e267f4062312c8a0bfa6dc7fd781ba5bfdfca8c1a552a781f56f10e5755ea7f3

Analysis

max time kernel
508s
max time network
449s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
02/05/2024, 14:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PLC500_Trial_Online_Setup.exe
Size

927KB
MD5

495991a9ad4b85e7e132dfe4662d1247
SHA1

7024f14f81796b2957a12765112695f1ec3c1eaa
SHA256

e267f4062312c8a0bfa6dc7fd781ba5bfdfca8c1a552a781f56f10e5755ea7f3
SHA512

16a9de38d493bd6a33fc16b2a30c250d0b3704913979e2e0c8c6444435f37bbc1d8f9b1342ae1e3d42d104c9c9b43c88d9380017c1ac64dbc2cb14e6c6416ee7
SSDEEP

24576:Z0sYgWUEa/Je+Zr4KBsXtTFna2xGQWVOG:usGUtJeoU44TFn7GZ8G

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
2736	ISBEW64.exe
992	DXSETUP.exe
5072	PLC500.exe

Loads dropped DLL 13 IoCs

pid	Process
4548	MsiExec.exe
4548	MsiExec.exe
4548	MsiExec.exe
4548	MsiExec.exe
4548	MsiExec.exe
992	DXSETUP.exe
992	DXSETUP.exe
992	DXSETUP.exe
992	DXSETUP.exe
5072	PLC500.exe
5072	PLC500.exe
5072	PLC500.exe
5072	PLC500.exe

Registers COM server for autorun 1 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{00000108-0000-0010-8000-00AA006D2EA4}\InprocServer32\InprocServer32 = 7b004e006b007900590062005300500021003d00720021006200440024004d00600054004c0038005300630061006e006e0065006400500072006f006a0065006300740031003e0052007500520066002e00260060002b006700280026006400310058006100240056006c002500270000000000	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{275DBBA0-805A-11CF-91F7-C2863C385E30}\InprocServer32\InprocServer32 = 7b004e006b007900590062005300500021003d00720021006200440024004d00600054004c0038005300630061006e006e0065006400500072006f006a0065006300740031003e0071006c006b0034005f0021005b007100660028004a0058003d006500660047006a0079006f00310000000000	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{38632640-B3DD-11CF-A74E-0020AFA69E21}\InprocServer32	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}\InprocServer32\InprocServer32 = 7b004e006b007900590062005300500021003d00720021006200440024004d00600054004c00380050004c0043005f0054006500630068006e0069006300690061006e005f00460069006c00650073003e003d003300260035002c0042005e007000660028005600250065007100460067006b0057005f00420000000000	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{C27CCE38-8596-11D1-B16A-00C0F0283628}\InprocServer32\InprocServer32 = 7b004e006b007900590062005300500021003d00720021006200440024004d00600054004c0038005300630061006e006e0065006400500072006f006a0065006300740031003e00640062004b0078002d006c0062006d006600280047006e002c004c005b005b0051007e0043004e0000000000	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{C27CCE3B-8596-11D1-B16A-00C0F0283628}\InprocServer32	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32\InprocServer32 = 7b004e006b007900590062005300500021003d00720021006200440024004d00600054004c00380050004c0043005f0054006500630068006e0069006300690061006e005f00460069006c00650073003e004d0035004b0044005900530055006e0066002800480041002a004c005b007800650058002900790000000000	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{BDC217C5-ED16-11CD-956C-0000C04E4C0A}\InprocServer32	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}\InprocServer32	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{C27CCE3C-8596-11D1-B16A-00C0F0283628}\InprocServer32\ = "C:\\Windows\\SysWOW64\\mscomctl.ocx"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{275DBBA0-805A-11CF-91F7-C2863C385E30}\InprocServer32\ = "C:\\Windows\\SysWOW64\\msflxgrd.ocx"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{52BE9600-B3DD-11CF-A74E-0020AFA69E21}\InprocServer32\ = "C:\\Windows\\SysWOW64\\MSCHART.OCX"	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}\InprocServer32\InprocServer32 = 7b004e006b007900590062005300500021003d00720021006200440024004d00600054004c00380050004c0043005f0054006500630068006e0069006300690061006e005f00460069006c00650073003e003d003300260035002c0042005e007000660028005600250065007100460067006b0057005f00420000000000	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32\ = "C:\\Windows\\SysWOW64\\comdlg32.ocx"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\InprocServer32	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\InprocServer32\ = "C:\\Windows\\SysWOW64\\mscomctl.ocx"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\InprocServer32	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{6262D3A0-531B-11CF-91F6-C2863C385E30}\InprocServer32\ = "C:\\Windows\\SysWOW64\\msflxgrd.ocx"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{2CC3AF80-B3DD-11CF-A74E-0020AFA69E21}\InprocServer32\ = "C:\\Windows\\SysWOW64\\MSCHART.OCX"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32\InprocServer32 = 7b004e006b007900590062005300500021003d00720021006200440024004d00600054004c00380050004c0043005f0054006500630068006e0069006300690061006e005f00460069006c00650073003e004d0035004b0044005900530055006e0066002800480041002a004c005b007800650058002900790000000000	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32\InprocServer32 = 7b004e006b007900590062005300500021003d00720021006200440024004d00600054004c0038005300630061006e006e0065006400500072006f006a0065006300740031003e002d0053007d0028007a00280042006f006600280030006c0039006500660047006a0079006f00310000000000	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{C27CCE38-8596-11D1-B16A-00C0F0283628}\InprocServer32	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{6319EEA0-531B-11CF-91F6-C2863C385E30}\InprocServer32\InprocServer32 = 7b004e006b007900590062005300500021003d00720021006200440024004d00600054004c0038005300630061006e006e0065006400500072006f006a0065006300740031003e0071006c006b0034005f0021005b007100660028004a0058003d006500660047006a0079006f00310000000000	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{B1C402E0-DFC8-11CF-A635-00A0C903B29D}\InprocServer32	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32\InprocServer32 = 7b004e006b007900590062005300500021003d00720021006200440024004d00600054004c0038005300630061006e006e0065006400500072006f006a0065006300740031003e002d0053007d0028007a00280042006f006600280030006c0039006500660047006a0079006f00310000000000	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{C27CCE3F-8596-11D1-B16A-00C0F0283628}\InprocServer32	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{5E9FA9A0-B3DD-11CF-A74E-0020AFA69E21}\InprocServer32\ = "C:\\Windows\\SysWOW64\\MSCHART.OCX"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32\ThreadingModel = "Both"	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32\InprocServer32 = 7b004e006b007900590062005300500021003d00720021006200440024004d00600054004c00380050004c0043005f0054006500630068006e0069006300690061006e005f00460069006c00650073003e004d0035004b0044005900530055006e0066002800480041002a004c005b007800650058002900790000000000	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}\InprocServer32\ = "C:\\Windows\\SysWOW64\\comdlg32.ocx"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{2CC3AF80-B3DD-11CF-A74E-0020AFA69E21}\InprocServer32	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32\ThreadingModel = "Both"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{00000108-0000-0010-8000-00AA006D2EA4}\InprocServer32\ThreadingModel = "Apartment"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{C27CCE41-8596-11D1-B16A-00C0F0283628}\InprocServer32\ = "C:\\Windows\\SysWOW64\\mscomctl.ocx"	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{C27CCE42-8596-11D1-B16A-00C0F0283628}\InprocServer32\InprocServer32 = 7b004e006b007900590062005300500021003d00720021006200440024004d00600054004c0038005300630061006e006e0065006400500072006f006a0065006300740031003e00640062004b0078002d006c0062006d006600280047006e002c004c005b005b0051007e0043004e0000000000	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{31291E80-728C-11CF-93D5-0020AF99504A}\InprocServer32\InprocServer32 = 7b004e006b007900590062005300500021003d00720021006200440024004d00600054004c00380050004c0043005f0054006500630068006e0069006300690061006e005f00460069006c00650073003e002c003d0024007e00450024003800510036003f002a0060005100340047006d0040002d007a00650000000000	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\InprocServer32\ThreadingModel = "Apartment"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{C27CCE33-8596-11D1-B16A-00C0F0283628}\InprocServer32\InprocServer32 = 7b004e006b007900590062005300500021003d00720021006200440024004d00600054004c0038005300630061006e006e0065006400500072006f006a0065006300740031003e00640062004b0078002d006c0062006d006600280047006e002c004c005b005b0051007e0043004e0000000000	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{4C3ACCE0-B3DD-11CF-A74E-0020AFA69E21}\InprocServer32\ = "C:\\Windows\\SysWOW64\\MSCHART.OCX"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{EE0259C0-B32F-11CF-A74E-0020AFA69E21}\InprocServer32	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32\ThreadingModel = "Apartment"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32\ThreadingModel = "Both"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{00000103-0000-0010-8000-00AA006D2EA4}\InprocServer32\ThreadingModel = "Apartment"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\InprocServer32\ = "C:\\Windows\\SysWOW64\\mscomctl.ocx"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32\ThreadingModel = "Both"	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{00000103-0000-0010-8000-00AA006D2EA4}\InprocServer32\InprocServer32 = 7b004e006b007900590062005300500021003d00720021006200440024004d00600054004c0038005300630061006e006e0065006400500072006f006a0065006300740031003e0052007500520066002e00260060002b006700280026006400310058006100240056006c002500270000000000	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\InprocServer32	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{5E9FA9A0-B3DD-11CF-A74E-0020AFA69E21}\InprocServer32	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32\ThreadingModel = "Apartment"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{C27CCE35-8596-11D1-B16A-00C0F0283628}\InprocServer32\ = "C:\\Windows\\SysWOW64\\mscomctl.ocx"	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{C27CCE36-8596-11D1-B16A-00C0F0283628}\InprocServer32\InprocServer32 = 7b004e006b007900590062005300500021003d00720021006200440024004d00600054004c0038005300630061006e006e0065006400500072006f006a0065006300740031003e00640062004b0078002d006c0062006d006600280047006e002c004c005b005b0051007e0043004e0000000000	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}\InprocServer32\ = "C:\\Windows\\SysWOW64\\comdlg32.ocx"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{00000104-0000-0010-8000-00AA006D2EA4}\InprocServer32	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{C27CCE3A-8596-11D1-B16A-00C0F0283628}\InprocServer32\InprocServer32 = 7b004e006b007900590062005300500021003d00720021006200440024004d00600054004c0038005300630061006e006e0065006400500072006f006a0065006300740031003e00640062004b0078002d006c0062006d006600280047006e002c004c005b005b0051007e0043004e0000000000	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32\ThreadingModel = "Both"	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32\InprocServer32 = 7b004e006b007900590062005300500021003d00720021006200440024004d00600054004c00380050004c0043005f0054006500630068006e0069006300690061006e005f00460069006c00650073003e004d0035004b0044005900530055006e0066002800480041002a004c005b007800650058002900790000000000	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{7DA06D40-54A0-11CF-A521-0080C77A7786}\InprocServer32	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{00000100-0000-0010-8000-00AA006D2EA4}\InprocServer32\ThreadingModel = "Apartment"	msiexec.exe

