Overview

overview

10

Static

static

3

TauDEM537_setup.exe

windows10-1703-x64

10

Resubmissions

31-01-2024 04:13

240131-etjqaadbbj 7

25-01-2024 16:01

240125-tgnk2aaca5 10

25-01-2024 15:47

240125-s76c4aaab6 3

Analysis

  • max time kernel
    1598s
  • max time network
    1601s
  • platform
    windows10-1703_x64
  • resource
    win10-20231215-en
  • resource tags

    arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system
  • submitted
    25-01-2024 16:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TauDEM537_setup.exe

  • Size

    88.6MB

  • MD5

    33f7f04d3df20cf2c5aabea259150d51

  • SHA1

    8eb78ef9e2cdad7fee7704fb8a3820277eaff6ea

  • SHA256

    e8109b14400b3a580fbc4f5aa6930536df59a046b6cc5625c8ab47bfe39b4937

  • SHA512

    f6c5d9d51e8d103d134252546a6be1070800a1e6875c50cada378c7eddee7c06d271a540833d50002714927bcb6e4d975b9bcdfd6a809ba43fcf6d1477d94faa

  • SSDEEP

    1572864:pn/WnnDLV0dwTIYWU3bnTdE/aBBuAVZm6NT16YRaucD9aaXSF5OCKDbE6bMdyDiX:p/WnHyy8UjTSCXjrF56m8haMSF5OCKDu

Score
10/10
kinsingdiscoveryevasionloader

Malware Config

Signatures

  • Kinsing

    Kinsing is a loader written in Golang.

