98ac8964b677346d7f5b012327eaddf5102255f1abf256e4951893fbc5759816

Resubmissions

26-03-2024 06:12

240326-gx93radd92 8

17-02-2024 19:25

240217-x4yajaae82 10

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26-03-2024 06:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

setup.exe
Size

6.3MB
MD5

12ed79692bf630627105c30d92c76fd3
SHA1

a6bb689316d87268559d38dfb5340bd4b6f01423
SHA256

98ac8964b677346d7f5b012327eaddf5102255f1abf256e4951893fbc5759816
SHA512

e275c29fd058209eb5239282c9100a913e6a1845fa53c5cce0d23465806d651553515cbdc97df20f90ea2ff9d2b50130b0aab12fd9ae7e15503e88ccce43172e
SSDEEP

98304:0As++BUHecpbpx+sborjZGS/mJ7oRXnH9EEkXPEJLaiSYtK19jNCNX8sz:0AKBx4px+sNE32pPEJOqAIVz

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 6 IoCs

pid	Process
2584	MsiExec.exe
2072	MsiExec.exe
2072	MsiExec.exe
2072	MsiExec.exe
2072	MsiExec.exe
2072	MsiExec.exe

Enumerates connected drives 3 TTPs 64 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	setup.exe
File opened (read-only)	\??\Y:	setup.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\U:	setup.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\T:	setup.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\G:	setup.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\Q:	setup.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\L:	setup.exe
File opened (read-only)	\??\W:	setup.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\M:	setup.exe
File opened (read-only)	\??\S:	setup.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\B:	setup.exe
File opened (read-only)	\??\Z:	setup.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\N:	setup.exe
File opened (read-only)	\??\X:	setup.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\A:	setup.exe
File opened (read-only)	\??\J:	setup.exe
File opened (read-only)	\??\P:	setup.exe
File opened (read-only)	\??\R:	setup.exe
File opened (read-only)	\??\V:	setup.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\K:	setup.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\H:	setup.exe
File opened (read-only)	\??\I:	setup.exe
File opened (read-only)	\??\O:	setup.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk	powershell.exe