Blocklisted process makes network request 1 IoCs

flow	pid	Process
8	4332	MSIEXEC.EXE

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\G:	MSIEXEC.EXE
File opened (read-only)	\??\I:	MSIEXEC.EXE
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\B:	MSIEXEC.EXE
File opened (read-only)	\??\L:	MSIEXEC.EXE
File opened (read-only)	\??\M:	MSIEXEC.EXE
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\E:	MSIEXEC.EXE
File opened (read-only)	\??\U:	MSIEXEC.EXE
File opened (read-only)	\??\Y:	MSIEXEC.EXE
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\K:	MSIEXEC.EXE
File opened (read-only)	\??\N:	MSIEXEC.EXE
File opened (read-only)	\??\Q:	MSIEXEC.EXE
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\H:	MSIEXEC.EXE
File opened (read-only)	\??\O:	MSIEXEC.EXE
File opened (read-only)	\??\T:	MSIEXEC.EXE
File opened (read-only)	\??\V:	MSIEXEC.EXE
File opened (read-only)	\??\W:	MSIEXEC.EXE
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\J:	MSIEXEC.EXE
File opened (read-only)	\??\R:	MSIEXEC.EXE
File opened (read-only)	\??\S:	MSIEXEC.EXE
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Z:	MSIEXEC.EXE
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\A:	MSIEXEC.EXE
File opened (read-only)	\??\P:	MSIEXEC.EXE
File opened (read-only)	\??\X:	MSIEXEC.EXE

Drops file in System32 directory 10 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\comdlg32.ocx	msiexec.exe
File created	C:\Windows\SysWOW64\tabctl32.ocx	msiexec.exe
File created	C:\Windows\SysWOW64\SET57C0.tmp	DXSETUP.exe
File opened for modification	C:\Windows\SysWOW64\D3DCompiler_37.dll	DXSETUP.exe
File created	C:\Windows\SysWOW64\MSCHART.OCX	msiexec.exe
File created	C:\Windows\SysWOW64\D3DX9_37.dll	msiexec.exe
File created	C:\Windows\SysWOW64\d3dx10_37.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mscomctl.ocx	msiexec.exe
File created	C:\Windows\SysWOW64\msflxgrd.ocx	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\SET57C0.tmp	DXSETUP.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Logic Design\PLC500\Ladders\Example9_10Solution.IO	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\Ladders\Example7_11LabProject.RSL	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\Ladders\Example7_10Solution.IO	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\Ladders\Example14_15Solution.RSL	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\Ladders\Example13_14Solution.IO	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\particle.jpg	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\Ladders\PLC1109.RSL	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\Ladders\PLC1310.TXT	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\Ladders\PLC0303.TXT	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\Ladders\PLC0203.IO	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\Ladders\Example8_12LabProject.RSL	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\Ladders\Example10_8LabProject.IO	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\Ladders\PLC1015.TXT	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\Ladders\Example13_14Solution.RSL	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\Ladders\Example10_6LabProject.IO	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\fl2OFF3.jpg	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\Ladders\PLC1316.TXT	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\Ladders\Example11_8LabProject.IO	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\temp25.jpg	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\Ladders\PLC1735.TXT	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\Ladders\PLC0203.RSL	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\Ladders\Example8_8Solution.IO	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\Ladders\Example8_14LabProject.RSL	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\Ladders\PLC1725.RSL	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\Ladders\PLC0905.TXT	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\Ladders\PLC0715.IO	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\Ladders\Example10_9LabProject.IO	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\Ladders\BatchMixerFigure9_14.RSL	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\PLC500.exe	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\Ladders\PLC1114c.IO	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\Ladders\PLC0903B.TXT	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\elevator.X	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\Ladders\PLC1724.IO	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\Ladders\PLC1321.IO	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\Ladders\PLC1115.TXT	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\Ladders\Example11_4LabProject.IO	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\Ladders\BatchMixerFigure12_30(a).RSL	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\temp23.jpg	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\Ladders\PLC1316.RSL	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\Ladders\PLC1308.TXT	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\Ladders\Example8_11Solution.IO	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\Ladders\PLC1221.TXT	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\Ladders\PLC0302.RSL	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\Ladders\PLC0708.RSL	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\Ladders\PLC0808.IO	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\Ladders\PLC0203.TXT	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\intersec.jpg	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\Ladders\PLC0721.IO	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\gooffns.JPG	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\el4on.JPG	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\Ladders\Example13_15LabProject.IO	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\temp10.jpg	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\Ladders\PLC0715.TXT	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\Ladders\Example12_14Solution.RSL	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\Ladders\PLC0909.TXT	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\Ladders\Example7_9LabProject.RSL	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\labels.jpg	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\skinmesh4.vsh	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\Ladders\PLC0907.RSL	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\Ladders\PLC0804.TXT	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\Ladders\Example9_12LabProject.RSL	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\Ladders\Example12_14LabProject.IO	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\Ladders\Example12_10Solution.IO	msiexec.exe
File created	C:\Program Files (x86)\Logic Design\PLC500\Ladders\Example11_6LabProject.RSL	msiexec.exe

