919067f6aca04e29f30f570a157ff2e3cc5d5a5a31822d5eb39ad48737079827

Resubmissions

30/10/2023, 09:09

231030-k4sc3aca7s 7

Analysis

max time kernel
151s
max time network
127s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
30/10/2023, 09:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

swift3d.exe
Size

50.4MB
MD5

5077a48c2f143009932c784e153070e2
SHA1

808d4fa10d7f63f42f87c881d606572989b50438
SHA256

919067f6aca04e29f30f570a157ff2e3cc5d5a5a31822d5eb39ad48737079827
SHA512

02aca890ed7d071a105166bd62ecca136e1dd7965db13a0e55d54a758f91c4373e19d76079f3a1e543e4cf5b20e4d81a9055401b5ef6d0a1abcdb51c5b309257
SSDEEP

1572864:cMgg7/Ep7QmdAQfP4LkGQeWvHF6uhOOJnAdNgGhnrn1:coMpsmlfQLkGQeqHouhOOJAdNgGhj1

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2752	IDriver.exe
2612	Swift3D.exe

Loads dropped DLL 28 IoCs

pid	Process
1164	MsiExec.exe
1164	MsiExec.exe
1164	MsiExec.exe
1164	MsiExec.exe
2752	IDriver.exe
2752	IDriver.exe
2752	IDriver.exe
2752	IDriver.exe
2752	IDriver.exe
2752	IDriver.exe
2752	IDriver.exe
2752	IDriver.exe
2752	IDriver.exe
1164	MsiExec.exe
1600	MsiExec.exe
1600	MsiExec.exe
1600	MsiExec.exe
1600	MsiExec.exe
1600	MsiExec.exe
1600	MsiExec.exe
1600	MsiExec.exe
1600	MsiExec.exe
1164	MsiExec.exe
1164	MsiExec.exe
2228	MSIEXEC.EXE
2228	MSIEXEC.EXE
2612	Swift3D.exe
2612	Swift3D.exe

Blocklisted process makes network request 2 IoCs

flow	pid	Process
3	2468	msiexec.exe
5	2468	msiexec.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\L:	MSIEXEC.EXE
File opened (read-only)	\??\N:	MSIEXEC.EXE
File opened (read-only)	\??\O:	MSIEXEC.EXE
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\X:	MSIEXEC.EXE
File opened (read-only)	\??\Z:	MSIEXEC.EXE
File opened (read-only)	\??\B:	MSIEXEC.EXE
File opened (read-only)	\??\G:	MSIEXEC.EXE
File opened (read-only)	\??\Q:	MSIEXEC.EXE
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\A:	MSIEXEC.EXE
File opened (read-only)	\??\E:	MSIEXEC.EXE
File opened (read-only)	\??\T:	MSIEXEC.EXE
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\U:	MSIEXEC.EXE
File opened (read-only)	\??\V:	MSIEXEC.EXE
File opened (read-only)	\??\H:	MSIEXEC.EXE
File opened (read-only)	\??\J:	MSIEXEC.EXE
File opened (read-only)	\??\S:	MSIEXEC.EXE
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\R:	MSIEXEC.EXE
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\K:	MSIEXEC.EXE
File opened (read-only)	\??\M:	MSIEXEC.EXE
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\I:	MSIEXEC.EXE
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\P:	MSIEXEC.EXE
File opened (read-only)	\??\Y:	MSIEXEC.EXE
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\W:	MSIEXEC.EXE

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Help\Maintenance_Builds.htm	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Help\skin_button_tb_toc.swf	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Help\Working_Trackball_Lights.htm	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\ASClasses\Papervision3D\src\org\papervision3d\materials\shadematerials\PhongMaterial.as	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Help\Editing_an_Instance.htm	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Help\whgdata\whlstf37.htm	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Help\whgdata\whlstt14.htm	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Help\whgdata\whlstt73.htm	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\ASClasses\Papervision3D\docs\org\papervision3d\materials\utils\LightMatrix.html	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Help\And_Separate_Selection.htm	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Help\Rotation_Property_Page.gif	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Materials\Flat\ER - Flat 49.t3m	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Materials\Reflective\ER - Reflective 62.t3m	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\ASClasses\Papervision3D\src\org\papervision3d\core\render\command\RenderFog.as	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Help\Export_to_Papervision3D.htm	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Help\Save_Animation_Dialog.gif	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Help\whgdata\whlstt38.htm	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Materials\Transparent\ER - Transparent 05.t3m	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\ASClasses\Papervision3D\docs\org\papervision3d\core\animation\channel\MatrixChannel3D.html	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\ASClasses\Papervision3D\src\org\papervision3d\core\io\exporters\ExportFileFormat.as	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\ASClasses\Papervision3D\src\org\papervision3d\objects\special\SimpleLevelOfDetail.as	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Help\Gallery_Content_Location.htm	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\ASClasses\Papervision3D\docs\org\papervision3d\core\proto\class-list.html	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\ASClasses\Papervision3D\src\org\papervision3d\core\animation\channel\transform\TransformChannel3D.as	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\ASClasses\Papervision3D\src\org\papervision3d\core\animation\key\BezierCurveKey3D.as	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Help\DropSurfaceOn.gif	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Help\Orthographic_Views.htm	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Help\whgdata\whlstf1.htm	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\ASClasses\Papervision3D\docs\org\ascollada\fx\DaeSurface.html	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\ASClasses\Papervision3D\src\org\ascollada\core\DaeImage.as	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Help\Shape_Tools.htm	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\ASClasses\Papervision3D\docs\org\papervision3d\objects\primitives\package-detail.html	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\ASClasses\Papervision3D\src\org\papervision3d\core\effects\utils\ConvolutionMatrices.as	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\ASClasses\Papervision3D\src\org\papervision3d\typography\Letter3D.as	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Help\General_RAViX.htm	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Materials\Glossy\ER - Glossy 10.t3m	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\ASClasses\Papervision3D\src\org\ascollada\fx\DaeLambert.as	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Help\Marble.gif	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Help\Target_File_Type_EMO.htm	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Lighting\Stationary\ER - Stationary 01 - Default.t3l	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Materials\Transparent\ER - Transparent 15.t3m	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Help\AM_Rotate_Cursor.gif	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Help\Bevels_Property_Page.gif	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Help\Color_Depth.htm	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Help\MOV_Options.gif	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Help\Render_Window_Buttons.gif	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\ASClasses\Papervision3D\docs\org\papervision3d\core\render\data\RenderStatistics.html	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Help\Applying_to_Text_and_Extrusions.htm	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Help\Creating_Morph_Groups.htm	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Help\Environment_Properties.htm	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Help\Light_Position_Page.gif	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Help\wf_pickup.htm	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Materials\Flat\ER - Flat 60.t3m	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\ASClasses\Papervision3D\docs\org\papervision3d\view\layer\package-detail.html	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Help\SWIFT_3D_HELP.glo	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Help\wf_skin.htm	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Help\whgdata\whlstf34.htm	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Materials\Glossy\ER - Glossy 09.t3m	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\ASClasses\Papervision3D\src\org\papervision3d\core\controller\AnimationController.as	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Help\AM_Align_Objects_BEFORE.gif	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Help\Constrain_Axis.htm	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Help\Draw_BackFaces_OFF.gif	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Help\Output_Options-Raster.gif	msiexec.exe
File created	C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Help\whgdata\whlstt96.htm	msiexec.exe

Drops file in Windows directory 23 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSI95A4.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIB799.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI2D49.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\f76c072.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIC93E.tmp	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File created	C:\Windows\Installer\f76c078.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI95B5.tmp	msiexec.exe
File created	C:\Windows\Installer\f76c073.mst	msiexec.exe
File opened for modification	C:\Windows\Installer\f76c073.mst	msiexec.exe
File opened for modification	C:\Windows\Installer\f76c076.ipi	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.ev1	DrvInst.exe
File opened for modification	C:\Windows\Installer\f76c078.msi	msiexec.exe
File created	C:\Windows\Installer\f76c072.msi	msiexec.exe
File created	C:\Windows\Installer\f76c076.ipi	msiexec.exe
File created	C:\Windows\Installer\f76c07b.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIFDFE.tmp	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.ev3	DrvInst.exe
File created	C:\Windows\Installer\f76c079.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9F85.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIFAD1.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\f76c079.ipi	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Control Panel 4 IoCs

evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Control Panel\Desktop\FontSmoothingMetric\Swift3D	Swift3D.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Control Panel\Desktop	Swift3D.exe
Key created	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Control Panel\Desktop\FontSmoothingMetric	Swift3D.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000\Control Panel\Desktop\FontSmoothingMetric\Swift3D\PrimaryMetric = "2596310184"	Swift3D.exe