Drops file in Windows directory 12 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSIACA.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIFEC.tmp	msiexec.exe
File created	C:\Windows\Installer\f760a50.ipi	msiexec.exe
File created	C:\Windows\Installer\f760a52.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\f760a50.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\f760a4d.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIBC5.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIC23.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSICB1.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI11C1.tmp	msiexec.exe
File created	C:\Windows\Installer\f760a4d.msi	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2460	powershell.exe
3016	msiexec.exe
3016	msiexec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	3016	msiexec.exe
Token: SeTakeOwnershipPrivilege	3016	msiexec.exe
Token: SeSecurityPrivilege	3016	msiexec.exe
Token: SeCreateTokenPrivilege	2820	setup.exe
Token: SeAssignPrimaryTokenPrivilege	2820	setup.exe
Token: SeLockMemoryPrivilege	2820	setup.exe
Token: SeIncreaseQuotaPrivilege	2820	setup.exe
Token: SeMachineAccountPrivilege	2820	setup.exe
Token: SeTcbPrivilege	2820	setup.exe
Token: SeSecurityPrivilege	2820	setup.exe
Token: SeTakeOwnershipPrivilege	2820	setup.exe
Token: SeLoadDriverPrivilege	2820	setup.exe
Token: SeSystemProfilePrivilege	2820	setup.exe
Token: SeSystemtimePrivilege	2820	setup.exe
Token: SeProfSingleProcessPrivilege	2820	setup.exe
Token: SeIncBasePriorityPrivilege	2820	setup.exe
Token: SeCreatePagefilePrivilege	2820	setup.exe
Token: SeCreatePermanentPrivilege	2820	setup.exe
Token: SeBackupPrivilege	2820	setup.exe
Token: SeRestorePrivilege	2820	setup.exe
Token: SeShutdownPrivilege	2820	setup.exe
Token: SeDebugPrivilege	2820	setup.exe
Token: SeAuditPrivilege	2820	setup.exe
Token: SeSystemEnvironmentPrivilege	2820	setup.exe
Token: SeChangeNotifyPrivilege	2820	setup.exe
Token: SeRemoteShutdownPrivilege	2820	setup.exe
Token: SeUndockPrivilege	2820	setup.exe
Token: SeSyncAgentPrivilege	2820	setup.exe
Token: SeEnableDelegationPrivilege	2820	setup.exe
Token: SeManageVolumePrivilege	2820	setup.exe
Token: SeImpersonatePrivilege	2820	setup.exe
Token: SeCreateGlobalPrivilege	2820	setup.exe
Token: SeCreateTokenPrivilege	2820	setup.exe
Token: SeAssignPrimaryTokenPrivilege	2820	setup.exe
Token: SeLockMemoryPrivilege	2820	setup.exe
Token: SeIncreaseQuotaPrivilege	2820	setup.exe
Token: SeMachineAccountPrivilege	2820	setup.exe
Token: SeTcbPrivilege	2820	setup.exe
Token: SeSecurityPrivilege	2820	setup.exe
Token: SeTakeOwnershipPrivilege	2820	setup.exe
Token: SeLoadDriverPrivilege	2820	setup.exe
Token: SeSystemProfilePrivilege	2820	setup.exe
Token: SeSystemtimePrivilege	2820	setup.exe
Token: SeProfSingleProcessPrivilege	2820	setup.exe
Token: SeIncBasePriorityPrivilege	2820	setup.exe
Token: SeCreatePagefilePrivilege	2820	setup.exe
Token: SeCreatePermanentPrivilege	2820	setup.exe
Token: SeBackupPrivilege	2820	setup.exe
Token: SeRestorePrivilege	2820	setup.exe
Token: SeShutdownPrivilege	2820	setup.exe
Token: SeDebugPrivilege	2820	setup.exe
Token: SeAuditPrivilege	2820	setup.exe
Token: SeSystemEnvironmentPrivilege	2820	setup.exe
Token: SeChangeNotifyPrivilege	2820	setup.exe
Token: SeRemoteShutdownPrivilege	2820	setup.exe
Token: SeUndockPrivilege	2820	setup.exe
Token: SeSyncAgentPrivilege	2820	setup.exe
Token: SeEnableDelegationPrivilege	2820	setup.exe
Token: SeManageVolumePrivilege	2820	setup.exe
Token: SeImpersonatePrivilege	2820	setup.exe
Token: SeCreateGlobalPrivilege	2820	setup.exe
Token: SeCreateTokenPrivilege	2820	setup.exe
Token: SeAssignPrimaryTokenPrivilege	2820	setup.exe
Token: SeLockMemoryPrivilege	2820	setup.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
2820	setup.exe
2668	msiexec.exe
2668	msiexec.exe

Suspicious use of WriteProcessMemory 25 IoCs

description	pid	Process	procid_target
PID 3016 wrote to memory of 2584	3016	msiexec.exe	29
PID 3016 wrote to memory of 2584	3016	msiexec.exe	29
PID 3016 wrote to memory of 2584	3016	msiexec.exe	29
PID 3016 wrote to memory of 2584	3016	msiexec.exe	29
PID 3016 wrote to memory of 2584	3016	msiexec.exe	29
PID 3016 wrote to memory of 2584	3016	msiexec.exe	29
PID 3016 wrote to memory of 2584	3016	msiexec.exe	29
PID 2820 wrote to memory of 2668	2820	setup.exe	30
PID 2820 wrote to memory of 2668	2820	setup.exe	30
PID 2820 wrote to memory of 2668	2820	setup.exe	30
PID 2820 wrote to memory of 2668	2820	setup.exe	30
PID 2820 wrote to memory of 2668	2820	setup.exe	30
PID 2820 wrote to memory of 2668	2820	setup.exe	30
PID 2820 wrote to memory of 2668	2820	setup.exe	30
PID 3016 wrote to memory of 2072	3016	msiexec.exe	31
PID 3016 wrote to memory of 2072	3016	msiexec.exe	31
PID 3016 wrote to memory of 2072	3016	msiexec.exe	31
PID 3016 wrote to memory of 2072	3016	msiexec.exe	31
PID 3016 wrote to memory of 2072	3016	msiexec.exe	31
PID 3016 wrote to memory of 2072	3016	msiexec.exe	31
PID 3016 wrote to memory of 2072	3016	msiexec.exe	31
PID 2072 wrote to memory of 2460	2072	MsiExec.exe	32
PID 2072 wrote to memory of 2460	2072	MsiExec.exe	32
PID 2072 wrote to memory of 2460	2072	MsiExec.exe	32
PID 2072 wrote to memory of 2460	2072	MsiExec.exe	32