Drops file in Windows directory 36 IoCs

description	ioc	Process
File created	C:\Windows\Installer\SourceHash{9B6A6393-DE9E-4477-972F-29045CA3903F}	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\UnManaged\S-1-5-21-3062789476-783164490-2318012559-1000\3936A6B9E9ED774479F29240C53A09F3\3.2.9\Global_Vba_VbRuntime_f0.1E64E430_36E0_11D2_A794_0060089A724B	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\UnManaged\S-1-5-21-3062789476-783164490-2318012559-1000\3936A6B9E9ED774479F29240C53A09F3\3.2.9\Global_VC_CRT_f0.51D569E0_8A28_11D2_B962_006097C4DE24	msiexec.exe
File created	C:\Windows\SystemTemp\~DFE555F00C4B39052D.TMP	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\UnManaged\S-1-5-21-3062789476-783164490-2318012559-1000\3936A6B9E9ED774479F29240C53A09F3\3.2.9\Global_Controls_COMCATDLL_f0.3207D1B0_80E5_11D2_B95D_006097C4DE24	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\UnManaged\S-1-5-21-3062789476-783164490-2318012559-1000\3936A6B9E9ED774479F29240C53A09F3\3.2.9\Global_VC_CRT_f0.51D569E0_8A28_11D2_B962_006097C4DE24	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\UnManaged\S-1-5-21-3062789476-783164490-2318012559-1000\3936A6B9E9ED774479F29240C53A09F3\3.2.9\Global_System_STDOLE_f1.8C0C59A0_7DC8_11D2_B95D_006097C4DE24	msiexec.exe
File created	C:\Windows\Installer\e5838c0.msi	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\UnManaged\S-1-5-21-3062789476-783164490-2318012559-1000\3936A6B9E9ED774479F29240C53A09F3\3.2.9\Global_System_OLEAUT32_f3.8C0C59A0_7DC8_11D2_B95D_006097C4DE24	msiexec.exe
File opened for modification	C:\Windows\DirectX.log	DXSETUP.exe
File created	C:\Windows\SystemTemp\~DFCC6DACDC1404C54B.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DF1CFAB595B9EC1BD1.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\UnManaged\S-1-5-21-3062789476-783164490-2318012559-1000	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\UnManaged\S-1-5-21-3062789476-783164490-2318012559-1000\3936A6B9E9ED774479F29240C53A09F3\3.2.9\Global_VC_MFC42ANSICore_f0.51D569E2_8A28_11D2_B962_006097C4DE24	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\UnManaged\S-1-5-21-3062789476-783164490-2318012559-1000\3936A6B9E9ED774479F29240C53A09F3\3.2.9\Global_System_OLEAUT32_f2.8C0C59A0_7DC8_11D2_B95D_006097C4DE24	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\UnManaged\S-1-5-21-3062789476-783164490-2318012559-1000\3936A6B9E9ED774479F29240C53A09F3\3.2.9\Global_System_OLEPRO32_f0.8C0C59A0_7DC8_11D2_B95D_006097C4DE24	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\UnManaged\S-1-5-21-3062789476-783164490-2318012559-1000\3936A6B9E9ED774479F29240C53A09F3\3.2.9\Global_System_STDOLE_f1.8C0C59A0_7DC8_11D2_B95D_006097C4DE24	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\UnManaged\S-1-5-21-3062789476-783164490-2318012559-1000\3936A6B9E9ED774479F29240C53A09F3\3.2.9\Global_System_OLEAUT32_f2.8C0C59A0_7DC8_11D2_B95D_006097C4DE24	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\UnManaged\S-1-5-21-3062789476-783164490-2318012559-1000\3936A6B9E9ED774479F29240C53A09F3\3.2.9\F479_Dao360.dll.5B60FF9E_851D_11D4_A752_00B0D0428C0C	msiexec.exe
File opened for modification	C:\Windows\Installer\e5838be.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI3CB6.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\UnManaged\S-1-5-21-3062789476-783164490-2318012559-1000\3936A6B9E9ED774479F29240C53A09F3\3.2.9	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\UnManaged\S-1-5-21-3062789476-783164490-2318012559-1000\3936A6B9E9ED774479F29240C53A09F3\3.2.9\Global_Controls_COMCATDLL_f0.3207D1B0_80E5_11D2_B95D_006097C4DE24	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\UnManaged\S-1-5-21-3062789476-783164490-2318012559-1000\3936A6B9E9ED774479F29240C53A09F3\3.2.9\Global_System_OLEPRO32_f0.8C0C59A0_7DC8_11D2_B95D_006097C4DE24	msiexec.exe
File created	C:\Windows\Installer\e5838be.msi	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\UnManaged\S-1-5-21-3062789476-783164490-2318012559-1000\3936A6B9E9ED774479F29240C53A09F3\3.2.9\Global_Vba_VbRuntime_f0.1E64E430_36E0_11D2_A794_0060089A724B	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI532D.tmp	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\UnManaged\S-1-5-21-3062789476-783164490-2318012559-1000\3936A6B9E9ED774479F29240C53A09F3\3.2.9\F479_Dao360.dll.5B60FF9E_851D_11D4_A752_00B0D0428C0C	msiexec.exe
File created	C:\Windows\SystemTemp\~DF1330EF814138EE93.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\UnManaged	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\UnManaged\S-1-5-21-3062789476-783164490-2318012559-1000\3936A6B9E9ED774479F29240C53A09F3\3.2.9\Global_VC_MFC42ANSICore_f0.51D569E2_8A28_11D2_B962_006097C4DE24	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\UnManaged\S-1-5-21-3062789476-783164490-2318012559-1000\3936A6B9E9ED774479F29240C53A09F3\3.2.9\Global_System_OLEAUT32_f3.8C0C59A0_7DC8_11D2_B95D_006097C4DE24	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\UnManaged\S-1-5-21-3062789476-783164490-2318012559-1000\3936A6B9E9ED774479F29240C53A09F3	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000001b4a55745f2b98f90000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800001b4a55740000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809001b4a5574000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d1b4a5574000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000001b4a557400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{00020422-0000-0000-C000-000000000046}\ = "PSTypeInfo"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\ToolboxBitmap32	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\Interface\{66833FE4-8583-11D1-B16A-00C0F0283628}\ProxyStubClsid32	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\Interface\{F9043C87-F6F2-101A-A3C9-08002B2F49FB}\ProxyStubClsid	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\Interface\{C74190B4-8589-11D1-B16A-00C0F0283628}\TypeLib	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\MSComctlLib.TreeCtrl\CLSID\ = "{C74190B6-8589-11D1-B16A-00C0F0283628}"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\Interface\{1EFB6597-857C-11D1-B16A-00C0F0283628}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\Interface\{BDC217C7-ED16-11CD-956C-0000C04E4C0A}\ProxyStubClsid	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\Interface\{62375370-A17D-11CE-840F-00AA0042CB33}\TypeLib\Version = "1.0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00000093-0000-0010-8000-00AA006D2EA4}\ProxyStubClsid32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0000005D-0000-0010-8000-00AA006D2EA4}\TypeLib\Version = "5.0"	MsiExec.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\Interface\{CD9EFA60-AA40-11CE-840F-00AA0042CB33}\ProxyStubClsid32	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\ = "Microsoft ImageComboBox Control 6.0 (SP4)"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{C27CCE39-8596-11D1-B16A-00C0F0283628}	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\Interface\{C74190B5-8589-11D1-B16A-00C0F0283628}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\Interface\{2F6DD6A0-95E5-11CE-86B3-444553540000}\TypeLib\ = "{02B5E320-7292-11CF-93D5-0020AF99504A}"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\Interface\{AFE57020-7409-11CE-840F-00AA0042CB33}\TypeLib	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\ProgID\ = "StdPicture"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{BDC217C5-ED16-11CD-956C-0000C04E4C0A}\ProgID\ = "TabDlg.SSTab.1"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\Interface\{2F6DD6A0-95E5-11CE-86B3-444553540000}\ = "IVcStatLine"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{C27CCE3D-8596-11D1-B16A-00C0F0283628}\InprocServer32\ = "C:\\Windows\\SysWOW64\\mscomctl.ocx"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\MSComctlLib.ListViewCtrl\ = "Microsoft ListView Control, version 6.0"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00000089-0000-0010-8000-00AA006D2EA4}\ProxyStubClsid32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00000093-0000-0010-8000-00AA006D2EA4}\ = "Containers"	MsiExec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\ProgID\ = "MSComctlLib.SBarCtrl.2"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{C27CCE3B-8596-11D1-B16A-00C0F0283628}	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{BDC217C5-ED16-11CD-956C-0000C04E4C0A}\MiscStatus\1	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{31291E80-728C-11CF-93D5-0020AF99504A}\Programmable\	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00000039-0000-0010-8000-00AA006D2EA4}\ProxyStubClsid32	MsiExec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0000009B-0000-0010-8000-00AA006D2EA4}\ProxyStubClsid32	MsiExec.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\InprocServer32	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\TypeLib\{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}\2.0\FLAGS	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0000009B-0000-0010-8000-00AA006D2EA4}	MsiExec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\ProgID\ = "MSComctlLib.ProgCtrl.2"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\ProgID\ = "MSComctlLib.ImageComboCtl.2"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\Interface\{B196B28C-BAB4-101A-B69C-00AA00341D07}\NumMethods\ = "7"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\0	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0000006B-0000-0010-8000-00AA006D2EA4}\ = "Users"	MsiExec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}\ = "Font Property Page"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\MiscStatus	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00000051-0000-0010-8000-00AA006D2EA4}\TypeLib	MsiExec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\MSComctlLib.ImageComboCtl\CLSID\ = "{DD9DA666-8594-11D1-B16A-00C0F0283628}"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\Programmable	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\Interface\{BDD1F051-858B-11D1-B16A-00C0F0283628}\TypeLib\ = "{831FDD16-0C5C-11D2-A9FC-0000F8754DA1}"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{6262D3A0-531B-11CF-91F6-C2863C385E30}\InprocServer32\ThreadingModel = "Apartment"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00000021-0000-0010-8000-00AA006D2EA4}\ = "_DBEngine"	MsiExec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\Interface\{1EFB6594-857C-11D1-B16A-00C0F0283628}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\Interface\{C74190B4-8589-11D1-B16A-00C0F0283628}\TypeLib\Version = "2.0"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\Interface\{2F6DD6A2-95E5-11CE-86B3-444553540000}\TypeLib\ = "{02B5E320-7292-11CF-93D5-0020AF99504A}"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\Interface\{508D02E6-90FC-11CE-86B3-444553540000}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{38632640-B3DD-11CF-A74E-0020AFA69E21}	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\StdPicture\CLSID\ = "{0BE35204-8F91-11CE-9DE3-00AA004BB851}"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\Interface\{35053A20-8589-11D1-B16A-00C0F0283628}	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\Interface\{5F4DF280-531B-11CF-91F6-C2863C385E30}	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{52BE9600-B3DD-11CF-A74E-0020AFA69E21}	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\OldFont\CLSID	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\WOW6432Node\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32\ThreadingModel = "Both"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0000000A-0000-0010-8000-00AA006D2EA4}\TypeLib	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00000089-0000-0010-8000-00AA006D2EA4}\ = "_Relation"	MsiExec.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1376	msiexec.exe
1376	msiexec.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5072	PLC500.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4332	MSIEXEC.EXE
Token: SeIncreaseQuotaPrivilege	4332	MSIEXEC.EXE
Token: SeSecurityPrivilege	1376	msiexec.exe
Token: SeCreateTokenPrivilege	4332	MSIEXEC.EXE
Token: SeAssignPrimaryTokenPrivilege	4332	MSIEXEC.EXE
Token: SeLockMemoryPrivilege	4332	MSIEXEC.EXE
Token: SeIncreaseQuotaPrivilege	4332	MSIEXEC.EXE
Token: SeMachineAccountPrivilege	4332	MSIEXEC.EXE
Token: SeTcbPrivilege	4332	MSIEXEC.EXE
Token: SeSecurityPrivilege	4332	MSIEXEC.EXE
Token: SeTakeOwnershipPrivilege	4332	MSIEXEC.EXE
Token: SeLoadDriverPrivilege	4332	MSIEXEC.EXE
Token: SeSystemProfilePrivilege	4332	MSIEXEC.EXE
Token: SeSystemtimePrivilege	4332	MSIEXEC.EXE
Token: SeProfSingleProcessPrivilege	4332	MSIEXEC.EXE
Token: SeIncBasePriorityPrivilege	4332	MSIEXEC.EXE
Token: SeCreatePagefilePrivilege	4332	MSIEXEC.EXE
Token: SeCreatePermanentPrivilege	4332	MSIEXEC.EXE
Token: SeBackupPrivilege	4332	MSIEXEC.EXE
Token: SeRestorePrivilege	4332	MSIEXEC.EXE
Token: SeShutdownPrivilege	4332	MSIEXEC.EXE
Token: SeDebugPrivilege	4332	MSIEXEC.EXE
Token: SeAuditPrivilege	4332	MSIEXEC.EXE
Token: SeSystemEnvironmentPrivilege	4332	MSIEXEC.EXE
Token: SeChangeNotifyPrivilege	4332	MSIEXEC.EXE
Token: SeRemoteShutdownPrivilege	4332	MSIEXEC.EXE
Token: SeUndockPrivilege	4332	MSIEXEC.EXE
Token: SeSyncAgentPrivilege	4332	MSIEXEC.EXE
Token: SeEnableDelegationPrivilege	4332	MSIEXEC.EXE
Token: SeManageVolumePrivilege	4332	MSIEXEC.EXE
Token: SeImpersonatePrivilege	4332	MSIEXEC.EXE
Token: SeCreateGlobalPrivilege	4332	MSIEXEC.EXE
Token: SeBackupPrivilege	3144	vssvc.exe
Token: SeRestorePrivilege	3144	vssvc.exe
Token: SeAuditPrivilege	3144	vssvc.exe
Token: SeBackupPrivilege	1376	msiexec.exe
Token: SeRestorePrivilege	1376	msiexec.exe
Token: SeRestorePrivilege	1376	msiexec.exe
Token: SeTakeOwnershipPrivilege	1376	msiexec.exe
Token: SeRestorePrivilege	1376	msiexec.exe
Token: SeTakeOwnershipPrivilege	1376	msiexec.exe
Token: SeRestorePrivilege	1376	msiexec.exe
Token: SeTakeOwnershipPrivilege	1376	msiexec.exe
Token: SeRestorePrivilege	1376	msiexec.exe
Token: SeTakeOwnershipPrivilege	1376	msiexec.exe
Token: SeRestorePrivilege	1376	msiexec.exe
Token: SeTakeOwnershipPrivilege	1376	msiexec.exe
Token: SeRestorePrivilege	1376	msiexec.exe
Token: SeTakeOwnershipPrivilege	1376	msiexec.exe
Token: SeRestorePrivilege	1376	msiexec.exe
Token: SeTakeOwnershipPrivilege	1376	msiexec.exe
Token: SeRestorePrivilege	1376	msiexec.exe
Token: SeTakeOwnershipPrivilege	1376	msiexec.exe
Token: SeRestorePrivilege	1376	msiexec.exe
Token: SeTakeOwnershipPrivilege	1376	msiexec.exe
Token: SeRestorePrivilege	1376	msiexec.exe
Token: SeTakeOwnershipPrivilege	1376	msiexec.exe
Token: SeRestorePrivilege	1376	msiexec.exe
Token: SeTakeOwnershipPrivilege	1376	msiexec.exe
Token: SeRestorePrivilege	1376	msiexec.exe
Token: SeTakeOwnershipPrivilege	1376	msiexec.exe
Token: SeRestorePrivilege	1376	msiexec.exe
Token: SeTakeOwnershipPrivilege	1376	msiexec.exe
Token: SeRestorePrivilege	1376	msiexec.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
4332	MSIEXEC.EXE
4332	MSIEXEC.EXE

