f73b5ddee602453364fa40dabfab33a8b192d59211ef7056f0196da4ff4a54c0

Resubmissions

24-02-2024 16:45

240224-t9jsjsgg37 5

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24-02-2024 16:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

EN/VCDS-Release-23.3.0-Installer.exe
Size

66.0MB
MD5

9473934cd9d76fd3db99e802447b5b49
SHA1

7c50c0406f61b4cb9c90f96a6c72224b30d7939c
SHA256

ba07a666c5655fca6da3e71336aa044b1fbdceecbbfe1bd2f0cc30bdae2ebd78
SHA512

c4c48b9bf53985abf7dca34c5e6988c672d9210687e30653eebe60ddc950132e83c5ae3cc8afb79b1ca0506e183525bc124c6bc07cec61671c9f30fb4d3ee95c
SSDEEP

1572864:PPX3xVVQkjW31Qg6+rH0fVI1rgYokRrVKL/HpBmy:P5VG3hRrU9IBgO3KLxT

Score

5^/10

link pdf

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\Control Panel\International\Geo\Nation	VCDS-Release-23.3.0-Installer.exe

HTTP links in PDF interactive object 1 IoCs

Detects HTTP links in interactive objects within PDF files.

pdf link

resource	yara_rule
behavioral2/files/0x000a0000000227ee-92.dat	pdf_with_link_action