C:\Users\Admin\AppData\Local\Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\setup.exe"
1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2820
- C:\Windows\SysWOW64\msiexec.exe
  "C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\installer_b.msi" AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\setup.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1711174147 " AI_EUIMSI=""
  2⤵
  - Enumerates connected drives
  - Suspicious use of FindShellTrayWindow
  PID:2668

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3016
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding F8D05FE1D703CE81DF27A00EBB7154A7 C
  2⤵
  - Loads dropped DLL
  PID:2584
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 9652DBD0B7ADDD47C2868690895156D0
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2072
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Local\Temp\pssD0E.ps1" -propFile "C:\Users\Admin\AppData\Local\Temp\msiD0B.txt" -scriptFile "C:\Users\Admin\AppData\Local\Temp\scrD0C.ps1" -scriptArgsFile "C:\Users\Admin\AppData\Local\Temp\scrD0D.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
    3⤵
    - Drops file in System32 directory
    - Suspicious behavior: EnumeratesProcesses
    PID:2460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\f760a51.rbs

Filesize
15KB

MD5
baaa3de08e989ea2bf17b23a11c19cd4

SHA1
aa891e1ee2195a7460792c6c7a943a2f63ad9e2a

SHA256
4556bc48463ad242ca9bdabf56ca90a0b882007b70b9479c3024ca19f513937a

SHA512
7dc135b3777c1587515db39cccb1aadea49c87e45ca640acec11dd6672e6002101b8d04d44f2493faa7f548eef6a6b7fb92be294c6d212dec0d25ddb9465c915

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI609c1.LOG

Filesize
22KB

MD5
386d7eb9113eb41ed77b189e7e1a6b96

SHA1
cc8b2cda81538102b0fe4659f9aa070c27d79292

SHA256
c50f82620900e955e1a6943e97d5b7844027776f701c59f19a565b0c3f3e6c70

SHA512
68e7ea717e02d18df6f56b121feb2198258fadc838231f9254be658c4855049ba52ada26148b8a07df771837f0ed1fc8657c614e5fa13f47561c9f11c60a8ffd

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI935.tmp

Filesize
721KB

MD5
5a1f2196056c0a06b79a77ae981c7761

SHA1
a880ae54395658f129e24732800e207ecd0b5603

SHA256
52f41817669af7ac55b1516894ee705245c3148f2997fa0e6617e9cc6353e41e

SHA512
9afc180ebc10c0ee0d7306f4b7085608a4e69321044d474691587bf7e63f945888781a9fc5e69568d351ac690b0335214bd04bdf5c75fd8a3bd1ec4be5d3475a

Download Submit
C:\Users\Admin\AppData\Local\Temp\msiD0B.txt

Filesize
48B

MD5
752e34b44e30aa630914e74c833b7a65

SHA1
a880c6c2965bbb03d14b02f6e850db472a41dd31

SHA256
bc79c75397551711c44d13f7e04d8f4960a2924ba6503a6bdd8153f35f673b6e

SHA512
56995893e0aa88c3902c7a4fc5716a9c2f616c1e61b8a326ef81f7ee4e31db1a80ec1aceaac87400d808e35258516ac3cb81161bca95359ecfc51126b47f71d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\pssD0E.ps1

Filesize
6KB

MD5
30c30ef2cb47e35101d13402b5661179

SHA1
25696b2aab86a9233f19017539e2dd83b2f75d4e

SHA256
53094df6fa4e57a3265ff04bc1e970c10bcdb3d4094ad6dd610c05b7a8b79e0f

SHA512
882be2768138bb75ff7dde7d5ca4c2e024699398baacd0ce1d4619902402e054297e4f464d8cb3c22b2f35d3dabc408122c207facad64ec8014f2c54834cf458

Download Submit
C:\Users\Admin\AppData\Local\Temp\scrD0C.ps1

Filesize
560B

MD5
864314b82d5abb9a763656b69b18d73a

SHA1
0a19fad1c6170c07815ef63dcea07a82481049c9

SHA256
118b6745b9dbeeb7997a6c55c1a9c49bcb5afffe88836df31f98b9b39929eb14

SHA512
0e55053f9d1dcbca9f39a07f929973bd9daac3ac9567b2d3778fc07e9241840f12c08dfcc27951472d6a02d1978e01e3ad68cd578f91370a8da45052af592f01

