Analysis Overview
SHA256
b41f32b58a179da7f4b53a015779e6b73ef28b22a7dac3525f7cd768a524d112
Threat Level: Known bad
The file setup.exe was found to be: Known bad.
Malicious Activity Summary
Privateloader family
Executes dropped EXE
Loads dropped DLL
Enumerates connected drives
Drops file in Windows directory
Unsigned PE
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Modifies data under HKEY_USERS
Uses Volume Shadow Copy service COM API
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Modifies registry class
Suspicious use of SetWindowsHookEx
Checks SCSI registry key(s)
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-09 20:21
Signatures
Privateloader family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-09 20:21
Reported
2024-05-09 20:26
Platform
win7-20240508-en
Max time kernel
117s
Max time network
125s
Command Line
Signatures
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\G: | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\T: | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\R: | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\S: | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\A: | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\H: | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\I: | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\K: | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\N: | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\O: | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\U: | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\W: | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\B: | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\P: | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\V: | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\E: | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\J: | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\L: | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\M: | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\X: | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1672 wrote to memory of 1256 | N/A | C:\Users\Admin\AppData\Local\Temp\setup.exe | C:\Windows\SysWOW64\MSIEXEC.EXE |
| PID 1672 wrote to memory of 1256 | N/A | C:\Users\Admin\AppData\Local\Temp\setup.exe | C:\Windows\SysWOW64\MSIEXEC.EXE |
| PID 1672 wrote to memory of 1256 | N/A | C:\Users\Admin\AppData\Local\Temp\setup.exe | C:\Windows\SysWOW64\MSIEXEC.EXE |
| PID 1672 wrote to memory of 1256 | N/A | C:\Users\Admin\AppData\Local\Temp\setup.exe | C:\Windows\SysWOW64\MSIEXEC.EXE |
| PID 1672 wrote to memory of 1256 | N/A | C:\Users\Admin\AppData\Local\Temp\setup.exe | C:\Windows\SysWOW64\MSIEXEC.EXE |
| PID 1672 wrote to memory of 1256 | N/A | C:\Users\Admin\AppData\Local\Temp\setup.exe | C:\Windows\SysWOW64\MSIEXEC.EXE |
| PID 1672 wrote to memory of 1256 | N/A | C:\Users\Admin\AppData\Local\Temp\setup.exe | C:\Windows\SysWOW64\MSIEXEC.EXE |
Processes
C:\Users\Admin\AppData\Local\Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\setup.exe"
C:\Windows\SysWOW64\MSIEXEC.EXE
MSIEXEC.EXE /i "C:\Users\Admin\AppData\Local\Downloaded Installations\{1AFEE24F-4C66-4B84-ABCA-CB8B268CE1CB}\Mike's Easy BMW Tools.msi" SETUPEXEDIR="C:\Users\Admin\AppData\Local\Temp" SETUPEXENAME="setup.exe"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
Network
Files
C:\Users\Admin\AppData\Local\Temp\~363D.tmp
| MD5 | 9b5f48e753542fe2cfe1a04370a3121f |
| SHA1 | 3af32dbee6487055ac3a3cccb009cb689632f9ed |
| SHA256 | 06d4f584647803c8a042dc79b6cf1de5afd41db016dcd9531e00d92ec703da12 |
| SHA512 | 93c2222c126f4339ebbb7be89f4a635df1ffc52a383768a4c3469274cefb9c33b665332392f8be1b6ae6b9771a17736c26ff757ebd909ea760e2128388fe8ddd |
C:\Users\Admin\AppData\Local\Temp\{6D9F65C6-B327-40EA-9286-CAD0D167AEC7}\0x0409.ini
| MD5 | 8586214463bd73e1c2716113e5bd3e13 |
| SHA1 | f02e3a76fd177964a846d4aa0a23f738178db2be |
| SHA256 | 089d3068e42958dd2c0aec668e5b7e57b7584aca5c77132b1bcbe3a1da33ef54 |
| SHA512 | 309200f38d0e29c9aaa99bb6d95f4347f8a8c320eb65742e7c539246ad9b759608bd5151d1c5d1d05888979daa38f2b6c3bf492588b212b583b8adbe81fa161b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-09 20:21
Reported
2024-05-09 20:26
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
146s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\USB Driver\dpinst-amd64.exe | N/A |
| N/A | N/A | C:\EC-APPS\INPA\BIN\INPALOAD.exe | N/A |
| N/A | N/A | C:\ediabas\bin\EBAS32.EXE | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\EC-APPS\INPA\BIN\INPALOAD.exe | N/A |
| N/A | N/A | C:\EC-APPS\INPA\BIN\INPALOAD.exe | N/A |
| N/A | N/A | C:\EC-APPS\INPA\BIN\INPALOAD.exe | N/A |
| N/A | N/A | C:\EC-APPS\INPA\BIN\INPALOAD.exe | N/A |
| N/A | N/A | C:\EC-APPS\INPA\BIN\INPALOAD.exe | N/A |
| N/A | N/A | C:\EC-APPS\INPA\BIN\INPALOAD.exe | N/A |
