658b2d74d4ab08f76a110308777cbe69e1b0db9f248903d6de5ca4e0b2d6b4cfe338d5b96dcc27d6ce6411e8107276d3f9e0e92c89e949d3b39796060ae1f60ac8419a915d81d8367798ca804197a8f8913f639faacd54544b80eaf51766d39471fd9efd4731e3e91a861dd3be20d23fb1525fb293bd8c950998728f9501f49843a54afb1426aa9d36bf72b0fcdcbd840deced34a85e952b3816630575d9f6312e156be294b22ad27435b5989aa3fef82b2fb6174b276c5ae6b9765eda86ddab64d66aea8318881b3182f588b39425c0212f086902e34cbb4c2a1130eb817906e141952ad420f60b93e47c760c9d1d266b5f8401f62a99cdafdec7f0e418a24e9b2f2a0c66a6927526bed94035136faea6371a7ae8ad1c5163072a56066ced7e18f6e3ec6473a66d08368baf0f99ae756b172bc24d6ac351464156e98fc28dff13719bdaed9ed39fabe545a612c5145a524197a3060008c5e61cea27823c3bdbe646c4ef2d003513cd367d9de5aa270805cccec0360e4b194fd0639a6dbfc529533122db75507786d0f2f86aee6b061b3e85232b97c87e7a99410cdd587f0ea8c3123d3a359be09d2c8c17815444a87a1d989d967f5958a65465ff51420bf847ebcff8e5bf	QuickCPU.exe

Suspicious behavior: EnumeratesProcesses 34 IoCs

pid	Process
3484	msiexec.exe
3484	msiexec.exe
4864	QuickCPU.exe
4864	QuickCPU.exe
4864	QuickCPU.exe
4864	QuickCPU.exe
4864	QuickCPU.exe
4864	QuickCPU.exe
4864	QuickCPU.exe
4864	QuickCPU.exe
4864	QuickCPU.exe
4864	QuickCPU.exe
4864	QuickCPU.exe
4864	QuickCPU.exe
4864	QuickCPU.exe
4864	QuickCPU.exe
4864	QuickCPU.exe
4864	QuickCPU.exe
4864	QuickCPU.exe
4864	QuickCPU.exe
4864	QuickCPU.exe
4864	QuickCPU.exe
4864	QuickCPU.exe
4864	QuickCPU.exe
4864	QuickCPU.exe
4864	QuickCPU.exe
4864	QuickCPU.exe
4864	QuickCPU.exe
4864	QuickCPU.exe
4864	QuickCPU.exe
4864	QuickCPU.exe
4864	QuickCPU.exe
4864	QuickCPU.exe
4864	QuickCPU.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4864	QuickCPU.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
660	Process not Found
660	Process not Found

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1660	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1660	msiexec.exe
Token: SeSecurityPrivilege	3484	msiexec.exe
Token: SeCreateTokenPrivilege	1660	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1660	msiexec.exe
Token: SeLockMemoryPrivilege	1660	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1660	msiexec.exe
Token: SeMachineAccountPrivilege	1660	msiexec.exe
Token: SeTcbPrivilege	1660	msiexec.exe
Token: SeSecurityPrivilege	1660	msiexec.exe
Token: SeTakeOwnershipPrivilege	1660	msiexec.exe
Token: SeLoadDriverPrivilege	1660	msiexec.exe
Token: SeSystemProfilePrivilege	1660	msiexec.exe
Token: SeSystemtimePrivilege	1660	msiexec.exe
Token: SeProfSingleProcessPrivilege	1660	msiexec.exe
Token: SeIncBasePriorityPrivilege	1660	msiexec.exe
Token: SeCreatePagefilePrivilege	1660	msiexec.exe
Token: SeCreatePermanentPrivilege	1660	msiexec.exe
Token: SeBackupPrivilege	1660	msiexec.exe
Token: SeRestorePrivilege	1660	msiexec.exe
Token: SeShutdownPrivilege	1660	msiexec.exe
Token: SeDebugPrivilege	1660	msiexec.exe
Token: SeAuditPrivilege	1660	msiexec.exe
Token: SeSystemEnvironmentPrivilege	1660	msiexec.exe
Token: SeChangeNotifyPrivilege	1660	msiexec.exe
Token: SeRemoteShutdownPrivilege	1660	msiexec.exe
Token: SeUndockPrivilege	1660	msiexec.exe
Token: SeSyncAgentPrivilege	1660	msiexec.exe
Token: SeEnableDelegationPrivilege	1660	msiexec.exe
Token: SeManageVolumePrivilege	1660	msiexec.exe
Token: SeImpersonatePrivilege	1660	msiexec.exe
Token: SeCreateGlobalPrivilege	1660	msiexec.exe
Token: SeCreateTokenPrivilege	1660	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1660	msiexec.exe
Token: SeLockMemoryPrivilege	1660	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1660	msiexec.exe
Token: SeMachineAccountPrivilege	1660	msiexec.exe
Token: SeTcbPrivilege	1660	msiexec.exe
Token: SeSecurityPrivilege	1660	msiexec.exe
Token: SeTakeOwnershipPrivilege	1660	msiexec.exe
Token: SeLoadDriverPrivilege	1660	msiexec.exe
Token: SeSystemProfilePrivilege	1660	msiexec.exe
Token: SeSystemtimePrivilege	1660	msiexec.exe
Token: SeProfSingleProcessPrivilege	1660	msiexec.exe
Token: SeIncBasePriorityPrivilege	1660	msiexec.exe
Token: SeCreatePagefilePrivilege	1660	msiexec.exe
Token: SeCreatePermanentPrivilege	1660	msiexec.exe
Token: SeBackupPrivilege	1660	msiexec.exe
Token: SeRestorePrivilege	1660	msiexec.exe
Token: SeShutdownPrivilege	1660	msiexec.exe
Token: SeDebugPrivilege	1660	msiexec.exe
Token: SeAuditPrivilege	1660	msiexec.exe
Token: SeSystemEnvironmentPrivilege	1660	msiexec.exe
Token: SeChangeNotifyPrivilege	1660	msiexec.exe
Token: SeRemoteShutdownPrivilege	1660	msiexec.exe
Token: SeUndockPrivilege	1660	msiexec.exe
Token: SeSyncAgentPrivilege	1660	msiexec.exe
Token: SeEnableDelegationPrivilege	1660	msiexec.exe
Token: SeManageVolumePrivilege	1660	msiexec.exe
Token: SeImpersonatePrivilege	1660	msiexec.exe
Token: SeCreateGlobalPrivilege	1660	msiexec.exe
Token: SeCreateTokenPrivilege	1660	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1660	msiexec.exe
Token: SeLockMemoryPrivilege	1660	msiexec.exe