    loaderkinsing
  • Modifies Windows Firewall 2 TTPs 9 IoCs
    evasion
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 15 IoCs
  • Blocklisted process makes network request 4 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 64 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 8 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 42 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies data under HKEY_USERS 5 IoCs
  • Modifies registry class 62 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 7 IoCs
  • Suspicious use of WriteProcessMemory 63 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\TauDEM537_setup.exe
    "C:\Users\Admin\AppData\Local\Temp\TauDEM537_setup.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2524
    • C:\Users\Admin\AppData\Local\Temp\is-EPVG3.tmp\TauDEM537_setup.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-EPVG3.tmp\TauDEM537_setup.tmp" /SL5="$701EE,92498073,56832,C:\Users\Admin\AppData\Local\Temp\TauDEM537_setup.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:4124
      • C:\Windows\SysWOW64\msiexec.exe
        "C:\Windows\System32\msiexec.exe" /i "C:\Program Files\TauDEM\setup_files\GDAL-2.1.0.win32-py2.7.msi"
        3⤵
        • Enumerates connected drives
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        PID:1700
      • C:\Windows\SysWOW64\msiexec.exe
        "C:\Windows\System32\msiexec.exe" /i "C:\Program Files\TauDEM\setup_files\gdal-201-1800-x64-core.msi"
        3⤵
        • Blocklisted process makes network request
        • Enumerates connected drives
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        PID:4860
      • C:\Program Files\TauDEM\setup_files\MSMpiSetup.exe
        "C:\Program Files\TauDEM\setup_files\MSMpiSetup.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:5008
        • C:\Users\Admin\AppData\Local\Temp\f2ed52ca-31fa-4c77-ba4d-8ac7ac6caa3b\PurgeMsmpi_x64.exe
          "C:\Users\Admin\AppData\Local\Temp\f2ed52ca-31fa-4c77-ba4d-8ac7ac6caa3b\PurgeMsmpi_x64.exe"
          4⤵
          • Executes dropped EXE
          • Drops file in System32 directory
          PID:500
        • C:\Windows\SysWOW64\msiexec.exe
          msiexec /i "C:\Users\Admin\AppData\Local\Temp\f2ed52ca-31fa-4c77-ba4d-8ac7ac6caa3b\mpi_x64.msi" INSTALLLEVEL=300 WRAPPERPATH="C:\Users\Admin\AppData\Local\Temp\f2ed52ca-31fa-4c77-ba4d-8ac7ac6caa3b\MSMPISetup.exe"
          4⤵
          • Enumerates connected drives
          • Suspicious use of FindShellTrayWindow
          PID:2772
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1464
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:4212
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding CD288B6E970D06D2B19687D08B7B6F76 C
      2⤵
      • Loads dropped DLL
      PID:4160
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 3AC2F38E89B721C583B23C808E5C3CB6
      2⤵
      • Loads dropped DLL
      PID:3868
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding CEB63117EA4CB761FBB5ACEE5FBB29AE E Global\MSI0000
      2⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:4908
      • C:\Windows\SysWOW64\netsh.exe
        "C:\Windows\SysWOW64\netsh.exe" advfirewall firewall delete rule name=MSMPI-LaunchSvc
        3⤵
        • Modifies Windows Firewall
        PID:4480
      • C:\Windows\SysWOW64\netsh.exe
        "C:\Windows\SysWOW64\netsh.exe" advfirewall firewall delete rule name=MSMPI-MPIEXEC
        3⤵
        • Modifies Windows Firewall
        PID:2900
      • C:\Windows\SysWOW64\netsh.exe
        "C:\Windows\SysWOW64\netsh.exe" advfirewall firewall delete rule name=MSMPI-SMPD
        3⤵
        • Modifies Windows Firewall
        PID:3344
      • C:\Windows\syswow64\wevtutil.exe
        "wevtutil.exe" im "C:\Program Files\Microsoft MPI\Bin\mpitrace.man"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2540
        • C:\Windows\System32\wevtutil.exe
          "wevtutil.exe" im "C:\Program Files\Microsoft MPI\Bin\mpitrace.man" /fromwow64
          4⤵
            PID:1668
        • C:\Windows\SysWOW64\setx.exe
          "C:\Windows\SysWOW64\setx.exe" /M MSMPI_BIN "C:\Program Files\Microsoft MPI\Bin\
          3⤵
            PID:2536
          • C:\Windows\SysWOW64\netsh.exe
            "C:\Windows\SysWOW64\netsh.exe" advfirewall firewall add rule name=MSMPI-LaunchSvc dir=in action=allow program="C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe"
            3⤵
            • Modifies Windows Firewall
            PID:356
          • C:\Windows\SysWOW64\netsh.exe
            "C:\Windows\SysWOW64\netsh.exe" advfirewall firewall add rule name=MSMPI-LaunchSvc dir=out action=allow program="C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe"
            3⤵
            • Modifies Windows Firewall
            PID:1360
          • C:\Windows\SysWOW64\netsh.exe
            "C:\Windows\SysWOW64\netsh.exe" advfirewall firewall add rule name=MSMPI-MPIEXEC dir=in action=allow program="C:\Program Files\Microsoft MPI\Bin\mpiexec.exe" profile=any
            3⤵
            • Modifies Windows Firewall
            PID:8
          • C:\Windows\SysWOW64\netsh.exe
            "C:\Windows\SysWOW64\netsh.exe" advfirewall firewall add rule name=MSMPI-MPIEXEC dir=out action=allow program="C:\Program Files\Microsoft MPI\Bin\mpiexec.exe" profile=any
            3⤵
            • Modifies Windows Firewall
            PID:1936
          • C:\Windows\SysWOW64\netsh.exe
            "C:\Windows\SysWOW64\netsh.exe" advfirewall firewall add rule name=MSMPI-SMPD dir=in action=allow program="C:\Program Files\Microsoft MPI\Bin\smpd.exe"
            3⤵
            • Modifies Windows Firewall
            PID:168
          • C:\Windows\SysWOW64\netsh.exe
            "C:\Windows\SysWOW64\netsh.exe" advfirewall firewall add rule name=MSMPI-SMPD dir=out action=allow program="C:\Program Files\Microsoft MPI\Bin\smpd.exe"
            3⤵
            • Modifies Windows Firewall
            PID:1528
      • C:\Windows\system32\vssvc.exe
        C:\Windows\system32\vssvc.exe
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:1580
      • C:\Windows\System32\rundll32.exe
        C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
        1⤵
          PID:4552

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Config.Msi\e590239.rbs
          Filesize

          11KB

          MD5

          1115f184f6c013e7156b3c73a804c619

          SHA1

          dc13f46476b2e4c8c7e7eb4af887e24c2b37b318

          SHA256

          9f825cb8cf4180915a8e45e0662db399331e85becdbe069ec10b0a282869d0ee

          SHA512

          b8475e942f3b87d64dcd070ddefbf027a25419a16c33c31eb743aff42e9ba213dbc890c8d476d61bc09f632d6e93d1164a5272d85d13d8a3033be9658fe35848