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5072	PLC500.exe

Suspicious use of WriteProcessMemory 13 IoCs

description	pid	Process	procid_target
PID 2360 wrote to memory of 4332	2360	PLC500_Trial_Online_Setup.exe	82
PID 2360 wrote to memory of 4332	2360	PLC500_Trial_Online_Setup.exe	82
PID 2360 wrote to memory of 4332	2360	PLC500_Trial_Online_Setup.exe	82
PID 1376 wrote to memory of 4504	1376	msiexec.exe	89
PID 1376 wrote to memory of 4504	1376	msiexec.exe	89
PID 1376 wrote to memory of 4548	1376	msiexec.exe	92
PID 1376 wrote to memory of 4548	1376	msiexec.exe	92
PID 1376 wrote to memory of 4548	1376	msiexec.exe	92
PID 4548 wrote to memory of 2736	4548	MsiExec.exe	93
PID 4548 wrote to memory of 2736	4548	MsiExec.exe	93
PID 4548 wrote to memory of 992	4548	MsiExec.exe	94
PID 4548 wrote to memory of 992	4548	MsiExec.exe	94
PID 4548 wrote to memory of 992	4548	MsiExec.exe	94

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\PLC500_Trial_Online_Setup.exe
"C:\Users\Admin\AppData\Local\Temp\PLC500_Trial_Online_Setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2360
- C:\Windows\SysWOW64\MSIEXEC.EXE
  MSIEXEC.EXE /i "C:\Users\Admin\AppData\Local\Downloaded Installations\{B181E15E-0D21-49D7-AC39-02F30B4B8E43}\PLC500.msi" SETUPEXEDIR="C:\Users\Admin\AppData\Local\Temp" SETUPEXENAME="PLC500_Trial_Online_Setup.exe"
  2⤵
  - Blocklisted process makes network request
  - Enumerates connected drives
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:4332

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Registers COM server for autorun
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1376
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:4504
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 6189D2F362EF5BB4848D893B4FEF0D6F
  2⤵
  - Loads dropped DLL
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:4548
- - C:\Users\Admin\AppData\Local\Temp\{0C5D042A-5009-4BDB-A33C-69889D629BDE}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{0C5D042A-5009-4BDB-A33C-69889D629BDE}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{57C25265-E7AF-48DA-8C10-D7656169F8C1}
    3⤵
    - Executes dropped EXE
    PID:2736
- - C:\Users\Admin\AppData\Roaming\Logic Design\Redist\DXSETUP.exe
    "C:\Users\Admin\AppData\Roaming\Logic Design\Redist\DXSETUP.exe" /silent
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in System32 directory
    - Drops file in Windows directory
    PID:992

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:3144

C:\Program Files (x86)\Logic Design\PLC500\PLC500.exe
"C:\Program Files (x86)\Logic Design\PLC500\PLC500.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e5838bf.rbs

Filesize
411KB

MD5
5ff0075dbc307bd0d69c97d8a2bfbd2d

SHA1
af3fc1a1f71050bef69b03f5b15f51ae6a73e8a0

SHA256
5e47689d5eaecaebf12733d47f8f0729299faba79ece0e59611aee451b68a54b

SHA512
d5b2d755ebe07f47038d32aebf63a522d937cbb03b29acff5fe0c13d6a769ac1fe92e75da6f6df90ce2c3f7cba29a86f4b5b5a28ad899dbf053301365092c187

Download Submit
C:\Program Files (x86)\Logic Design\PLC500\Ladders\Example11_8LabProject.IO

Filesize
1KB

MD5
4848a01b9cbfa44882ee9ab8c1c604f2

SHA1
0db1367abcb7b676e385a512ba3ccf2b992493d8

SHA256
207873f0c14d2d6551e4bd148537ffb131e54b453cbde0cc71c95c1c04effa03

SHA512
6dbfa12dae3ffb966c71d88021cfa1afcaa2a4ce7bdd4aca7cfd819533bbdd8fa7905622d9d729251bbaf7740234dbff8caf84cc39cc5df6ceb551fb09235023

Download Submit
C:\Program Files (x86)\Logic Design\PLC500\Ladders\Example12_14LabProject.IO

Filesize
1KB

MD5
d93e23e4d4ef6a889aaf4cfe00bd1e26

SHA1
adbf94372cb961cd7f45a55abf01b4ca2712473e

SHA256
3830333bb56eaf3deb5192f20c4a5aec198af210c3f1a4dd6341e9a365b0049c

SHA512
69beb78ab78e5bfd3a62c21eef394820d95a00daacc605ffcc9fec0d44302fca75d89c283f99574b4b9224c1a73f89dfd57d49ea6edaa4ae46d14bf75a987a6d

Download Submit
C:\Program Files (x86)\Logic Design\PLC500\Ladders\Example7_9LabProject.IO

Filesize
1KB

MD5
cd988aba728b7862b6a9153c43ec2aa1

SHA1
bf924e1932b19cbf722698c14a4e14cf2ab8cce7

SHA256
2bfde05d28d0ea3cecddcaf4a65d4bf0ac236435634343c5964a37b269a36057

SHA512
f33c2c6820107f12dcbd2f29252a079c194335e821d3fd0da0fdc35a266c7dad1f660bbe34fad63cbaecd8e8c2e449254ab1ee08fa10104667c3f019caa89817

Download Submit
C:\Program Files (x86)\Logic Design\PLC500\Ladders\Example8_10Solution.IO

Filesize
1KB

MD5
1f70279f8a97090622ad86cdd7d3fab5

SHA1
6784b1a641ef6b16123eda2a2dd3973984a1904a

SHA256
6c5efd43af5c6395527fd61cd496b69216f83fb5702bc00348e9abd9ba85d8ad

SHA512
5e696c806def6ac872dada27ef4ced027eb0c0c220903a3cb3f151f03f983bfad29577936f099b7e9f1530c017476053bf0a7f9d73cee14961780d63bfbd187b

Download Submit
C:\Program Files (x86)\Logic Design\PLC500\Ladders\Example8_12LabProject.IO

Filesize
1KB

MD5
e8ea7c529dde351574eb54e5cd175408

SHA1
77af410b4f1064900191b83237663e1c56f62029

SHA256
73e202e347b516484883ca4a1ce8f347cd49ca32c0fa471bb6ff2a03cbb45389

SHA512
30429f5c84c5e5e933eaac5225d75a8a569cb34689816c8ebae0cef65ac0a6f01b44c29994ddd7b7f2238232e97fa81d829c406c0ea179c13e79d3e3ff48dd22

Download Submit
C:\Program Files (x86)\Logic Design\PLC500\Ladders\Example9_9Solution2.IO

Filesize
1KB

MD5
afd0825330bf56fa40a28e35b6dbe3b5

SHA1
41c29f3b7a07183fbf3d64382f8c735a46f1c512

SHA256
74ff19916a920db270cbb4a83fea8bae938471f81ea61473a7b03a79be9ba5a3

SHA512
ff5503992a697954bbd83b4723781cf85b23fbf7fe9346622d373c9d884b10e6f1c473d2c56c91c8d4559fb6edb50afd6e6d2313c1a0dd30a7d3a3ea6ae25350

Download Submit
C:\Program Files (x86)\Logic Design\PLC500\Ladders\PLC0715.IO

Filesize
1KB

MD5
a4715535ad91e3ef466a70785f1e163e

SHA1
4a7d4a22a8d1f982b196d61ee22104e450c8891f

SHA256
afca8d47cd964a4bec66bb70730af3d885d42800a78f193b8c5975cba80085fb

SHA512
89cb04eb9a196e250279e36793baf8b4536577811170ef63b6efa1cb6b0c06c07b444c29120d985ce350a2fc3cfd52603c559ea0995e26d2b1b46efd82eabbf1

Download Submit
C:\Program Files (x86)\Logic Design\PLC500\Ladders\PLC0805.IO

Filesize
1KB

MD5
1b2e1c266c1073dc7a161a36f6e51a4d

SHA1
2930f61db0d311610b67af164ea55fc060eda23b

SHA256
ec78e87dabf4798f2d25e933632d1d853a1ca2c17e53bc77614ae16acdd090f5

SHA512
919c90c8ae302627fe7264b645a9c4f0ab1c9f9103a1b63a42148620e976ee9b2188a47597d2e8db0a20bef9d1021c6b1659a2d585e46956a755cb9b20790374

Download Submit
C:\Program Files (x86)\Logic Design\PLC500\Ladders\PLC0814.IO

Filesize
1KB

MD5
525125ecd66ca05ac7a41351d815897c

SHA1
40de7401d630ca893aa3a543d5a97ebb7d7f8861

SHA256
a2be20eea4dbc7610b56ccff3ffee59b7ff22a4a668d6f97dde8b2f205b534ab

SHA512
b16ebc7b5657f7210b8f17acb5139361f98132bb9006c4b3c3e074624c0e5bed93c183f499cae1ac173922757210b0cdac5de6c1afa13bc5c0b8e898fc54cee6

Download Submit
C:\Program Files (x86)\Logic Design\PLC500\Ladders\PLC0903B.IO

Filesize
1KB

MD5
040406ab6a13c4191e7b41b68ebfa4c1

SHA1
2eb1eebb6ce34e7976e6addabcb1aa3d53dbdd70

SHA256
60790b97606460c48838db70edb573a0d83cafcb79e1cecd098b84e6a8d2293e

SHA512
b8a7beccee0ca683b29ec189f3063f37b6b8ed8f556060b94b6e1e85baf33c9921a7f73ac9dd64d34f21edcffbd96f9705565f60b29fd9e446c38e43aa65b089

Download Submit
C:\Program Files (x86)\Logic Design\PLC500\Ladders\PLC0908C.IO

Filesize
1KB

MD5
38666b1c18c072ad76ce4631148d485a

SHA1
0803768ffcc3e93f58a0d71cee313cce2662cd2a

SHA256
60a2b066d1bd4916a11a40006dca9744d80328613c4f73fdbe44735369bdfed0

SHA512
61fe897af2056f5ab8119598d219fa60c84a64a0148d2ddee0922dbb4eba243c084263c696e60d66d3af5a0d1e3f24a7a7504e965ffb9e19e9f8ca3991e8bea9