Suspicious use of FindShellTrayWindow 6 IoCs

pid	Process
1660	msiexec.exe
1660	msiexec.exe
1660	msiexec.exe
4864	QuickCPU.exe
4864	QuickCPU.exe
4864	QuickCPU.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
4864	QuickCPU.exe
4864	QuickCPU.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4864	QuickCPU.exe
4864	QuickCPU.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 3484 wrote to memory of 4056	3484	msiexec.exe	99
PID 3484 wrote to memory of 4056	3484	msiexec.exe	99
PID 3484 wrote to memory of 4056	3484	msiexec.exe	99
PID 3484 wrote to memory of 5028	3484	msiexec.exe	110
PID 3484 wrote to memory of 5028	3484	msiexec.exe	110
PID 3484 wrote to memory of 4380	3484	msiexec.exe	112
PID 3484 wrote to memory of 4380	3484	msiexec.exe	112
PID 3484 wrote to memory of 4380	3484	msiexec.exe	112
PID 4056 wrote to memory of 4864	4056	MsiExec.exe	117
PID 4056 wrote to memory of 4864	4056	MsiExec.exe	117

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\QuickCpuSetup-4.7.0.0-x64.msi
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1660

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3484
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 9B778494ABFE6FCF03B3CFC460B1A3E4 C
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:4056
- - C:\Program Files\QuickCPU\QuickCPU.exe
    "C:\Program Files\QuickCPU\QuickCPU.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - Modifies system certificate store
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:4864
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:5028
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding A505943DD4A0882012C6C00A12D33AFB
  2⤵
  - Loads dropped DLL
  PID:4380

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
PID:1708

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:1848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e58392d.rbs

Filesize
15KB

MD5
2f4f8617b097c762be96da11bc451f8e

SHA1
d4edb9b33814759e893053ad50608c959f014090

SHA256
1845c3150d4823b672d3b688080c9728327951279fcc1c6cb83d8283bb7efb54

SHA512
0234fd7e8d1b8376063a3720f7d4a285a29228da999b03da71553183f3b5dfa83288b747b5816199fba7022360d5a25f7ec43d83f8c419a64534533c162f1480

Download Submit
C:\Program Files\QuickCPU\DevExpress.Charts.v22.2.Core.dll

Filesize
1023KB

MD5
94894e57176d075d4f4f71b00f088c85

SHA1
da366a818635d1d3d9c50fe71f053f0c1b65438e

SHA256
dd7635447676fe7d3bd3eed4863c84124dab2e7859f10d192bfc704379f1c39a

SHA512
fd58c83b6698ad27d97fd15b2324fc93e32c1a2bba4851075eab253e82486a30314b161756185c95da28a0a62d6482f0bd08786d08e3ee87876b06338560bb02

Download Submit
C:\Program Files\QuickCPU\DevExpress.Data.Desktop.v22.2.dll

Filesize
909KB

MD5
6587b2ddb33708b9dbfcbcf4467fa533

SHA1
42f843b394450613c14a3deecf740678a1510421

SHA256
ec37a3ce4a26d5f8c78b26b55131afbc5a7c59e332cfcbdda1532c33c7627858

SHA512
d5cb3f4b9c690d0155e7b461e599e25507aaf9aade70946eeb53ef1af04e9f32f33872f64425b6563d5f946aaad0b8c67a4376bfa61a1abfdf540fd95c7824f4

Download Submit
C:\Program Files\QuickCPU\DevExpress.Data.v22.2.dll

Filesize
5.1MB

MD5
e857f98567df7651b8f8206f497ed1a7

SHA1
ebe693805d06b615f8814f80763629d41fc74a00

SHA256
129098754ae9605a1d13090084564df6696fd583a96e9c97fe2870265d009c60

SHA512
517cbdade2088ee2d1bfb7aca951a968899b26533efed1b2f6c27b5e7f35ec2aa7880219ee8158b608e73844f292fc04e3dbdaf664275483d4085896a8eca84e

Download Submit
C:\Program Files\QuickCPU\DevExpress.Drawing.v22.2.dll

Filesize
589KB

MD5
f9c4d7362a89bfe60338137886d95899

SHA1
c6baf6051488a5e3b12e3d0bda9029bd38a1e709

SHA256
a6fcf0d10aa2048c601e3d8b5e8f6a5a1e619144f6a4ca0a7ac05921d55df7fa

SHA512
17de3bc292dbb0a2f93cb410e31a61aa205e844d6d15a7ce819b3ac08bc3b85477ad380c5ac1eeded54ffa91df27a523af2b4c389f5d7a15d2898b4cf61ef681