| N/A | N/A | C:\EC-APPS\INPA\BIN\INPALOAD.exe | N/A |
| N/A | N/A | C:\EC-APPS\INPA\BIN\INPALOAD.exe | N/A |
| N/A | N/A | C:\EC-APPS\INPA\BIN\INPALOAD.exe | N/A |
| N/A | N/A | C:\EC-APPS\INPA\BIN\INPALOAD.exe | N/A |
| N/A | N/A | C:\EC-APPS\INPA\BIN\INPALOAD.exe | N/A |
| N/A | N/A | C:\EC-APPS\INPA\BIN\INPALOAD.exe | N/A |
| N/A | N/A | C:\EC-APPS\INPA\BIN\INPALOAD.exe | N/A |
| N/A | N/A | C:\EC-APPS\INPA\BIN\INPALOAD.exe | N/A |
| N/A | N/A | C:\EC-APPS\INPA\BIN\INPALOAD.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\H: | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\W: | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\O: | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\P: | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\K: | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\U: | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\T: | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\S: | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\G: | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\R: | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\V: | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\I: | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\X: | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Installer\{CC94D767-0DEA-4D47-AD8F-641268491ACC}\BMW_Coding_Tool.ex_899E10CA7E504F59ABA0CA191D3DF247.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{CC94D767-0DEA-4D47-AD8F-641268491ACC}\INPA.exe1_C6EC8CA68FF942ED94E23AF7F179D2F9.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e58e9b1.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF1EE.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{CC94D767-0DEA-4D47-AD8F-641268491ACC}\winkfpt.exe1_EB056415D74840D3B13E1F0323A6D96D.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\DPINST.LOG | C:\USB Driver\dpinst-amd64.exe | N/A |
| File created | C:\Windows\Installer\{CC94D767-0DEA-4D47-AD8F-641268491ACC}\ARPPRODUCTICON.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{CC94D767-0DEA-4D47-AD8F-641268491ACC}\NCSEXPER.exe_7305A7434B6C4872B111316951E98241.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{CC94D767-0DEA-4D47-AD8F-641268491ACC}\Tool32.exe_BCEAB819CC9B4CC8A7908EC77C8A3C87.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{CC94D767-0DEA-4D47-AD8F-641268491ACC}\winkfpt.exe1_EB056415D74840D3B13E1F0323A6D96D.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{CC94D767-0DEA-4D47-AD8F-641268491ACC} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{CC94D767-0DEA-4D47-AD8F-641268491ACC}\ARPPRODUCTICON.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{CC94D767-0DEA-4D47-AD8F-641268491ACC}\Tool32.exe1_FBFB780E736D4026AB993AFF7D0892BC.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIEF2D.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{CC94D767-0DEA-4D47-AD8F-641268491ACC}\NcsDummy.exe_41203BA290F24D649BE9F8BC250E63CD.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{CC94D767-0DEA-4D47-AD8F-641268491ACC}\BMW_Coding_Tool.ex_DC2B1108826C487CB8621A072D11059E.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{CC94D767-0DEA-4D47-AD8F-641268491ACC}\NCSEXPER.exe1_4435E1C047E941EAAD93B3643D37D812.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{CC94D767-0DEA-4D47-AD8F-641268491ACC}\NcsDummy.exe1_7533673DADEA4765BB7BAA2C484DF5B9.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{CC94D767-0DEA-4D47-AD8F-641268491ACC}\BMW_Coding_Tool.ex_899E10CA7E504F59ABA0CA191D3DF247.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{CC94D767-0DEA-4D47-AD8F-641268491ACC}\NcsDummy.exe_41203BA290F24D649BE9F8BC250E63CD.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{CC94D767-0DEA-4D47-AD8F-641268491ACC}\winkfpt.exe_C8F2E55ACE9547F7997DE018526DF035.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{CC94D767-0DEA-4D47-AD8F-641268491ACC}\winkfpt.exe_C8F2E55ACE9547F7997DE018526DF035.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e58e9af.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{CC94D767-0DEA-4D47-AD8F-641268491ACC}\INPA.exe_0D4E94E4BA914623B19949CFA4BAAAD2.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{CC94D767-0DEA-4D47-AD8F-641268491ACC}\NCSEXPER.exe1_4435E1C047E941EAAD93B3643D37D812.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{CC94D767-0DEA-4D47-AD8F-641268491ACC}\Tool32.exe1_FBFB780E736D4026AB993AFF7D0892BC.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e58e9af.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{CC94D767-0DEA-4D47-AD8F-641268491ACC}\INPA.exe_0D4E94E4BA914623B19949CFA4BAAAD2.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{CC94D767-0DEA-4D47-AD8F-641268491ACC}\NCSEXPER.exe_7305A7434B6C4872B111316951E98241.