Overview

overview

7

Static

static

3

XMeye_org_...10.exe

windows7-x64

7

XMeye_org_...10.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    128s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    23-02-2024 21:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    XMeye_org_VMS_V2.0.1.18.T.20210810.exe

  • Size

    64.1MB

  • MD5

    51b7127a2938538f45db3d9df68ff364

  • SHA1

    60cf3995ec9cd6f4fb663b0f7597a3c4ed2889e9

  • SHA256

    8bbe9b2bf763f24eafb4a62927234f8831f1bb782e15811bb7a4299afe3b95b2

  • SHA512

    ed108323054cf3caceb06e2c2fc29e740bbaee35aa271b6aa1039dd7d5f9c453875acb92125102823f8ca02902901431a9f6ca6b24b6709124b0335c4b403ea9

  • SSDEEP

    1572864:LPYNZZo+WK0VD4VqPx8F+e2VAVHbuw3f22HVfE0N:LgNgQ0VD4VqOeVOHbBflf/

Score
7/10
discoveryupx

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 64 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 22 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 37 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\XMeye_org_VMS_V2.0.1.18.T.20210810.exe
    "C:\Users\Admin\AppData\Local\Temp\XMeye_org_VMS_V2.0.1.18.T.20210810.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1748
    • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
      "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1809778 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\XMeye_org_VMS_V2.0.1.18.T.20210810.exe" "__IRCT:0" "__IRTSS:0" "__IRSID:S-1-5-21-2248906074-2862704502-246302768-1000"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2696
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c ""C:\Program Files (x86)\VMS\MediaPlayer\register.bat" "
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2992
        • C:\Windows\SysWOW64\regsvr32.exe
          regsvr32 /u -s "C:\Program Files (x86)\VMS\MediaPlayer\MediaDecFilter.ax"
          4⤵
          • Loads dropped DLL
          • Modifies registry class
          PID:2744
        • C:\Windows\SysWOW64\regsvr32.exe
          regsvr32 -s "C:\Program Files (x86)\VMS\MediaPlayer\MediaDecFilter.ax"
          4⤵
          • Loads dropped DLL
          • Modifies registry class
          PID:876
      • C:\Program Files (x86)\VMS\VMS.exe
        "C:\Program Files (x86)\VMS\VMS.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2528
        • C:\Program Files (x86)\VMS\ErrorReport.exe
          "C:\Program Files (x86)\VMS\ErrorReport.exe" "C:/Program Files (x86)/VMS/VMS.exe" VMS 20 V2.0.1.18 6 20210810 "Exception Code:0xc0000094 Exception Address:0x14503db Param:0x0"
          4⤵
          • Executes dropped EXE
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:668
          • C:\Program Files (x86)\VMS\VMS.exe
            "C:\Program Files (x86)\VMS\VMS.exe"
            5⤵
            • Executes dropped EXE
            • Suspicious use of SetWindowsHookEx
            PID:788

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\VMS\MediaPlayer\H264Play.dll
    Filesize

    200KB

    MD5

    a13e14cbf39f59b10c8c298c2da0faf8

    SHA1

    0abbd5079ee36cddf81d4091d495ca2a3cbf8cb4

    SHA256

    614f8bb649d1078901fd60e17c2ea954cedb20face7b49978f9bb908ee684ce5

    SHA512

    154595f3cf311bd21a391936d1b74d0c43eed9d79dca9b1c0028f6eed14cc3fcba1e84446f06e14085bf1c03d60af4346411d8daf829d2c0e7091cb9e78d707e

    Download Submit

  • C:\Program Files (x86)\VMS\MediaPlayer\register.bat
    Filesize

    77B

    MD5

    40a8fb0b4984103de87b0cfc7b6091a1

    SHA1

    5c9b2b459a673cfefc7406a0f2075ac3d23bff06

    SHA256

    6c1aa41bbba9b21b65d37dbed4636a1b5b794cab496e2a283832d5c106dcad71

    SHA512

    d209d045b904c1430381723e8223ae67c8dd6bf5388226f74a9b0926770754fcd22e2c326aefcc1e1c6cbcb2612fb0245b9c610f95cc0e3b06c552d81c879c94

    Download Submit

  • C:\Program Files (x86)\VMS\NetSDK.dll
    Filesize

    1.1MB

    MD5

    c00f4a23bf9ed96dd9f18950e6bce1af

    SHA1

    3e31fa1b8f2d2aa406e287ddc47f72b4b022fd08

    SHA256

    6b9e0d4ce3e2d6e4991f83628eb87668099552cff80fd63fcf2bda84e7c3ff3b

    SHA512

    e16a17259ac1e722afbd69e02bc7451441a90ea5d7792f0ac301dced07b0d55d9a6833b82039f84b98b61e456de93a0d4aefb85de755c8214b4731b92a6e65ad