          Download Submit
        • C:\Config.Msi\e59023c.rbs
          Filesize

          45KB

          MD5

          4a679484d795ea7d43951618824c0d9d

          SHA1

          42453f4278bdf90d80c91a24fe9c2ca9b100a475

          SHA256

          da0a11a8bf6a352e12e26dacd5df786b15ffc9d1900eb6b7fba94053cc89cf72

          SHA512

          92f548df270158bc75ce1037bbd090355cb896bf1b514004eaef83b8fce56ae8c8ddbbb0fcd860ff2c3a6f130b8f41669abf26509b3fbc3f56031a1726156179

          Download Submit
        • C:\Config.Msi\e59023f.rbs
          Filesize

          177KB

          MD5

          0c6811e3a14d911e421f982909994967

          SHA1

          32a1171294991b42158c28ad276f50093de2266c

          SHA256

          bbce11e67e4e8de7ca697ea747eac12d896a3744e79851da5f621e9ff64b7ff9

          SHA512

          0b505ed399d366b58223dce18d0ce92701018703a9d571aa620411067a5f94ba53cc1e04b94921513912e3beaa289743602a32cceabb292cfaf69f8bf6b34ee8

          Download Submit
        • C:\Program Files\Microsoft MPI\Bin\mpitrace.man
          Filesize

          966KB

          MD5

          39031ad273516d8722f2cf2f137a0d1b

          SHA1

          b89e629ab688597f120519893fb0a0dadb5b15de

          SHA256

          98399089edc0c13cdf3bd03f18b04cfe520cc59354e702ee888efbff49ba7cd8

          SHA512

          0521d8a8f4ffd4af051c1e66fd7add007496fdc6ddce16c3850531f305f66501dee02a48f7c19902e75cecc5b48eade54028515909cdc8d5a70e983499134ca2

          Download Submit
        • C:\Program Files\TauDEM\setup_files\GDAL-2.1.0.win32-py2.7.msi
          Filesize

          560KB

          MD5

          38572c3935da44c614bbbe12cc52a40b

          SHA1

          e475fc18a5bd77ea0edd58937b458472422f929b

          SHA256

          df3663118b1c5269f753cf3d176369f9c97ea8166cc76dbe4e13dc0ae8fab5ee

          SHA512

          a8d9c69615a77593b86cd24f33b2c405e4fb09b904813838564d27b6c519aacc1f77f15cd5abd3e077dbe452a07ca4642e2d7095ecfea7aa2a89abd006ae377b

          Download Submit
        • C:\Program Files\TauDEM\setup_files\MSMpiSetup.exe
          Filesize

          5.1MB

          MD5

          76f0ebc23b0684a4e4148fb2733705ba

          SHA1

          8c81c83c09cea33b8a0e4f7dc43a2d2d0c940e81

          SHA256

          548e0eedfda61180e776f5125dd92c65b76ce3f3d029aff63ea81cafb88d12c4

          SHA512

          f75c448e49b1ab4f5e60c958f0c7c1766e06665d65d2bdec42578aa77fb9d5fdc0215cee6ec51909e77d13451490bfff1c324bf9eb4311cb886b98a6ad469a2d

          Download Submit
        • C:\Program Files\TauDEM\setup_files\gdal-201-1800-x64-core.msi
          Filesize

          22.0MB

          MD5

          6471673f19d5afc8572b0182e0c05c6d

          SHA1

          3fdd7fffbbdd9fb2af63fd1f3fcf15a64da706c0

          SHA256

          3e7d143cf1f4ad80dc3899c18e9d90904412838aa7159eda5418f571bb537cf1

          SHA512

          a39c538becc616fd9dfcb4ffb9d51f01dbb5ae06b9234d2e494b6514c452dc745d288610d0d61f69bc4879fbc5a57509ff276634872b773796e359111d2c5916

          Download Submit
        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1B1F4BA66CDBFEC85A20E11BF729AF23_0FDA2E67E371AEB03992D56035802B07
          Filesize