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{CC94D767-0DEA-4D47-AD8F-641268491ACC}\Tool32.exe_BCEAB819CC9B4CC8A7908EC77C8A3C87.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{CC94D767-0DEA-4D47-AD8F-641268491ACC}\BMW_Coding_Tool.ex_DC2B1108826C487CB8621A072D11059E.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{CC94D767-0DEA-4D47-AD8F-641268491ACC}\INPA.exe1_C6EC8CA68FF942ED94E23AF7F179D2F9.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{CC94D767-0DEA-4D47-AD8F-641268491ACC}\NcsDummy.exe1_7533673DADEA4765BB7BAA2C484DF5B9.exe | C:\Windows\system32\msiexec.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000b7d72a8ac39dc2e30000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000b7d72a8a0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900b7d72a8a000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1db7d72a8a000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000b7d72a8a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\AlternateCLSID = "{6E5311A1-325D-4FFD-9AF4-B373F02AE458}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{3B7C8860-D78F-101B-B9B5-04021C009402} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{39977C62-C383-463D-AF61-C71220634656}\AlternateCLSID = "{6E5311A1-325D-4FFD-9AF4-B373F02AE458}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{6262D3A0-531B-11CF-91F6-C2863C385E30} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{6262D3A0-531B-11CF-91F6-C2863C385E30}\Compatibility Flags = "1024" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{6262D3A0-531B-11CF-91F6-C2863C385E30}\AlternateCLSID = "{74DD2713-BA98-4D10-A16E-270BBEB9B555}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{248DD896-BB45-11CF-9ABC-0080C7E7B78D} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\Compatibility Flags = "1024" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{39977C62-C383-463D-AF61-C71220634656} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{39977C62-C383-463D-AF61-C71220634656}\Compatibility Flags = "1024" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{3B7C8860-D78F-101B-B9B5-04021C009402}\Compatibility Flags = "1024" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{3B7C8860-D78F-101B-B9B5-04021C009402}\AlternateCLSID = "{894BA3A3-3CA3-402F-B4FE-CD08337E9535}" | C:\Windows\system32\msiexec.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{6262D3A0-531B-11CF-91F6-C2863C385E30}\MiscStatus | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{3B7C8860-D78F-101B-B9B5-04021C009402}\ToolboxBitmap32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|NCS Dummy|NcsDummy.exe | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\MiscStatus | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{894BA3A3-3CA3-402F-B4FE-CD08337E9535}\InprocServer32\ = "C:\\EC-APPS\\NFS\\BIN\\RICHTX32.OCX" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}\ | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\767D49CCAED074D4DAF846218694A1CC\AdvertiseFlags = "388" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\ProgID | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{275DBBA0-805A-11CF-91F7-C2863C385E30}\InprocServer32\ = "C:\\EDIABAS\\Bin\\MSFLXGRD.OCX" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B617B991-A767-4F05-99BA-AC6FCABB102E} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B617B991-A767-4F05-99BA-AC6FCABB102E}\InprocServer32\InprocServer32 = 74006600780068006a00600062002e00700040002c0029005000760028006c00280072005a006a003e006b00360021007300630067005f006900700038006800660052002700730055007b006e002c007a00000074006600780068006a00600062002e00700040002c0029005000760028006c00280072005a006a003e0074006300390046003f00480039005a0066003f006c006a0038005d003000760056006c0024004e0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\RICHTEXT.RichtextCtrl\ = "Microsoft Rich Textbox Control 6.0 (SP6)" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MSComDlg.CommonDialog\CLSID\ = "{F9043C85-F6F2-101A-A3C9-08002B2F49FB}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\HELPDIR\ | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5E9E78A0-531B-11CF-91F6-C2863C385E30}\1.0\0\win32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{6E5311A1-325D-4FFD-9AF4-B373F02AE458}\ToolboxBitmap32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{3B7C8860-D78F-101B-B9B5-04021C009402}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}\ | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}\TypeLib\Version = "1.0" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\Control | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{3B7C8860-D78F-101B-B9B5-04021C009402}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502} | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{894BA3A3-3CA3-402F-B4FE-CD08337E9535}\Implemented Categories | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{894BA3A3-3CA3-402F-B4FE-CD08337E9535}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}\ | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352} | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{894BA3A3-3CA3-402F-B4FE-CD08337E9535}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}\ | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{859321D0-3FD1-11CF-8981-00AA00688B10} | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Implemented Categories | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352} | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\KmmServer4_31_1.Module\CLSID\ = "{FF4311A3-F68B-11D4-8507-0008C7F7B21E}" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6262D3A0-531B-11CF-91F6-C2863C385E30}\Control\ | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6262D3A0-531B-11CF-91F6-C2863C385E30}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}\ | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}\ = "IVBDataObjectFiles" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}\TypeLib\ = "{3B7C8863-D78F-101B-B9B5-04021C009402}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\TypeLib | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{39977C62-C383-463D-AF61-C71220634656}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}\ | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{39977C62-C383-463D-AF61-C71220634656}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502} | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|EDIABAS|Bin|NET|4.0|apiNET32.dll | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|EDIABAS|Bin|apivbNET32.dll\apivbNET32,Version="7.3.0.500",Culture="neutral",FileVersion="7.3.0.500",ProcessorArchitecture="MSIL" = 74006600780068006a00600062002e00700040002c0029005000760028006c00280072005a006a003e002800350074004e003800630033005a0030003f00330021002a0060003d0021007700490065005b0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MSWinsock.Winsock.1 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{894BA3A3-3CA3-402F-B4FE-CD08337E9535}\ToolboxBitmap32\ = "C:\\EDIABAS\\Bin\\Richtx32.ocx, 1" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Version\ = "1.2" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB} | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\TypeLib\{5E9E78A0-531B-11CF-91F6-C2863C385E30}\1.0\FLAGS | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{3B7C8863-D78F-101B-B9B5-04021C009402}\1.2\FLAGS\ = "2" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\0\win32 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|EDIABAS|Bin|NET|4.0|TestCsNET32.exe | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{78E5A540-1850-11CF-9D53-00AA003C9CB6}\InprocServer32 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{39977C62-C383-463D-AF61-C71220634656}\ToolboxBitmap32\ = "C:\\EDIABAS\\Hardware\\ENET\\MSWINSCK.OCX, 1" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6E5311A1-325D-4FFD-9AF4-B373F02AE458}\ = "Microsoft WinSock Control, version 6.0 (SP6)" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{6262D3A0-531B-11CF-91F6-C2863C385E30}\Version | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{74DD2713-BA98-4D10-A16E-270BBEB9B555}\ToolboxBitmap32\ = "C:\\EDIABAS\\Bin\\MSFLXGRD.OCX, 1" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}\ = "DMSWinsockControlEvents" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\TypeLib\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\1.0\FLAGS | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\683F74172066309438344F043A9C611D | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\767D49CCAED074D4DAF846218694A1CC\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Downloaded Installations\\{1AFEE24F-4C66-4B84-ABCA-CB8B268CE1CB}\\" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6262D3A0-531B-11CF-91F6-C2863C385E30} | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\767D49CCAED074D4DAF846218694A1CC | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{39977C62-C383-463D-AF61-C71220634656}\VersionIndependentProgID\ = "MSWinsock.Winsock" | C:\Windows\system32\msiexec.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| N/A | N/A | C:\Windows\SysWOW64\MSIEXEC.EXE | N/A |
| N/A | N/A | C:\ediabas\bin\EBAS32.EXE | N/A |
| N/A | N/A | C:\ediabas\bin\EBAS32.EXE | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\ediabas\bin\EBAS32.EXE | N/A |
| N/A | N/A | C:\ediabas\bin\EBAS32.EXE | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\EC-APPS\INPA\BIN\INPALOAD.exe | N/A |
| N/A | N/A | C:\EC-APPS\INPA\BIN\INPALOAD.exe | N/A |
| N/A | N/A | C:\ediabas\bin\EBAS32.EXE | N/A |
| N/A | N/A | C:\ediabas\bin\EBAS32.EXE | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\setup.exe"
C:\Windows\SysWOW64\MSIEXEC.EXE