    Download Submit

  • C:\Program Files (x86)\VMS\PlayCtrl.dll
    Filesize

    2.7MB

    MD5

    2787d6a0fc527194261a5f9008f9638c

    SHA1

    3eda01b036c3c4627c7ccb2e6cb7a54ca82a5770

    SHA256

    96eb6bdc00683c168d7bd47e5775354bc18e30248c745ee4aba596baa487728f

    SHA512

    ae153c791de1a00ecb7ee3560a4c2dcafa9e4dafb71c44030487e7e56bd11f7034e1ccedb909b8a339234fe8a99b05329d2c64421d3f50c0245192c00424f7c2

    Download Submit

  • C:\Program Files (x86)\VMS\QtGui4.dll
    Filesize

    3.0MB

    MD5

    e8f30c291b40347118ab778929de8372

    SHA1

    7306d697ef47d45de6f6f1dc70e93a8b1831e1ec

    SHA256

    83d253e280933acca182e45ac79fbc8e79e149ed99477d3b52ad3b3c90c288cc

    SHA512

    7738172f1a2dc651f51d2fe32f13a5cd4b859ab44668ec1bcc3f94668b84085dda8f447fb2eeb3a0336dcb298ac79befa0ab5955911e88ada02b0386eeea26ee

    Download Submit

  • C:\Program Files (x86)\VMS\Uninstall\IRIMG1.BMP
    Filesize

    517KB

    MD5

    e5b824146d577f28fd10df2d4815c4bc

    SHA1

    63f2c2bbd60c8fe4f3c231f642b782c8c9c934ca

    SHA256

    7244a060d1a645bfb9459d8a6eb51f8778f6a5dec1f13de77347cf55fb71189d

    SHA512

    0e993e353baedc2168b1ed5d5c42d5ad87cb79845facc34fc144d4ddef2cc9b7a4c92c0c452e3f3001e1cfbd22b25d433e21397a8a939682307a93b6e98d8d01

    Download Submit

  • C:\Program Files (x86)\VMS\Uninstall\uninstall.xml
    Filesize

    592KB

    MD5

    dd38b6ba7388dc56f668375e27f1db68

    SHA1

    8999e387e8cfd3f9ae51acddc048d0003ca4a20f

    SHA256

    3eae45abbc1926a88553a6fea8c3bfc67a3da27c80ed1c18204d7ef0b12aa6ef

    SHA512

    50ce6c2e19d64f2ec121cefbb6f190b54f15f7b5e47b1b712883f735b542a6424a089f13b47cbd071803040b9542792a1fd400e6923d8665cf599987454d3f39

    Download Submit

  • C:\Program Files (x86)\VMS\Uninstall\uninstall.xml
    Filesize

    603KB

    MD5

    a123cf95d78dd975705cc6894477af0c

    SHA1

    72ca0bf9c0a128c6cacd1beb07cfe787af7ba8b7

    SHA256

    cab92636ccc95edc26d75db5b0a268bba44782792ee86244bf9f0f8e46da5f10

    SHA512

    cc545a4e9020efd49ac6f573e297e045b6e6d0fa2f19eb612749580f81369b26d8e178ad5b59c9714f655cfe0ba3b660b64d4b3a8e2e36a68f4df5a14d412f5e

    Download Submit

  • C:\Program Files (x86)\VMS\VMS.exe
    Filesize

    3.5MB

    MD5

    23f40194fecd2413cd7436ef361e88a9

    SHA1

    4050f87bdf839a3fd244c5511abfa2bead01125a

    SHA256

    cd74225aa83a7b024947b59e098aa84fa9ce178c9eaffeca7dcf4ad954e0214c

    SHA512

    7541b876d31bc68dde5325763813f7db2e3f0a08edb8931de8f394fbcb0a0f2044e2a297d5e783244bd52a3d2a8cce0c8e003e29ec8b95df881ac22face5bc99

    Download Submit

  • C:\Program Files (x86)\VMS\config.ini
    Filesize

    1KB

    MD5

    30e15571e28722052ba547225f2e79f0

    SHA1

    5946bc33947c9b952bd1d715bd5f2d42fc88479d

    SHA256

    fbb1b84efd660d6268f358871644d39c717526d12dfde136bf4606c8db8398f9

    SHA512

    e5b1ba9786c44c7296665c831adf0ee1e082a955a077a045d995bdf6d46c3c41c5136892b20e9bf4abd5f5fef283558a81c55fd54ce367b83e5dbbd4ca2ff95e