          1KB

          MD5

          6ce64a4cdb2853783514b8e3a0691353

          SHA1

          80a95aa5ae379fc248e499b8a7d237f2bb4fe2a6

          SHA256

          4f2fb09cc481a813970220ca55f74c4af15a36779021562551c421370dd7e2e7

          SHA512

          a68a7402b020bed855f72f57b9a83c06586250cdac639c1800330e0a5445cb84d7f0039181bf3778b5a08102ea2347b5dbd765b61c7c3f02bb8260128e96e19e

          Download Submit
        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CE4CFAB51DB3F9AB265C1526D1E6F12F_4154A11532CBE35FC9F1E337BE92ECF0
          Filesize

          1KB

          MD5

          ec221f70b8dc711d84380223972cfc3c

          SHA1

          6e844fd883abfe2bb9f356cfdd16644699e57371

          SHA256

          2376c9af237cf5ebd26f3160e720dd4f42491a85bf4b20ed8d5dda3d12734a00

          SHA512

          8f613369ba66edf8cdbd0a5d116e0ada4362ce4d780c8c275008972954462e9cb964fbe4943ef021208b98f8b109be734e12334509aaff1cc9cf2c4e4a2d9fa2

          Download Submit
        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1B1F4BA66CDBFEC85A20E11BF729AF23_0FDA2E67E371AEB03992D56035802B07
          Filesize

          416B

          MD5

          9bb492d869244f6c26cabd045aaa815f

          SHA1

          22094936d2d5f813a85f84f0cc9e10fee1bafce5

          SHA256

          628a8f68540dd0f680bc0dc79aff4e7abeeed6c145962f8bbf15c9654fbf6bb4

          SHA512

          aa71c3df8d640d453233d50a500bc4fd9794cf4fa0a32148ede7ce4322ca0580e01790875acd6192de387492132380ceaa0083d9c0130ad0567d1bd95f2d99fb

          Download Submit
        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CE4CFAB51DB3F9AB265C1526D1E6F12F_4154A11532CBE35FC9F1E337BE92ECF0
          Filesize

          394B

          MD5

          9b5477414894b3070d1cc2ab18922511

          SHA1

          45de324ae649f86f9e8432d3e08bcb53f16615d8

          SHA256

          4ce9b636c4f72ba78b75d2697b90c4f8d0c69fbe63cf8cdd6253487edcc51e92

          SHA512

          51cf93d7e30bedfd9d6da98c4827a64de5f85b1d0496ff37994e0a1cdf6fd650729cc28b9b148a6fafa66ace77b20265e6e6d2e3f0082aac8f8b3288b7235a98

          Download Submit
        • C:\Users\Admin\AppData\Local\Temp\MSIDD47.tmp
          Filesize

          66KB

          MD5

          28a9771def2f62764786e951de8ab6c1

          SHA1

          b6a928e0c9bd3ce8aec58d5138f09c94295f931c

          SHA256

          5c165e5ead82ea06047ad5585efb40e439a6472346033c5528c1f148804328cb

          SHA512

          0ec75b737c6c1aadd3871d84b1546d96c076940ba6be6fdec6d7d9aa68f2f6cd76be2f26e78ae9831ce7f7209cb46cb9b324ccaa32de09e839945620441c7aef

          Download Submit
        • C:\Users\Admin\AppData\Local\Temp\f2ed52ca-31fa-4c77-ba4d-8ac7ac6caa3b\PurgeMsmpi_x64.exe
          Filesize

          52KB

          MD5

          0fb247fb230a896aa0049659f60aa9e2

          SHA1

          318fc90f192218c7d26f142ada7fab6d7183a4a8

          SHA256

          8b4251c9ef287ee7b648ef217ea82ebbecae5b59f52c900068a5130407966751

          SHA512

          619aaafd2d7ee08539b499eeea65f557eb3df9616bc43b8a75d5e79c4d9e67d9ebc409ce9bc68b29c819a3159fcf0a1c1248a90f380a135be2ac497484f03563

          Download Submit
        • C:\Users\Admin\AppData\Local\Temp\f2ed52ca-31fa-4c77-ba4d-8ac7ac6caa3b\mpi_x64.msi
          Filesize