MSIEXEC.EXE /i "C:\Users\Admin\AppData\Local\Downloaded Installations\{1AFEE24F-4C66-4B84-ABCA-CB8B268CE1CB}\Mike's Easy BMW Tools.msi" SETUPEXEDIR="C:\Users\Admin\AppData\Local\Temp" SETUPEXENAME="setup.exe"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 5A7F04926E10915AC3E2AB8109EB2971
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\USB Driver\checkOS.bat""
C:\USB Driver\dpinst-amd64.exe
dpinst-amd64.exe
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 07FD34BBA0DDC06DD1F9C1E37442DF93 C
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\EC-APPS\readme.rtf" /o ""
C:\EC-APPS\INPA\BIN\INPALOAD.exe
"C:\EC-APPS\INPA\BIN\INPALOAD.exe"
C:\ediabas\bin\EBAS32.EXE
C:\ediabas\bin\EBAS32.EXE -p1004 -t12A0
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| BE | 2.17.196.152:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 152.196.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.179.89.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | metadata.templates.cdn.office.net | udp |
| BE | 2.17.196.160:443 | metadata.templates.cdn.office.net | tcp |
| US | 8.8.8.8:53 | binaries.templates.cdn.office.net | udp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| NL | 2.18.121.71:443 | binaries.templates.cdn.office.net | tcp |
| US | 8.8.8.8:53 | 160.196.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.121.18.2.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\~A7B.tmp
| MD5 | 9b5f48e753542fe2cfe1a04370a3121f |
| SHA1 | 3af32dbee6487055ac3a3cccb009cb689632f9ed |
| SHA256 | 06d4f584647803c8a042dc79b6cf1de5afd41db016dcd9531e00d92ec703da12 |
| SHA512 | 93c2222c126f4339ebbb7be89f4a635df1ffc52a383768a4c3469274cefb9c33b665332392f8be1b6ae6b9771a17736c26ff757ebd909ea760e2128388fe8ddd |
C:\Users\Admin\AppData\Local\Temp\{B7AA5505-3F6A-43A1-BDFE-08972ED674B7}\0x0409.ini
| MD5 | 8586214463bd73e1c2716113e5bd3e13 |
| SHA1 | f02e3a76fd177964a846d4aa0a23f738178db2be |
| SHA256 | 089d3068e42958dd2c0aec668e5b7e57b7584aca5c77132b1bcbe3a1da33ef54 |
| SHA512 | 309200f38d0e29c9aaa99bb6d95f4347f8a8c320eb65742e7c539246ad9b759608bd5151d1c5d1d05888979daa38f2b6c3bf492588b212b583b8adbe81fa161b |
\??\Volume{8a2ad7b7-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{57f86cc4-c238-40ba-a1ca-960eb15d46d9}_OnDiskSnapshotProp
| MD5 | 7d8b93c54d7ae6e68c74d2abe5170b18 |
| SHA1 | d7dc3f8f6d8068f1505eda40c9f3ce823fe56f22 |
| SHA256 | 13693239252ac29c8f727e76b92db6bfbd29ba94c4e9931d0f850d730c1ce898 |
| SHA512 | 11232c4f7408d24dcbc3c224b02ff7669501b4d5b41a92247dd96ab4313a1e021f30e7315802b2655120039c449765208d5c0854c026e0763529e67a7275c80b |
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
| MD5 | 7f283649316ee54c301ae189643e63a0 |
| SHA1 | d20337eddacb0f7c2f59d15845aa2dcaba9a282a |
| SHA256 | 3040fb8b643ad6a84e245e4bd70f72f142f78022682b702b11ede28252da56b3 |
| SHA512 | 8d66b8fc96d8e590b34e18005ed91dfcb655698dc7af90ee01f24dce3381cf8363150a8617e5e51ee1d28478d2a04f3c52d5fdba1ef607a2d2f73263726b609a |
C:\Windows\Installer\MSIEF2D.tmp
| MD5 | 29e4cb02681bf0780985a429b48903ca |
| SHA1 | 474acf63ad259fa06164916259a40ffe8909f622 |
| SHA256 | 3dd81287d4318c25ed9f0afa740c3ca59b746d9a587735e1e33107c14e1b40e0 |
| SHA512 | 5c491bf4357bb1cee86ff0eb9662f6046c32b7e8b8fb406f12e4f866885a25994c34e8f46315f98f116be27a6a7a06c21ca52b030aacb1c1216910ac339500a1 |
C:\NCSEXPER\DATEN\E46\SELECT.ASC
| MD5 | 639708d9167d1928da0379afa51a58ca |
| SHA1 | dec1a5413d3b32c3fe2435436f931b79f2048044 |
| SHA256 | dfb530d238b7d84ccb86ad97c8d1946c7ec6c98210605559194e01ba5fde0cf8 |
| SHA512 | 535c0bfcc2affbc6c3823ec0e7fd119b4811aee894a9e68a4e60bf03d764d9780b51e6d0151119296fadbe939bd1adb56e994a108b160b64e9507be9973f26e3 |
C:\NCSEXPER\DATEN\E46\VARIABLE.ASC
| MD5 | d223890f95b465b653a8fc710b30dcae |
| SHA1 | ead7f261a1f67d91d79bd69189a805b5f6b194f6 |
| SHA256 | 09519558a5ec081b5a7c8b47b6edebdb4620c841e51d3f382870e57f40eb5831 |
| SHA512 | 073a2194b30d1295d59041a4fa09ab7bbbd878d340bcbeef46a2a6a0ab4b9dbb073650e484b7e9389d65c992bb8a28939f30b2a1582c9559b846d300abc39327 |
C:\NCSEXPER\DATEN\E52\SELECT.DAT
| MD5 | b9e1784a14b11e627dd1711a412e53e6 |
| SHA1 | 1a7eb63ff4fa82b8dfd77883097de13f82f7ebea |
| SHA256 | 32c418e0e586e21c267f6f290dc42e5f9e3bf0591f3d03a3ea842584c25b61d7 |
| SHA512 | ead31c08f2438021333cdfc9c6381ad4d82815a17d3a63e39b73e9b59462f8ebbb0bb6f27eb0868b52a3ebdea7fa84a74f38d840af9abfebd6cbecf6902efecb |
C:\NCSEXPER\DATEN\E52\VARIABLE.DAT
| MD5 | f8537d2142afce76f9d38020a1e70bda |
| SHA1 | 7b8cbf946970c82a9412588c5ba1e3a3b33803b5 |
| SHA256 | d063e40a72208d67f4358d1b330dca783008e455cd2aefa7b48623ea9b782cc3 |
| SHA512 | a04488809b2d439e2b7bfa024c38ae94f42330c31813ca15941668e9677674a3a8300c2daa2d6da1414d56828d4b51c583cbcd5c3d591840a3e857a6efa8b5e1 |
C:\NCSEXPER\DATEN\E53\SWTFSW01.dat
| MD5 | 3401238e921aac057bd8985a2030bbdb |