    Download Submit

  • C:\Program Files (x86)\VMS\dhnetsdk.dll
    Filesize

    2.1MB

    MD5

    b1833bac1ebeb16f27d66c187ff3a102

    SHA1

    3f37adf731cad0ec4a20203e30040e653b17a0a6

    SHA256

    5f90c88216b49b72f3b25400ba9b673d67ac26c65ba4f68a47d49ce333097ee5

    SHA512

    59e7b0019831b92a69cfea833188366a1a6ed2b67e6a9a1473fca27464e19938b482ad51c7ad8fab27da94689a5915ff3b3ce0b1b60025ce866ae51c9dada03e

    Download Submit

  • C:\Program Files (x86)\VMS\dhplay.dll
    Filesize

    3.2MB

    MD5

    67653ad41e59537e5bd1f7fd67c5db24

    SHA1

    91270548e5d9e434a6aa9cdf2123be6bdb8eb08c

    SHA256

    9445dcb6bae275df6d5204a32d2caf025e7ae2951eb5b0e8c0f9ec60c7a8af2d

    SHA512

    a99d584b7292759b2f7393338cee3c82b43023e3a6c620f855b4dcc87a7bb4dc42a00f389fc123894a2a0de4c2f9ae7237255d76544d0e682ab7cf7d190279bd

    Download Submit

  • C:\Program Files (x86)\VMS\skin\default\buttons\Cloud_dis.png
    Filesize

    24KB

    MD5

    11c70f8353535af3e6eb93ca491cb2cc

    SHA1

    de12f06e390543b6a13c9bfa7ed2cfd2ad314812

    SHA256

    45c91983fe858881ee48aa23e4cc0b02c01e67a1e5fb6887f8db2afc2ab90838

    SHA512

    81952e7645246a8a6e817864c668f6ce84b13336675bdbce5f95584825e6338d18115c8e42c2dfd1b904459013adcf215cf9d76d46b063cb07e29df8969c0ffd

    Download Submit

  • C:\Program Files (x86)\VMS\skin\default_1.25\buttons\CameraParam.png
    Filesize

    33KB

    MD5

    e0788b139e5d2006a3eebf51a24be69c

    SHA1

    cc2d23ebfc3bda1d57cefaf25fe7438ba2ce0db9

    SHA256

    a9d010c9dbfec8ff7a93bc26d7cbcced63158a9e7869e07f74d09b5b271736b7

    SHA512

    bf3fa7cbc954dfdbcd154706bb165efb156767883caef4e890be684b6fbfde266ed9eed7c93e8b92ef884fa32f7e3d3d61be68e5473c47e94c36813961f53dc9

    Download Submit

  • C:\Program Files (x86)\VMS\skin\default_1.5\buttons\RebootDevice.png
    Filesize

    34KB

    MD5

    866161520dd48b5a650a7afb2036ee92

    SHA1

    38c9a6603813b93b85e6a3ef3a78c4fdb7dd0709

    SHA256

    3198435b0ed981c729a50308a9f84b0d54ab87fd7188991b434b058a42e15066

    SHA512

    38397c2094bb974f4ec7654a7565d78342a503f0705e542326ad158ee03555559020b52f99e274c3d7cce01fe6b25654771191645cb0e89486122422e127f6cc

    Download Submit

  • C:\Program Files (x86)\VMS\skin\default_1.5\icons\wnd_backgroud1.png
    Filesize

    22KB

    MD5

    0e4ee22314fd04b7ef0232f9e3ae342c

    SHA1

    9d944c23794e7030b874e16202f09cd88547055e

    SHA256

    9ed5ec4cc96c1e2df3a1e1c9d1445b3fdd43563c3258aabf5273ae22cf9876ed

    SHA512

    50b77ff44eeb0d437b09e27584cb467ee1ddfd4d041ecb73b22748b50beed445ad3d65ef50f6a532b801d8ca88eabcc22090a6be07837e0184fbaaf882ee63b5

    Download Submit

  • C:\Program Files (x86)\VMS\skin\default_1.5\skin.xml
    Filesize

    2KB

    MD5

    82a0c14f11cac518b72104e28ba838c3

    SHA1

    53caa769557bcb54247416fe4a968f9a4a31b4b3

    SHA256

    5ed23a1fcd40acff8a190a7aa214fe8f59ccc8dc9c2c4aa38b4338e6dbaa3040

    SHA512

    63f88da9ffefbc58680c6220b4a8516471005dc7683cd17b36194249b5ac11fa2d7542e2cf04d3d15325da272c82f65bdb9ce2846d7e006ac1a8d56909bcd634