Modifies data under HKEY_USERS 52 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E\52C64B7E\@%SystemRoot%\system32\p2pcollab.dll,-8042 = "Peer to Peer Trust"	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E\52C64B7E\@%SystemRoot%\system32\dnsapi.dll,-103 = "Domain Name System (DNS) Server Trust"	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E\52C64B7E\@%SystemRoot%\system32\qagentrt.dll,-10 = "System Health Authentication"	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E\52C64B7E\@%SystemRoot%\System32\fveui.dll,-844 = "BitLocker Data Recovery Agent"	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2e\52C64B7E	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E	msiexec.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E\52C64B7E\@%SystemRoot%\System32\fveui.dll,-843 = "BitLocker Drive Encryption"	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F31ADE0D-9319-4067-829A-107D25C1C131}\ = "ISetupLogDB2"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{ABC466D7-B7AD-4872-8C72-ED582EF279CE}\TypeLib\ = "{01F6AFCB-2AFF-4A6F-8681-E51C4AC277B7}"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{99438BE3-EA31-4C13-85FD-FEB81A61AB34}	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{2BF7C25E-DA1D-4E34-8242-5DCDD9F18245}\TypeLib	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B8E161B8-9B5A-4DD2-9B93-1F558A7FAD69}\TypeLib\Version = "1.0"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{15CF3576-8A86-4D1F-9A64-912F901F0173}\TypeLib	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{EDF81340-0BD9-40B7-825C-29AEE7A64D4E}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{52305DC4-1B79-41CE-90D0-0B84AF096018}\TypeLib\ = "{01F6AFCB-2AFF-4A6F-8681-E51C4AC277B7}"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Swift3D.Image\shell\print	Swift3D.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{79B85C96-90FF-4595-8C7C-918FFC07F09D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9E8176B8-C130-49DA-AB56-F3378E54ADFD}\TypeLib\ = "{01F6AFCB-2AFF-4A6F-8681-E51C4AC277B7}"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{79B85C96-90FF-4595-8C7C-918FFC07F09D}\ProxyStubClsid32	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{ABC466D7-B7AD-4872-8C72-ED582EF279CE}\TypeLib	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{46E4AEB7-19C5-4A43-AD65-FF6859E43C2B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1F74B51C-963F-420E-90FA-FD96FA7712DC}\TypeLib\ = "{01F6AFCB-2AFF-4A6F-8681-E51C4AC277B7}"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{99438BE3-EA31-4C13-85FD-FEB81A61AB34}\TypeLib	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{9E8176B8-C130-49DA-AB56-F3378E54ADFD}\ProxyStubClsid32	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{90FFDCC6-889E-4394-B60A-36EB3A32CED7}\ = "ISetupScriptEngine"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B8E161B8-9B5A-4DD2-9B93-1F558A7FAD69}\ = "ISetupShell2"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{92CF8A76-F5BE-4284-9F78-EC7E40508E74}\TypeLib\ = "{01F6AFCB-2AFF-4A6F-8681-E51C4AC277B7}"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2085049433-1067986815-1244098655-1000_CLASSES\VirtualStore\MACHINE\SOFTWARE\Electric Rain\Swift 3D\6.00\Registration\	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AEED9AE1-AE66-4065-A274-DC7BBFEE354B}\ = "IInstallDriverVersion"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{85D3BD85-0A91-438D-B2F9-BC4E31A5DB34}\TypeLib\Version = "1.0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Swift3D.Image\shell\open\ddeexec\ = "[open(\"%1\")]"	Swift3D.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{52305DC4-1B79-41CE-90D0-0B84AF096018}\ProxyStubClsid	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E30AE6C-8796-4207-968E-FAEFC5DD1818}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{11997148-EAEB-42A2-B3CC-B7C5A7199107}\TypeLib\ = "{01F6AFCB-2AFF-4A6F-8681-E51C4AC277B7}"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FF9F015D-973A-47E9-8857-EFBD6C08A318}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1DE0B0AC-D65A-4B47-B4E4-37C8E065D9A1}\TypeLib\Version = "1.0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{ABC466D7-B7AD-4872-8C72-ED582EF279CE}\TypeLib\Version = "1.0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{15CF3576-8A86-4D1F-9A64-912F901F0173}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{30350C57-F1F4-4ADC-9ECB-FA66FD8A3BE6}\ProxyStubClsid	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\IDriver2.exe\AppID = "{D71CBC24-F638-4606-9023-E11891FA52D7}"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{566BECBB-A8DF-43EA-8D44-77BCC7B72F21}\TypeLib\Version = "1.0"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{D354A092-4A8E-4077-A738-8314F6BA0DE6}\ProxyStubClsid	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{1DE0B0AC-D65A-4B47-B4E4-37C8E065D9A1}	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{ED3EBE1C-E2BF-460F-870E-F17D6EC454F8}\TypeLib\Version = "1.0"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{566BECBB-A8DF-43EA-8D44-77BCC7B72F21}	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4C514B88-F041-4813-82C0-C6BB0627BC3E}\TypeLib\Version = "1.0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Swift3D.Image\shell\print\ddeexec\ = "[print(\"%1\")]"	Swift3D.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9C0BA3C1-2B67-45EB-BF69-BED9658D28D2}\VersionIndependentProgID\ = "ISInstallDriver.InstallDriver"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1AEFB69D-57BB-4963-AFA8-09FA9614E1CB}\TypeLib\ = "{01F6AFCB-2AFF-4A6F-8681-E51C4AC277B7}"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{EE02E74A-C645-4C6E-BD1C-4099501A9F52}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F26F1EB5-850C-4AF9-BAFD-F388686C21B5}\TypeLib\ = "{01F6AFCB-2AFF-4A6F-8681-E51C4AC277B7}"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{6FCE0140-F00D-4466-80E3-07992FEB65C9}\ProxyStubClsid	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{96EDAA2C-E90A-4ABA-AC0D-9226B8B3AB79}\ = "ISetupSharedFiles2"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0AA8743E-3991-438C-8631-3C8C169399E6}\TypeLib\Version = "1.0"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{293B98DF-5B92-42D2-A409-FA9A0C0E1E68}\ProxyStubClsid32	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{11997148-EAEB-42A2-B3CC-B7C5A7199107}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2F653E7D-0010-4751-BD83-92EA472E641F}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2F653E7D-0010-4751-BD83-92EA472E641F}\TypeLib\ = "{01F6AFCB-2AFF-4A6F-8681-E51C4AC277B7}"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D86AEAFD-A3AD-4F9D-BDA5-D70696A1FEAB}\TypeLib\ = "{01F6AFCB-2AFF-4A6F-8681-E51C4AC277B7}"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{F6EE9F4A-2D30-4A78-8720-90B6ED68763B}\ProxyStubClsid	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9E8176B8-C130-49DA-AB56-F3378E54ADFD}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Swift3D.Image\shell\printto\ddeexec	Swift3D.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{F6EE9F4A-2D30-4A78-8720-90B6ED68763B}\TypeLib	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{738891D7-3A18-4839-A5E7-EFD2E7DE002A}\ = "ISetupUserInterface"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{CD549FD5-6590-4F67-B60E-E7422ADAF1B3}\ProxyStubClsid	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DF2062B2-540A-4B48-A2C7-ABA0B49D44B9}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FC892E93-C765-4E5B-AE0C-BA2476655532}\TypeLib\Version = "1.0"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{2E30AE6C-8796-4207-968E-FAEFC5DD1818}\ProxyStubClsid	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{EAD11E89-6394-4747-A64E-634E4FF7DDDA}\ProxyStubClsid32	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1DE0B0AC-D65A-4B47-B4E4-37C8E065D9A1}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BC859C55-34D2-43CE-A4B7-8AB67768B386}\TypeLib\Version = "1.0"	msiexec.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2468	msiexec.exe
2468	msiexec.exe
2468	msiexec.exe
2468	msiexec.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2612	Swift3D.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2788	swift3d.exe
Token: SeIncreaseQuotaPrivilege	2788	swift3d.exe
Token: SeRestorePrivilege	2468	msiexec.exe
Token: SeTakeOwnershipPrivilege	2468	msiexec.exe
Token: SeSecurityPrivilege	2468	msiexec.exe
Token: SeCreateTokenPrivilege	2788	swift3d.exe
Token: SeAssignPrimaryTokenPrivilege	2788	swift3d.exe
Token: SeLockMemoryPrivilege	2788	swift3d.exe
Token: SeIncreaseQuotaPrivilege	2788	swift3d.exe
Token: SeMachineAccountPrivilege	2788	swift3d.exe
Token: SeTcbPrivilege	2788	swift3d.exe
Token: SeSecurityPrivilege	2788	swift3d.exe
Token: SeTakeOwnershipPrivilege	2788	swift3d.exe
Token: SeLoadDriverPrivilege	2788	swift3d.exe
Token: SeSystemProfilePrivilege	2788	swift3d.exe
Token: SeSystemtimePrivilege	2788	swift3d.exe
Token: SeProfSingleProcessPrivilege	2788	swift3d.exe
Token: SeIncBasePriorityPrivilege	2788	swift3d.exe
Token: SeCreatePagefilePrivilege	2788	swift3d.exe
Token: SeCreatePermanentPrivilege	2788	swift3d.exe
Token: SeBackupPrivilege	2788	swift3d.exe
Token: SeRestorePrivilege	2788	swift3d.exe
Token: SeShutdownPrivilege	2788	swift3d.exe
Token: SeDebugPrivilege	2788	swift3d.exe
Token: SeAuditPrivilege	2788	swift3d.exe
Token: SeSystemEnvironmentPrivilege	2788	swift3d.exe
Token: SeChangeNotifyPrivilege	2788	swift3d.exe
Token: SeRemoteShutdownPrivilege	2788	swift3d.exe
Token: SeUndockPrivilege	2788	swift3d.exe
Token: SeSyncAgentPrivilege	2788	swift3d.exe
Token: SeEnableDelegationPrivilege	2788	swift3d.exe
Token: SeManageVolumePrivilege	2788	swift3d.exe
Token: SeImpersonatePrivilege	2788	swift3d.exe
Token: SeCreateGlobalPrivilege	2788	swift3d.exe
Token: SeRestorePrivilege	2468	msiexec.exe
Token: SeTakeOwnershipPrivilege	2468	msiexec.exe
Token: SeRestorePrivilege	2468	msiexec.exe
Token: SeTakeOwnershipPrivilege	2468	msiexec.exe
Token: SeRestorePrivilege	2468	msiexec.exe
Token: SeTakeOwnershipPrivilege	2468	msiexec.exe
Token: SeRestorePrivilege	2468	msiexec.exe
Token: SeTakeOwnershipPrivilege	2468	msiexec.exe
Token: SeRestorePrivilege	2468	msiexec.exe
Token: SeTakeOwnershipPrivilege	2468	msiexec.exe
Token: SeShutdownPrivilege	2228	MSIEXEC.EXE
Token: SeIncreaseQuotaPrivilege	2228	MSIEXEC.EXE
Token: SeCreateTokenPrivilege	2228	MSIEXEC.EXE
Token: SeAssignPrimaryTokenPrivilege	2228	MSIEXEC.EXE
Token: SeLockMemoryPrivilege	2228	MSIEXEC.EXE
Token: SeIncreaseQuotaPrivilege	2228	MSIEXEC.EXE
Token: SeMachineAccountPrivilege	2228	MSIEXEC.EXE
Token: SeTcbPrivilege	2228	MSIEXEC.EXE
Token: SeSecurityPrivilege	2228	MSIEXEC.EXE
Token: SeTakeOwnershipPrivilege	2228	MSIEXEC.EXE
Token: SeLoadDriverPrivilege	2228	MSIEXEC.EXE
Token: SeSystemProfilePrivilege	2228	MSIEXEC.EXE
Token: SeSystemtimePrivilege	2228	MSIEXEC.EXE
Token: SeProfSingleProcessPrivilege	2228	MSIEXEC.EXE
Token: SeIncBasePriorityPrivilege	2228	MSIEXEC.EXE
Token: SeCreatePagefilePrivilege	2228	MSIEXEC.EXE
Token: SeCreatePermanentPrivilege	2228	MSIEXEC.EXE
Token: SeBackupPrivilege	2228	MSIEXEC.EXE
Token: SeRestorePrivilege	2228	MSIEXEC.EXE
Token: SeShutdownPrivilege	2228	MSIEXEC.EXE