| SHA1 | 5a7d0c5d59e06323d1f3d90f6da7771ac1c55665 |
| SHA256 | 5159bc445a6c4f162c27fd7e142ed1303657cac69e790e58a4044d7d0c82181c |
| SHA512 | a335032e691ce3d0d607ca2d3dc398f7499600db23b9f48bbacfdd881c6e6db25892480600eebd53c771cdebc665b6e22930bf4e18c57baebeb59ffb6816da34 |
C:\NCSEXPER\DATEN\E53\SWTPSW01.dat
| MD5 | 95deb7c31a72179a3384b46403c68257 |
| SHA1 | a0b10e96800a60423c330eee36b96e9699c1f0d9 |
| SHA256 | 3c68ad2721e23b2522a2144604eef46691188746ffda480429b880be06878ecc |
| SHA512 | 5dbba4b48a2e90f3c91c3fb14cbb9c99160fb71aaf68ea05d3cc97b1f6ae89c68aec88f5e7e95400db3cacb10f4955c4c2b0152200efb168688fa925ed517e35 |
C:\NCSEXPER\SGDAT\30RLS260.ipo
| MD5 | 6fa0420b70b160f1676622aa74d14cfd |
| SHA1 | 848d4a7989b02b7803177341509b827974b7dc19 |
| SHA256 | 7107651940476c3620625de2e7724e422db1beab3c960ea1fe3a44ef322a23f4 |
| SHA512 | eb12e5dbe61a19f4aab94d7991cbdcb503b26abb2589481256a91f8baddb87bb781515882792399d28400b6bc8fe659b1ee01046b45d98541654b5c5e729ff25 |
C:\NCSEXPER\SGDAT\30SBSL60.IPO
| MD5 | 8e819267281fd1de68b052388efbc7ad |
| SHA1 | e5e83c1692dbdf8d755e0a497c1bd3db5da4a1db |
| SHA256 | 8d327d1b2d8b8a38adbebad45547c96b26a144a71d13dfc084ffa3534368fd1d |
| SHA512 | 496fe265b93d1ab638274643ffa71860b42a094468ff170808895af9e609ff43b7610a3c0048999ad639b46d6553adee852a18d4e516035100714e15bb32c050 |
C:\NCSEXPER\SGDAT\30SVS_65.ipo
| MD5 | 78f3b937e818e405a6db3b7f0427b790 |
| SHA1 | 0759fd551c9b9d7a0317939e8d45c4df4aaafba5 |
| SHA256 | 2f19b051bc096c00aaa4db2dcc0ae9f4a597b823526fdab2d06a2492da2bf14d |
| SHA512 | 93b47e7baa7f317730ac148a3d3c2c016d96161b41ef365f666c7609e8f8f01bdb04acf3dce9864470afc6e7a1af765f1c916d12587450ac03cdaea823dc7d6d |
C:\NCSEXPER\SGDAT\00swtkws.ipo
| MD5 | 3c7ef1ea8d6bb6e5fa8f9ec65e5b7328 |
| SHA1 | 9aaec440a32a5d4c56cb31c09f6d23103a5e0b44 |
| SHA256 | c750ed6e6ac912fbdbf69bb63f558febd94629bea6f34feb630e44fceaa474eb |
| SHA512 | 3c8963bdd3c591ef0593724329bc4e1ca351467e888090569497714290e48aa3d50db24fb1f7241918e18b1a6d042fcafda8025c1172086a6435d7b6723906eb |
C:\NCSEXPER\SGDAT\110100szm60.ipo
| MD5 | 11de44962abde688a97d548d16b1454f |
| SHA1 | 9486ab58f1eeed575ad7b9f2a716fac07240b325 |
| SHA256 | 93c10f638a9cdc50d9d8f07e07a1b30653476431f6a516b1852a0104561e6825 |
| SHA512 | 342604c6435df752f629b00eb6456a829afa5638460b6c1817a5f425f7a98deb2968c13319c828c56f2d2d0677945c644b12533a58a35e8ea548057fd419be53 |
C:\NCSEXPER\SGDAT\110100VDM70.ipo
| MD5 | aa010e974af5e45262dfb24dd96b5f3d |
| SHA1 | 87cb3a3095abe7ccad8c6f774646a3d399ba7f0f |
| SHA256 | 064a36ab51cc798713ef8953107875ed704402a78cd426487cac6fb6d0b839fc |
| SHA512 | 402bbe1091fdf2e8338eee4761170c5db1984f4e5236fac84f3350dd9f810a7662323cf38eec8fa250518591e80bb469ec01c935e980485895a7e774663130fb |
C:\NCSEXPER\SGDAT\01msd852.ipo
| MD5 | 6fd577a7592dffeff146782a0250846f |
| SHA1 | 01e551e2a3059b7d6e5b96e53ad2be91e587bc06 |
| SHA256 | 893bc6a4bf44f501a33ef260cc0ce9c625f08fd72f6938c9bf98d0e4c5db64cb |
| SHA512 | e2bc6508c8b08d970dacc799a43b3c0a63110ebef4cb30ab719b7b7a13b8b77794cf5735eb533430f5683f5c88afc96f046a25fceb7d8e0e0170712d943b2c45 |
C:\NCSEXPER\SGDAT\02EK9272.ipo
| MD5 | 715293e545a5565e675f64820b5ea726 |
| SHA1 | 4b3e03f3286fe126a4500e0f9280fe11e6d22d60 |
| SHA256 | 87ef34e59a06934a6e37cb6ad66d1427538ae9b20978c45fe37cf877ab586073 |
| SHA512 | 57250e1ae2e63fa121a688ebd16ccbe582cb80f3957f8444b3f2d88cf9e31c4e4de813a67b2579008853a916057bbe9de5dda09ceba6130458bb444de5787a97 |
C:\NCSEXPER\SGDAT\14PDC65.ipo
| MD5 | a592929eac2571fedbd23dd3b4e0e253 |
| SHA1 | f60a16420454d3c1befb96803266584c78363bf4 |
| SHA256 | 562878fde8d124fb53c2921bfbd4394e7e01f4a320c2b9dc3746182b035462c1 |
| SHA512 | 6e2559a9608c37aa55c74a7259679e683285be1d9c39a5f37159913f378ba5b76d33c777646ac3463b34ab94922a9b16aaa6ca49c4247b154e64c7d5c8fd50a2 |
C:\NCSEXPER\SGDAT\152ARS60.ipo
| MD5 | 869595fd7e638c2728c57146d6591385 |
| SHA1 | 85e41daab9f2f1d7a1dea43f987a3ab63a15fbe7 |
| SHA256 | 0f7959809c95965d15d62a3c6c83244f7c1648ea7da8ff614ad2c9cd8c3be5c9 |
| SHA512 | b2b7888a6d1ad98fac750b654f44a3466a1766ceedaf4d7755f0fa317c508971bfac0082db7bcb59a77b796594f1b8523550cbb9b9af60a701bf964f2cf4482a |
C:\NCSEXPER\SGDAT\05GK35.IPO
| MD5 | b88b1d922e77d43e01e7313ca978e84b |
| SHA1 | d3b1953daa97171413d2a670cfb7a30e869190bc |
| SHA256 | 5ae2f48317c25e15b5d78b39af192eeb639d5192a0c28928bbfe543c6090dbd8 |
| SHA512 | 67f0f882e3d38267cdca6aaf6fe521cd8a53a28b0c96c99ad03d8d509817cf1b760d5994059066367e14a59adc3ed32bdb067466c07108b372a3d366238607b2 |
C:\NCSEXPER\SGDAT\35ULF60.ipo
| MD5 | 5bf0d3a105d71429256d5750d6dbe1b7 |
| SHA1 | 6628de66845d12f55a015b5d7726c0a13ffc46d7 |
| SHA256 | 72649b71f7532673ee557eae5779d6ee98e517019c6f32fe75833aeaaeec1267 |
| SHA512 | f9c9ab7249338fd69ffe33d32e4aba90517a7989aeed4101e82c7669acf47adef34ffa2496040d7d7315b6b88a6f0c32ebf4559e81734ef3dc1166d850d5fb65 |