Download Submit
C:\Program Files\QuickCPU\DevExpress.Printing.v22.2.Core.dll

Filesize
4.5MB

MD5
72c0afe03bbe17b1583eb204ca3dd8f5

SHA1
d394dac3f031e8cffabf512a694f9f933c92ce61

SHA256
d1af8765bf051d27785c2faa9d5f0f8002089efff841e0978cfc42c4448cbb0d

SHA512
cbd619367ce9f1b671bb32d31592504814cb0f6fa31d62fc76c4000c594c2af6c6f438d0688dadcfffe392a0ce47e6a7003439895fa6640348836c6b1b0217ff

Download Submit
C:\Program Files\QuickCPU\DevExpress.Utils.v22.2.dll

Filesize
19.5MB

MD5
1fd0ca8c9440c4d2c45d830e4ec53667

SHA1
1988a44918a4d769a73d82ca794677e24c45707c

SHA256
6af81b656b61360c0512dbfa3be47c3a934d710146ab2d5d163da7b700d1a48e

SHA512
71415f6502f8425a00e742ee6ddac5f8f83bad377df02befb6e92b0f7b6f1fe6ef93e24d0b18059557bfcf2cb169f3161c869b53f61e94474f08a8a59dba6efd

Download Submit
C:\Program Files\QuickCPU\DevExpress.XtraBars.v22.2.dll

Filesize
6.6MB

MD5
3a1aa2075dc62146e03dc17f4373460f

SHA1
4367bf728a3f37bfa1785addc6c53c8d00f27b5d

SHA256
6824aee405a6fb8c7e097b4f8811011c6e1d7d1de1599f7b07f010bee8a21d9a

SHA512
12891fd59017c69044def4da90148af75fb421b26e494c02d5d985e10dceaaa79de07cc63166f823d64010cb176810617a324094de0ff4f50cd07e5558e43076

Download Submit
C:\Program Files\QuickCPU\DevExpress.XtraCharts.v22.2.UI.dll

Filesize
536KB

MD5
6e338b9dff9a05bb19b76486c0d039ed

SHA1
ff132529a2a9af40f46d9494a39962c15011dedd

SHA256
4edaa7c3d1e101c3a7f439e697960e47f8ce3d6b7eec765c487fe76410abbf85

SHA512
e73094bb0a39f6ddde63d403c8abe97f627966c9aa02aedd3cea5137f1ac88a5b4ba08106cdba73384b1ec7ea2ea0a0f5dd107b1c09ad0504c8c5c5deb400c33

Download Submit
C:\Program Files\QuickCPU\DevExpress.XtraCharts.v22.2.Wizard.dll

Filesize
8.3MB

MD5
5121ed1f08338c6dcf7f055862d025b9

SHA1
3b28dae7596420ab264a1b75a939666dcc286f5c

SHA256
89367964ba3452e3be7f56350ab104dbf06c420e61d5690b4eddd4801c47395b

SHA512
01b90275c36d0fe4141fd9def036d9c20046e2cf4e9e220aea91cbb9841c129a579ef3804bf06c14afd61d5e93d7bedff1d0f8cf945eeb5cc83c21ec5e0e75f8

Download Submit
C:\Program Files\QuickCPU\DevExpress.XtraCharts.v22.2.dll

Filesize
5.0MB

MD5
53096a64cf37e271db54e72468e98c05

SHA1
a263ee428baaafdcd59794ce702e74fab52d3316

SHA256
c9112d4055364e38aa0caad8d897857066b5f6c1afef3475331e1dbcb6674e98

SHA512
7c40435638861ed7b85106cd9b168b60fac34270980d5f3700e11450f1448df89bffde534b7a8446e5d9452b751b352628e3e1cc669c6db3fbfd14ec8f0cc4fc

Download Submit
C:\Program Files\QuickCPU\DevExpress.XtraEditors.v22.2.dll

Filesize
7.8MB

MD5
0159e839405da62eff5b61bac0be2056

SHA1
ec06629b3b7651b2261ca2679c72f407784f9aeb

SHA256
0b7cb24bbf03bebd999d77c4b036ff1cc195d029657321506b97180b2165f068

SHA512
29ceb451c32a72f9960873836a110609ea125a05ed094d60748881708c9358ea92271362159e019003c0cf56eba7609fb66933f3ae9389dddc58a651dbcc7b69

Download Submit
C:\Program Files\QuickCPU\DevExpress.XtraGauges.v22.2.Core.dll

Filesize
1.9MB

MD5
6ec41ae3c428822ef3b858a7cf0d2b6b

SHA1
c1798ef4e766ac9e88ee5ce4e6d39c216f22edbf

SHA256
bba364bd16e0c418525328ee6302637f5b93d85e4b6aa50e70023e199f2eec53

SHA512
2c99f09759ee6ec8f6051e1b729721da5aa07a487f7ae23eb69a1ecdc3562ae3c9ae12a5ccb8d4c5f6a7c98508a11a30ebfc55c7d4f370d9e4364d741e718f2f

Download Submit
C:\Program Files\QuickCPU\DevExpress.XtraGauges.v22.2.Win.dll

Filesize
260KB

MD5
5305b7b96342b4fd127524e45ca1b1d7

SHA1
b7f85f0d76d5973488c6a44990366236c0072ca9

SHA256
d62a9352ff45a79054e023a82f93283feccbf615f03a84064063b0f72fb245ae

SHA512
ed1d0da563d6b5a23f22caf13f83f7599777d665b79f4cbc999e63ac15c2943cbeaec7460a12e35210b1f8878fe85a975dd272df957fb39f2a9b412f04d7adca