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
2788	swift3d.exe
2788	swift3d.exe
2228	MSIEXEC.EXE
2228	MSIEXEC.EXE

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
2612	Swift3D.exe
2612	Swift3D.exe
2612	Swift3D.exe
2612	Swift3D.exe
2612	Swift3D.exe

Suspicious use of WriteProcessMemory 25 IoCs

description	pid	Process	procid_target
PID 2788 wrote to memory of 2228	2788	swift3d.exe	29
PID 2788 wrote to memory of 2228	2788	swift3d.exe	29
PID 2788 wrote to memory of 2228	2788	swift3d.exe	29
PID 2788 wrote to memory of 2228	2788	swift3d.exe	29
PID 2788 wrote to memory of 2228	2788	swift3d.exe	29
PID 2788 wrote to memory of 2228	2788	swift3d.exe	29
PID 2788 wrote to memory of 2228	2788	swift3d.exe	29
PID 2468 wrote to memory of 1164	2468	msiexec.exe	30
PID 2468 wrote to memory of 1164	2468	msiexec.exe	30
PID 2468 wrote to memory of 1164	2468	msiexec.exe	30
PID 2468 wrote to memory of 1164	2468	msiexec.exe	30
PID 2468 wrote to memory of 1164	2468	msiexec.exe	30
PID 2468 wrote to memory of 1164	2468	msiexec.exe	30
PID 2468 wrote to memory of 1164	2468	msiexec.exe	30
PID 2468 wrote to memory of 1600	2468	msiexec.exe	37
PID 2468 wrote to memory of 1600	2468	msiexec.exe	37
PID 2468 wrote to memory of 1600	2468	msiexec.exe	37
PID 2468 wrote to memory of 1600	2468	msiexec.exe	37
PID 2468 wrote to memory of 1600	2468	msiexec.exe	37
PID 2468 wrote to memory of 1600	2468	msiexec.exe	37
PID 2468 wrote to memory of 1600	2468	msiexec.exe	37
PID 2228 wrote to memory of 2612	2228	MSIEXEC.EXE	39
PID 2228 wrote to memory of 2612	2228	MSIEXEC.EXE	39
PID 2228 wrote to memory of 2612	2228	MSIEXEC.EXE	39
PID 2228 wrote to memory of 2612	2228	MSIEXEC.EXE	39

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\swift3d.exe
"C:\Users\Admin\AppData\Local\Temp\swift3d.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2788
- C:\Windows\SysWOW64\MSIEXEC.EXE
  MSIEXEC.EXE /i "C:\Users\Admin\AppData\Local\Temp\_isA381\Swift 3D v6.00.msi" EVALUATION="1" SETUPEXEDIR="C:\Users\Admin\AppData\Local\Temp"
  2⤵
  - Loads dropped DLL
  - Enumerates connected drives
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2228
- - C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Program\Swift3D.exe
    "C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Program\Swift3D.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies Control Panel
    - Modifies registry class
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:2612

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2468
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 7DFC3456D8F3852EB2C7769117DCC053 C
  2⤵
  - Loads dropped DLL
  PID:1164
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding D3D071CEA251A08F18F1C50351248E46
  2⤵
  - Loads dropped DLL
  PID:1600

C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe
C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe -Embedding
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2752

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:2156

C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000002FC" "00000000000005B4"
1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
PID:2072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\f76c077.rbs

Filesize
51KB

MD5
f0f6f8f2fdbedfcda6c2ae9b90f72647

SHA1
fce48afe93f6c88c49f097a0f44fc0ecd14a5564

SHA256
d9cb4b4fefc1dd7cbcd9bcb62f9d2f741734319cae4d209ed2b1190b9b6eda96

SHA512
ed3ddd7e78a414e339e136bd6855634c9b9666da0b6464adaca7300800f0af8f9d99ceabb8e7eb8bb9cf435513aa9a4eddce47164fe40d991b5308b9ffe6df6a

Download Submit
C:\Config.Msi\f76c07a.rbs

Filesize
326KB

MD5
151fe5a44ac969d7ae96ebdacaa748e3

SHA1
1404e240bbe82be5cf5702a06e955cdf4933ab41

SHA256
165f1e99f461f49169355385a2cc66efc5d5de0a3352b3d1fcfb2457d0c70747

SHA512
183a7604654519ee2e42324eb3cbc6b76b22abe1e8f4148246230a9f19fb553f5a02a33a8ba8ebf8859457a0ce81331c0a58f8e04209cad541369d9c23215207