    Download Submit

  • C:\Program Files (x86)\VMS\skin\default_2.0\icons\vms.png
    Filesize

    29KB

    MD5

    9c7ea605c3dc0f11c40317deccf4a5fe

    SHA1

    7d84ad9dfdbc413c41f069612b4672929a7c4aba

    SHA256

    121aaeaaea6ccdd9cd5c5d390e531aa0c7e0a343626a610b94fbf891f6b080a6

    SHA512

    ee948c823d95a77a58c0da2549ca1f5c1213d454b7dfa40555752511193d1be9eb46a4fbb28231636e28ffc33e73da633b9923052a05dfdfcb24fbf49d36e8a1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG3.JPG
    Filesize

    2KB

    MD5

    30688379f2a968059af2683ba18812bf

    SHA1

    e38fa2b07836e39d3419039539a1da1ad8b33e8a

    SHA256

    f7cddafec158d4bf444d91f7fc34c631fec8453bcd0390d9c43bfbb4f9d193a0

    SHA512

    839609fd6ab8a98adb7c3ab1d7fa3cac9e842429928b2afd852b8b14b4f86f22dac21a10c3319201a0bb6dce67e5628801e91ef8fb4029aef320a6f992ae9171

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG4.JPG
    Filesize

    8KB

    MD5

    0068efa951114b30cbbf44ca6255917a

    SHA1

    637e4e48ae2c216f5fd173191427b5327855f05f

    SHA256

    4cda756b8c77368451d116f39cf9918b54e741f84f3fc5b769a8096955c83003

    SHA512

    55c0f1d741775d89ce01a1b8c2b7766081ebf9deb136557ed5b7a2296d0f892959b7e844aacbf18dbed9916d452388fba0813c3723e22e865e1bc0ca0fb516f6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
    Filesize

    318KB

    MD5

    b5fc476c1bf08d5161346cc7dd4cb0ba

    SHA1

    280fac9cf711d93c95f6b80ac97d89cf5853c096

    SHA256

    12cb9b8f59c00ef40ea8f28bfc59a29f12dc28332bf44b1a5d8d6a8823365650

    SHA512

    17fa97f399287b941e958d2d42fe6adb62700b01d9dbe0c824604e8e06d903b330f9d7d8ffb109bfb7f6742f46e7e9cedad6981f0d94d629b8402d0a0174f697

    Download Submit

  • \Program Files (x86)\VMS\AudioRender.dll
    Filesize

    107KB

    MD5

    5c3ffaf46a56c045bfbf67caf6937b0b

    SHA1

    c9a1c6e9bb723748e978f4fae1b9ac7dfa8af009

    SHA256

    cfa446e90c8ccdce3d1fa2181f333d6c62354eb60c95eab97f90529006af26aa

    SHA512

    c5a572356d4c7420e59b420007d96a893c20bcab931b98159ed6507986160cab87dc48471a51555f9f1711e4bdd27ab02ade1116ad11023e8b2f0e146c4ffd9d

    Download Submit

  • \Program Files (x86)\VMS\CMSClient.dll
    Filesize

    1.4MB

    MD5

    9d93c8291eb1d7ba791904805018de11

    SHA1

    d628416ae100ebc57a3dd96757f11605ab78985f

    SHA256

    8c58a55d14bdd0a74d50dd2c45e1e910ce3e9c4a2fe04c715914a1200cc9a2f2

    SHA512

    6294bb931e5b297b009dcd067ec78dab01176912ee50e0c808ec16dba3f01d08c050e08ceb7cc984ff30b09c45cebcba9ea530da5fff207d60071fcd71cff1fe

    Download Submit

  • \Program Files (x86)\VMS\CloudClientAPI.dll
    Filesize

    233KB

    MD5

    d4a006317723c21fff7a8e03a6ea3d38

    SHA1

    5135d689cbbb98c1bd28a63c89312b9e91b2ded5

    SHA256

    0852e47e7aad085811ce71799b8b00524ce3c82156b5992bc61e80198da7d383

    SHA512

    51a730a2b89c2aed21c11a10ca6cd862acdad1b5caab17e18bf52e5de08d003ac3cd369cf820b177d264d78ad353467e0c4473c17c24a8dd54be9e027bd7b713

    Download Submit

  • \Program Files (x86)\VMS\ConfigModule.dll
    Filesize

    173KB

    MD5

    46c3249a448322583369f5d2e1efbb79

    SHA1

    e079e60e63bee9263c421deb564b08f7f7ea6c40

    SHA256

    340ae1b27bdf812206825d700da8ce3845fab9bf762d190720b27957783404cd

    SHA512

    bfafc0d25da5319ccf4e802fed87bdbb312b79948bd79208921c4462ed41325f3e594e86fe0b80ef87b2220ace36d8699b91965216768f6f222cecbf6fffb61b