C:\NCSEXPER\SGDAT\36MASKM1.ipo
| MD5 | 13a3e5eb4a82be41829edc315b48e1da |
| SHA1 | b58c7d212806c821235385fb9bc8009bb9578153 |
| SHA256 | 12e79c622123d773c0d8ad74bbdb1b8c92c3f5d9be881d200a0a1b6900d77df4 |
| SHA512 | ebecd300bb82c226d9f445e1e56e35ae75962ad9cdedeb29a3023b6bc346c1c227dbf7966da6a84dd7c566f712eae74b17d5e698e67709bf7a7d319d71a39c1f |
C:\NCSEXPER\SGDAT\07dde71.ipo
| MD5 | 8ba679d128801b1ad57fefe9d340241c |
| SHA1 | e647a4ec7302bfba7c759364edee1de1918c0a1f |
| SHA256 | 5ae3696abd00eee1b78b7676da451f09d9304f076d5114cf46114afd9008b92e |
| SHA512 | 03aeb53c85ad2a3f35860045e8e7561ea5a566e940e6b0d1359561832d656114c811cad9af5e308d57b20d1f78fb2fba52f020e2b696d72484d28ec2bd24bf7f |
C:\NCSEXPER\SGDAT\08011308empi72.ipo
| MD5 | 6cd5cfd26c3ba25d3f9051172c7f2a83 |
| SHA1 | 9900c406e87c9a54d2610cf1b8a6b78d34c16361 |
| SHA256 | 5eb1e186bb60984937e4ae193b2b839cc170609554295c6b708e12f603c87f36 |
| SHA512 | ae6e844e43d6b11f1ca16c0647e27e9a129e1a07796d55e1b51b04cf63316d29587978fa6b6162c4b32d09b8be50fd3f029b348432e7945727dcb6831e0e0a6e |
C:\NCSEXPER\SGDAT\080200IHKA81.ipo
| MD5 | 2847668d036258ac3617daa1c85d3ec3 |
| SHA1 | b57403abae02e684f4e3610eb069103a6caa3298 |
| SHA256 | a0802ebc1182605541c018a40561192ef858ffd54281a99c47028eae6f3a4fb4 |
| SHA512 | 15eeb4bd71e74149a9271b26f844714abb1e03db1cad641b6e3a265339f49429a9b65ab924a1188a0fe0d093dfab3b29e9bdb3bfdbf47017fe7a120c3852f580 |
C:\NCSEXPER\SGDAT\28DDE504.ipo
| MD5 | bcf7dff2c764cf2dbb9e67c25318a0a3 |
| SHA1 | 5e4003eacfbb1b6c06e837c0b3b84602a42f6f37 |
| SHA256 | e8073bbf88a06f9274c839f4e191781bce0560e995a1a5f184701bd7a2058584 |
| SHA512 | c04a43f2fe769dc81fced9bafc6d5b417edec970da06743505a31d30e2055e2901fda794f4e43999d523c59366c798a0da043410c12b653636cf0895381104f9 |
C:\EC-APPS\INPA\SGDAT\30ZFEL1.ipo
| MD5 | bc0211402a10161e7f197903602f6616 |
| SHA1 | 557b161dbb34edb211d6e4dd01327e02213df0c1 |
| SHA256 | 38ee0c581b60062f18d75ea4b4c7f5757b9644c5d62813ce0f0ab94a327800bb |
| SHA512 | 4046170c7b62612f0239a9b8718bcbff28cb49c86fd16f7b7c6a19f2f207f001cf92ebc1610d844da97fce1662df6c876e6e7831a064ac2fb6a7179026132f33 |
C:\EC-APPS\INPA\SGDAT\11000002TVM2RE.ipo
| MD5 | e34b17b8a03ff86c77a812ffd1872677 |
| SHA1 | 334f7b89de60ea47e8be3ca12f9eccfb63b6eee4 |
| SHA256 | 281a7847a7fe65cbdd3f99a600c25c344f92cc0a9fa49c424965fead46f348af |
| SHA512 | 1d660777df703c8a83be12ecaf429476e21cc20afcabbe64f9fa2678f9671a122711c1961994dc33e212d357a99e2cb34f383d00c7b3a031fa206d67a1b7909e |
C:\EC-APPS\INPA\SGDAT\01M401.ipo
| MD5 | 62478aa3a22e4e2335207dfb4fd4a4b9 |
| SHA1 | 1ddf8ed53e6be546d8532b15c7867e84afaa5b32 |
| SHA256 | ac84da57998eff0a151afb25cf649da55b9e725f4575c8f28df11013f3970008 |
| SHA512 | 395c246ad04f69ffe23f6be7d16e559accb9824b84bd588ee6fbc1906b9a832522db8529bd37c5a1a3d08681852e43a79a3162e49a2ecc2ea58aa4557dd62b22 |
C:\EC-APPS\INPA\SGDAT\01M527.ipo
| MD5 | 6d52900881e082d9f391e14e09758ca6 |
| SHA1 | 71d75444fbe29b53264f205fd8196d7b910094ea |
| SHA256 | 72bef78abc421914775181465d4519905f0ce3da5ff41b10793b01266a9369e4 |
| SHA512 | 4b3f76f54222124e7a1b27006750c6e8962de2310144ecfdc3ad37817632fc5e7c4b7d6cbb8676b0e695b521d4256724e2f6c03d359e3f6e063813da22be8c57 |
C:\EC-APPS\INPA\SGDAT\08010004tvmrd1.ipo
| MD5 | 699b17cf59f32d430f3d48f2e377227d |
| SHA1 | 6af4cc4e00d4d7adbb305a462cb2f619a999ff33 |
| SHA256 | 1d7bba6c992eea73c01cf04fbb62433065441ee42983667aa94c67974a54dee9 |
| SHA512 | 0c1882f437e5f58ffd330897d2f4e3780ac761487f3dea2d334bb349534d366987a90eacff7a3451320e16c8b8434762514928463de3b2fc0c51fc8bb039d822 |
C:\EC-APPS\INPA\SGDAT\08010405CM62F1.ipo
| MD5 | bbd8e8d59a70d3708fe2024640aa9a4a |
| SHA1 | 944f7f1b8b29679598566cb0f1b7d411c715114d |
| SHA256 | 8be07cb8289aa3199256e210d8283e5f6ea30852eb954dc3d2393d5c5e67102b |
| SHA512 | c373023b4d5ca3aba8f19653928734cf958724b13e12f19d0903c8eb05b4b1230162446582ffbc8081f04e28a045c91e53ca5822df2c3b3dc1289e1cb7f7847a |
C:\EC-APPS\INPA\SGDAT\08010408CI63F1.ipo
| MD5 | aa3b3b3534ccd568e71437fd2abb08a2 |
| SHA1 | 0f63585ae936ecf90260b1f937f056afb0782cc8 |
| SHA256 | 2aaefb8879ad9715870a29779d3541f6266d7aa3310dc501bc775b1cc8c67479 |
| SHA512 | ec923d9ebac59ea0bd74e2b7a30a36b403828e914dbcca620471bd48f8b9589e2f61d95fff2b121409b6a4329d1d9c542c0a2bffa49c2f1e78730ce1e9aa7624 |
C:\EC-APPS\INPA\SGDAT\19EK927.IPO
| MD5 | 08cd1c2369d85c1dd6130c80db293026 |
| SHA1 | bbf4b15f8819eb3f5ec0255cc98805bf022d9c97 |
| SHA256 | 18314ba0cf35009ca49bd52b3f2df6bfba8211bf8d877f01fb2275b22f397d64 |
| SHA512 | 17e14618e8742639eedd88a645a293eb338df36505d045a44621437a4ea675e611197fc8f4212f691de0d4a882bc8b3720a4879fb9a07a2dfdc7175bde73bc62 |
C:\EC-APPS\INPA\SGDAT\A_EDCS70.IPO
| MD5 | c2008953fac282e90ea504d3879f48b1 |
| SHA1 | 75694038212b77fd41e618da6e3f2e75a5b8958c |
| SHA256 | 82cf1648e1fe55253a3f036a6c77ff57829c3e069bfda5b6442324ecc398121b |