Download Submit
C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe

Filesize
744KB

MD5
a9d3658c5be72816812a5a32e4560ba3

SHA1
649003292ee74d2407fae441fb92b605a0d91f90

SHA256
b2527d1e2297506796f898e90907fb4c8c7e063f2898194e74152fa9ca21923f

SHA512
b80283aafbe8cd59720979d51a5524a1d53b001e59c6fe9693c754b238101ac6058122130e0be97ce22dc4f7edce9cd84aa4fde869bf728cff8fba1733638c5b

Download Submit
C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe

Filesize
744KB

MD5
a9d3658c5be72816812a5a32e4560ba3

SHA1
649003292ee74d2407fae441fb92b605a0d91f90

SHA256
b2527d1e2297506796f898e90907fb4c8c7e063f2898194e74152fa9ca21923f

SHA512
b80283aafbe8cd59720979d51a5524a1d53b001e59c6fe9693c754b238101ac6058122130e0be97ce22dc4f7edce9cd84aa4fde869bf728cff8fba1733638c5b

Download Submit
C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IScrCnv.dll

Filesize
260KB

MD5
f6aabdf85821a9c61c61dec9408f40cc

SHA1
ddac695de73be7a67357aea89c7b9c2ca21fc4e1

SHA256
9ee23586d456db53d59fbaa8669e817461aeaf94f81237ead3f2c23cac8c40fa

SHA512
73d2e4352c4055c8d08ad5499fc4495ff6fa7613970f9c0a3cf73dae645fc9102e62cf9c7dd046d6bc3c909cbafd06a30812d1d9bcf8f34c4a253c09d628b538

Download Submit
C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\iGdiCnv.dll

Filesize
176KB

MD5
afdfec6679ce99596261ff182afbe9e6

SHA1
3289711e3ce8bb72bd84bb0bc33f95d958648f4c

SHA256
81b931aaf908e1e372802db04dfbe5256209d488bfe88d58841fc13acadedfd6

SHA512
c8ce4617d03084f37b8766f0505922a8f380e0d2745658864197535c43c3b2f985c4a2bac2228752857782181cd41167bfa4b784c7ce3e8a94932d58d099753a

Download Submit
C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\iusercnv.dll

Filesize
168KB

MD5
197c2ce7cf2a98ae895ece98d88b8245

SHA1
f734d8dc508138501e79b384fe1a689920c6ba93

SHA256
260924991dff4fbd2f691913007aee1f3136708671ef3309b4f9ec8687da6f1e

SHA512
a7ff5f0d56a13d340d9ec1b977f9e995bf7dc61f6bf4b8ecd7369793d39032a43e587146e6b9a9084be5a9cc709876bf971983a218c2af631d3950cd3391cd47

Download Submit
C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\objpscnv.dll

Filesize
32KB

MD5
aba70b81a5811e7b140271595d66f06f

SHA1
42ef824151e67cf921d861d83872c9ef13b500e6

SHA256
26d4765c2461fccd669e455d33659397d6f82fe261ece256c3f19b831dcfa0ba

SHA512
8780d68124e309b8ec2dbbbac18be3291fefabfd6ed9154645eddfb4dd8076e2fda97168d7c5ea9b378b54ee900f75bd409736cfc1262e0d167e0ff62078de0a

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\ISRT.DLL

Filesize
400KB

MD5
db28ca3ba3c2045aa7b6e59aa9831c68

SHA1
55b44ea55f3a04b916339c81e1cc3f3db62d54cc

SHA256
ca41725fb64338211a9f9740f45f1b0c4d80e6c7e84a1d2e5580dcecbf87e489

SHA512
82c409611e61acad6b2986372ff72682e611b7ee5a88e74fec9c7864ce50c7494adba4165a44f2cc99b93daee33ad67320aed4fd5f85ef2fbc4779bf69f55efb

Download Submit
C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\_ISRES1033.DLL

Filesize
528KB

MD5
1c1332bf83f505cb60e06c76fe111cdd

SHA1
3c80e9bd5a41ac3f8fa129d61261ea07db29f801

SHA256
9602fafb7de17b14a3474c64944db928ef6c23e20935c0e82e918fa2447cc979

SHA512
bd7cb4113f5b6067c55e7df1f6dac6b4058a0bdc9b0e7d6875f1718bdcc84d315ea8a2d373a45c47c82326a74cbce41a508f493eac59db99f7cd5e4f33ac575f

Download Submit
C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Help\cws_pnbtn4_1.gif

Filesize
174B

MD5
7e9c92f2cf600fc6285c32434c73d0c7

SHA1
28dd979a3222a47dc1166e7f2cc83fd338d9d55e

SHA256
f2d914bf902ab9027b1e5b3d29702995738eac9cb026af1f1a0ecdb6c00d21b9

SHA512
a4cac08f6d3e03fe4ded404bd86f704378c5b1b728a56782dfc407b79edc015d595d3ef4885511dcea882c8aff2b4d3345a6622f3a4a64176bc85cd8bb130d56

Download Submit
C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Help\whgdata\whlstt47.htm

Filesize
10KB

MD5
40b8903f3ef07385ba7cafaaf1b12bfd

SHA1
a04fac90d7130855db87556c7b1eaa00a5a427db

SHA256
94810931d02bea78fc10fb58b81f7bbff6137f5138319e45524ca5c54bd81746

SHA512
ab3924e718d098cdcc263c3d0637a35e6ab507d6df66c3d14d4e167fe89184538bbabb8823693968d147032c2dc34e5406cba27a0f168f0079f51786af3c367d

Download Submit
C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Help\whgdata\whlstt70.htm

Filesize
7KB

MD5
d89b29d6b0fd04b87da8c649c480742b

SHA1
522e9cf31d604d072e9f6cd0a36f54982196dbfb

SHA256
b7859719c2cde67cc2547bea16c678b4c312e6c15035479e73e5deee789e6ba5

SHA512
225cbd52fb1d70b44d5c5464f817af9765ab091da983c1170972c71ac79cee1deb4979a0414e456aa0be53e361e065638be8e6d441c2bf173885baad53d7319e

Download Submit
C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Help\whgdata\whlstt78.htm

Filesize
6KB

MD5
e24459739c6114c90710b3ba4d02512a

SHA1
fe12bd61e6b4228c49be1c13a3f5a1bc75d9b5d5

SHA256
31dd5b03a82b5e7b7fbc924e7e39b8effd573b405987998d716522c0e6239b66

SHA512
6e0cee0968b3eb82d63830e89327e6c5a7cbe4e3938cac1ed0c778a31a881b45f4c01209704ac9ace1b3bc90282b9bc6076d01a75058f5dc837aaf73eeaaa0a4

Download Submit
C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Materials\Bitmap\ER-01-Planet-Sun.t3m

Filesize
3.8MB

MD5
ffcb544c36327274d96d4f3f1e75b1af

SHA1
dad562c20c0eda0514bd186a5a019a3b4a8450b0

SHA256
7e2ca7c125632dd42f3711b502e32d1c6afc08459765998bb7ce1aa5f49fdffb

SHA512
12c66e4afe73f38ab0d714223e241687557c99ba938808419bce8eb7a13be6c2972fe27f6fa9451c5b4f788c0e369c2932e3c5c426b7516921d112cee872c4cd

Download Submit
C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Materials\Bitmap\ER-04-Planet-Earth.t3m

Filesize
2.5MB

MD5
600dad030fae4220f56619a75488d9e7

SHA1
39c496841e867d48853b92faced70c889b9f82d4

SHA256
e091726e4cd381cbd144b38e1fb403eae02d0f731d4b7f84fbea95377c13d501

SHA512
85e35bdd6290cbb26d13609f69ee5a1d0da023117473b06aa6847cb0f3319f57af3d6a53c9084c3db07a9313ca3e3c436ba515ca91154d1d9ead622e8065f996

Download Submit
C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Materials\Bitmap\ER-11-Brick.t3m

Filesize
3.3MB

MD5
12140e2705201c26f14cced669d91683

SHA1
04f7f45ab87b8fc7441e14d6159dbd935b9fbd04

SHA256
624632fdb971b95c63c40deeeb7a6dc2646705750114d7f849714dea03e65d66

SHA512
372c27ae5cd856037d94f88f336f342d42f16f6868002fb15ce76893d421c8329ae63f6c8bbb1b7be4aa92272640a0c7a505c57b60a0ccbc29011a0e1c94c904

Download Submit
C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Materials\Bitmap\ER-12-Brick.t3m

Filesize
2.8MB

MD5
8f052d89440b6646ac0643001f2cd48b

SHA1
a49adfabb13ab7ca0483d7f26fa8027075137cd9

SHA256
43c0b3aaac2697bb572f91b156c837198a40eb7df453555fc896c3ce08cfe210

SHA512
c9953eae1b4b46746065eda00016b42a8a4a9d85dbfda92cad9214f41340830a667e0a4054c96e511c743a449cbc1e451d159efdefe3cd7d9502f35710407be4