          2.7MB

          MD5

          2082f4f15e07aadd4107b590308ba8f8

          SHA1

          2410f6409fa91aeb13973ce0cbc210ba2006c1c8

          SHA256

          88c8aa56c64b7629d39efd06d3234364840d66d40c2ac766a5d5ec646fc0dc5f

          SHA512

          4d4e78c6eac6c16a69b09c2e6d043651d292fea291ed62b55b5a9560e016a43c07e7a60fa39e2be0826c57fc2d7a15d08d7ec27f36d3b94d35db982544b57cbb

          Download Submit
        • C:\Users\Admin\AppData\Local\Temp\is-EPVG3.tmp\TauDEM537_setup.tmp
          Filesize

          694KB

          MD5

          ffcf263a020aa7794015af0edee5df0b

          SHA1

          bce1eb5f0efb2c83f416b1782ea07c776666fdab

          SHA256

          1d07cfb7104b85fc0dffd761f6848ad176117e146bbb4079fe993efa06b94c64

          SHA512

          49f2b062adfb99c0c7f1012c56f0b52a8850d9f030cc32073b90025b372e4eb373f06a351e9b33264967427b8174c060c8a6110979f0eaf0872f7da6d5e4308a

          Download Submit
        • C:\Windows\Installer\MSIE657.tmp
          Filesize

          163KB

          MD5

          5a3caeced164cab3aaef81d475f855b6

          SHA1

          42d386a901805697515161fea5915538b3c40117

          SHA256

          944f833196d0e6f048c7d268039c4c0cbf01d06a8ad009d79234eac0547c89f7

          SHA512

          91658730a318ac4a8eaf53f9d7948a6ded24cda1304558c2c812bffbe0f361ce9abc247627486cb2d122b41b9a73eb52a03ffbf6a0032d25fa6a8fd7e11c9e42

          Download Submit
        • C:\Windows\System32\msmpires.dll
          Filesize

          395KB

          MD5

          da87c48b01b23ee1700ee4828caf12c1

          SHA1

          dc144e3ec6a1193a4d5761947940b9853a45b7d4

          SHA256

          e10d8e43342e93f47c7fa4ea4124916b8d07b6023d5c2108f97328a9297053e7

          SHA512

          e557038428f8559e7d6266f60fab7051741f50a557844b2053c4ffac613d444614b0548e7fd245da7e911f1de85f41df967e9853cce593f8b4adfe3213a3bb68

          Download Submit
        • F:\PythonX\Lib\site-packages\GDAL-2.1.0-py2.7.egg-info\PKG-INFO
          Filesize

          10KB

          MD5

          63b54edd9bf79fe1b5e775fa4e5eee1b

          SHA1

          b5a2f301c6fc49f900fe1634642c46b1b1452210

          SHA256

          37a4ec9160cbd05b31096097c3cf9c5ddc3d0af89cabc4ef224bd7b37e4def6f

          SHA512

          3d1feee8198755ab1fde2611e89470ea4e745814eefa3d5e7366131bbcab6b4723c77631bd4e673d802d554cb8eb6b2811c7e1ce7f607a2ffe8874631edced46

          Download Submit
        • F:\PythonX\Lib\site-packages\GDAL-2.1.0-py2.7.egg-info\SOURCES.txt
          Filesize

          2KB

          MD5

          3e2a6d31b8bb9a9bf114735f4da7e47f

          SHA1

          d2fdfbbedade2552f9af9ad5d4ba27134a31932f

          SHA256

          539fc101b71b6384c0bac56850cb378a3da978917fed8564d7002358de072ebc

          SHA512

          b4fedf54d8f14ef6137de0baad9302f98b8b73132e3d97e376a463789aacbb5c4355532a60273d4c94b421b113b668f855e3908835886d6208107b9d76003285

          Download Submit
        • F:\PythonX\Lib\site-packages\GDAL-2.1.0-py2.7.egg-info\dependency_links.txt
          Filesize

          1B

          MD5

          68b329da9893e34099c7d8ad5cb9c940

          SHA1

          adc83b19e793491b1c6ea0fd8b46cd9f32e592fc

          SHA256

          01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

          SHA512

          be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09

          Download Submit
        • F:\PythonX\Lib\site-packages\GDAL-2.1.0-py2.7.egg-info\not-zip-safe
          Filesize