    Download Submit

  • \Program Files (x86)\VMS\D3DX9_43.dll
    Filesize

    1.9MB

    MD5

    86e39e9161c3d930d93822f1563c280d

    SHA1

    f5944df4142983714a6d9955e6e393d9876c1e11

    SHA256

    0b28546be22c71834501f7d7185ede5d79742457331c7ee09efc14490dd64f5f

    SHA512

    0a3e311c4fd5c2194a8807469e47156af35502e10aeb8a3f64a01ff802cd8669c7e668cc87b593b182fd830a126d002b5d5d7b6c77991158bffdb0b5b997f6b3

    Download Submit

  • \Program Files (x86)\VMS\H264Play.dll
    Filesize

    1.9MB

    MD5

    ec0ca96e0e2044bec584294cf1a8b479

    SHA1

    b3337b3dc3a85da2cd1260212464dd3174b99a69

    SHA256

    bf7de5fea768b94da23fe4977ecb9120144277b18aa11d2dd4fd618af0d10a29

    SHA512

    c6603e76eae07c95dbdfd88e697cfcefa7c1479a2c9e49b776912810780995ac0b9aeff59845809bb2e64f63536d8fd388937cbfe995e1381b1fd60b2643d0a7

    Download Submit

  • \Program Files (x86)\VMS\MediaPlayer\MediaDecFilter.ax
    Filesize

    31KB

    MD5

    e5b67f308305b443ad7ef2937ea8ed17

    SHA1

    d2b209f3acea82dad0b2aad2149a37e197a77ee3

    SHA256

    d35c8a4787cb0547af704aaed35f004f43b1449b6a1dc716635f22e953a603b8

    SHA512

    94f40759ebb14a69cff19ddb0e45c644d42253e8ba36b7cc5fd049f27408809a4e4be91671d800b5ee100b2e5ce59f037507e4d8cc62860d487b9858949059ae

    Download Submit

  • \Program Files (x86)\VMS\MediaPlayer\StreamReader.dll
    Filesize

    38KB

    MD5

    65f495d45c50cb3b00594e77c76e1ba4

    SHA1

    bba3dbdcb35a9478013dae796386ade413da9d7b

    SHA256

    d809c40e0698d3196d9a6760e3705a1e8bf65c769e67ec87df6175b85f6c420c

    SHA512

    d4465031b983bf5dffccdc5c07342424c3396798c920b719b24190cfc1e735903f585c773df5e49bdc200145c126f87655d860ddf494c495259bde2292ac72b1

    Download Submit

  • \Program Files (x86)\VMS\NetSdk.dll
    Filesize

    64KB

    MD5

    5f08583a9752ffdd1c7701d6fd23cb17

    SHA1

    e4c3e310967fdc4b0fa460f11212c3f4a85a4d55

    SHA256

    3ad7b81d0daee9470816300f71dd589a105f42c1e7e575157d72526b2d78c898

    SHA512

    b6297d24383e6ba2c84fdba0f8adba548700b01a395353b15dd4f48db5156a2cf66792257079ab22d4cc857935e961554364b386d41d67f60bcaf158f1f00e66

    Download Submit

  • \Program Files (x86)\VMS\PlayCtrl.dll
    Filesize

    2.4MB

    MD5

    fe4bcf6c9ceb3358da9c1fd118907945

    SHA1

    49b0e5870b0a2f1fdc7569d943b7d0e5c7ebc158

    SHA256

    e284d89ea5f8428bb60ea7b4be2f583408f833dee949bca90649af98f94aa048

    SHA512

    6c4039da0597f87b0f48ab8a29f3d3b769db4586378235e3be0c77f75f4b978a75a13cc33f033b9078fa9ae74206ebe8c97192699349b3a4e7507fb15eb0119c

    Download Submit

  • \Program Files (x86)\VMS\QtCore4.dll
    Filesize

    2.4MB

    MD5

    a9130fc93df6d15cd53ccf2c31c230b5

    SHA1

    c880332df3d597649f4ad65ef9133983452d9ab0

    SHA256

    819ebbbb399e6397dc880e336bf936366f07c4abc145901b63f81713447cde43

    SHA512

    8b3c49c4d6a8147f2c502eed6ab97a99bf08c64d277cd65abc59f75e69ec4b0d67750fe5d9f9548fa03048d9621ce9ce2df12ededd57a56f78593843e85263be