Download Submit
C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Materials\Bitmap\ER-16-Concrete.t3m

Filesize
3.3MB

MD5
765221f5d4ec2afa7bb77a35c52fcffa

SHA1
c0f9c2d6c27da1faddaf7aa586e9b6f3a6383733

SHA256
3b03bc7cb85eb8a78964fdb008cd8ae30eb486af0d600e9b3285158437d86637

SHA512
426615eaadfcb49eb3b2cf9d8fcbc3d466c2091f57095d976368892d1b63740a20814e88aeed04a638f9196d6889c0dd98dfa00a537baf3f46fa0dfd1d3dc750

Download Submit
C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Materials\Bitmap\ER-24-Metal.t3m

Filesize
598KB

MD5
0249dbcb411d84e5a9838d7adcf0581d

SHA1
6d778084df6dee606890e8a4f4119adca92a82d2

SHA256
2c67ebe320c0f01905c7905b5d3dd59d0dfcff92d2175e2d465fb8a61646ca21

SHA512
ec98c537fa91529d3842103b5c231dcb94bdd1e391d198624873986a6fcfd9fcb7b10ca49aee607e23f05a7a6ab1ce0ef819ecf229cef81b955599326a455962

Download Submit
C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Program\MaterialScene.t3s

Filesize
39KB

MD5
ecaa557b686d0455571bdfe21f9620ba

SHA1
669b6d80aa39ace083d439aad66cbae5c30c9f51

SHA256
a91c4da77dd5e503f6a68b289eebd61e438e667f18df77a16ffb51637be6c73a

SHA512
413e5358cf27c55db57f8425c5a6878c12daa37aafaae6c5096382b56a423ca091e9e37c098f35e8553dca54a37ff99eed227917e0ea2451d266e99fa1f23a8c

Download Submit
C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Program\Swift3D.exe

Filesize
6.7MB

MD5
6b76510c2020d153baa7a12d0daedd9a

SHA1
bc5330ae8e511f5661ab278befcac9333f74668f

SHA256
fd354bee5429781474c81be636742e6b4d02806d45a2261de28b7aee90cc8557

SHA512
58fc74951f9069cf56f4babf6197364f8e7c6bc37ebf573277783b7718d2470b0231927c3deedb2c01d27444395ca66c0a248c6935d05e21cff3ccae440176b7

Download Submit
C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Program\Swift3D.exe

Filesize
6.7MB

MD5
6b76510c2020d153baa7a12d0daedd9a

SHA1
bc5330ae8e511f5661ab278befcac9333f74668f

SHA256
fd354bee5429781474c81be636742e6b4d02806d45a2261de28b7aee90cc8557

SHA512
58fc74951f9069cf56f4babf6197364f8e7c6bc37ebf573277783b7718d2470b0231927c3deedb2c01d27444395ca66c0a248c6935d05e21cff3ccae440176b7

Download Submit
C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Program\Swift3DInitialization.txt

Filesize
148B

MD5
db30405a996cf11d05cabfe397ea5a4b

SHA1
96a320fede40bf5dc744c4cfba03d1041d420229

SHA256
59e3c4061acb969cb045a2e5e6915da8e2afce4dd2342aeb23b41667d0a9af9c

SHA512
2251e3d2d24a836a9d9dd95233d092302d740b02ce421d671959f1a26859327852c5ea8f1ff4e7ef19234f2edf78c82cd4738383036648f3788837c0e35d8b0a

Download Submit
C:\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Program\Swift3DRes.dll

Filesize
1.9MB

MD5
7d63c1f3f834275ce85ea6e24761c3d3

SHA1
f90634b1c150e384edb90bcf40a5da663ca93bf6

SHA256
6293c667dfbca689bd3b301e729f01d99b2cabed361d54567fc7a3aa11c12c4d

SHA512
664bb8c178742145d82bed7591683c07c83425adf1bef849b1b4ebf63679bdc9d27e19d5186875c60c634260e49d5132b0db9243b4363b8326ab1e7c1f0af54d

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC1AC.tmp

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI2DB8.tmp

Filesize
48KB

MD5
fa13aa9996fe8d85aa680e9f5e4f23e8

SHA1
cbc23243a9a595b6d91431c4c275c1ab2adc6642

SHA256
8f40c1dc28323a3c5310bf21372b9756ca547c20c7cf63197e071a9e1e66b31b

SHA512
9f4bd08583dbaadaec281d05d79c11a1dc1651d2d96cc4ecddd68e74178c3eec843e43bea14c546ba18b371177684dde0c21211e8fdb0369bbeeb5e31fdbe87e

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI49E0.tmp

Filesize
108KB

MD5
74fe9c456578feb1b870b130ea089294

SHA1
54cd5a8e6168c3f7f8a491c4444ca16351e1b16b

SHA256
4555ac99b14dd339dafd9bdf71fd27ff9a2dfb756053aa6cf2ea79b899a26067

SHA512
6b2d6c62bbfe8988672ef543014099b63722573ed5989262a5d88a4069bd4232c6bf469550cbf724e5e14750a550a972a52aa7dcf7c73bf3ef52ac09c06f1306

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE12B.tmp

Filesize
108KB

MD5
74fe9c456578feb1b870b130ea089294

SHA1
54cd5a8e6168c3f7f8a491c4444ca16351e1b16b

SHA256
4555ac99b14dd339dafd9bdf71fd27ff9a2dfb756053aa6cf2ea79b899a26067

SHA512
6b2d6c62bbfe8988672ef543014099b63722573ed5989262a5d88a4069bd4232c6bf469550cbf724e5e14750a550a972a52aa7dcf7c73bf3ef52ac09c06f1306

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE12C.tmp

Filesize
108KB

MD5
74fe9c456578feb1b870b130ea089294

SHA1
54cd5a8e6168c3f7f8a491c4444ca16351e1b16b

SHA256
4555ac99b14dd339dafd9bdf71fd27ff9a2dfb756053aa6cf2ea79b899a26067

SHA512
6b2d6c62bbfe8988672ef543014099b63722573ed5989262a5d88a4069bd4232c6bf469550cbf724e5e14750a550a972a52aa7dcf7c73bf3ef52ac09c06f1306

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIED7C.tmp

Filesize
48KB

MD5
fa13aa9996fe8d85aa680e9f5e4f23e8

SHA1
cbc23243a9a595b6d91431c4c275c1ab2adc6642

SHA256
8f40c1dc28323a3c5310bf21372b9756ca547c20c7cf63197e071a9e1e66b31b

SHA512
9f4bd08583dbaadaec281d05d79c11a1dc1651d2d96cc4ecddd68e74178c3eec843e43bea14c546ba18b371177684dde0c21211e8fdb0369bbeeb5e31fdbe87e

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC2A8.tmp

Filesize
163KB

MD5
9441737383d21192400eca82fda910ec

SHA1
725e0d606a4fc9ba44aa8ffde65bed15e65367e4

SHA256
bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

SHA512
7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_isA381\0x0409.ini

Filesize
5KB

MD5
6c87581375d4e4789761b9833c2a1b4d

SHA1
310395fde36429b08b615831152399db7e4267a2

SHA256
43160e278e4302e378e754149c6394bc51d1969a7941687cfcc6c00b25151282

SHA512
ff499900dd9ae154825bb1b8a65f7c53367a4a75131ce1aa08ffbd0bbaae4d8e3a062455d74b8dce41fc89648bed33fb2ecd95e7ba57098caa7ca652f176dfd2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_isA381\ISScript10.Msi

Filesize
875KB

MD5
f93a766e58d9c06b5cfd7c095fdd4b97

SHA1
d02e24a8c14bc127ff1cbac8ef7c43830142d0e0

SHA256
c00e1e874d0093112e898c615b0f81fa8a0974c25cf01638fe6acb949b1940ed

SHA512
65089a6b7a916716866192781af098b8939ad8ef5881abfafbfebc53fd747c3af5b2451668f4e60ca6c3c15eacf485e009c260e710ab934537c4d98ab67d3bbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\_isA381\Setup.INI

Filesize
1KB

MD5
fdb73fbaf0fabf64eda9e25f42af7c77

SHA1
a5ee97c9bd0b79a95471fe6c5e2d99ad9d2e01e4

SHA256
0df50a8232903641b09a984b36094897634ef2d22b3f94f9ffea244f99d7f781

SHA512
6b73ccb0b74f0d292c28aefc661747e20e9b573d39f30162c7848678ef1dae24afc7a9f1fffc73114382a95b529a59bfa929ecb654b5e9904cee84f09047656d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_isA381\Swift 3D v6.00.msi