Download Submit
C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\api-ms-win-core-libraryloader-l1-1-0.dll

Filesize
12KB

MD5
d75144fcb3897425a855a270331e38c9

SHA1
132c9ade61d574aa318e835eb78c4cccddefdea2

SHA256
08484ed55e43584068c337281e2c577cf984bb504871b3156de11c7cc1eec38f

SHA512
295a6699529d6b173f686c9bbb412f38d646c66aab329eac4c36713fdd32a3728b9c929f9dcadde562f625fb80bc79026a52772141ad2080a0c9797305adff2e

Download Submit
C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\api-ms-win-core-localization-l1-2-0.dll

Filesize
13KB

MD5
8acb83d102dabd9a5017a94239a2b0c6

SHA1
9b43a40a7b498e02f96107e1524fe2f4112d36ae

SHA256
059cb23fdcf4d80b92e3da29e9ef4c322edf6fba9a1837978fd983e9bdfc7413

SHA512
b7ecf60e20098ea509b76b1cc308a954a6ede8d836bf709790ce7d4bd1b85b84cf5f3aedf55af225d2d21fbd3065d01aa201dae6c131b8e1e3aa80ed6fc910a4

Download Submit
C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\api-ms-win-core-memory-l1-1-0.dll

Filesize
11KB

MD5
808f1cb8f155e871a33d85510a360e9e

SHA1
c6251abff887789f1f4fc6b9d85705788379d149

SHA256
dadbd2204b015e81f94c537ac7a36cd39f82d7c366c193062210c7288baa19e3

SHA512
441f36ca196e1c773fadf17a0f64c2bbdc6af22b8756a4a576e6b8469b4267e942571a0ae81f4b2230b8de55702f2e1260e8d0afd5447f2ea52f467f4caa9bc6

Download Submit
C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\api-ms-win-core-namedpipe-l1-1-0.dll

Filesize
11KB

MD5
cff476bb11cc50c41d8d3bf5183d07ec

SHA1
71e0036364fd49e3e535093e665f15e05a3bde8f

SHA256
b57e70798af248f91c8c46a3f3b2952effae92ca8ef9640c952467bc6726f363

SHA512
7a87e4ee08169e9390d0dfe607e9a220dc7963f9b4c2cdc2f8c33d706e90dc405fbee00ddc4943794fb502d9882b21faae3486bc66b97348121ae665ae58b01c

Download Submit
C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\api-ms-win-core-processenvironment-l1-1-0.dll

Filesize
12KB

MD5
f43286b695326fc0c20704f0eebfdea6

SHA1
3e0189d2a1968d7f54e721b1c8949487ef11b871

SHA256
aa415db99828f30a396cbd4e53c94096db89756c88a19d8564f0eed0674add43

SHA512
6ead35348477a08f48a9deb94d26da5f4e4683e36f0a46117b078311235c8b9b40c17259c2671a90d1a210f73bf94c9c063404280ac5dd5c7f9971470beaf8b7

Download Submit
C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\api-ms-win-core-processthreads-l1-1-0.dll

Filesize
13KB

MD5
e173f3ab46096482c4361378f6dcb261

SHA1
7922932d87d3e32ce708f071c02fb86d33562530

SHA256
c9a686030e073975009f993485d362cc31c7f79b683def713e667d13e9605a14

SHA512
3aafefd8a9d7b0c869d0c49e0c23086115fd550b7dc5c75a5b8a8620ad37f36a4c24d2bf269043d81a7448c351ff56cb518ec4e151960d4f6bd655c38aff547f

Download Submit
C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
11KB

MD5
9c9b50b204fcb84265810ef1f3c5d70a

SHA1
0913ab720bd692abcdb18a2609df6a7f85d96db3

SHA256
25a99bdf8bf4d16077dc30dd9ffef7bb5a2ceaf9afcee7cf52ad408355239d40

SHA512
ea2d22234e587ad9fa255d9f57907cc14327ead917fdede8b0a38516e7c7a08c4172349c8a7479ec55d1976a37e520628006f5c362f6a3ec76ec87978c4469cd

Download Submit
C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\api-ms-win-core-profile-l1-1-0.dll