          2B

          MD5

          81051bcc2cf1bedf378224b0a93e2877

          SHA1

          ba8ab5a0280b953aa97435ff8946cbcbb2755a27

          SHA256

          7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6

          SHA512

          1b302a2f1e624a5fb5ad94ddc4e5f8bfd74d26fa37512d0e5face303d8c40eee0d0ffa3649f5da43f439914d128166cb6c4774a7caa3b174d7535451eb697b5d

          Download Submit
        • F:\PythonX\Lib\site-packages\GDAL-2.1.0-py2.7.egg-info\top_level.txt
          Filesize

          41B

          MD5

          c6fdbf16fd0d2a2e61a4d15d54ba227d

          SHA1

          66aa86175a16191b737a1767ece6c020548e2f89

          SHA256

          a18eb813c6f21c82ea4ad4ac65671a1d2f17039c0dbcf0957e6f799e281c3237

          SHA512

          d5b8a3c3d7367db5ce5fb4cec29f83f907d878c25f0e846e86997268b7b401db6d2056de7f07e76f04b1894e953643ff7ae986add881bff01facf2f40667d7f3

          Download Submit
        • F:\PythonX\Lib\site-packages\gdal.py
          Filesize

          133B

          MD5

          d96ce2ed0c28aceaf039f161746a748c

          SHA1

          e585466cc6bec238c6abd6fd2942d419c698b91f

          SHA256

          a26b5e791fb6ebb03eba8b374e7323bdfb905cd75af28d7510d78ecc736764db

          SHA512

          feb35154c1616358a35abd3e4eeeca083c5f05023b11609503860185a9dd5cc7d741ad4b6b336a543e6c7e062dd3f638d87528568784bd8d2b384c81a95666c3

          Download Submit
        • F:\PythonX\Lib\site-packages\gdalconst.py
          Filesize

          148B

          MD5

          7a7696a47eb3e811eab663a8c52a7b20

          SHA1

          216e08751256c74013e8415e9b116fa19edf648c

          SHA256

          009c390ef51a1055184804df94f40c9717b260ef8c36a5188b0e8d8d7508bd04

          SHA512

          49ed73a8c54fa3ba27fc29a496a700da9fe418ace8b7e266f63c91b2339ed88e26788369e7366d711d18836b071994d56cb5804be325fa86e681980246148dc8

          Download Submit
        • F:\PythonX\Lib\site-packages\gdalnumeric.py
          Filesize

          147B

          MD5

          ea03edc19b9ed33242a248f72929b9f7

          SHA1

          737e3391afb50768cd89f327a6041befff9dfcd6

          SHA256

          5b7834246221fc62d820d651686a1e07bafc32997e52e94ed6244c20e1bca81c

          SHA512

          f45679ab814766954bb264031f44501009a02974741afdca5faa6c1815695e11048488d6e3739cd598b70b196082b379b4ab092bc973929e5e2dc86bf40b2562

          Download Submit
        • F:\PythonX\Lib\site-packages\ogr.py
          Filesize

          130B

          MD5

          06d83490edcc5b05fecd395250823f9b

          SHA1

          e7c95c495c5d88eb00aa117291de8bfc2ca63216

          SHA256

          087fdb224e15f1edd4919b7d3fada6732de66cf5ca0cf0cffd6a8a9c4746824e

          SHA512

          4f52d7f53bef42435e2d524f2f69cf61ea12af520354a8090f640f91e3b875f5075ff52d588e92d07056ac8f67dd7d1d6965e25ef31676a5ffd6b7fe55da707a

          Download Submit
        • F:\PythonX\Lib\site-packages\osgeo\__init__.py
          Filesize

          777B

          MD5

          12af8cbbc02c681bfb924780fc5c0447

          SHA1

          ed424bd381e3964cfc773f4e345280a560d143f2

          SHA256

          cc429e4d5e8c02fdc0bddc855d55f2af39a88171c571f4afdedc6d0d8d82fb26

          SHA512

          44f1fec21228123cc80372acc1656fb436fc7d30d71d2a1a315ed74e3a89dd07163cc1c28b1f1523ea3f5d327e35f9c74fe3637127f6d061b02fd300a6d815fa

          Download Submit
        • F:\PythonX\Lib\site-packages\osgeo\gdal.py
          Filesize