    Download Submit

  • \Program Files (x86)\VMS\QtGui4.dll
    Filesize

    256KB

    MD5

    e639d3c5c0a33b2055104c04f6bf1175

    SHA1

    c76b7727e2c908dc0e7ea2f50abc34a5ce3acb19

    SHA256

    1b8b9b04d6977a9c343f19a32488879d79707e5385584a5d8b0cdae0acfbe55a

    SHA512

    0f0dd7a3c68f847c38946e389fe7240ae1b694898e452bd954d60034659141d66752689e477e5db92417b5f0817861ffb9dafc27c466dccc98f9bb0b85f37043

    Download Submit

  • \Program Files (x86)\VMS\QtMultimedia4.dll
    Filesize

    112KB

    MD5

    62f31e31b3282d8731d7b5b85e9e36ea

    SHA1

    85b21881462720dab49003a967e0f2dde2d5bf3d

    SHA256

    f2c59da81b6ec5f0f73f40f87172b2855a0a0710444efee51bd54ceb3f570f81

    SHA512

    7630f6df003815baae0d57771ac5baf15e7a245f3a0f935b895b58da766ea3d4f107f209c6aca531004b0c510e26788800725ef9731e1512cb40feaf75285ec2

    Download Submit

  • \Program Files (x86)\VMS\QtNetwork4.dll
    Filesize

    1000KB

    MD5

    7d79b91510baa9b36a993cefbd087b15

    SHA1

    daacafd0e0ebfb2e7cdee984a2f926c353367883

    SHA256

    21850d83423613a171192444688fa0a58d16d48392aefaf00feb5292971177b1

    SHA512

    e8be9452f145fc0aa4e53db778dc0e61c2ad705e4c4726117419acab679d1d2eba55da0c2f0f713ea9ed7e1f6d1abfd7276d61a518f296726a34b6faf771c8b5

    Download Submit

  • \Program Files (x86)\VMS\QtSql4.dll
    Filesize

    190KB

    MD5

    16540bc77b3d492a714b69a2a47cacc7

    SHA1

    27bd3276f3f19299c6ab5d898da7a88edb51f592

    SHA256

    4cd303901e88229725a55a88db51a721b1167cc8abba56f5e32a01220b94d067

    SHA512

    598aef1ec9c49a5ce3ce4f8762b8720d39a10b11df1410f14a94dccbd18dda1b44fa2ebfea71e6afc82140421b033623b3a8a203ea5bf326b533987be0b73aeb

    Download Submit

  • \Program Files (x86)\VMS\RecordPlan.exe
    Filesize

    439KB

    MD5

    2f8cef75cfbacb2a7f3f28c89915265f

    SHA1

    82916fabbc68e4dd9adde66fe878defda49a8900

    SHA256

    2c94e7b8e9b8ca8ffe2342f81c4b487fdbeebcea617051e95521f3bc29c38782

    SHA512

    60b6142552689f311f82f01176cdc7c1d039625bde79f2ba9c8b7b3673fc0ddb606c3e272381470fb66aee0e471a93d596d9a15bcd2a1df90245b7fa3fd76d4f

    Download Submit

  • \Program Files (x86)\VMS\StreamReader.dll
    Filesize

    64KB

    MD5

    170ff439486a16c0d9c05f16373f681c

    SHA1

    fe7c966b36790eefe223b98e08359360bd134ee1

    SHA256

    dc6ce8efd1685435f52aa27cc9aedb8e1deac7ff44ed2d3ca63f352c8f966c38

    SHA512

    cd51034a9d1d2db889125f4801be300f0cf2c5c307197e4a9ebf54a0bc1efe550da20b738cfc16c7003d9b2195f9353296df96df2089f3e4d761bff133edb60d

    Download Submit

  • \Program Files (x86)\VMS\SuperRender.dll
    Filesize

    305KB

    MD5

    5e47a780dc5e6478ce2ed98f3f30d215

    SHA1

    9c42cc1e2bd7bb0f7b3303d6a6e1a5e1b37d3a21

    SHA256

    1d258784b8306dea631d8adb910092248f8e21785c5330aa6d8a281f8e8f86fc

    SHA512

    2df564e3fbcbeb45d6254c554270db2279fb6eff3e6233934ffae9b30401c335bc89ddb87145f9ff3e28a83fc58cefa555a70e13c138bb05a6dc7272d032eede

    Download Submit

  • \Program Files (x86)\VMS\VMS.exe
    Filesize

    5.8MB

    MD5

    6795094ebd7f035d5b43189b80938139

    SHA1

    1dea9fd20e5f11fc91150442f8191196336e8d04

    SHA256

    d0c509b882e480fe2709540f69a6ff7c06b7fe76615cb9bdb4df5a6dd0b72443

    SHA512

    fbc4ac8a5a9ba69a9ff99499d5665ca0642296fd09a4fe4654f482e112e4db764f898f71f8bdd2138b52a1b6127801a184493609fc866335088d4d18a5e521f0