Filesize
10KB

MD5
0233f97324aaaa048f705d999244bc71

SHA1
5427d57d0354a103d4bb8b655c31e3189192fc6a

SHA256
42f4e84073cf876bbab9dd42fd87124a4ba10bb0b59d2c3031cb2b2da7140594

SHA512
8339f3c0d824204b541aecbd5ad0d72b35eaf6717c3f547e0fd945656bcb2d52e9bd645e14893b3f599ed8f2de6d3bcbebf3b23ed43203599af7afa5a4000311

Download Submit
C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\api-ms-win-core-rtlsupport-l1-1-0.dll

Filesize
11KB

MD5
e1ba66696901cf9b456559861f92786e

SHA1
d28266c7ede971dc875360eb1f5ea8571693603e

SHA256
02d987eba4a65509a2df8ed5dd0b1a0578966e624fcf5806614ece88a817499f

SHA512
08638a0dd0fb6125f4ab56e35d707655f48ae1aa609004329a0e25c13d2e71cb3edb319726f10b8f6d70a99f1e0848b229a37a9ab5427bfee69cd890edfb89d2

Download Submit
C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\api-ms-win-core-string-l1-1-0.dll

Filesize
11KB

MD5
7a15b909b6b11a3be6458604b2ff6f5e

SHA1
0feb824d22b6beeb97bce58225688cb84ac809c7

SHA256
9447218cc4ab1a2c012629aaae8d1c8a428a99184b011bcc766792af5891e234

SHA512
d01dd566ff906aad2379a46516e6d060855558c3027ce3b991056244a8edd09ce29eacec5ee70ceea326ded7fc2683ae04c87f0e189eba0e1d38c06685b743c9

Download Submit
C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\api-ms-win-core-synch-l1-1-0.dll

Filesize
13KB

MD5
6c3fcd71a6a1a39eab3e5c2fd72172cd

SHA1
15b55097e54028d1466e46febca1dbb8dbefea4f

SHA256
a31a15bed26232a178ba7ecb8c8aa9487c3287bb7909952fc06ed0d2c795db26

SHA512
ef1c14965e5974754cc6a9b94a4fa5107e89966cb2e584ce71bbbdd2d9dc0c0536ccc9d488c06fa828d3627206e7d9cc8065c45c6fb0c9121962ccbecb063d4f

Download Submit
C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\api-ms-win-core-synch-l1-2-0.dll

Filesize
11KB

MD5
d175430eff058838cee2e334951f6c9c

SHA1
7f17fbdcef12042d215828c1d6675e483a4c62b1

SHA256
1c72ac404781a9986d8edeb0ee5dd39d2c27ce505683ca3324c0eccd6193610a

SHA512
6076086082e3e824309ba2c178e95570a34ece6f2339be500b8b0a51f0f316b39a4c8d70898c4d50f89f3f43d65c5ebbec3094a47d91677399802f327287d43b

Download Submit
C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\api-ms-win-core-sysinfo-l1-1-0.dll

Filesize
12KB

MD5
9d43b5e3c7c529425edf1183511c29e4

SHA1
07ce4b878c25b2d9d1c48c462f1623ae3821fcef

SHA256
19c78ef5ba470c5b295dddee9244cbd07d0368c5743b02a16d375bfb494d3328

SHA512
c8a1c581c3e465efbc3ff06f4636a749b99358ca899e362ea04b3706ead021c69ae9ea0efc1115eae6bbd9cf6723e22518e9bec21f27ddaafa3cf18b3a0034a7

Download Submit
C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\api-ms-win-core-timezone-l1-1-0.dll

Filesize
11KB

MD5
43e1ae2e432eb99aa4427bb68f8826bb

SHA1
eee1747b3ade5a9b985467512215caf7e0d4cb9b

SHA256
3d798b9c345a507e142e8dacd7fb6c17528cc1453abfef2ffa9710d2fa9e032c

SHA512
40ec0482f668bde71aeb4520a0709d3e84f093062bfbd05285e2cc09b19b7492cb96cdd6056281c213ab0560f87bd485ee4d2aeefa0b285d2d005634c1f3af0b

Download Submit
C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\api-ms-win-core-util-l1-1-0.dll

Filesize
11KB

MD5
735636096b86b761da49ef26a1c7f779

SHA1
e51ffbddbf63dde1b216dccc753ad810e91abc58

SHA256
5eb724c51eecba9ac7b8a53861a1d029bf2e6c62251d00f61ac7e2a5f813aaa3

SHA512
3d5110f0e5244a58f426fbb72e17444d571141515611e65330ecfeabdcc57ad3a89a1a8b2dc573da6192212fb65c478d335a86678a883a1a1b68ff88ed624659