Download Submit
C:\Program Files\QuickCPU\DevExpress.XtraGrid.v22.2.dll

Filesize
3.6MB

MD5
95c0383037ee03c31f830f1f53d5de5b

SHA1
3a84beff43ddff93a47eaba33c54faaca3411971

SHA256
ab07505bd0ea571ef73bd5f196fb1d002687d3a674506cba16420dc882ed3653

SHA512
0e4cda474cf9c1a74d040e1efb4b6431c056bae1a36c0bb393bb1b8b3a18891883d43b7d10167fe174576f6dd1901b3ee944c75971c09a0db316c770cdf45668

Download Submit
C:\Program Files\QuickCPU\DevExpress.XtraLayout.v22.2.dll

Filesize
2.1MB

MD5
211ee591b608a64eb146e87bde708e26

SHA1
8663495c77fc18e0422cb5743fe08f9484151ab5

SHA256
d5e037f8a04d44b7a06b74a0a059f9d916e644d315eac8e7dddb85e31b864827

SHA512
f15ec74fc404c76512367b7fb4445b3c0d1e5c4eea3a9a708b0ef1d0c683c11d66fc03b57d504b1ab96b076a7f813ffabf6c6bc88eeba20a55b40cb687d2d32c

Download Submit
C:\Program Files\QuickCPU\Hwmgmtlib.dll

Filesize
921KB

MD5
a5c54f8218332b3e54dd85d9bd2e215b

SHA1
b45756dfff7db73f17b6b8602c7e3aae7681d150

SHA256
97e8224e2127c2b9f68a59962c6caa4806eb535231c9b015415ebdee7c916c76

SHA512
1b5977483226185c58eb057fb50e330b4c80b14c36976615e3ce5eecc5cdb8e4f9b33b41a501a0b884c75506858ac5764d6afd39a827918c326fa9af702b8af0

Download Submit
C:\Program Files\QuickCPU\Hwmgmtlib.dll

Filesize
921KB

MD5
a5c54f8218332b3e54dd85d9bd2e215b

SHA1
b45756dfff7db73f17b6b8602c7e3aae7681d150

SHA256
97e8224e2127c2b9f68a59962c6caa4806eb535231c9b015415ebdee7c916c76

SHA512
1b5977483226185c58eb057fb50e330b4c80b14c36976615e3ce5eecc5cdb8e4f9b33b41a501a0b884c75506858ac5764d6afd39a827918c326fa9af702b8af0

Download Submit
C:\Program Files\QuickCPU\Hwmgmtlib.dll

Filesize
921KB

MD5
a5c54f8218332b3e54dd85d9bd2e215b

SHA1
b45756dfff7db73f17b6b8602c7e3aae7681d150

SHA256
97e8224e2127c2b9f68a59962c6caa4806eb535231c9b015415ebdee7c916c76

SHA512
1b5977483226185c58eb057fb50e330b4c80b14c36976615e3ce5eecc5cdb8e4f9b33b41a501a0b884c75506858ac5764d6afd39a827918c326fa9af702b8af0

Download Submit
C:\Program Files\QuickCPU\Inframgmtlib.dll

Filesize
127KB

MD5
cc6a203b91b8c15f67bc25ae30dd46d2

SHA1
c7443b8fd426ce520ca3b9cd3bf000afcdd1361d

SHA256
f48bdf33787a14757649f229949ed35928115bf5f6b7d61a849fa19104abada2

SHA512
c8fad6f3790b618b428b926375bd6b7f4554a7ffcc27c3088d2840e46c5c68c34c9fbdec3751d0140d0131c7fd18385b316ec3f1ed503c1da9d557f5ceadce6f

Download Submit
C:\Program Files\QuickCPU\Inframgmtlib.dll

Filesize
127KB

MD5
cc6a203b91b8c15f67bc25ae30dd46d2

SHA1
c7443b8fd426ce520ca3b9cd3bf000afcdd1361d

SHA256
f48bdf33787a14757649f229949ed35928115bf5f6b7d61a849fa19104abada2

SHA512
c8fad6f3790b618b428b926375bd6b7f4554a7ffcc27c3088d2840e46c5c68c34c9fbdec3751d0140d0131c7fd18385b316ec3f1ed503c1da9d557f5ceadce6f

Download Submit
C:\Program Files\QuickCPU\Inframgmtlib.dll

Filesize
127KB

MD5
cc6a203b91b8c15f67bc25ae30dd46d2

SHA1
c7443b8fd426ce520ca3b9cd3bf000afcdd1361d

SHA256
f48bdf33787a14757649f229949ed35928115bf5f6b7d61a849fa19104abada2

SHA512
c8fad6f3790b618b428b926375bd6b7f4554a7ffcc27c3088d2840e46c5c68c34c9fbdec3751d0140d0131c7fd18385b316ec3f1ed503c1da9d557f5ceadce6f

Download Submit
C:\Program Files\QuickCPU\QcCustomSkins.dll

Filesize
321KB

MD5
91ea8028178673c69512ef810e4e32fd

SHA1
2a81247805ea3201b130195fa565b44b00903ea6

SHA256
49188d2dacdb13dbb441724174501b02403d5a52bdce5a9035a1693d335a29b2

SHA512
d81291315d5804299969b26cdb282f4c5e72d0d7f74ccdf243de6b34465aac2a99e73a77cc625836e87c54e4a5a9f82234a5365843e18f31871b821053d63458

Download Submit
C:\Program Files\QuickCPU\QuickCPU.exe

Filesize
4.1MB

MD5
10a76f24a7b535bcc7819372ef0819a8

SHA1
2cef1335d153858254f051aea3845fa6adacfb1b

SHA256
e28fe74d1c5188d80b6ac1244d1c23934316708a9b3114cfc882e855fbe2ee22

SHA512
d8c2fb92ae6a8b2628d5c4d58d5150ed5f3b3d7fa2debd68c54767fc88eea2bb362551e182441c2ff5e000f449283d54f0ff6875186297e30ac8e0c74fab8cc7