Filesize
45.3MB

MD5
67aacd1030de66157d01711d5991181e

SHA1
1a108e6e03530b0b7de858cf919222b8bb9070d3

SHA256
e2ff5ad3fa547914dc12b1a797ee5abaaf9ea9b3eb1bae2768975d0afee0a197

SHA512
5d9c1c0adcfa21ad92b93bf2e75ae599375b2ffd73c64de2f51cb9001cbdf5ec4d0f7b3385f23074d7dabb24a88f9379e29964087f24b2b697e4d3199aaad0ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\_isA381\_ISMSIDEL.INI

Filesize
11B

MD5
3fdd2635aa94921522af8186f3c3d736

SHA1
0fe63553e9f993c0cb2cb36b8cdcfba4f4a2650d

SHA256
17ad78845c9c6a8e97a5bd14be56700a51ee85867c979ed6cf538e1fed82cf7c

SHA512
ebdbeefbdc777937fce516a1cbd9af7c305fc242091d695ad919a27c98fac5b6b16b44130bdf97dbfd10561cce701180b1fbb303d848944c3b33b8a3c058653a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{65EEA363-8D47-4268-BBCE-85CD54ACDC15}\ISRT.dll

Filesize
400KB

MD5
db28ca3ba3c2045aa7b6e59aa9831c68

SHA1
55b44ea55f3a04b916339c81e1cc3f3db62d54cc

SHA256
ca41725fb64338211a9f9740f45f1b0c4d80e6c7e84a1d2e5580dcecbf87e489

SHA512
82c409611e61acad6b2986372ff72682e611b7ee5a88e74fec9c7864ce50c7494adba4165a44f2cc99b93daee33ad67320aed4fd5f85ef2fbc4779bf69f55efb

Download Submit
C:\Users\Admin\AppData\Local\Temp\{65EEA363-8D47-4268-BBCE-85CD54ACDC15}\IsConfig.INI

Filesize
44B

MD5
3434a64357893e81d826b898f2823575

SHA1
73a8e6a739c703f65458f0c2a612c09495da9c03

SHA256
42eb507e9528ccde4ca6d163a5603be8c0baa71299ff10ef13143fe8a2451cf3

SHA512
ccf53fa97555a8daaa950dc0e919b4c5ddd98b07509e03b0f44b65777431970ac7fdbd02aa57823dbd2f149fa8bff97f980f259ab6a7d2a284623d152ba2139a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{65EEA363-8D47-4268-BBCE-85CD54ACDC15}\String1033.txt

Filesize
95KB

MD5
44b39b5405e95277660fd8ba4c577120

SHA1
38ed024d5e6911f35962d1cc93653a91248441f2

SHA256
2847a2006e2b9e670c74cc025916fce764cd33bf6708053ef834b02c282d21d6

SHA512
882898e6d5f63b7663e996be34a7e6686de70056cb76e06be207268fe4832bce999919b0e91a44df201f476f595df90a4da6696742becb7be2f2dd903281fa72

Download Submit
C:\Users\Admin\AppData\Local\Temp\{65EEA363-8D47-4268-BBCE-85CD54ACDC15}\_isres.dll

Filesize
528KB

MD5
1c1332bf83f505cb60e06c76fe111cdd

SHA1
3c80e9bd5a41ac3f8fa129d61261ea07db29f801

SHA256
9602fafb7de17b14a3474c64944db928ef6c23e20935c0e82e918fa2447cc979

SHA512
bd7cb4113f5b6067c55e7df1f6dac6b4058a0bdc9b0e7d6875f1718bdcc84d315ea8a2d373a45c47c82326a74cbce41a508f493eac59db99f7cd5e4f33ac575f

Download Submit
C:\Users\Admin\AppData\Local\Temp\{65EEA363-8D47-4268-BBCE-85CD54ACDC15}\setup.inx

Filesize
278KB

MD5
1b843ec600c0d6afb4edfcca53558de4

SHA1
6343f5c547bc7fbca37daa62b920012d8df75981

SHA256
03d4addd9f924bb06009ec826215364d4f210ec4c0dc0e7719af8cb5aca97fd6

SHA512
19c37813a1ccba5c49f6735e5eada9560b78bdd30da27368594dd5e8977862e8e8d605b46e9dce69d298b9067a8bcd0d646efe0f214261ba7c33e7255b05d2ab

Download Submit
C:\Windows\Installer\MSI2D49.tmp

Filesize
108KB

MD5
74fe9c456578feb1b870b130ea089294

SHA1
54cd5a8e6168c3f7f8a491c4444ca16351e1b16b

SHA256
4555ac99b14dd339dafd9bdf71fd27ff9a2dfb756053aa6cf2ea79b899a26067

SHA512
6b2d6c62bbfe8988672ef543014099b63722573ed5989262a5d88a4069bd4232c6bf469550cbf724e5e14750a550a972a52aa7dcf7c73bf3ef52ac09c06f1306

Download Submit
C:\Windows\Installer\MSI95A4.tmp

Filesize
108KB

MD5
74fe9c456578feb1b870b130ea089294

SHA1
54cd5a8e6168c3f7f8a491c4444ca16351e1b16b

SHA256
4555ac99b14dd339dafd9bdf71fd27ff9a2dfb756053aa6cf2ea79b899a26067

SHA512
6b2d6c62bbfe8988672ef543014099b63722573ed5989262a5d88a4069bd4232c6bf469550cbf724e5e14750a550a972a52aa7dcf7c73bf3ef52ac09c06f1306

Download Submit
C:\Windows\Installer\MSI95A4.tmp

Filesize
108KB

MD5
74fe9c456578feb1b870b130ea089294

SHA1
54cd5a8e6168c3f7f8a491c4444ca16351e1b16b

SHA256
4555ac99b14dd339dafd9bdf71fd27ff9a2dfb756053aa6cf2ea79b899a26067

SHA512
6b2d6c62bbfe8988672ef543014099b63722573ed5989262a5d88a4069bd4232c6bf469550cbf724e5e14750a550a972a52aa7dcf7c73bf3ef52ac09c06f1306

Download Submit
C:\Windows\Installer\MSI95B5.tmp

Filesize
108KB

MD5
74fe9c456578feb1b870b130ea089294

SHA1
54cd5a8e6168c3f7f8a491c4444ca16351e1b16b

SHA256
4555ac99b14dd339dafd9bdf71fd27ff9a2dfb756053aa6cf2ea79b899a26067

SHA512
6b2d6c62bbfe8988672ef543014099b63722573ed5989262a5d88a4069bd4232c6bf469550cbf724e5e14750a550a972a52aa7dcf7c73bf3ef52ac09c06f1306

Download Submit
C:\Windows\Installer\MSIB799.tmp

Filesize
108KB

MD5
74fe9c456578feb1b870b130ea089294

SHA1
54cd5a8e6168c3f7f8a491c4444ca16351e1b16b

SHA256
4555ac99b14dd339dafd9bdf71fd27ff9a2dfb756053aa6cf2ea79b899a26067

SHA512
6b2d6c62bbfe8988672ef543014099b63722573ed5989262a5d88a4069bd4232c6bf469550cbf724e5e14750a550a972a52aa7dcf7c73bf3ef52ac09c06f1306

Download Submit
C:\Windows\Installer\MSIFAD1.tmp

Filesize
108KB

MD5
74fe9c456578feb1b870b130ea089294

SHA1
54cd5a8e6168c3f7f8a491c4444ca16351e1b16b

SHA256
4555ac99b14dd339dafd9bdf71fd27ff9a2dfb756053aa6cf2ea79b899a26067

SHA512
6b2d6c62bbfe8988672ef543014099b63722573ed5989262a5d88a4069bd4232c6bf469550cbf724e5e14750a550a972a52aa7dcf7c73bf3ef52ac09c06f1306

Download Submit
C:\Windows\Installer\MSIFDFE.tmp

Filesize
108KB

MD5
74fe9c456578feb1b870b130ea089294

SHA1
54cd5a8e6168c3f7f8a491c4444ca16351e1b16b

SHA256
4555ac99b14dd339dafd9bdf71fd27ff9a2dfb756053aa6cf2ea79b899a26067

SHA512
6b2d6c62bbfe8988672ef543014099b63722573ed5989262a5d88a4069bd4232c6bf469550cbf724e5e14750a550a972a52aa7dcf7c73bf3ef52ac09c06f1306