Download Submit
C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\api-ms-win-crt-conio-l1-1-0.dll

Filesize
12KB

MD5
031dc390780ac08f498e82a5604ef1eb

SHA1
cf23d59674286d3dc7a3b10cd8689490f583f15f

SHA256
b119adad588ebca7f9c88628010d47d68bf6e7dc6050b7e4b787559f131f5ede

SHA512
1468ad9e313e184b5c88ffd79a17c7d458d5603722620b500dba06e5b831037cd1dd198c8ce2721c3260ab376582f5791958763910e77aa718449b6622d023c7

Download Submit
C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\api-ms-win-crt-convert-l1-1-0.dll

Filesize
15KB

MD5
285dcd72d73559678cfd3ed39f81ddad

SHA1
df22928e43ea6a9a41c1b2b5bfcab5ba58d2a83a

SHA256
6c008be766c44bf968c9e91cddc5b472110beffee3106a99532e68c605c78d44

SHA512
84ef0a843798fd6bd6246e1d40924be42550d3ef239dab6db4d423b142fa8f691c6f0603687901f1c52898554bf4f48d18d3aebd47de935560cde4906798c39a

Download Submit
C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\api-ms-win-crt-environment-l1-1-0.dll

Filesize
11KB

MD5
5cce7a5ed4c2ebaf9243b324f6618c0e

SHA1
fdb5954ee91583a5a4cbb0054fb8b3bf6235eed3

SHA256
aa3e3e99964d7f9b89f288dbe30ff18cbc960ee5add533ec1b8326fe63787aa3

SHA512
fc85a3be23621145b8dc067290bd66416b6b1566001a799975bf99f0f526935e41a2c8861625e7cfb8539ca0621ed9f46343c04b6c41db812f58412be9c8a0de

Download Submit
C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
13KB

MD5
41fbbb054af69f0141e8fc7480d7f122

SHA1
3613a572b462845d6478a92a94769885da0843af

SHA256
974af1f1a38c02869073b4e7ec4b2a47a6ce8339fa62c549da6b20668de6798c

SHA512
97fb0a19227887d55905c2d622fbf5451921567f145be7855f72909eb3027f48a57d8c4d76e98305121b1b0cc1f5f2667ef6109c59a83ea1b3e266934b2eb33c

Download Submit
C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\dirmngr.exe

Filesize
787KB

MD5
2e94c3258f7863b6bf4ea937aa12a144

SHA1
c5bf59d3b038f9bb9f7e05706e9e80f21ff3b022

SHA256
2cc38c48eb742a28a4562bc62c9dca7ef525a62164752135b45a4cff89064e6e

SHA512
0925f11504f6972ede8525d3f7050060034a785963772a8b0f8d38d9feba47c1f9f55dafc959eea1d1789d8a4fbe03639c3f44ae848aef971d1a51371ce1fe2b

Download Submit
C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\gnupg.exe

Filesize
1.2MB

MD5
e7a712a20275825b93d9b86464755870

SHA1
64bd04917a18d2faa75c46470461d550733aea61

SHA256
4e6f3f339ded64578816dfc3dc1d74ba198f7d698109c15ac658bb9891e2ea9e

SHA512
c1ef6aca74b674386521a54c435524cd1adfb70e5fb43fee48929ba1ff631f7e2cba2c773fc6976c72b7095c0e8c73e0766a3977f2cb8798560cbaada9cfcec3

Download Submit
C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\gpg-check-pattern.exe

Filesize
163KB

MD5
6ca7632cc5d6007fb6d29e1a8624664e

SHA1
50400a3fa8ee23a8f6b492fbc92c34e40bec8bbd

SHA256
124698ea407083fde0664ac4e950ea55f60d880f8ed636a05473a0e92e592dde

SHA512
62c8de1381115e2d7f787791ab53385b9c112696f2d7163b1c9e014eead13d9550f8f916d614f18ff791c23187ec987fd749e80fc4b376104ae6c1b6b0a0fc37

Download Submit
C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\gpg-wks-client.exe