Download Submit
C:\Program Files\QuickCPU\QuickCPU.exe

Filesize
4.1MB

MD5
10a76f24a7b535bcc7819372ef0819a8

SHA1
2cef1335d153858254f051aea3845fa6adacfb1b

SHA256
e28fe74d1c5188d80b6ac1244d1c23934316708a9b3114cfc882e855fbe2ee22

SHA512
d8c2fb92ae6a8b2628d5c4d58d5150ed5f3b3d7fa2debd68c54767fc88eea2bb362551e182441c2ff5e000f449283d54f0ff6875186297e30ac8e0c74fab8cc7

Download Submit
C:\Program Files\QuickCPU\QuickCPU.exe

Filesize
4.1MB

MD5
10a76f24a7b535bcc7819372ef0819a8

SHA1
2cef1335d153858254f051aea3845fa6adacfb1b

SHA256
e28fe74d1c5188d80b6ac1244d1c23934316708a9b3114cfc882e855fbe2ee22

SHA512
d8c2fb92ae6a8b2628d5c4d58d5150ed5f3b3d7fa2debd68c54767fc88eea2bb362551e182441c2ff5e000f449283d54f0ff6875186297e30ac8e0c74fab8cc7

Download Submit
C:\Program Files\QuickCPU\QuickCPU.exe.config

Filesize
3KB

MD5
c30f9b5dc05e3c034d484a0c5e146e03

SHA1
038caa6ec01353f95b547f72d4b6cd3b61da01c9

SHA256
69fe412d7627f97ceee418b1e899bf8a9cd02f3e43f7c36636a853bef44660f0

SHA512
4e46db51b524f9727dec35fb769c9ae19ae89440680a00bb117e387d584ea352efc06a50fb139f88500f03df2dd760d629b5b56e278d986191c62e3d4142f5e3

Download Submit
C:\Program Files\QuickCPU\log4net.dll

Filesize
264KB

MD5
5c1c94140a2f815f64117dbb63a4477a

SHA1
9a79e9c6325e20e5c10e654908d6fd923a25229b

SHA256
55b2fe686bc8f739ce845d1689fd08cbca20381c8e0d2417185d1a0018d8a938

SHA512
502e77236418afac1d9a15d9840b3b6872440f8a1601706e7a4b0e98a62d0de70c3acd192d53d5c29994d1e088fab07c7e299ab7f6b3232a858cc8782d283084

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\18E6B4A57A6BC7EC9B861CDF2D6D0D02_EF52C1EC85F21F31CC0157A5C8803013

Filesize
765B

MD5
18da40d2c97d0b9a18e193385f4e2722

SHA1
224a75cad54f0fc63acf3c05c3947a55eb8eb288

SHA256
d379cacd311da7f8436f40622f44a990876d8b743c5e54182784eead574427b9

SHA512
7dc32435c5f81617a0c1c94c196f94f0e354d6c3d938bb92dc669f757e427fc5744adec9fcc5cefbbbaf0c326ecad2f79d4c4af1c68f819a800cfb806a282c7e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3AA0DCD5A74331FBD6F344550EC48B87_FF4ED50F80DE527E06E2EC366501821A

Filesize
637B

MD5
bf00c18046a6cbc761f2363c2476f67e

SHA1
44fa8583b5897aba174a2b03e54d48eda2d9a768

SHA256
215a7cf12d02552de7767ee89374c8f9bcf6aef8fe6bfd267953b0881a27c029

SHA512
05aa25014748df552e4732eba9ec3c7fc3348be441803bf2fa6e128002438cb1943181e737c6b923f3c7a3fc132c425613bbe0a89837137c8b3e8b433a9b7bde

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_93702E680A5530C052C8D2BA33A2225F

Filesize
1KB

MD5
c13e8f9cb1942301934da67834b7e4f8

SHA1
9e452e01d890a67a323dc2e84e9eaec68e5da74a

SHA256
52ba5c0ca0868612d789900908e1ac1d016bfa22e3f361e5fb8a3cddf71205de

SHA512
570cb1886f96ba18166c954de4e2ef316ea174ff0e38d53bd6f0c370ce20c65225b5380465dda6ad4dd9d8f6e7bc1dca8823da69c3952388c4bda8bd097d7ac3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\18E6B4A57A6BC7EC9B861CDF2D6D0D02_EF52C1EC85F21F31CC0157A5C8803013

Filesize
484B

MD5
a0621a5dcc88d22a15db025b128c11d1

SHA1
ee6585bf8b18f1846bacef116f50735f42258d69

SHA256
dad43e5232ef9bdc6383c752b4b1277f801ac43fb46aa2c6e4706f8a73640a96

SHA512
f2b6815fd8aabdb91bde92f6c06b22859285e08cfe89d06d648b93fb225786a040da30d298d4768e91ac94f585d5bc7af7e343c05e0c3797700d78f55d5059b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3AA0DCD5A74331FBD6F344550EC48B87_FF4ED50F80DE527E06E2EC366501821A

Filesize
480B

MD5
25cca6aa342bf4875ba9a03dcc1bd4ec

SHA1
f90203c3bbbccaf5e92dc8ead508bd63f6a83c10

SHA256
2c4dae3ef28f2da0fb34fe15d8845a075d91b58fcd6bfecfe18a967e6a7f5619

SHA512
8e5637bb4aa6f0bc93ce0a676f66034a3e5589a372322107c59be6e2a583c7c40b6cbed9d9f83be2db0966375a80da0683b5bbff9114ac9197196b53e5be1359