Download Submit
C:\Program Files (x86)\Logic Design\PLC500\Ladders\PLC1219.IO

Filesize
1KB

MD5
357a1e82c9ecc1efe14de6a239604332

SHA1
7602a803be2054c7fe55e42d3614923253965ac2

SHA256
6b41e63e2493cb45ca4eb07fc9f394dd40e4499e2191101a80f221ab8df0aba6

SHA512
ef166039d5fe18442e4fbc9b5db8fb3598529cb0cfd97775528bc118fc4263fa6fc39cf7f297276f48eca2e2075041c36f157a633212e13ed256cb18fc863729

Download Submit
C:\Program Files (x86)\Logic Design\PLC500\Ladders\PLC1306.IO

Filesize
1KB

MD5
d5659eb7c0ddd3dbd78d3f0cb001bd9d

SHA1
a364e555780a1643314ab35834f51684741de772

SHA256
e271e0d1dd8fc1c04c2c9a3850167504995411b97c69ad71e88e8643e162936c

SHA512
144e3b81acafcd2476014d6ea6b4f3afd6179665ae09c40beb9158f12328803aadf0695f650f61c90217c50675245276b4b944b3dc1dc199324bf61be6d4cf23

Download Submit
C:\Program Files (x86)\Logic Design\PLC500\Ladders\PLC1735.IO

Filesize
1KB

MD5
a263665976ee5aede15a65a4e06ab3cd

SHA1
41c6ca5bd366f4b53fc2cf98f47e3cb15bf99ed0

SHA256
d440f6f414eb3d6bbbd4d5ed51fa9b7133a81657aa84a1c223e2b61208efc03a

SHA512
a4d4eb3867c1a70e128d9ca47c5e34af1fe2bdb1aca2d551d037d324473756b126893d6e77f6792032efcd97c779ffef0b287aeeb9fd2e8bbcc417061dd80582

Download Submit
C:\Program Files (x86)\Logic Design\PLC500\PLC500.exe

Filesize
34.6MB

MD5
e95fea80c9c9bd4ba7f032c677e42cd7

SHA1
ee36823c67d164bad123bea4bf231d502c31c95c

SHA256
911bf334442d40cc6187e7c22b56911aeec14866f6db2e53cb13b4f6cdbc011a

SHA512
680c6db46e20f2af6261df01aaf3e84f18d1d613af6dc0cb0d2e31fc4a4891e1c6be4740b3ff4297a5550ea6bc7191ed6b4c30ed9c166287d20f7db9ff966bd3

Download Submit
C:\Program Files (x86)\Logic Design\PLC500\fl1OFF1.jpg

Filesize
675B

MD5
ecc6fd677d5edd47ae13dae801c8b525

SHA1
77c1ccab04972f655aa70a3ab320f33e182586f2

SHA256
21570d70706483acb06025cd159ac5dd09d9c6b1ca3d27b55393e2ebf4845057

SHA512
80dcfc3f6ee5e8bfc219f433930cd740123b38e382c5517b558f702fdb114ff5d13c97c15ce3f56f729567f9c0f8e86321e9926dcc27d6d6331ef550ed889585

Download Submit
C:\Program Files (x86)\Logic Design\PLC500\fl1ON2.jpg

Filesize
1KB

MD5
a2b145faef6bfe66aaccdd87e172f771

SHA1
c8364fcd16bea934f3f8382cb42ff781e53ccea6

SHA256
536788941e13f8fda4301086dfb4754efba5fb1c9062e0754ba01caef96dec73

SHA512
608556c94d032795f5d420102d3dea54fc86b27179291628f79f6905eb8cc720462565c9ab53e18cd91cfb1185dffc740da389368daeebfbb3302ea7581656c9

Download Submit
C:\Program Files (x86)\Logic Design\PLC500\fl2OFF1.jpg

Filesize
991B

MD5
2175e787ee6110d9046973edb5e6725b

SHA1
cf4793683673116131c7cb1bcbe2a4935b6839e5

SHA256
edaf0ec0d20f4560e3e836d698087621f375783faf0d9a0033645897b1ceebac

SHA512
39d32ab895da7f02cc70da93a6e09edd1a9b2bf89c3f9cf44e677bc9b1bda1aa6438edc27ef7b31cb918ec4da31ea12d2c53743ec8c70044c38dadf1ba0f1540

Download Submit
C:\Program Files (x86)\Logic Design\PLC500\fl2ON1.JPG

Filesize
1KB

MD5
26a181c5b545a8561bc8f094c97e598e

SHA1
085fa7ab0ea7a944412edd573b5d4d9386a166e7

SHA256
910b7a69a7380f8b9000813bd4318cda0cf830091d1022981acb27d9b618cfc1

SHA512
9de0640ee2272604369f695b4777860e378f0bae72a8370c83dab88a06acde774745d239d72f8c22d77b0bff35a97c85c6b0be60406eaf745f4170972b81d433

Download Submit
C:\Program Files (x86)\Logic Design\PLC500\fl3OFF1.JPG

Filesize
1KB

MD5
1fe054e7d840b413e61a1adac8ed9b3a

SHA1
ec97318de40beda855b5e5c3ff3df7007fa5312d

SHA256
d16099647e0dc12c8e7211d4d4cc1d1205fee4effb6e43de7d8afc54a6e040a3

SHA512
6aacfed34f15238ef193b8dffe6706d9668676d4f81a1ad1f833764aedab74d8508964deebe0b5ad394dd25ec65e3500f9f0069b276c4cc544e2ed8e42a8d63c

Download Submit
C:\Program Files (x86)\Logic Design\PLC500\fl3ON1.jpg

Filesize
1KB

MD5
9fe61e3522a2c0de3aeb9dd57b2cf8b4

SHA1
982f69c890cebcfdb88210092b4f9d35b5c9f4e5

SHA256
12d106d7381568211e086b7a93a99f94cff3b328e1d0e205f9eb963ab8c53be0

SHA512
e7f65258ef40b5da82317757d5ac4bd4b3bdff08ba48d134ea8bd513609c9bfa2f8d59eeaaf274fc23b6f87f005c3cb52e86054b88dfb5311efca39eee2bfaaa

Download Submit
C:\Program Files (x86)\Logic Design\PLC500\fl4OFF1.jpg

Filesize
986B

MD5
e516e28fabba445e619bad75a8d06462

SHA1
542c27cf7cd8d4e10ea59bf7f62cd18683f732d6

SHA256
89dbc307e896bbfd747687c0549b7f0389eeda7ac3b9ca9cbf25b475197c35d4

SHA512
b6da5a1956c7f5b875ca1e04c9ce818a24e1eaef4aa51f21f3ae0769cf6a89adc031bacafa45dc2e0e0754140c8c5a9e29e64521328ff4f23f3c8b3fd0a0ab34

Download Submit
C:\Program Files (x86)\Logic Design\PLC500\fl4ON1.JPG

Filesize
1KB

MD5
fc79d38169e12bc39747480dd77be913

SHA1
e5e5f820a1189233a08e7e8f592909fde262f2a3

SHA256
079227c9379703b422a038ae2284add08ffd84944b9083d5128107ccc00d2c61

SHA512
1854565a4bbf6a15d83081d35734cf388deda427a306b7b3936c4a48fd85441f85087e88432c4261d2be3e8cdb5b1de4213da25ad5b24c06fd6dab6acd391514

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_7E2B2BBC752F00D5C01FBA4C3D0FEA64

Filesize
727B

MD5
116e87e3af989e81bcbd341438781723

SHA1
d2fb9510244e3adf390138b694ca6f06bece9961

SHA256
93a423b439bde74051c2263155700b1bbd5600c96f9d80da11df1bd6923582e3

SHA512
60cd2afd622e17e8b35461d875f0d94ff3f583084e3833d94735d457315c93f767a3285ae9c0915a5ef0bb9070793af4964b9f0e162503d37ed963f8afd2a371

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
727B

MD5
43bcef738061cd01cd919e92fbff58f2

SHA1
0c62d3f30f002b4fb3055290a18b3923158da76c

SHA256
ee641980af666e39d01d67bd4151c4cc33db2b5588670cd54cd7fe1d8b75a415

SHA512
b7d2e026d324893e300e4889ac90ccc6cd35cf838541284903a06c3f34160d29f1555079a6b2a1c1272e1f12756ac40291f34e920c23cd2ac09740c140a800c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_7E2B2BBC752F00D5C01FBA4C3D0FEA64

Filesize
404B

MD5
9e49645f2f454553aead7d2de4c78221

SHA1
bd6fbf75915d3fd3012c4163bcad7bc535c69f24

SHA256
4f0e349209e1f01c2d9e48f031149c9a2b40a5fa3432539f21cefcb453e91c86

SHA512
ea06ee0e4c82c8c55d765246b3a8fe25c030f6815f7328acb7ed05a1f67ff234165f15fc1180baf716d5d910142422328988b15deb5d0b9165285e998f993d61

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
412B

MD5
28560949ba97cf872ad077c3efdc028c

SHA1
5f3a2348d0a8ca619d7ef79a4f113b1341a22167

SHA256
75420f0c0309bc24d723b0d71925624cd9dad0442ff70d0a29f77366c59f553e

SHA512
5155aa290a521e1b9c3de6e270650796ebe17e89c1ba3d194c32bc05fff913f340f7043e336dd649a8989a43847377057864f444f70546e9534a03242704434e

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX55EB.tmp\D3DCompiler_37.dll

Filesize
1.4MB

MD5
ea752dbce35045d3c830dc16578cc8ab

SHA1
0a9bdf391ccdd113fde4d10f0afc80d54df01259

SHA256
715876d15b590936e4d32602a764d810650eec134922b32eea742e2fa71791c1

SHA512
3cf5e79062203d39fdb74e789e22405b93de126deda3d698963682d51f264cafe9a91d433312bb7976fa9b50a4798060fcb97b6de7f0dd422eecac2a922e31dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX55EB.tmp\Mar2008_d3dx10_37_x86.inf