Filesize
273KB

MD5
ee38ab14557b765c80856531582f4f89

SHA1
660b872aaadd6658729f943f78bb45699e38f7c6

SHA256
4b0dfcc928a127b65928f6a941823b0e43c4cf08e2792e1e054a3886d51d8005

SHA512
4c4690c7af542ad5d67121259ec25dd67565273ea791f1a7e0536193f74115fb309054c44e336b19fee273dde71ab8543a2810a10dc2ba9eca5c7b286b46bcca

Download Submit
C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\gpgsm.exe

Filesize
634KB

MD5
c1bb0e52c1e07b706804c5262207852a

SHA1
741d5972d06c09f7eb3c85dd573e302ff80d55e4

SHA256
e7d50bfc7ea031e4438b227e5f3c1c231aac831ccb709b08f6d4e3106d448b5e

SHA512
cd6d04bc70a77ee6299e2d7c0e832c1104fd16ffd0243e6bff36910850cccb17fca86a297369bb0cb7c19ef674adc2089aaac3fa173184ec1f93bbb123957295

Download Submit
C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\gpgtar.exe

Filesize
196KB

MD5
a33215c3311b5819d6f12400b49333ab

SHA1
8d9338414b6e17cb9454b26b410abf7381e68eba

SHA256
45d80a39499a2dbfa3352169a7fb78492f7a253ca3ec6b0a6f61825b7c3a235d

SHA512
219fcc80b0362004ece4aeec22f93085166de6e8969b45c26f671412ff3b238c95e14f439a6efd8d06177fe790c781ddfd21e8a21a6100bfb8b08bd2e69d5973

Download Submit
C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\installer_b.msi

Filesize
2.7MB

MD5
2c8f384ab1330f787958a79e073eca57

SHA1
d5c9a7c81fd3238b9058d11b262fb6a1e8c11e3d

SHA256
64b4fa4a0ca09bb84ee4da2060e370bde6db1524e84387bc14bdd88b0c2140ff

SHA512
05c1907a88eb3ac9c8715c4e248a80470dfc50402f841c17df868f250666b3006e86bdc445105050ae7799a473289f57b86bece6104dff753ff16842517f511f

Download Submit
C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\libassuan-0.dll

Filesize
154KB

MD5
4f1849e84694314b868505c1dcc53747

SHA1
06b8274e2569b32b5f9cf36202952e70b2fb4b02

SHA256
f69073ed88c6e72ae3244ca310bb43892eb97a4ede9e20fa457e0d8fb72a3b24

SHA512
1956d6a9963b5eb712e7e61bccb3846677622838889b3de1820cc99f0b2aec81e3fba3456275f06be0b6a9ec573a502b38de7f0d32393447b385cad53c426d50

Download Submit
C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\libgcrypt-20.dll

Filesize
822KB

MD5
a58731af20aaadd5df4674e3bfc2fded

SHA1
cdfcb126b8309dcb148ecfe730427f897bf608cf

SHA256
8d4948feb87ee8d908354fd2f4a116ffca4fb40793052a09f8f0b7f32309d075

SHA512
7fd06269188b27808043381aec6805f1af6acf2da8d564fc45cd88c0ec543279a7cfe9f5d552dc309102daf65905db86c4b4eb31d6798ead5525f37f7907a285

Download Submit
C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\libgpg-error-0.dll

Filesize
245KB

MD5
45d4164d940ee65b4eb2854fca94293f

SHA1
162b1adf5c261bd4481c6549e5f17fbb1cad96b6

SHA256
0a5a9cd5743be10c506036ad7e60d89d035d36dc5aa376d6a3b86cc009ce5094

SHA512
4b6b95f65e51c26f07b99d3cf47512a3e3404b21cc92ccd73fccf7e1cba3657c37950ac57b39d1aa1f9fc37727b4058a29a6e4a3b7fecba3dccd089b1da09dce

Download Submit
C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\libintl-8.dll

Filesize
141KB

MD5
16b4dba3e3bfdea7a528cc97721cbe60

SHA1
2a75d604f72ea1d1d929280b6b945b168a18f137

SHA256
b6939316ebc272b67fa90a8c599dceec0e22b93a7a9660c7b0db0ff1cc1308ae

SHA512
4d524e689a064a2a1d381033f05f635f0e5cb5863d0c1dd1cee4bf80303e0bf3db8d787ff52d348c6938bacea7ac695de10da747782696d18172951452a98ef9

Download Submit
C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\libksba-8.dll