Loads dropped DLL 4 IoCs

pid	Process
1984	VCDS-Release-23.3.0-Installer.exe
1984	VCDS-Release-23.3.0-Installer.exe
1984	VCDS-Release-23.3.0-Installer.exe
1984	VCDS-Release-23.3.0-Installer.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000_Classes\Local Settings	VCDS-Release-23.3.0-Installer.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
4628	AcroRd32.exe
4628	AcroRd32.exe
4628	AcroRd32.exe
4628	AcroRd32.exe
4628	AcroRd32.exe
4628	AcroRd32.exe
4628	AcroRd32.exe
4628	AcroRd32.exe
4628	AcroRd32.exe
4628	AcroRd32.exe
4628	AcroRd32.exe
4628	AcroRd32.exe
4628	AcroRd32.exe
4628	AcroRd32.exe
4628	AcroRd32.exe
4628	AcroRd32.exe
4628	AcroRd32.exe
4628	AcroRd32.exe
4628	AcroRd32.exe
4628	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4628	AcroRd32.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
4628	AcroRd32.exe
4628	AcroRd32.exe
4628	AcroRd32.exe
4628	AcroRd32.exe
4628	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1984 wrote to memory of 4628	1984	VCDS-Release-23.3.0-Installer.exe	89
PID 1984 wrote to memory of 4628	1984	VCDS-Release-23.3.0-Installer.exe	89
PID 1984 wrote to memory of 4628	1984	VCDS-Release-23.3.0-Installer.exe	89
PID 4628 wrote to memory of 5108	4628	AcroRd32.exe	90
PID 4628 wrote to memory of 5108	4628	AcroRd32.exe	90
PID 4628 wrote to memory of 5108	4628	AcroRd32.exe	90
PID 5108 wrote to memory of 2776	5108	RdrCEF.exe	91
PID 5108 wrote to memory of 2776	5108	RdrCEF.exe	91
PID 5108 wrote to memory of 2776	5108	RdrCEF.exe	91
PID 5108 wrote to memory of 2776	5108	RdrCEF.exe	91
PID 5108 wrote to memory of 2776	5108	RdrCEF.exe	91
PID 5108 wrote to memory of 2776	5108	RdrCEF.exe	91
PID 5108 wrote to memory of 2776	5108	RdrCEF.exe	91
PID 5108 wrote to memory of 2776	5108	RdrCEF.exe	91
PID 5108 wrote to memory of 2776	5108	RdrCEF.exe	91
PID 5108 wrote to memory of 2776	5108	RdrCEF.exe	91
PID 5108 wrote to memory of 2776	5108	RdrCEF.exe	91
PID 5108 wrote to memory of 2776	5108	RdrCEF.exe	91
PID 5108 wrote to memory of 2776	5108	RdrCEF.exe	91
PID 5108 wrote to memory of 2776	5108	RdrCEF.exe	91
PID 5108 wrote to memory of 2776	5108	RdrCEF.exe	91
PID 5108 wrote to memory of 2776	5108	RdrCEF.exe	91
PID 5108 wrote to memory of 2776	5108	RdrCEF.exe	91
PID 5108 wrote to memory of 2776	5108	RdrCEF.exe	91
PID 5108 wrote to memory of 2776	5108	RdrCEF.exe	91
PID 5108 wrote to memory of 2776	5108	RdrCEF.exe	91
PID 5108 wrote to memory of 2776	5108	RdrCEF.exe	91
PID 5108 wrote to memory of 2776	5108	RdrCEF.exe	91
PID 5108 wrote to memory of 2776	5108	RdrCEF.exe	91
PID 5108 wrote to memory of 2776	5108	RdrCEF.exe	91
PID 5108 wrote to memory of 2776	5108	RdrCEF.exe	91
PID 5108 wrote to memory of 2776	5108	RdrCEF.exe	91
PID 5108 wrote to memory of 2776	5108	RdrCEF.exe	91
PID 5108 wrote to memory of 2776	5108	RdrCEF.exe	91
PID 5108 wrote to memory of 2776	5108	RdrCEF.exe	91
PID 5108 wrote to memory of 2776	5108	RdrCEF.exe	91
PID 5108 wrote to memory of 2776	5108	RdrCEF.exe	91
PID 5108 wrote to memory of 2776	5108	RdrCEF.exe	91
PID 5108 wrote to memory of 2776	5108	RdrCEF.exe	91
PID 5108 wrote to memory of 2776	5108	RdrCEF.exe	91
PID 5108 wrote to memory of 2776	5108	RdrCEF.exe	91
PID 5108 wrote to memory of 2776	5108	RdrCEF.exe	91
PID 5108 wrote to memory of 2776	5108	RdrCEF.exe	91
PID 5108 wrote to memory of 2776	5108	RdrCEF.exe	91
PID 5108 wrote to memory of 2776	5108	RdrCEF.exe	91
PID 5108 wrote to memory of 2776	5108	RdrCEF.exe	91
PID 5108 wrote to memory of 2776	5108	RdrCEF.exe	91
PID 5108 wrote to memory of 544	5108	RdrCEF.exe	92
PID 5108 wrote to memory of 544	5108	RdrCEF.exe	92
PID 5108 wrote to memory of 544	5108	RdrCEF.exe	92
PID 5108 wrote to memory of 544	5108	RdrCEF.exe	92
PID 5108 wrote to memory of 544	5108	RdrCEF.exe	92
PID 5108 wrote to memory of 544	5108	RdrCEF.exe	92
PID 5108 wrote to memory of 544	5108	RdrCEF.exe	92
PID 5108 wrote to memory of 544	5108	RdrCEF.exe	92
PID 5108 wrote to memory of 544	5108	RdrCEF.exe	92
PID 5108 wrote to memory of 544	5108	RdrCEF.exe	92
PID 5108 wrote to memory of 544	5108	RdrCEF.exe	92
PID 5108 wrote to memory of 544	5108	RdrCEF.exe	92
PID 5108 wrote to memory of 544	5108	RdrCEF.exe	92
PID 5108 wrote to memory of 544	5108	RdrCEF.exe	92
PID 5108 wrote to memory of 544	5108	RdrCEF.exe	92
PID 5108 wrote to memory of 544	5108	RdrCEF.exe	92
PID 5108 wrote to memory of 544	5108	RdrCEF.exe	92