Download Submit
C:\Windows\Installer\f76c072.msi

Filesize
875KB

MD5
f93a766e58d9c06b5cfd7c095fdd4b97

SHA1
d02e24a8c14bc127ff1cbac8ef7c43830142d0e0

SHA256
c00e1e874d0093112e898c615b0f81fa8a0974c25cf01638fe6acb949b1940ed

SHA512
65089a6b7a916716866192781af098b8939ad8ef5881abfafbfebc53fd747c3af5b2451668f4e60ca6c3c15eacf485e009c260e710ab934537c4d98ab67d3bbe

Download Submit
C:\Windows\Installer\f76c078.msi

Filesize
45.3MB

MD5
67aacd1030de66157d01711d5991181e

SHA1
1a108e6e03530b0b7de858cf919222b8bb9070d3

SHA256
e2ff5ad3fa547914dc12b1a797ee5abaaf9ea9b3eb1bae2768975d0afee0a197

SHA512
5d9c1c0adcfa21ad92b93bf2e75ae599375b2ffd73c64de2f51cb9001cbdf5ec4d0f7b3385f23074d7dabb24a88f9379e29964087f24b2b697e4d3199aaad0ea

Download Submit
\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe

Filesize
744KB

MD5
a9d3658c5be72816812a5a32e4560ba3

SHA1
649003292ee74d2407fae441fb92b605a0d91f90

SHA256
b2527d1e2297506796f898e90907fb4c8c7e063f2898194e74152fa9ca21923f

SHA512
b80283aafbe8cd59720979d51a5524a1d53b001e59c6fe9693c754b238101ac6058122130e0be97ce22dc4f7edce9cd84aa4fde869bf728cff8fba1733638c5b

Download Submit
\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe

Filesize
744KB

MD5
a9d3658c5be72816812a5a32e4560ba3

SHA1
649003292ee74d2407fae441fb92b605a0d91f90

SHA256
b2527d1e2297506796f898e90907fb4c8c7e063f2898194e74152fa9ca21923f

SHA512
b80283aafbe8cd59720979d51a5524a1d53b001e59c6fe9693c754b238101ac6058122130e0be97ce22dc4f7edce9cd84aa4fde869bf728cff8fba1733638c5b

Download Submit
\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe

Filesize
744KB

MD5
a9d3658c5be72816812a5a32e4560ba3

SHA1
649003292ee74d2407fae441fb92b605a0d91f90

SHA256
b2527d1e2297506796f898e90907fb4c8c7e063f2898194e74152fa9ca21923f

SHA512
b80283aafbe8cd59720979d51a5524a1d53b001e59c6fe9693c754b238101ac6058122130e0be97ce22dc4f7edce9cd84aa4fde869bf728cff8fba1733638c5b

Download Submit
\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe

Filesize
744KB

MD5
a9d3658c5be72816812a5a32e4560ba3

SHA1
649003292ee74d2407fae441fb92b605a0d91f90

SHA256
b2527d1e2297506796f898e90907fb4c8c7e063f2898194e74152fa9ca21923f

SHA512
b80283aafbe8cd59720979d51a5524a1d53b001e59c6fe9693c754b238101ac6058122130e0be97ce22dc4f7edce9cd84aa4fde869bf728cff8fba1733638c5b

Download Submit
\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe

Filesize
744KB

MD5
a9d3658c5be72816812a5a32e4560ba3

SHA1
649003292ee74d2407fae441fb92b605a0d91f90

SHA256
b2527d1e2297506796f898e90907fb4c8c7e063f2898194e74152fa9ca21923f

SHA512
b80283aafbe8cd59720979d51a5524a1d53b001e59c6fe9693c754b238101ac6058122130e0be97ce22dc4f7edce9cd84aa4fde869bf728cff8fba1733638c5b

Download Submit
\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe

Filesize
744KB

MD5
a9d3658c5be72816812a5a32e4560ba3

SHA1
649003292ee74d2407fae441fb92b605a0d91f90

SHA256
b2527d1e2297506796f898e90907fb4c8c7e063f2898194e74152fa9ca21923f

SHA512
b80283aafbe8cd59720979d51a5524a1d53b001e59c6fe9693c754b238101ac6058122130e0be97ce22dc4f7edce9cd84aa4fde869bf728cff8fba1733638c5b

Download Submit
\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe

Filesize
744KB

MD5
a9d3658c5be72816812a5a32e4560ba3

SHA1
649003292ee74d2407fae441fb92b605a0d91f90

SHA256
b2527d1e2297506796f898e90907fb4c8c7e063f2898194e74152fa9ca21923f

SHA512
b80283aafbe8cd59720979d51a5524a1d53b001e59c6fe9693c754b238101ac6058122130e0be97ce22dc4f7edce9cd84aa4fde869bf728cff8fba1733638c5b

Download Submit
\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IScrCnv.dll

Filesize
260KB

MD5
f6aabdf85821a9c61c61dec9408f40cc

SHA1
ddac695de73be7a67357aea89c7b9c2ca21fc4e1

SHA256
9ee23586d456db53d59fbaa8669e817461aeaf94f81237ead3f2c23cac8c40fa

SHA512
73d2e4352c4055c8d08ad5499fc4495ff6fa7613970f9c0a3cf73dae645fc9102e62cf9c7dd046d6bc3c909cbafd06a30812d1d9bcf8f34c4a253c09d628b538

Download Submit
\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IUserCnv.dll

Filesize
168KB

MD5
197c2ce7cf2a98ae895ece98d88b8245

SHA1
f734d8dc508138501e79b384fe1a689920c6ba93

SHA256
260924991dff4fbd2f691913007aee1f3136708671ef3309b4f9ec8687da6f1e

SHA512
a7ff5f0d56a13d340d9ec1b977f9e995bf7dc61f6bf4b8ecd7369793d39032a43e587146e6b9a9084be5a9cc709876bf971983a218c2af631d3950cd3391cd47

Download Submit
\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\iGdiCnv.dll

Filesize
176KB

MD5
afdfec6679ce99596261ff182afbe9e6

SHA1
3289711e3ce8bb72bd84bb0bc33f95d958648f4c

SHA256
81b931aaf908e1e372802db04dfbe5256209d488bfe88d58841fc13acadedfd6

SHA512
c8ce4617d03084f37b8766f0505922a8f380e0d2745658864197535c43c3b2f985c4a2bac2228752857782181cd41167bfa4b784c7ce3e8a94932d58d099753a

Download Submit
\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\objpscnv.dll

Filesize
32KB

MD5
aba70b81a5811e7b140271595d66f06f

SHA1
42ef824151e67cf921d861d83872c9ef13b500e6

SHA256
26d4765c2461fccd669e455d33659397d6f82fe261ece256c3f19b831dcfa0ba

SHA512
8780d68124e309b8ec2dbbbac18be3291fefabfd6ed9154645eddfb4dd8076e2fda97168d7c5ea9b378b54ee900f75bd409736cfc1262e0d167e0ff62078de0a

Download Submit
\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Program\Swift3D.exe

Filesize
6.7MB

MD5
6b76510c2020d153baa7a12d0daedd9a

SHA1
bc5330ae8e511f5661ab278befcac9333f74668f

SHA256
fd354bee5429781474c81be636742e6b4d02806d45a2261de28b7aee90cc8557

SHA512
58fc74951f9069cf56f4babf6197364f8e7c6bc37ebf573277783b7718d2470b0231927c3deedb2c01d27444395ca66c0a248c6935d05e21cff3ccae440176b7

Download Submit
\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Program\Swift3D.exe

Filesize
6.7MB

MD5
6b76510c2020d153baa7a12d0daedd9a

SHA1
bc5330ae8e511f5661ab278befcac9333f74668f

SHA256
fd354bee5429781474c81be636742e6b4d02806d45a2261de28b7aee90cc8557

SHA512
58fc74951f9069cf56f4babf6197364f8e7c6bc37ebf573277783b7718d2470b0231927c3deedb2c01d27444395ca66c0a248c6935d05e21cff3ccae440176b7

Download Submit
\Program Files (x86)\Electric Rain\Swift 3D\Version 6.00\Program\Swift3DRes.dll

Filesize
1.9MB

MD5
7d63c1f3f834275ce85ea6e24761c3d3

SHA1
f90634b1c150e384edb90bcf40a5da663ca93bf6

SHA256
6293c667dfbca689bd3b301e729f01d99b2cabed361d54567fc7a3aa11c12c4d

SHA512
664bb8c178742145d82bed7591683c07c83425adf1bef849b1b4ebf63679bdc9d27e19d5186875c60c634260e49d5132b0db9243b4363b8326ab1e7c1f0af54d