Filesize
1KB

MD5
1242da12c637d5976af936f60f387c26

SHA1
a6890fa9d41f6785d54a7d3e1b229b64010089ab

SHA256
bae3bc2b7071d2d1c657a87a8c8af6c0fb5373f11c9aa5f61b406924717d0792

SHA512
7fcaf6ac1a8166e8c68d650dfea40bf329565d4ef92316ed0188a252736c9e288cc8f7d017b0de4af05245d1bf94a85b2dc72a93c618a1f2caeda45fd84a6a09

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX55EB.tmp\Mar2008_d3dx9_37_x86.inf

Filesize
1KB

MD5
020d1260794d5780937f0f7a919cd62d

SHA1
511ecd1186deaf129a5532b79fc776a9ab8fa9be

SHA256
d55858e166a2fe00d4acc30da756f0ab2c4dd5a79a9874eab3100722c74a1b75

SHA512
201e24e51dd859c35fa9d0a403993cb0b2eba67effbc598ca4491f05bff4f0805731b1e7cf6026b7dff9fbc3167c16b43887f080fa40ac11c6ffe09297401f9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX55EB.tmp\dxdllreg_x86.inf

Filesize
724B

MD5
8272579b6d88f2ee435aeea19ec7603d

SHA1
6d141721b4b3a50612b4068670d9d10c1a08b4ac

SHA256
54e098294ef0ad3b14b9c77642838b5992fe4573099d8397a1ef566d9e36da40

SHA512
9f1311803db1607e079b037f49d8643daa43b59ce6eafb173b18d5a40239a5515091c92b244ffe9cfef2da20530fb15deb6cf5937633b434c3262e765d5a3b21

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX55EB.tmp\dxupdate.dll

Filesize
169KB

MD5
100579f342e52c44be2a2d3ba10e9fb4

SHA1
cb6c032d6baef23ec383d0ad59958f657d6011d0

SHA256
b883befd540a9e9b4a0d78f114ca2b5ca021576b96c0b3b37c57054dc20b5e43

SHA512
d871131b724dfefea713a5e12367666712225a15d563ad5e54b19bb8f6ea88ebc28288e8f216e7f1d0d17a953219e5981913dd32a70b0100b07c7308ee9f7575

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX55EB.tmp\dxupdate.inf

Filesize
9KB

MD5
13374c52428d828df1975276472992db

SHA1
c074450a3ccbbea2de080ac234ddcd8be950e2fd

SHA256
534266940381f1f2e3e8488ea288add17d630cea24f344b921dacea80c3155a4

SHA512
031bc2df4276200a3ff54bacafbfa33d4c4d8f2ed2a7d04db326149e83931ca1854dfa2fbbf5a72ac04c71353b733133bd6b34542b4bee404683520a27e462f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_is51BF.tmp

Filesize
1KB

MD5
8412e347e73df1cdd4d8bfea7e40e5b6

SHA1
06248cc69d27d5813dee4f52730670f5f1df2681

SHA256
37645e6c2d0d1a68db6a8a24c2f36cf4b4b770a2847222936d5dda7dd4b18bdd

SHA512
a2ecca8b7bd2844bca639243544dbe6d762c263a18b9d63e94ad378c36fed37213f452ddbc82ffc0aa7e50091ff210740729cf6594ee4b354eb28447521643b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_is535B.tmp

Filesize
156B

MD5
7cedc99c9d1955319d34ddbc6dd6ed9d

SHA1
e38e1545adb0d371d0eb922a7c9b058de1ea7c7b

SHA256
c19098b45bdb910ad33c9e59060009359d89e38ac6cc639dd7662c0522ba8383

SHA512
48d9bfe3fbad1e5e7b86d593a99aec5d1ae35408f13fbf00fc0269808429d7159a7b0499f64133752eaec13d30907b7c1b779b39d32113bb821405d256e8cec9

Download Submit
C:\Users\Admin\AppData\Local\Temp\issF017.tmp

Filesize
1.3MB

MD5
7e002b610be7d5f166ab9c139cd5987f

SHA1
1362b742c4615f07f5f365741806fc0db2b98a0f

SHA256
e3b53609b8249b4084de53b6a379ed33a43b691a2a2583c66b722af9475b196d

SHA512
4bce910f80b77955e4cd34dd75b71c268e0365b583417298f5dfa02d950f12200eccf9e7f4819ec856515f19e180f9f22ada44b35098d156b21d2362bb2705eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\{081D6D42-C5BA-48C9-89A9-6D98A47CE16A}\0x0409.ini

Filesize
20KB

MD5
36affbd6ff77d1515cfc1c5e998fbaf9

SHA1
950d00ecc2e7fd2c48897814029e8eedf6397838

SHA256
fccc7f79d29318d8ae78850c262bac762c28858709a6e6cf3b62bcd2729a61e3

SHA512
2f29de86d486db783872581a43a834e5064d1488bc3f085ddc5a3287eb9ee8a4ce93d66f7b4965cafb3c4f06b38d4b0fcfdc0fcb1f99d61331a808e5d6011808

Download Submit
C:\Users\Admin\AppData\Local\Temp\{081D6D42-C5BA-48C9-89A9-6D98A47CE16A}\PLC500.msi

Filesize
44.1MB

MD5
d021489e8e31b5dbcc13adcd43684f44

SHA1
2a3a9e1cdd6ed722f77fdbfafa7c2942f547e39c

SHA256
a828504b9775efafc8bb5b79a39c386f91e662a280212c773c17050f1947192b

SHA512
7045f51ad152225fad29f850d3dcd48fe0820cc52053df2ed43c3b0bd38eddf1d843b89724241b5e72edca22f9ccb974cffaa7466f20d2177c016534babd3fce

Download Submit
C:\Users\Admin\AppData\Local\Temp\{081D6D42-C5BA-48C9-89A9-6D98A47CE16A}\_ISMSIDEL.INI

Filesize
272B

MD5
32ef0ec58b5e22330da6c6efb064249b

SHA1
35826ca4fa7911c4e1656f039b6203c908b271ee

SHA256
f95a08f86a442424f9403783a596c29ecaeb86b274c5f8d8cf72724bbd7c31fc

SHA512
e39fe814e27731168def356f6105a8fead36378f07b94ba32e1db5403f69a87c453df7d5187780474e56c9e1696acc9332a72023f8bd47642791fb1ae1169932

Download Submit
C:\Users\Admin\AppData\Local\Temp\{0C5D042A-5009-4BDB-A33C-69889D629BDE}\ISBEW64.exe

Filesize
104KB

MD5
41cb698f967b4d9f2580ea2a21a5a710

SHA1
1e2db1ac09d0cfbd6601b95c2a1d78a80f78e236

SHA256
10205dd8642824f9c81f32e73d8402e892a839b71a13b3816f548f3805fded8b

SHA512
7e2f439d2ca8369c771819f8d137ec96822ea63ede9b34b10946343ea14b0b1cb3b828d43c17fb3c6c6ac8e2bd7aec4ee77dd6cce861706d476af1150d85a158

Download Submit
C:\Users\Admin\AppData\Local\Temp\{0C5D042A-5009-4BDB-A33C-69889D629BDE}\ISRT.dll

Filesize
255KB

MD5
0ec6b3d99d56f9fb9078b24d3b5ec4eb

SHA1
f56262260561f5c342661a4956ee96eb1c84946a

SHA256
eccd250aed9710a4b58f09bc2eea62bc5f9e181efd85dcbe2aa11d61f7a9c520

SHA512
3267e8648b599cedf84a8b2fff8405e6c0662264fed9707e0c89791d4c9e33845576bd96cb3d17621d5e4cde5cac07526e11791bd0ef8017fcc4b441ba304465

Download Submit
C:\Users\Admin\AppData\Local\Temp\{0C5D042A-5009-4BDB-A33C-69889D629BDE}\String1033.txt

Filesize
169KB

MD5
fa4ce2bb6f1bfb86f2daa1bf28b3b699

SHA1
b73af42eabde7e93882ab96ee1af207d4364c967

SHA256
bc2a5bfcee200b7352c6fa01810215ac8f49c7c1ae491b61c3adfc84e1172c6c

SHA512
ac0dd0c08599f9806c8c72a19d6391da2df8a600abcd4bac6dfe8ad8c5e0b3b5fb3bb064c5642f9399be9ade1ef83983170d6faaaae7f48c9ae16ef9f25d61c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\{0C5D042A-5009-4BDB-A33C-69889D629BDE}\_isres_0x0409.dll

Filesize
540KB

MD5
8938d3d18b09e92eeb9c403593365eb0

SHA1
7ce126881e50f3d62b24e86fcb213510db33b9e4

SHA256
1df36449f88bcfe640ad648a75b0830a82eafa38cd43f069dd6ddaee8144f975

SHA512
ad1b5e8cc1583e036ee2a6b2b640349f23d60e45f61edbf38885db8473488dbc55b3c82ea33a711b8701fca6f457b44d86cf337631f44e67476bfd99b072a3de

Download Submit
C:\Users\Admin\AppData\Local\Temp\{0C5D042A-5009-4BDB-A33C-69889D629BDE}\setup.inx

Filesize
255KB

MD5
9d0f608cb3a278833842548f2f410578

SHA1
64d731c6d22a63c0ebeb5ffaa11b14ad15cf9f0f

SHA256
c5b49a4c723e668e44969107ed8f27fa4b3030cf2c499729d7e5b96248c20a1c

SHA512
9512b3f4315e0e043a4ed087920908b8c9b720177e1780b9f382da18eb797c535180fc490cba68dfc97c0d3e9e50ad2b1ec99fd9b3e770846b9c125d741dc224

Download Submit
C:\Users\Admin\AppData\Local\Temp\{50A4D9C0-EDC3-4446-A46D-9FB9BDE82EA6}\IsConfig.ini

Filesize
162B

MD5
9ddbd80a482e1d1dc67d5f2079a0a36a

SHA1
2055e358c869357490640839dcb28c99aaa657a6

SHA256
7f8ca1d0a0eb3c02a49e845f5e20f4650f35758ecb2ec31112633234843c46a2

SHA512
aeb46e615f161c085277a3b8e5ac7b8d919a83f7e5bc62b91687b8d808c20e015967b18ad0f901c5994586af8c11dd58e4fe916616a4329aad37bd566d499acb

Download Submit
C:\Users\Admin\AppData\Local\Temp\~514E.tmp

Filesize
5KB

MD5
8d5ced8de599fd7368f607e11a3b98c2

SHA1
0f3020b9089e3c6b9bbef49be3c2a15d05a2c04f

SHA256
3d8607dace2a8f2795f793f1f43ba650095017be135eae4ae90d35ca9cb25ab7

SHA512
3797292ea1669d500f4bb8570ce30c79d5b721f7051a3f985789de1a2f96a965737bdc206b8ca79cdbea4a70289f2473274c7ab242ab573de13a8e208158b03e