C:\Users\Admin\AppData\Local\Temp\EN\VCDS-Release-23.3.0-Installer.exe
"C:\Users\Admin\AppData\Local\Temp\EN\VCDS-Release-23.3.0-Installer.exe"
1⤵
- Checks computer location settings
- Loads dropped DLL
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1984
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Installation-Instructions.pdf"
  2⤵
  - Checks processor information in registry
  - Modifies Internet Explorer settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4628
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:5108
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=45E27ED19A8F6C86359ABD42A2479A3F --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:2776
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=F72592BAD85A1F6688555BC382EF9EA8 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=F72592BAD85A1F6688555BC382EF9EA8 --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:1
      4⤵
      PID:544
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E63D1B2C0F78EB077E1C466192AA03BA --mojo-platform-channel-handle=2156 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:5104
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D02298F192170422C09B071E13F2F200 --mojo-platform-channel-handle=1848 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:4940
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=8C87CDD9C0B3680820BBE5D7BD0888E7 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=8C87CDD9C0B3680820BBE5D7BD0888E7 --renderer-client-id=6 --mojo-platform-channel-handle=2316 --allow-no-sandbox-job /prefetch:1
      4⤵
      PID:3900
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=128548AB791B8CD8B61FAA74C9A19330 --mojo-platform-channel-handle=2652 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:3876

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
902601d0c2f8dd3565221bcba14015b1

SHA1
a3c0b870b3591fa69bab265fe99f6f8e634e065e

SHA256
c9f42d9eedbacbb3a70217b5fb23086cffa580344ee66783ad7796978aff22ee

SHA512
64a09245e034646b285d09061e2a5cca94bf841f86d5c9da59a791fb081e46772320aadd1cec5cc0c85e4d1f154beb9d6059c8369978adc6d6ba30225c542a64

Download Submit
C:\Users\Admin\AppData\Local\Temp\Installation-Instructions.pdf

Filesize
844KB

MD5
9f57d5c8bea7bb0c56f6feab5ec57d49

SHA1
fb5509772439aa89fad1194a7657ac9f8dadd9a0

SHA256
32f20c4168639d3544920705b1b563dced626bf506ed111729bf0fca7be20ef6

SHA512
aa33496b4def53a7a2e51102de2ddbdca237dba76b43ae6bc6cb70c76953ac1685592e997c9f5787195e67b8419ef06ce239f84b45ba4b07d93574550946994c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf611D.tmp\InstallOptions.dll

Filesize
15KB

MD5
05bf02da51e717f79f6b5cbea7bc0710

SHA1
07471a64ef4dba9dc19ce68ae6cce683af7df86d

SHA256
ca092ba7f275b0c9000098cdd1a9876fe8dc050fcb40a0e8a1ab8335236e9dc5

SHA512
c09e475babd5eb675cdf903b2b754b8b68450a731cb520f3dcbf9abe0ed03d19256f009429977d3a51decb3a2a938be0b28dbafeb407409fa85e54da6dbaaad6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf611D.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf611D.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf611D.tmp\ioSpecial.ini

Filesize
1KB

MD5
49ce02dfbad8c58641b2be903bcea8fc

SHA1
6dfc7def1abcdafa88343b1c98982be26db8526e

SHA256
8defbe94bc49e658608a52e73976bc2c838de60f7948aa8551f067deb30b313a

SHA512
25b4e861193edd3094fbfa8c77add73c45ffefefe4064677509889473580430eff9f32c300911b07bab719da1832ba819ca98c7b9c7c7b4140003a50e0c08108

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf611D.tmp\ioSpecial.ini

Filesize
1KB

MD5
039523afb0ff7283187718e7186173fe

SHA1
04fbf360966c0ad102d5be6b51e1ca15a9b499e1

SHA256
dfc253e8ff15156ea50aa8ac2f30f2a8d09b688b03d3a4a78fd5bf5d4e8a56dc

SHA512
a5df52be2c6179a48e978d8efa21e11dde1a76ea8a64e7374db5b0b104af7ec3a13b032a18e9654c88be79a75505e53bfa8d6b54754d0b8c5561959b0c97f03f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf611D.tmp\ioSpecial.ini

Filesize
1KB

MD5
86e12bcd06848938ace759b780bfa5e4

SHA1
7f8dca44df0b0c7ea531e9e7b1014e4b87024095

SHA256
29046c528c8178654c0ca252fc69f54e5fc5df2d745db16fefa535d9acc4aee8

SHA512
1cc28a3b7f815c3ea92d90d775efd649a89385e378a9d4855e45a1fb665d7efdb992116dca847354ca32b7f809d9c5f8dd09357e363cdc2c302db2e3d9d8f209

Download Submit