          130KB

          MD5

          493d82273c4e792d21933a78b8dc47b7

          SHA1

          9a119301a5a67149ba7388b037e0998d76ba4c18

          SHA256

          56a8bf4e9eecf1624e5e6b5971f8a3278f616cd2be6cf5ea1787f588a58716a8

          SHA512

          5c8f57c57426e111a180b681771a2f092351c63c605988cece09ba8e89e81f59accb8d71bb6a8dfae194b5986856fec6a326bf2aba395e9deba559742f117fee

          Download Submit
        • F:\PythonX\Lib\site-packages\osgeo\gdal_array.py
          Filesize

          18KB

          MD5

          f1a909dfbee3c18504b5f729bbb85e6f

          SHA1

          b9fd7550ac578903da52e71509782b5eb55f475e

          SHA256

          231fb20d1e982ca5fc82f2a9b5947cbcc6e27019e8a9b0022a150114c8e1ad94

          SHA512

          71c003f5b063ad9461676b46c0ba1f03978377e0ceaac502a48aff7c1613c8ce368896cf1e1ba7c6ba10704e8a1c14da11f0bc8498b0eb24ded72d84e3835e11

          Download Submit
        • F:\PythonX\Lib\site-packages\osgeo\gdalconst.py
          Filesize

          7KB

          MD5

          7a2382358fcbf6b580099750cc9d0546

          SHA1

          edc8f82dc11a2d4c8c31d6c3a9984d5a1dbf90c5

          SHA256

          070f8a1bc7b829221547f63b45dd6b6157e06c3d310e1443c12a7e9574d38a2d

          SHA512

          61b65fbcc3185142502c31ce2c14d7336513c7661dafba8db97e6e95a59210fb943281c550fcda4ef2a1371cc4832d27f966f12d9f6d4f9301971ae61e67c312

          Download Submit
        • F:\PythonX\Lib\site-packages\osgeo\gdalnumeric.py
          Filesize

          53B

          MD5

          3d0826c4d961a6833de80b309c5f3fd8

          SHA1

          c8850fd1278b46faf25632309bf72e79627a4b8a

          SHA256

          ccee937010ea093585c72c3f0c00e79792ae0c79312444972d95fcc7f20c42fd

          SHA512

          851db29e66770934e64afa957d06933680552edfc4d4dca5492dbab4b2fd7acc7c139c55d33e36b26f657d20a7a17d9be4bdd79368a8c6fb0f1acc68c15aeb03

          Download Submit
        • F:\PythonX\Lib\site-packages\osgeo\gnm.py
          Filesize

          11KB

          MD5

          b6cd8dadd657ce3085d9af76c5573889

          SHA1

          63c4c862d95270ff4bd48acd12ca0119d4f5f100

          SHA256

          39a13bba3cb8a02ad0086e287803ccb67d335fae022b0f5e7f560c7de11d4c23

          SHA512

          f12fea3217b2b17cfaef63eb2f4dd67d6da6e61d448aba0bbcaf5a99e665ccf2264878d4a06566509f0a86e688e5495688c2e87f174bbb9bd234afdd04937e85

          Download Submit
        • F:\PythonX\Lib\site-packages\osgeo\ogr.py
          Filesize

          240KB

          MD5

          0b02b2d513fa22a860f2fe5fbaacfc50

          SHA1

          c2e9f06d8f37a7e50f1c25f6f0a1c3ddf69a4fe9

          SHA256

          21d68c00562211f1f5ab96dfe9ed77345e6171c08674da308bd868d7777914fe

          SHA512

          137c83c849608dc435b81e341aeee5324a0931b5e89a1053453622b2d88ff3d8b1dc59851b6d82e0acab8c4ba387b30b83a2573fb0045fdc6f9b217df2e1deba

          Download Submit
        • F:\PythonX\Lib\site-packages\osgeo\osr.py
          Filesize

          35KB

          MD5

          25a9da028a90e4ddcc3d56e7ce033ecf

          SHA1

          fa0cfba50eea1346a3d2a3950816d158cd785fd0

          SHA256

          f84b62cf2577c4a5f29d90ad08a46eac1bf44d7b943dfe6f0d249e92bbae643c

          SHA512

          d57c8a96fa3a5b756b3409969f4e61f80662a71dcbae5187a70201ef91f56744ce6db4a72231197f51effde3513e4c772aa3f9258be38b518edaf199b3aa8586