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_93702E680A5530C052C8D2BA33A2225F

Filesize
482B

MD5
ebc67a16d630e8ae50df7df8302aff06

SHA1
563c403e1323fa033665f83fbd9a61b76d80847e

SHA256
8eb48fbde84478d2b56c30fac8b9171157edc81af12609ef0616c4ec2d73fdba

SHA512
8a57aeb09af2c138f16698c7e772c5ad44e3e3d5c68cf5fad811f0dc6effafb3b98bb8b84952414a8c158b3d3cd2d9a6653ece5132beb8e90c8bff3a105d63ab

Download Submit
C:\Users\Admin\AppData\Local\Coderbag\QuickCPU.exe_Url_rj3ze0vikakr3k5spjkmzbhx2uyn3tm0\4.7.0.0\acg4doci.newcfg

Filesize
1KB

MD5
cd99aa08a4392be1df573fc4723d7984

SHA1
18844e910be9039f4420b026d0ebe7ebd9f75b66

SHA256
4807a8b1d09459924332fbb509a7da36f8f0de8afbc78db1e1af252867433574

SHA512
f9a8f7d62cf4b8b41f68f60c796a67ceeabe0739a2d906ba9f0bbd197f9bbfb87d5dc757f6ef6301ffe448432d1ae61c7fdc881276be472e76667ab20f86c19c

Download Submit
C:\Users\Admin\AppData\Local\Coderbag\QuickCPU.exe_Url_rj3ze0vikakr3k5spjkmzbhx2uyn3tm0\4.7.0.0\user.config

Filesize
745B

MD5
9bdac1cd92bae005641c4d8159fbd44f

SHA1
eb281198cbcb6a20759a91fa8d5bdc2fbb15cc75

SHA256
a45d12efbe6333ef8e2df9b655fbe0bd1e249f9be68f332ad8ccfd5c354a3980

SHA512
3df89e858cf65a2d8ad7083d17ba9c717f2b50e3723c99dc4dfb99682c0f5467293226ef38ac938f64322fceded61efe07823a92eeaf62f0d0ce958f1553214f

Download Submit
C:\Users\Admin\AppData\Local\Coderbag\QuickCPU.exe_Url_rj3ze0vikakr3k5spjkmzbhx2uyn3tm0\4.7.0.0\user.config

Filesize
901B

MD5
477bd054a39f7882820cde319734e815

SHA1
3d19dcd9dbe7130f887b341b08ffefd32401db92

SHA256
c8395daf71d83a0ee65fbe4a6ef70578c0b2016dcb5dde27372bfb2025307b93

SHA512
b95866b6569897b4a682f1553f9bf0ee935f2eaeea252c3f9a9f887043eca9658ca522644ee8af3ce53035077e9c713ee547e16e35467eb73d60328855d074f0

Download Submit
C:\Users\Admin\AppData\Local\Coderbag\QuickCPU.exe_Url_rj3ze0vikakr3k5spjkmzbhx2uyn3tm0\4.7.0.0\user.config

Filesize
1KB

MD5
33ada175a744b01a342c2d3249e0aacc

SHA1
f7ada763a7c8a7f2b935584d368d435b166fab07

SHA256
dab06fd4e9b870c06c14573d76d315e6dceb18a790f62eee9c1977a1d8d1ec95

SHA512
67f614cd6d85256670a810316cd570c9e151127bd0dbc4d0265514bac029ffd37f5e8686372bfb7599d391ced4d2874dc65135cdf12eb8b14748038b496b7187

Download Submit
C:\Users\Admin\AppData\Local\Coderbag\QuickCPU.exe_Url_rj3ze0vikakr3k5spjkmzbhx2uyn3tm0\4.7.0.0\user.config

Filesize
1KB

MD5
54e49ed67548982d8792d73c5c1feb1b

SHA1
6a8ed8144faddeff5b83342e920fa6f60ba7f47b

SHA256
bbe1bf132a2e57a26f8672c9232a43fe706283db1c601da4fae328ca6da1f3a2

SHA512
a30a77af4ad1123bd3efee6e80a8d24865fa75dca4e8bededa117160c1bc0f13a07c9aa4cb9581ae29ae5ae1f4a3de67f6e17df822949bac124c14565452d725

Download Submit
C:\Users\Admin\AppData\Local\Coderbag\QuickCPU.exe_Url_rj3ze0vikakr3k5spjkmzbhx2uyn3tm0\4.7.0.0\user.config

Filesize
1KB

MD5
b5a11548f97ee1d7577225008135bacd

SHA1
c9fffc09ca4ae003102a55410114a53040cd5164

SHA256
709c83d70bcf527c2711d9f31c4cc96b31b4afc71810dadf8c668115f77adb40

SHA512
0c7ad34262fde65ae799c1526d56fa7de2ddb4910796501f0092c8a89a5eafff546fc01fefabd1de3eebbe3fe16e5948f048d49c395fe97c4d74b5530adfc22c

Download Submit
C:\Users\Admin\AppData\Local\Coderbag\QuickCPU.exe_Url_rj3ze0vikakr3k5spjkmzbhx2uyn3tm0\4.7.0.0\user.config

Filesize
1KB

MD5
eff24131103e05207decf7f082bbc509

SHA1
a719c8e72d8f0b124821f8b40633611521886ef0

SHA256
904e2ca381badaf55904466e805c9d372544422c08d283350cb7c321db54e975

SHA512
8e4762e24f6907ef1d0ec1d7a1a3da2d97adcc372498a2e9b0e941b539cb5faae44be3a8e27b4b74dfb17b76a3b9be064f0ceb3d3a7ed116e05a8fcffbf403ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI54A4.tmp