Download Submit
C:\Users\Admin\AppData\Roaming\LOGICD~1\Redist\Mar2008_d3dx10_37_x86.cab

Filesize
802KB

MD5
688b93db276c78fd21906205310b7469

SHA1
b48eb72fa44c075db4d10307116cd4efbce14bf2

SHA256
e271c4c5fe2c8e70e3649db10a233130f27658172b5977e793d0892e85ed276d

SHA512
dc85bd3d7a9f475133b7d0674c75f0203c7a3fa33898acec74ca82e7c3a1a9ba115569fe4c6b8636e5956c7284f69c6f1322b09c022610a26d4bd347a845beff

Download Submit
C:\Users\Admin\AppData\Roaming\LOGICD~1\Redist\Mar2008_d3dx9_37_x86.cab

Filesize
1.4MB

MD5
6c4b157295949e045308792bb8f9f431

SHA1
003323c4a24a84c926cd94954d9bda45b529f9d8

SHA256
3fd2e447e019cef80f4639ef798ad96deadd77a51b9651c8d9d049c74d4c5094

SHA512
c5ea5b6bd7d0048b04e0f86fd62e2b7b585eea1081d65ea3a7ad90f91f01b8a211d9eecd3723a70ebf7602cb5ca29bf9096f1148f087007311eb2cb4ccd2fc46

Download Submit
C:\Users\Admin\AppData\Roaming\LOGICD~1\Redist\dxdllreg_x86.cab

Filesize
46KB

MD5
f78cfd50fe06ab88a45f0823a39d694f

SHA1
8087109cc5b9bc305ec903866fb902a95bc2d8b8

SHA256
a3c65fc07ac5a00784eca94596ceb4558744e2ff29a9305836956f3b7e017e70

SHA512
2c0497bee59b5a616f3d39ed70ac8744585b8fcde911c6316fef13e4de559a41b30b47dc041fa88372c1ff5b970f8d135e7b92f580de7c8a08b307244aeff69f

Download Submit
C:\Users\Admin\AppData\Roaming\LOGICD~1\Redist\dxupdate.cab

Filesize
95KB

MD5
a86ac87e110600a0f968338f03540845

SHA1
cb9ae812b9357f6c9917569a7700bc3e2e892787

SHA256
ab660614d28cc343e16217223c06984c82160b432dbb104bd39ea20535dfdfc0

SHA512
5ff1244bbfd154b7cbfb5486618ab7499bad8599196e3efba6833f6c4b4b9192d6d92fc0c389ce208aea19c0b1926d12d909ff85be900151850c00b52896bb94

Download Submit
C:\Users\Admin\AppData\Roaming\Logic Design\PLC500\Ladders\BatchMixerFigure11-17b.RSL

Filesize
4KB

MD5
eaed57e3ca739c431810e57fbd4403c4

SHA1
fb4251841ebfeab775ec0c3a0698e2135fa41f7d

SHA256
088688cbfe9ab8e92c04503e86e59a1b2b7f60298fc8cc36d7ca425959b0b339

SHA512
043db53a8c2a35bd21499c07c3e29a85958d126e32b77c3e19d1123f164958ce83c59f616a83d4683f86ee107998e762696871f2bb7f0c04830dd606e5a1d957

Download Submit
C:\Users\Admin\AppData\Roaming\Logic Design\PLC500\Ladders\BatchMixerFigure12_30(a).IO

Filesize
2KB

MD5
51fdfe3e6e28a91820d94c1e7a70152e

SHA1
ca674da6e86f545434df4c0207be0a41c35b9e8a

SHA256
6e1aaf12e34f3fad9ae8312f09ebd55f2214c953a0cb97e0cb9add15badc7a04

SHA512
d5921b7a925f2658a0b2fe650084264f64206ab980583c5cf83c3527c7a9d606c8fc1c441ec90f0d64e703e1d5c378f9a36c26a1eca0b84dcbda2be5e380cdf8

Download Submit
C:\Users\Admin\AppData\Roaming\Logic Design\PLC500\Ladders\CARWASH2.IO

Filesize
1KB

MD5
059c6c4521c39ed6d1e2234ed91122e8

SHA1
6c1108fa71f4dd63173719d6eac178dcc2dcc6eb

SHA256
871242c305b7f62e9cfffe9cc5fac8c638009ff82d3cdfa98d262b7ac1837657

SHA512
5a3b79e7394edc380ee07e95ce73d0b7b8a7eddfd84c0d225d034ea3e9759ab7b93d83edd36a221c0506eaef62673b690f48416be1f04d34d60a3f9c9e34d6b7

Download Submit
C:\Users\Admin\AppData\Roaming\Logic Design\PLC500\Ladders\CONVEYOR_CARWASH.RSL

Filesize
2KB

MD5
8fcd7a4296ed408678e0e750cbea46fc

SHA1
8ac4a0e9289ef071aab80c2db3b6f18e70c56d22

SHA256
f54a0886ee07dc8902d7cdf0e29c85565f673094ae715965c69d90eceb55ffde

SHA512
4e16e6e6326734269ccf46d3ecdf89f41dc102ac7d3571af4a3376abe25564fd2fe444abb9e517f756bed12a321096d00f7f4f67e603064a5a5f91ea206898d4

Download Submit
C:\Users\Admin\AppData\Roaming\Logic Design\PLC500\Ladders\Example10_6LabProject.RSL

Filesize
7KB

MD5
090eb79eb4ed0933b20814c1c6acc15d

SHA1
bba946a657876834076e3e3e86ff8cb75eb004b3

SHA256
e88e39eeda58e5d0905caab4bd27e76991314c4ca399cfc4669454b5b3a70ae9

SHA512
98b3259114e8c1b475f46737173b1140a78be9f60afec24f1053334e3c1efd3c68074e9c3269aaaf6884904bdab5790d35856edc7308c6e4806601a444849a6e

Download Submit
C:\Users\Admin\AppData\Roaming\Logic Design\PLC500\Ladders\Example10_8LabProject.RSL

Filesize
9KB

MD5
655c224b2d9ee02d1c9df38bb70f6b04

SHA1
d86b1e8afbb505accd561aa09d72f4036323426d

SHA256
8274ce54657b0a7c35fe7b56be6bbcbb58d28e95ac0e594b8d4f64752c14a2b3

SHA512
90f5f22d3ef9efe8fd5c2e527c70943a2dcd7a7dd47a30916c282647107ba80c224fd7fc91a7b00ec6783b0b6095f2fb74e9fa11f902645d415877a075127b77

Download Submit
C:\Users\Admin\AppData\Roaming\Logic Design\PLC500\Ladders\Example11_8Solution.RSL

Filesize
5KB

MD5
d60a34cb896ceb7a5fc02bee07cab726

SHA1
5477ad408687d7c15092129b8f24ae6857deec1d

SHA256
ca059e45d6adef1dbb48e299c57aa33d8c096a776cb3fd22ea18e26b4fcc7523

SHA512
ded2154e75115472b756accd11a281806c88e995cb76b0c7df4656e9d6de355149d18d2c6889104005e2943f4ba13e84273a3c16624df044268c320790702b9c

Download Submit
C:\Users\Admin\AppData\Roaming\Logic Design\PLC500\Ladders\Example14_16LabProject.IO

Filesize
1KB

MD5
2f448a7761a2d4e40f0221f923194ac0

SHA1
9f32a6f00b915135cc3e8fdf90639773fb76c7e5

SHA256
197e2678ad9e14d0d3c7c6ff6cecd29330526a03ac6503f25e942dfba13662c9

SHA512
e392c50e0c2198ac801a1e4c7a4977338a8844738e91d48f5effdae50f271569eb18a24488860fd19c7b4a9c5c05750187f43f3b720ee96ecf8cd06f2ba3da51

Download Submit
C:\Users\Admin\AppData\Roaming\Logic Design\PLC500\Ladders\Example7_11LabProject.IO

Filesize
1KB

MD5
d13a35b3793eb4b9cad368c6edf24128

SHA1
068da95ff656801c3e595b2b4c7dcabf9eef9477

SHA256
9064b7cf46d3a0f38c20eaff4ed37f99c8f910bd8933bc92693503b87e088841

SHA512
52e9922411b87b1a41c22d0c776675eaaefe18217023539923a5a9afd66be2fa052536a7fd0fa58c75d1025ec805043fcae327521bde892fc44db4408630d134

Download Submit
C:\Users\Admin\AppData\Roaming\Logic Design\PLC500\Ladders\Example9_9LabProject.RSL

Filesize
3KB

MD5
89d0931a22ce3c69070b725b464ab9c0

SHA1
e69c3caf3d57f01e722a512e7a5e90fd485f77ba

SHA256
0e8fa43f2fb12dc0fd8597227972cfa8abe968ac1c4f118c770d7e34f20a9ee5

SHA512
2f80e37b5205ae7cec7041bd5e7d7c1c9447b83be3d895b875e52403d0b2b307ad1372c9b26b5a9d9285047544e0c0ac465a498b1140334a51a8b1db0119e544

Download Submit
C:\Users\Admin\AppData\Roaming\Logic Design\PLC500\Ladders\PLC0101.IO

Filesize
1KB

MD5
6f3a90855c7359e9f99f0560f794a2ee

SHA1
0c4e1261cd3546e49f4f28042bef989bee7d4007

SHA256
8eaeb6f24f1cca2bbd38d441cfbc67c14c8642bec167b33cb5d42407e1c2f407

SHA512
a752609f6fa35ca99c93ef6a1d17138efc14a2928db67dff435943bc3024837802c48ec3c40952490f57f95788a2fd2666d9bf999f75f52cf9462fec5a1c2f05

Download Submit
C:\Users\Admin\AppData\Roaming\Logic Design\PLC500\Ladders\PLC0803B.IO

Filesize
1KB

MD5
ceda9b801414edfb5ab45569b14ad1c0

SHA1
df48618ee8649b336898733feaddf437facb5ce4

SHA256
cd4cc20c6bd6868cad3b8642dd603def8fd8902bba2bdb9a1592d7fb0ca8000a

SHA512
8a2f0412950734152f79ff1d2629f90eb61c406434cc4dd3cb29420bacbef09887546f4345a791d15f177de8c2478497bf7641cad26e9b57b5268d323a253536

Download Submit
C:\Users\Admin\AppData\Roaming\Logic Design\PLC500\Ladders\PLC1012B.IO