          Download Submit
        • F:\PythonX\Lib\site-packages\osr.py
          Filesize

          130B

          MD5

          e88ab6e2dadbda1c1b7d8d13c9efae8f

          SHA1

          9e6cd97183444391685b38f312090ec648b2ed11

          SHA256

          46f1d33f1e26aa635e7308c599e87f9e6be23508bedcffa6fc27beccce5a83be

          SHA512

          30949f12db5890ab909102a82ce1d37469424718ddcbf855fa1f75f69c4e83323dfa713f279a85b18b8ac1466f2213dfea3cee8d3956bc13b62551689e8fc6da

          Download Submit
        • \??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
          Filesize

          25.0MB

          MD5

          e965525c67f31c6ef2c0defd7606acb7

          SHA1

          b0822a702bacfd345235033b578b1a9b549b1c3c

          SHA256

          a3fbe8f7eab5172c9c0afd606930a94fc0be0660284a9d53003aa926c5be5cac

          SHA512

          9ca1aeba1be02fdc485f83bd33c4059df69f08c8a90e34140533119599814681e631fa67111735aa46fc17d48cd33a51843f354382aa8ee52e730f1f38cd9799

          Download Submit
        • \??\Volume{e5051d0a-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{32629699-7613-484f-ae48-4df600694841}_OnDiskSnapshotProp
          Filesize

          5KB

          MD5

          1aa2d67ea3f0d0a3ffb3a13fc1b37d75

          SHA1

          088d8f2487ddc83f25f8a9404b43b019b4a9a8e3

          SHA256

          3a387657e848832c03cb80d6c7217b1fe72350fa63e437daeef2614098565850

          SHA512

          c1381760c69ae1fc30990dffccc528c1bd7160d17d671acc5e5513103816e212a803d47037cc25fad815735725d699cd8bd2603aeea283544a48c4ea8bb638b8

          Download Submit
        • \Windows\Installer\MSIE5AA.tmp
          Filesize

          248KB

          MD5

          db9184bf5e4e27808b864f906e1ffc0b

          SHA1

          3a46f59dac2a39df93b75e230ab846bbd5e0d74b

          SHA256

          045af0b600177b2ab12effc643435dc4ca0b267050ff937ecf29dbe5642385aa

          SHA512

          d0acf1dfe06672b399bea3fc8e4d12a2fdedd340bb2c48d732b73c2a55819fbce494e2dbad38168e24ed3ca9ef92cb0344840ede38d9ef0287a4ad2c87cabdcf

          Download Submit
        • memory/2524-2-0x0000000000400000-0x0000000000414000-memory.dmp
          Filesize

          80KB

          Download
        • memory/2524-11-0x0000000000400000-0x0000000000414000-memory.dmp
          Filesize

          80KB

          Download
        • memory/2524-0-0x0000000000400000-0x0000000000414000-memory.dmp
          Filesize

          80KB

          Download
        • memory/2524-5410-0x0000000000400000-0x0000000000414000-memory.dmp
          Filesize

          80KB

          Download
        • memory/4124-3270-0x0000000000400000-0x00000000004BD000-memory.dmp
          Filesize

          756KB

          Download
        • memory/4124-5294-0x0000000000400000-0x00000000004BD000-memory.dmp
          Filesize

          756KB

          Download
        • memory/4124-15-0x00000000001F0000-0x00000000001F1000-memory.dmp
          Filesize

          4KB

          Download
        • memory/4124-4915-0x0000000000400000-0x00000000004BD000-memory.dmp
          Filesize

          756KB

          Download
        • memory/4124-12-0x0000000000400000-0x00000000004BD000-memory.dmp
          Filesize

          756KB

          Download
        • memory/4124-6-0x00000000001F0000-0x00000000001F1000-memory.dmp
          Filesize

          4KB

          Download
        • memory/4124-5394-0x0000000000400000-0x00000000004BD000-memory.dmp
          Filesize

          756KB

          Download
        • memory/4124-5406-0x0000000000400000-0x00000000004BD000-memory.dmp
          Filesize

          756KB

          Download
        • memory/4124-5409-0x0000000000400000-0x00000000004BD000-memory.dmp
          Filesize

          756KB

          Download