    Download Submit

  • \Program Files (x86)\VMS\VMS.exe
    Filesize

    3.2MB

    MD5

    260658484af7a4488b81751a4aa69729

    SHA1

    c0d599727ac8e53717fe51d3dfcf2bc34f6fa0f6

    SHA256

    3a51fa0e6a14bf09ff561562014fb4d13da72c1e06e91dd390b1c650cc1c8ffa

    SHA512

    c6d0f16d486e022b41219ba94c74f1188ebeef9ac215f6a643a475a5a432bf750b7a3e2754a164199dab0383a29e515e007bcf2a7d2e64dc11699367ed992cc2

    Download Submit

  • \Program Files (x86)\VMS\VMS.exe
    Filesize

    1.6MB

    MD5

    006a58bbef82f1cb4224e74000b09249

    SHA1

    0b72529e13da4dd9cbb0ed510f1162886dcf8a11

    SHA256

    39fac0b3a357e3b1f9ea770032047372db7bed47672abdd601bda8aa56f5db3a

    SHA512

    47945d8b09b86925872a1690e1a7ecb3fef98f401efee737ad9ad55f822d13680ed29cc346dd16fe4c2e6cdfa2696c09ebfe6a26893f145bddfff7becc32b4c5

    Download Submit

  • \Program Files (x86)\VMS\VMS.exe
    Filesize

    3.5MB

    MD5

    6a3e04982f38219e1fb79384621affe6

    SHA1

    5c462514b52fc9057cca4621efcf1911a7bcacb0

    SHA256

    0ae548ade3a3bd875b3036ad6a7b3e9b71e8101d482b04acfc072339165090c3

    SHA512

    5f2b3d0b4fbd9d813940d62a19c6d45cf3884af67c6e5296147d48285dbb249b944132699352000c64d888f86ba0e1170e2d79b315fe8b013d85e0eef107e853

    Download Submit

  • \Program Files (x86)\VMS\VMS.exe
    Filesize

    256KB

    MD5

    7263d01a0c7d0882ab084d67e3f252fd

    SHA1

    d8cd5231c67546686591932981f1220b6015f8cd

    SHA256

    cb37f558d7f361fe9cad27e8d3f00b35c75de5f8e36ef1fd13c7454bbec60c28

    SHA512

    332426bd37b69d3166f04ee093a2bf9777b3f8f2578a6def56ec2993ac39e1eec9255662c1428f46299d735ea689d97fd4ba0a23df96201a077175d273436fb8

    Download Submit

  • \Program Files (x86)\VMS\dhplay.dll
    Filesize

    2.9MB

    MD5

    49846dfdffa5397a440b1b2166a74fe8

    SHA1

    41af9720c71e1351670d665b6748ec9a0dfc38d2

    SHA256

    39e10b7cc1fae2f49d407976bf7e92c73295d1d17205cd9288603782a33c4521

    SHA512

    517350b7a79508ed5a7d9304ec4b15a10c9cec2880750d0f51cae2f665e4196dadbcfb4ba33c837a59fea2674996383ac0313ba029d2911d6efd0ea5a45136d4

    Download Submit

  • \Program Files (x86)\VMS\glew32.dll
    Filesize

    333KB

    MD5

    93df9e6a926fdf46f2d77e03c9b2da88

    SHA1

    53d5de68b15f3c6ca9948f2cf52fac0603b9605f

    SHA256

    68293640f751015bf71af784d10c53db9506a3a4a992fcef22ec3af5084a35fd

    SHA512

    1d9d758c3082657f15b36f62a899c88f669b90dcabb69c419d463e4fe0b76bb359a39ff1ad5b4fb5286340360809bd21bbaf51c1fd82d91fd9c65f65a838d117

    Download Submit

  • \Program Files (x86)\VMS\vrsoft.dll
    Filesize

    199KB

    MD5

    f136de3b9ed25be9efb38ae47b1c1f61

    SHA1

    7e094aaa5b2616c129376ead2b670f986c2e8065

    SHA256

    08844acef3f217667558d0c1abc1e5f6c8ed555b7f62d23c0f7590da67d6f7cc

    SHA512

    c62cdd4d26c2525619d29ba3aa51012c234f75d37d6741d749583e6d7e573fcb49bdc1b89f380b3257ebedeac6697924ce01a2cfdda32dd5998cfbe33f57035b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
    Filesize