Filesize
211KB

MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI54A4.tmp

Filesize
211KB

MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIB4D9.tmp

Filesize
113KB

MD5
4fdd16752561cf585fed1506914d73e0

SHA1
f00023b9ae3c8ce5b7bb92f25011eaebe6f9d424

SHA256
aecd2d2fe766f6d439acc2bbf1346930ecc535012cf5ad7b3273d2875237b7e7

SHA512
3695e7eb1e35ec959243a91ab5b4454eb59aeef0f2699aa5de8e03de8fbb89f756a89130526da5c08815408cb700284a17936522ad2cad594c3e6e9d18a3f600

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIB4D9.tmp

Filesize
113KB

MD5
4fdd16752561cf585fed1506914d73e0

SHA1
f00023b9ae3c8ce5b7bb92f25011eaebe6f9d424

SHA256
aecd2d2fe766f6d439acc2bbf1346930ecc535012cf5ad7b3273d2875237b7e7

SHA512
3695e7eb1e35ec959243a91ab5b4454eb59aeef0f2699aa5de8e03de8fbb89f756a89130526da5c08815408cb700284a17936522ad2cad594c3e6e9d18a3f600

Download Submit
C:\Windows\Installer\MSI3B2F.tmp

Filesize
211KB

MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
C:\Windows\Installer\MSI3B2F.tmp

Filesize
211KB

MD5
a3ae5d86ecf38db9427359ea37a5f646

SHA1
eb4cb5ff520717038adadcc5e1ef8f7c24b27a90

SHA256
c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74

SHA512
96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0

Download Submit
C:\Windows\Installer\e58392c.msi

Filesize
33.7MB

MD5
09868211a3d77eb96ec66f1dfea8a4fd

SHA1
d2726ed4ffab409efe11acfbc9a902c5df78ba1f

SHA256
04a7eb25c4e242a14ab6876874265b85c64525ce48384be4ce830174191adc4e

SHA512
447fd56797d93225bae21ced9d8b40fd65c0f037c302b0155b695f907e73a135bbe2248cd5ad4e96760198ef5728df034ecfda8381cb8d1549bc0d71429b4410

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
23.0MB

MD5
5bd1065420b9fb1e887fe41834d796fb

SHA1
a53576044d53670301d18bf85bb0f346f69bb910

SHA256
55bc9070334df9cc90c58e46ae78c2477f77ffa4a59a7fe82078a50e520fbcf5

SHA512
a88a99947c40c588ec339590225c74569d2265b1137d8c330b3dcfe4a355f7c51a0c95cc91b5bbf34e313de0d699750b218713b0fb529f0abb95f0bd2820e6ce

Download Submit
\??\Volume{8df29902-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{13ac8d68-c953-492c-8c3b-6abcb1fcbf94}_OnDiskSnapshotProp

Filesize
5KB

MD5
3c06fe96b7cc1361d92aa4bd4358089f

SHA1
0c870d6c10b7306466aa987c5b8290bfe076ad11

SHA256
f2da30da041caf6611d83c78ffca71a038185343321026ecbd6a554a6c91e0b2

SHA512
5383cc85eb80523aec698ea6bbd8a4bee48e69ff8a9344c2d48044b2a3802c9de3aee8b8ff38a30ccc60c1d550046695d21d2004844819c93497b1b5d50b86ee