Download Submit
\Users\Admin\AppData\Local\Temp\MSI2DB8.tmp

Filesize
48KB

MD5
fa13aa9996fe8d85aa680e9f5e4f23e8

SHA1
cbc23243a9a595b6d91431c4c275c1ab2adc6642

SHA256
8f40c1dc28323a3c5310bf21372b9756ca547c20c7cf63197e071a9e1e66b31b

SHA512
9f4bd08583dbaadaec281d05d79c11a1dc1651d2d96cc4ecddd68e74178c3eec843e43bea14c546ba18b371177684dde0c21211e8fdb0369bbeeb5e31fdbe87e

Download Submit
\Users\Admin\AppData\Local\Temp\MSI49E0.tmp

Filesize
108KB

MD5
74fe9c456578feb1b870b130ea089294

SHA1
54cd5a8e6168c3f7f8a491c4444ca16351e1b16b

SHA256
4555ac99b14dd339dafd9bdf71fd27ff9a2dfb756053aa6cf2ea79b899a26067

SHA512
6b2d6c62bbfe8988672ef543014099b63722573ed5989262a5d88a4069bd4232c6bf469550cbf724e5e14750a550a972a52aa7dcf7c73bf3ef52ac09c06f1306

Download Submit
\Users\Admin\AppData\Local\Temp\MSIE12B.tmp

Filesize
108KB

MD5
74fe9c456578feb1b870b130ea089294

SHA1
54cd5a8e6168c3f7f8a491c4444ca16351e1b16b

SHA256
4555ac99b14dd339dafd9bdf71fd27ff9a2dfb756053aa6cf2ea79b899a26067

SHA512
6b2d6c62bbfe8988672ef543014099b63722573ed5989262a5d88a4069bd4232c6bf469550cbf724e5e14750a550a972a52aa7dcf7c73bf3ef52ac09c06f1306

Download Submit
\Users\Admin\AppData\Local\Temp\MSIE12C.tmp

Filesize
108KB

MD5
74fe9c456578feb1b870b130ea089294

SHA1
54cd5a8e6168c3f7f8a491c4444ca16351e1b16b

SHA256
4555ac99b14dd339dafd9bdf71fd27ff9a2dfb756053aa6cf2ea79b899a26067

SHA512
6b2d6c62bbfe8988672ef543014099b63722573ed5989262a5d88a4069bd4232c6bf469550cbf724e5e14750a550a972a52aa7dcf7c73bf3ef52ac09c06f1306

Download Submit
\Users\Admin\AppData\Local\Temp\MSIED7C.tmp

Filesize
48KB

MD5
fa13aa9996fe8d85aa680e9f5e4f23e8

SHA1
cbc23243a9a595b6d91431c4c275c1ab2adc6642

SHA256
8f40c1dc28323a3c5310bf21372b9756ca547c20c7cf63197e071a9e1e66b31b

SHA512
9f4bd08583dbaadaec281d05d79c11a1dc1651d2d96cc4ecddd68e74178c3eec843e43bea14c546ba18b371177684dde0c21211e8fdb0369bbeeb5e31fdbe87e

Download Submit
\Users\Admin\AppData\Local\Temp\{65EEA363-8D47-4268-BBCE-85CD54ACDC15}\ISRT.DLL

Filesize
400KB

MD5
db28ca3ba3c2045aa7b6e59aa9831c68

SHA1
55b44ea55f3a04b916339c81e1cc3f3db62d54cc

SHA256
ca41725fb64338211a9f9740f45f1b0c4d80e6c7e84a1d2e5580dcecbf87e489

SHA512
82c409611e61acad6b2986372ff72682e611b7ee5a88e74fec9c7864ce50c7494adba4165a44f2cc99b93daee33ad67320aed4fd5f85ef2fbc4779bf69f55efb

Download Submit
\Users\Admin\AppData\Local\Temp\{65EEA363-8D47-4268-BBCE-85CD54ACDC15}\_ISRES.DLL

Filesize
528KB

MD5
1c1332bf83f505cb60e06c76fe111cdd

SHA1
3c80e9bd5a41ac3f8fa129d61261ea07db29f801

SHA256
9602fafb7de17b14a3474c64944db928ef6c23e20935c0e82e918fa2447cc979

SHA512
bd7cb4113f5b6067c55e7df1f6dac6b4058a0bdc9b0e7d6875f1718bdcc84d315ea8a2d373a45c47c82326a74cbce41a508f493eac59db99f7cd5e4f33ac575f

Download Submit
\Windows\Installer\MSI2D49.tmp

Filesize
108KB

MD5
74fe9c456578feb1b870b130ea089294

SHA1
54cd5a8e6168c3f7f8a491c4444ca16351e1b16b

SHA256
4555ac99b14dd339dafd9bdf71fd27ff9a2dfb756053aa6cf2ea79b899a26067

SHA512
6b2d6c62bbfe8988672ef543014099b63722573ed5989262a5d88a4069bd4232c6bf469550cbf724e5e14750a550a972a52aa7dcf7c73bf3ef52ac09c06f1306

Download Submit
\Windows\Installer\MSI95A4.tmp

Filesize
108KB

MD5
74fe9c456578feb1b870b130ea089294

SHA1
54cd5a8e6168c3f7f8a491c4444ca16351e1b16b

SHA256
4555ac99b14dd339dafd9bdf71fd27ff9a2dfb756053aa6cf2ea79b899a26067

SHA512
6b2d6c62bbfe8988672ef543014099b63722573ed5989262a5d88a4069bd4232c6bf469550cbf724e5e14750a550a972a52aa7dcf7c73bf3ef52ac09c06f1306

Download Submit
\Windows\Installer\MSI95B5.tmp

Filesize
108KB

MD5
74fe9c456578feb1b870b130ea089294

SHA1
54cd5a8e6168c3f7f8a491c4444ca16351e1b16b

SHA256
4555ac99b14dd339dafd9bdf71fd27ff9a2dfb756053aa6cf2ea79b899a26067

SHA512
6b2d6c62bbfe8988672ef543014099b63722573ed5989262a5d88a4069bd4232c6bf469550cbf724e5e14750a550a972a52aa7dcf7c73bf3ef52ac09c06f1306

Download Submit
\Windows\Installer\MSIB799.tmp

Filesize
108KB

MD5
74fe9c456578feb1b870b130ea089294

SHA1
54cd5a8e6168c3f7f8a491c4444ca16351e1b16b

SHA256
4555ac99b14dd339dafd9bdf71fd27ff9a2dfb756053aa6cf2ea79b899a26067

SHA512
6b2d6c62bbfe8988672ef543014099b63722573ed5989262a5d88a4069bd4232c6bf469550cbf724e5e14750a550a972a52aa7dcf7c73bf3ef52ac09c06f1306

Download Submit
\Windows\Installer\MSIFAD1.tmp

Filesize
108KB

MD5
74fe9c456578feb1b870b130ea089294

SHA1
54cd5a8e6168c3f7f8a491c4444ca16351e1b16b

SHA256
4555ac99b14dd339dafd9bdf71fd27ff9a2dfb756053aa6cf2ea79b899a26067

SHA512
6b2d6c62bbfe8988672ef543014099b63722573ed5989262a5d88a4069bd4232c6bf469550cbf724e5e14750a550a972a52aa7dcf7c73bf3ef52ac09c06f1306

Download Submit
\Windows\Installer\MSIFDFE.tmp

Filesize
108KB

MD5
74fe9c456578feb1b870b130ea089294

SHA1
54cd5a8e6168c3f7f8a491c4444ca16351e1b16b

SHA256
4555ac99b14dd339dafd9bdf71fd27ff9a2dfb756053aa6cf2ea79b899a26067

SHA512
6b2d6c62bbfe8988672ef543014099b63722573ed5989262a5d88a4069bd4232c6bf469550cbf724e5e14750a550a972a52aa7dcf7c73bf3ef52ac09c06f1306

Download Submit
memory/1164-143-0x0000000000250000-0x000000000026D000-memory.dmp

Filesize
116KB

Download
memory/1164-180-0x0000000000250000-0x000000000025D000-memory.dmp

Filesize
52KB

Download
memory/1600-197-0x0000000000230000-0x000000000024D000-memory.dmp

Filesize
116KB

Download
memory/2752-165-0x0000000002F90000-0x0000000002FBC000-memory.dmp

Filesize
176KB

Download
memory/2752-171-0x00000000034B0000-0x0000000003536000-memory.dmp

Filesize
536KB

Download
memory/2752-174-0x00000000030F0000-0x000000000311E000-memory.dmp

Filesize
184KB

Download
memory/2752-161-0x0000000002EE0000-0x0000000002F46000-memory.dmp

Filesize
408KB

Download