    1.3MB

    MD5

    dec931e86140139380ea0df57cd132b6

    SHA1

    b717fd548382064189c16cb94dda28b1967a5712

    SHA256

    5ffd4b20dccfb84c8890abdb780184a7651e760aefba4ab0c6fba5b2a81f97d9

    SHA512

    14d594e88c4a1f0ec8bc1b4fe2d66e26358f907b1106c047ada35d500ca9e608f1ce5a57599453cf10f11f4d9f1948ced9056ce8bd944b16eca7e9b83e8b27af

    Download Submit

  • memory/788-5124-0x00000000061B0000-0x00000000062A2000-memory.dmp

    Filesize

    968KB

    Download

  • memory/788-5128-0x00000000010F0000-0x000000000113A000-memory.dmp

    Filesize

    296KB

    Download

  • memory/788-5122-0x00000000035F0000-0x000000000396A000-memory.dmp

    Filesize

    3.5MB

    Download

  • memory/788-5120-0x0000000000B40000-0x0000000000FE0000-memory.dmp

    Filesize

    4.6MB

    Download

  • memory/788-5118-0x0000000000AA0000-0x0000000000B1B000-memory.dmp

    Filesize

    492KB

    Download

  • memory/788-5126-0x00000000051F0000-0x0000000005293000-memory.dmp

    Filesize

    652KB

    Download

  • memory/788-5116-0x00000000006C0000-0x0000000000A8B000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/788-5132-0x0000000005F00000-0x0000000005F93000-memory.dmp

    Filesize

    588KB

    Download

  • memory/788-5114-0x0000000001860000-0x00000000035E8000-memory.dmp

    Filesize

    29.5MB

    Download

  • memory/788-5109-0x0000000000450000-0x0000000000482000-memory.dmp

    Filesize

    200KB

    Download

  • memory/788-5111-0x0000000000490000-0x000000000069C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/788-5130-0x0000000005BC0000-0x0000000005BF5000-memory.dmp

    Filesize

    212KB

    Download

  • memory/788-5133-0x00000000062B0000-0x000000000637F000-memory.dmp

    Filesize

    828KB

    Download

  • memory/788-5134-0x0000000001170000-0x000000000118F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/876-5037-0x0000000010000000-0x000000001001E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/876-5041-0x0000000001E50000-0x0000000001F06000-memory.dmp

    Filesize

    728KB

    Download

  • memory/876-5107-0x0000000001E50000-0x0000000001F06000-memory.dmp

    Filesize

    728KB

    Download

  • memory/1748-6-0x0000000003340000-0x000000000370B000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/1748-15-0x0000000003340000-0x000000000370B000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/1748-1876-0x0000000003340000-0x000000000370B000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/2528-5050-0x0000000003900000-0x0000000003C7A000-memory.dmp

    Filesize

    3.5MB

    Download

  • memory/2528-5052-0x00000000062D0000-0x00000000063C2000-memory.dmp

    Filesize

    968KB

    Download

  • memory/2528-5060-0x0000000006050000-0x00000000060E3000-memory.dmp

    Filesize

    588KB

    Download

  • memory/2528-5058-0x00000000005D0000-0x0000000000605000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2528-5061-0x00000000063D0000-0x000000000649F000-memory.dmp

    Filesize

    828KB

    Download

  • memory/2528-5056-0x0000000000580000-0x00000000005CA000-memory.dmp

    Filesize

    296KB

    Download

  • memory/2528-5062-0x0000000000FF0000-0x000000000100F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/2528-5054-0x0000000005F60000-0x0000000006003000-memory.dmp

    Filesize

    652KB

    Download

  • memory/2528-5021-0x00000000016D0000-0x0000000003458000-memory.dmp

    Filesize

    29.5MB

    Download

  • memory/2528-5005-0x0000000000160000-0x0000000000192000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2528-5011-0x0000000000760000-0x000000000096C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2528-5040-0x0000000000240000-0x00000000002BB000-memory.dmp

    Filesize

    492KB

    Download

  • memory/2528-5031-0x0000000000970000-0x0000000000D3B000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/2528-5048-0x0000000003460000-0x0000000003900000-memory.dmp

    Filesize

    4.6MB

    Download

  • memory/2696-1863-0x0000000000400000-0x00000000007CB000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/2696-36-0x0000000000400000-0x00000000007CB000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/2696-4959-0x0000000005040000-0x0000000005050000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2696-17-0x0000000000400000-0x00000000007CB000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/2696-4580-0x0000000000400000-0x00000000007CB000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/2696-2711-0x0000000000400000-0x00000000007CB000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/2696-4943-0x00000000023D0000-0x00000000023E0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2696-5008-0x0000000000400000-0x00000000007CB000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/2744-5032-0x0000000000A50000-0x0000000000B06000-memory.dmp

    Filesize

    728KB

    Download