Download Submit
memory/4864-115-0x000001C51F070000-0x000001C51F594000-memory.dmp

Filesize
5.1MB

Download
memory/4864-174-0x000001C51EF10000-0x000001C51EF20000-memory.dmp

Filesize
64KB

Download
memory/4864-143-0x000001C5225D0000-0x000001C5227E2000-memory.dmp

Filesize
2.1MB

Download
memory/4864-147-0x000001C523A10000-0x000001C5240B0000-memory.dmp

Filesize
6.6MB

Download
memory/4864-144-0x000001C504AD0000-0x000001C504AD1000-memory.dmp

Filesize
4KB

Download
memory/4864-141-0x000001C504AD0000-0x000001C504AD1000-memory.dmp

Filesize
4KB

Download
memory/4864-139-0x000001C504AD0000-0x000001C504AD1000-memory.dmp

Filesize
4KB

Download
memory/4864-137-0x00007FFFE7F30000-0x00007FFFE89F1000-memory.dmp

Filesize
10.8MB

Download
memory/4864-151-0x000001C5240B0000-0x000001C524536000-memory.dmp

Filesize
4.5MB

Download
memory/4864-140-0x000001C522B90000-0x000001C523364000-memory.dmp

Filesize
7.8MB

Download
memory/4864-153-0x000001C51F020000-0x000001C51F066000-memory.dmp

Filesize
280KB

Download
memory/4864-155-0x000001C5227F0000-0x000001C5229D0000-memory.dmp

Filesize
1.9MB

Download
memory/4864-135-0x000001C504AD0000-0x000001C504AD1000-memory.dmp

Filesize
4KB

Download
memory/4864-136-0x000001C504AD0000-0x000001C504AD1000-memory.dmp

Filesize
4KB

Download
memory/4864-156-0x000001C51EF10000-0x000001C51EF20000-memory.dmp

Filesize
64KB

Download
memory/4864-158-0x000001C524540000-0x000001C524A38000-memory.dmp

Filesize
5.0MB

Download
memory/4864-134-0x000001C504AD0000-0x000001C504AE0000-memory.dmp

Filesize
64KB

Download
memory/4864-160-0x000001C523580000-0x000001C523684000-memory.dmp

Filesize
1.0MB

Download
memory/4864-162-0x000001C523470000-0x000001C5234FA000-memory.dmp

Filesize
552KB

Download
memory/4864-133-0x000001C504AD0000-0x000001C504AE0000-memory.dmp

Filesize
64KB

Download
memory/4864-132-0x000001C51EFD0000-0x000001C51F016000-memory.dmp

Filesize
280KB

Download
memory/4864-165-0x000001C51EF10000-0x000001C51EF20000-memory.dmp

Filesize
64KB

Download
memory/4864-164-0x000001C525290000-0x000001C525ADA000-memory.dmp

Filesize
8.3MB

Download
memory/4864-130-0x000001C51EE90000-0x000001C51EEB2000-memory.dmp

Filesize
136KB

Download
memory/4864-167-0x000001C524DF0000-0x000001C525196000-memory.dmp

Filesize
3.6MB

Download
memory/4864-168-0x000001C51F790000-0x000001C51F7B0000-memory.dmp

Filesize
128KB

Download
memory/4864-169-0x000001C504AD0000-0x000001C504AE0000-memory.dmp

Filesize
64KB

Download
memory/4864-170-0x000001C504AD0000-0x000001C504AE0000-memory.dmp

Filesize
64KB

Download
memory/4864-171-0x000001C504AD0000-0x000001C504AD1000-memory.dmp

Filesize
4KB

Download
memory/4864-172-0x000001C504AD0000-0x000001C504AE0000-memory.dmp

Filesize
64KB

Download
memory/4864-173-0x000001C504AD0000-0x000001C504AE0000-memory.dmp

Filesize
64KB

Download
memory/4864-145-0x000001C504AD0000-0x000001C504AE0000-memory.dmp

Filesize
64KB

Download
memory/4864-175-0x000001C51EF10000-0x000001C51EF20000-memory.dmp

Filesize
64KB

Download
memory/4864-176-0x000001C51EF10000-0x000001C51EF20000-memory.dmp

Filesize
64KB

Download
memory/4864-179-0x000001C51EF10000-0x000001C51EF20000-memory.dmp

Filesize
64KB

Download
memory/4864-183-0x000001C51F7B0000-0x000001C51F7B1000-memory.dmp

Filesize
4KB

Download
memory/4864-182-0x000001C51F7B0000-0x000001C51F7C0000-memory.dmp

Filesize
64KB

Download
memory/4864-184-0x000001C51EF10000-0x000001C51EF20000-memory.dmp

Filesize
64KB

Download
memory/4864-126-0x000001C51EF20000-0x000001C51EFB8000-memory.dmp

Filesize
608KB

Download
memory/4864-124-0x000001C51F5A0000-0x000001C51F688000-memory.dmp

Filesize
928KB

Download
memory/4864-198-0x000001C522B70000-0x000001C522B71000-memory.dmp

Filesize
4KB

Download
memory/4864-199-0x000001C51EF10000-0x000001C51EF20000-memory.dmp

Filesize
64KB

Download
memory/4864-200-0x000001C522B80000-0x000001C522B81000-memory.dmp

Filesize
4KB

Download
memory/4864-201-0x000001C522B80000-0x000001C522B90000-memory.dmp

Filesize
64KB

Download
memory/4864-202-0x000001C522B80000-0x000001C522B81000-memory.dmp

Filesize
4KB

Download
memory/4864-203-0x000001C522B80000-0x000001C522B81000-memory.dmp

Filesize
4KB

Download
memory/4864-204-0x000001C51EF10000-0x000001C51EF20000-memory.dmp

Filesize
64KB

Download
memory/4864-206-0x000001C5289C0000-0x000001C528EE8000-memory.dmp

Filesize
5.2MB

Download
memory/4864-207-0x000001C51EF10000-0x000001C51EF20000-memory.dmp

Filesize
64KB

Download
memory/4864-208-0x000001C524D90000-0x000001C524DA2000-memory.dmp

Filesize
72KB

Download
memory/4864-209-0x000001C5265C0000-0x000001C5265FC000-memory.dmp

Filesize
240KB

Download
memory/4864-220-0x000001C51F7B0000-0x000001C51F7C0000-memory.dmp

Filesize
64KB

Download
memory/4864-221-0x000001C51F7B0000-0x000001C51F7B1000-memory.dmp

Filesize
4KB

Download
memory/4864-122-0x000001C51EF10000-0x000001C51EF20000-memory.dmp

Filesize
64KB

Download
memory/4864-223-0x000001C522B70000-0x000001C522B71000-memory.dmp

Filesize
4KB

Download
memory/4864-224-0x000001C523570000-0x000001C523571000-memory.dmp

Filesize
4KB

Download
memory/4864-225-0x000001C522B80000-0x000001C522B90000-memory.dmp

Filesize
64KB

Download
memory/4864-121-0x000001C51ED30000-0x000001C51EE18000-memory.dmp

Filesize
928KB

Download
memory/4864-112-0x000001C51FEC0000-0x000001C52123C000-memory.dmp

Filesize
19.5MB

Download
memory/4864-113-0x00007FFFE7F30000-0x00007FFFE89F1000-memory.dmp

Filesize
10.8MB

Download
memory/4864-110-0x000001C51EAE0000-0x000001C51EB34000-memory.dmp

Filesize
336KB

Download
memory/4864-108-0x000001C504250000-0x000001C504672000-memory.dmp

Filesize
4.1MB

Download
memory/4864-385-0x000001C504AD0000-0x000001C504AE0000-memory.dmp

Filesize
64KB

Download
memory/4864-386-0x00007FFFE7F30000-0x00007FFFE89F1000-memory.dmp

Filesize
10.8MB

Download