Filesize
1KB

MD5
081c2614b2f9897cdf674c6d2a961755

SHA1
9cc3219e4116e563abd7d0165b7085ed39e692ed

SHA256
b87ae594747ecad1ecc261da207e55215c3e11dd0e8ffed72e032ed2664305e3

SHA512
098a467dbf7af3faa028a357425d1e8dc1902f4608baacee3d933b3caf41cd64ba046e195d8ca83009cd6c1dea3cbf630911914455d906751973a7a50709504d

Download Submit
C:\Users\Admin\AppData\Roaming\Logic Design\PLC500\Ladders\PLC1116.IO

Filesize
1KB

MD5
b813a992a6e09f6fef43306daffc8298

SHA1
019a79d64e3fbb39b072bd761198fe64070b434d

SHA256
bc00b152bd636421225bc5640a027d54109d8bed563b3a9aa0f91d18e21abbb9

SHA512
221e12a4eac268f150e4d14075869bf7fdf93d4dfe17ac73164c249a2cbd4d78bf58154b51173ae9df916ea0b8d3843dfbd1e4a5ac7ac062b23749f836107be9

Download Submit
C:\Users\Admin\AppData\Roaming\Logic Design\PLC500\Ladders\PLC1206.IO

Filesize
1KB

MD5
eb73374cd4b682db256af8cd9359b819

SHA1
bee615e57913e9e3ad13a8ec0cf506354d49f35c

SHA256
1b6f0768b28c33e1c8acf79f72d37e8126bb92b7e564ba473101c8ccc27f36bb

SHA512
4208f6c62f30ab7319b559b0c4f015d02567b705ef20aee00409a065f0656030093a1ac01b09e12b9bf5b2e8ef88de910456abca91dcf49d738630303e285d38

Download Submit
C:\Users\Admin\AppData\Roaming\Logic Design\PLC500\Ladders\PLC1433c.IO

Filesize
1KB

MD5
3972db0d40a53999664b7cd43786af20

SHA1
d759ff6fc364e9c1d70bd8126cfd8a2c0058df84

SHA256
15eb7992c37d98b3fe6e300a12a994de8222daa0e8ab943dd028af1fbf7c71f6

SHA512
21007d3af029d2f73fd114451a46df96a190284e7ed037ce975be8eae2305487f7608030394e92536fdc4a96a236370dd8ea7726da4dbe6aa91bc47cc26b9753

Download Submit
C:\Users\Admin\AppData\Roaming\Logic Design\Redist\DXSETUP.exe

Filesize
515KB

MD5
652b2aeba971bfa6c434a357db9d86bd

SHA1
760c1fa0f3037237c33ad89b92e01a8f66781e59

SHA256
34adf06c2d8a4421c40bd213cfbf3ae187a5c08175c7338da2cc0ab26c98fc95

SHA512
7530f4786b0eef5c5ccf771e20705fd6d3ba2416b0122169c7ec2d2984d4089c7eec78737c24d88476e86841cd87e49fe17edb3983c81ca3066b2dbd33723e50

Download Submit
C:\Users\Admin\AppData\Roaming\Logic Design\Redist\dsetup.dll

Filesize
95KB

MD5
e65155115930e065598d3078200be792

SHA1
c549f98c47611c73746784e3ead28aa9fddca154

SHA256
47730b2a02878b7836cd2ba451e0fc6c16ca8b20434124402a9a53ff5dedade6

SHA512
9e8c5cd26a34904019e537b87db0b8c76e940ec93875d78f75cbe314e16de53e9b9c14300656dc7250a2bad375c8dd5cad9006c2a1d929c10dccd6d42caf2fad

Download Submit
C:\Users\Admin\AppData\Roaming\Logic Design\Redist\dsetup32.dll

Filesize
1.6MB

MD5
956ec4ca5133ec03a4889af588b99e87

SHA1
37cef56f8c908deab9ab2647589600cbef18ce60

SHA256
cb77ba5843f9c33f9e86c16148195f424ce078a825847292a2c5cadb80d0d1cf

SHA512
60cf5c488a0e32fa1b57e5a31ce95a681cde39a6801eb147fa06f4a259849237bc9a482501f13bb0599f3e6678490be773c9a2a5299f4a215ec024bd370859be

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{9B6A6393-DE9E-4477-972F-29045CA3903F}\NewShortcut1_FF572750D3DC44C9A0FB7BCDF0233D45_1.exe

Filesize
60KB

MD5
2350e1f991c3c28e82cbb07a7dadd5c5

SHA1
c83616dd15e6c5fc52435ec6bb962780ea6163fc

SHA256
4663305e5a04f5a1477e0fde4d464cb6ff23d9e83a901b578b958b905416f9e2

SHA512
1e2a38cf0a7ae68a865b6a2f5b9299851a0d94cfaf1229d8de2f8fc7af2f6fde462800253b2cedaf6fec281df0c6dde4c4b94bd253e677dcb0833774e7dde5e7

Download Submit
C:\Windows\DirectX.log

Filesize
15KB

MD5
4ba51de493bd6332b5056b922a3616bd

SHA1
f5ee2056f7c136724c572157849245ee52bd6102

SHA256
df165592bce208cbb7c07ed63fb0bc6775aa33659f06cd628c341f4df6686fac

SHA512
4575b4bed6c4dc7e2a2e2af56680c82243135543939d927acffadccdae393e2d9c7712491b4b2424d063bbc33b7a74b17bbf0fa528433973836576e63abfefcb

Download Submit
C:\Windows\SysWOW64\D3DX9_37.dll

Filesize
3.6MB

MD5
ac3c517fb0fbbe45fe44007bcd3625a7

SHA1
eabe1601d0132882c7226a4ed04fbbdd5e8f0db0

SHA256
c2ccb84c672a9d8966e82a28005a4269886ee304972ac3590c0b8a9c1622a3d8

SHA512
89b44142355c494f2a21276d0629f3536adc0dd7cec101a1f2816031afcc8a96f94663ad46744c772d6b63d172ea62e9b957d6292e4a6184f958576f62b05836

Download Submit
C:\Windows\SysWOW64\comdlg32.ocx

Filesize
137KB

MD5
b73809a916e6d7c1ae56f182a2e8f7e2

SHA1
34e4213d8bf0e150d3f50ae0bd3f5b328e1105f5

SHA256
64c6ee999562961d11af130254ad3ffd24bb725d3c18e7877f9fd362f4936195

SHA512
26c28cb6c7e1b47425403ab8850a765ac420dd6474327ce8469376219c830ab46218383d15a73c9ea3a23fc6b5f392ee6e2a1632a1bf644b1bd1a05a4729e333

Download Submit
C:\Windows\SysWOW64\d3dx10_37.dll

Filesize
452KB

MD5
4a43e9a2b17e4cafa9cb5fec0b5b686b

SHA1
9e28d3d197958e65ab8dcaac91fa55cd1991c3f5

SHA256
61aaf973712f848b24c3e769e3252248ece96db63f206de0ca7ff43d9ed87a51

SHA512
8411bbd130427b690332d222233465bf79426670f565ac3b01a71929dadcfdd18002c54d60981dc1f202e6625f99ab73451805d64518fad9b5a9793407df2d71

Download Submit
C:\Windows\SysWOW64\mscomctl.ocx

Filesize
1.0MB

MD5
714cf24fc19a20ae0dc701b48ded2cf6

SHA1
d904d2fa7639c38ffb6e69f1ef779ca1001b8c18

SHA256
09f126e65d90026c3f659ff41b1287671b8cc1aa16240fc75dae91079a6b9712

SHA512
d375fd9b509e58c43355263753634368fa711f02a2235f31f7fa420d1ff77504d9a29bb70ae31c87671d50bd75d6b459379a1550907fbe5c37c60da835c60bc1

Download Submit
C:\Windows\SysWOW64\msflxgrd.ocx

Filesize
238KB

MD5
06ee7bb3c681b9fa8af4280a154ee133

SHA1
479eda4aaa877cdb0e27583c43209eda9a474acb

SHA256
f2a67eb2888d8889c45576c037197c310fbbb00bb79089760508fdb132c690d2

SHA512
c3909b35ca4cdae2e1f947a30874109d44c8b3493ada46a2f05a4d7c3bb420c74e70bfb0ee42a0bbc000f674f94f7efedf20f5c80aec9311210d7b64c7499940

Download Submit
C:\Windows\SysWOW64\tabctl32.ocx

Filesize
204KB

MD5
908938d3ba2d870ee9fc6238a4c6af95

SHA1
e8648d6d69fd5cf900c4bf98b210f6921bed3ef5

SHA256
40cadbfb2eb5732f025d687664f34239db7153a192bca0287f9208852b201fb6

SHA512
f9433f48330f7ddc64edb8a64229c1490fa31978e9f4ffdc5fa5ff8b18430317a39a07a559d560051ba195b730429acfb18edb38bf712507b00ac788ffca0b74

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
12.8MB

MD5
2766173c47515879512749dd3da6eb32

SHA1
15209d78a2f97fb05d8c97ee25ed5e94468d1ab1

SHA256
a0c6d6acbe20b4c40c368f553af1a18c0d81376b91ff63693794fa431723cf60

SHA512
3eb5851ceadb4cf24c2895bc167b533ace42a2f3037ca73619ca747f98d8ee3a7338adcee266bc740549f78754ac83b760593ec20436f1cc79b418c74b85892b

Download Submit
\??\Volume{74554a1b-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{491e0def-89d2-41d0-8b91-5d2bf39e9383}_OnDiskSnapshotProp

Filesize
6KB

MD5
5160e8962665a8566f79caf3a23f8b9d

SHA1
b4cd59aefe92f3566330030e488dd4170ad45111

SHA256
70c3144082e66356592f61aa9d7e7b7ab3c6eb3bcf9a3a17b40fafd24817d3fd

SHA512
cad925ebb0d2f6fc2e15cb080cca9065262acfeb50a2bb80d6ca7852cf9f45c609689252abc0f1c9936ed3bc917690f11f5ad46400c7afb99def3ceab3fd2a92

Download Submit
memory/4548-3821-0x0000000010000000-0x00000000101B4000-memory.dmp

Filesize
1.7MB

Download
memory/4548-3840-0x0000000003030000-0x00000000030D1000-memory.dmp

Filesize
644KB

Download
memory/4548-3841-0x0000000003030000-0x00000000030D1000-memory.dmp

Filesize
644KB

Download
memory/4548-3845-0x0000000003160000-0x00000000031E9000-memory.dmp

Filesize
548KB

Download