Filesize
297KB

MD5
083f7e514d6b982f09f77e21af38b447

SHA1
69a69fe6328603f41429ddc67d1973f0f1b26c36

SHA256
7df2d8c02d76fdb0ea0d64261fd6a7cbfed0ca9c8f53c13de9da1731261392c0

SHA512
dff1d23470fa15a724040e883ee8a421d9193fccb29bbdd33090795e9d106bb388a22cfa2ffe83332ab535087ae8a2883f90b991e466a9ec49b2c67142675ff4

Download Submit
C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\libnpth-0.dll

Filesize
40KB

MD5
a75aa079bab1f26fdf69b80f18e951c7

SHA1
1f64fc9d9e8500e0e015b3874d55e652d84df799

SHA256
8993c86367054b9f9e9ae517fd0025724d809832f8f6a9938a718cda23afb08c

SHA512
1834ca2e719baddafb6942d6ce7f45bdc14e95bb11fea968a052abaa03df5dc8d2703295fa15ba4c12f5ff14e842c805c1020f77618d6aba31b3127660b54300

Download Submit
C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\libsqlite3-0.dll

Filesize
1.2MB

MD5
0db821923216fdd29f3ef752b67e0683

SHA1
4496a5ec7f08167faa3d2db4c225b962ece339c2

SHA256
70e479fbbc65ec754a0b6cc031f0e699468a6d4479c327a6f7c0a04cdca6a109

SHA512
15c35743c720b313daa65353b594967d90c8e67c69f5dfaf421e127afed0dcb42b09ce186d2359fd2579e9d835006ac3804742ba914062552f1a6e8b51a6dc05

Download Submit
C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\stylers.model.xml

Filesize
182KB

MD5
343b8f55f376e88674733286d027f834

SHA1
466886054d5c2641ba6058f58a7a84053aa4696e

SHA256
f002b36e70f0fb159885c21fa6e6395176cd50a254201a94cbed756d9843fa9a

SHA512
ef6643badbb87739f0ae847d201651f8d3e677c54ca2aa3f81277b053355772f71d9b0f490617c104ce861a29e2b283fe6d82faf4cfe8f10bfc571d683cfea8e

Download Submit
C:\Users\Admin\AppData\Roaming\vuw cuvi\AppGbi 5.8.2\install\02BAB42\zlib1.dll

Filesize
141KB

MD5
f191ee2ae39bd67d4cc12c3667634d42

SHA1
e37aac8dc0da948eab6f24bbcd8495790cf99fd6

SHA256
df230f50a409db9ee949b9fdb10d7c08de03b5e3a0f72e7feb2618e436e1967a

SHA512
9e8d4eb00225cb646a8f5cbd8a36d9994150dd1b16029d9e9c0cdf5158f71642a761c887dcf680517a164770429f37f04412448351d9247f9cf2d2da6694c7ab

Download Submit
C:\Windows\Installer\MSICB1.tmp

Filesize
743KB

MD5
e92be2ea6cbab4b209fdb91999efa600

SHA1
3a78425b5d9094945ab20257900da3f05f146465

SHA256
d5249e4b26c8a396c8d3806e0fd8ba01806520fd546d815cc912e693463c699a

SHA512
215f81ac83f64eb3706444d4e018a1f25c09f6bb93432097f5262ee32484cfa1362fb43c91ff12be9611342b6151c09a5381a1dca51ae85beb49e4a9d5edee2c

Download Submit
C:\Windows\Installer\MSIFEC.tmp

Filesize
838KB

MD5
4a3f6a4023abd6bba56534de47d20017

SHA1
02dd888e467143e2e35465d73f39cf3e66afad10

SHA256
a8dfdc283ad8d4dc6f500ddfab564e79dadae075c0d54784b50e1ca548709b30

SHA512
580c7918ef90eb0020901bab645b72bcaf945ceb5bd56c2e7847f229b31a961bc4cd4ca9cb2583db480947ca8a0880b5ae4bd26717217abcacc9754352aaba28

Download Submit
memory/2460-41-0x00000000738B0000-0x0000000073E5B000-memory.dmp

Filesize
5.7MB

Download
memory/2460-37-0x0000000002D00000-0x0000000002D40000-memory.dmp

Filesize
256KB

Download
memory/2460-36-0x00000000738B0000-0x0000000073E5B000-memory.dmp

Filesize
5.7MB

Download
memory/2820-0-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download