| SHA512 | 5312167f028561bdd8e2d0c6ea5c466e51d770658ac58559737056f4c5086d5c92ef9743fb813f443db790fe91499f2a8163dc83665029aa6a78e62a93b6e8e4 |
C:\EC-APPS\INPA\SGDAT\a_gbfa.ipo
| MD5 | 26216c5ea3efd14ea89f2c44837dad80 |
| SHA1 | ee78df00d0075824c0eb0e6453b33daee3089582 |
| SHA256 | 7ce94ac9ea6d8d8ef0e67e480bcc8a3cc8bc4596fbc3c1e2e9a76f5ce75e18e2 |
| SHA512 | 5ee8e0c8201423758a9d244582c2e2b3b5a14df3d1809a6e7340795d9f32fc02269d42172cadb81740c1f5c082464b82bf2e01cd3cda17f3af2717da493db720 |
C:\EC-APPS\INPA\SGDAT\A_LWS5.IPO
| MD5 | 2c15277965e8d0cec7832a84bc30d0b0 |
| SHA1 | 9f868115bf8f4a407bcca0ccfdefe7e1576dfbcb |
| SHA256 | 42248e54a090ca40278ff0953157f408e8bee788d5aa7ea97ef34da77d2e9107 |
| SHA512 | 10d07284da4577702d5e7c43a854d77d154c0648cb59db7c99ad6c36cb66fdb02499f2315c51317f96d6b5cfee738439dd4890c65a6b52d7474c7846f48bf03e |
C:\EC-APPS\INPA\SGDAT\AMPT70.IPO
| MD5 | d24693fae5ca92892cdcb604af0e90eb |
| SHA1 | 320ed74693f18827bc71f1cfd6533dcf9a7e46c3 |
| SHA256 | 08235a13eb65c7fa005345891159e0e82168767914aadc49da6eb7a420ee0f9e |
| SHA512 | 860ea7098fd85519bc941c8300f3591bbb45acd17792e7e22fa97d702bcb734eb3a4267ef3f643cfd3d1c3066ad7b99facef1b0cbb2a92687e681401e76bfaef |
C:\EC-APPS\INPA\SGDAT\BZM_E65.IPO
| MD5 | f28aa23322b1517fe9edddb25266fbd4 |
| SHA1 | 27086e62514017db360f6899e192dd6a1b5f3298 |
| SHA256 | 1623a7bd0cdfebe7eaa58336749db8945b578ea4a2b47aa761eeb11bcb33d10b |
| SHA512 | 96214a4f48774e1b79208272f7b50e9bd39bec07964f0af63df807608b68282f865def4c8b9e9488209f14ad188272c6a8030bda17eec9c0fa5f097e3bf80edb |
C:\EC-APPS\INPA\SGDAT\CDC_E65.IPO
| MD5 | dea719d732dc927de767d4349c387af6 |
| SHA1 | 5f075485530ae5560f7c8dde30e6bd6d7007ccc6 |
| SHA256 | 9549a5c7a9d99634a3ce128fb7835e6335b2deb8258294f4e8722667c3a7998e |
| SHA512 | 9ed0a9cc1023d0fa39cf0654b6d278f423b0585b156bd25df78e4971a15882be344307bf308a5128bd9059bf7e0b5dc4b31cc9469b7388dd132399115dce2e32 |
C:\EC-APPS\INPA\SGDAT\D60PSA0.IPO
| MD5 | dc14e5d73335deb1bb44e0cea8576a1d |
| SHA1 | 5cd45a6f8f63175c29a5f28616dce077e52e7c33 |
| SHA256 | b2787b19aec0a31c7ccf0e1226246990d532e11f439945d1a2aa7381e690ba55 |
| SHA512 | a3e8213f1775bf627a479f2281c2dae91390fa661e1075ac8620cbd9a746f56c2d8c535511a0fbcc6d2a1391be1e2688c50672f0b4c99993576ddbeee66c5185 |
C:\EC-APPS\INPA\SGDAT\DWA_E65.IPO
| MD5 | 591c4d3a16dac911209ce14c6bdcbdaa |
| SHA1 | 3273356f4274b51fb84ce95b25a8a5ad9a3d0fd5 |
| SHA256 | 30614e9e6356fad83cafa74342a38a2d89c5648a4685f6ac209833fcce7cd21f |
| SHA512 | 8a61f80a5e964230fdc112aaa11849a3e052753d83bce56a2b30cefb02300950c8c08c3dbd9aa7c3ae7fd5c3b25e28dfe6f422fa29203e29a0c4f327a47a1ea2 |
C:\EC-APPS\INPA\SGDAT\fle_r.ipo
| MD5 | 0659ced7385beaf6404ad8dbbd0d62d4 |
| SHA1 | e19cedde31d28a9e07db94df5afa77361709a366 |
| SHA256 | 2b699afb603be59c770bf516499404a88ae372a3ab25a7754199f0bc7b019ad5 |
| SHA512 | 4ab87161b128f5c14334506fe16898fa199f13c76cd5596c3bdb1ec04dd05ea424eeea2de73a02c7b8602915d9dcd6334166b9c13bf251f2ca532568111d6dfd |
C:\EC-APPS\INPA\SGDAT\LM_60.IPO
| MD5 | a556230700be7ed7230e510e9b1a0234 |
| SHA1 | 7799ace2f1a8910246905fab021c517fe2c7c521 |
| SHA256 | 7063f68f3ffbd04e4b25caa08c13eac8c4b2be3a7b99ed453d124b44a7c85f6f |
| SHA512 | 4210e70ffaa20883556647f5520fb057fa01388f5a2b0893ff8c1354a11d0bd72c6eca44a4d7b4c42b23ac2398667851bd534b99f9e761f5967ec280f2ea5a90 |
C:\EC-APPS\INPA\SGDAT\SECUR1.IPO
| MD5 | 69a8e19d1360017e485dbb0f6fb9e6b3 |
| SHA1 | 3ef22085efd8bcac841e386080dea807571607d0 |
| SHA256 | c3a8bcb5d94ff15d30a37355822935f158113d995128e6218dc68ce145c02f52 |
| SHA512 | b94108aca92f0f3693d12a4026af6d31231cd40a40ef5a4d15b481744c9bc072ddec87674c386c93c525969d3099a8bab59f1f22cfb670a1f3100f31d200210c |
C:\EC-APPS\NFS\SGDAT\30ASK_CD.ipo
| MD5 | 15c60521168f2aa8476a971ca3dae9ad |
| SHA1 | 1c9191b04511e32ae4a0275161f331c9fe0e5232 |
| SHA256 | 743930b8803865a06458f6c917ffc844ad89d551bb82b6322d824c32825a9a16 |
| SHA512 | 5c224d8d2ba9287022fb278ebbefd7df52cee5edbeee04ab6efb8ac8f73d88e2ceb65280121d4ab962e23b5f0cc386ec05db682e018b97fa2010d94983d9d6ee |
C:\EC-APPS\NFS\SGDAT\10GD8604.ipo
| MD5 | 12a07f62813c2f7f4fe34975e29584cb |
| SHA1 | 741b998e998779e09129d4e9f381fa5971148143 |
| SHA256 | c79f84ee0106c182bac0127250b19d6a9f9be589c348ae581dc3f50a3b94cdeb |
| SHA512 | 237034cd2df519601d084ebdae8a83418c06980b91ba11aa6f5187273e4160a059bc058194fc4b3e5ff398f3febc64172a6295c385dc2ac87f0810077ff74452 |
C:\EC-APPS\NFS\SGDAT\11MDS52.ipo
| MD5 | 42b3d39bbae8248d93af7e891ef1fef2 |
| SHA1 | 17aedcac88b753edbd6be3e63ffcacc7bddd2088 |
| SHA256 | 3634a4b9aea17fb6fa8b5f16869ebf0bf0bc09dc1b4a046a3f4c431c43e0f054 |
| SHA512 | 13a3463de78016ba546adac97ddd4cc7279e86c7bdd093652bf871c800c0f8cb8fc399eff9c5c3bec3942ff2a25325be1783089d764e2da8bf66582766610ff9 |
C:\EC-APPS\NFS\SGDAT\13DDE63.IPO
| MD5 | e9feff7333fbeee20c665f7c89b1fd02 |
| SHA1 | a8f61eb67c120fbfa767fa279a59c3cb95d9d9bb |
| SHA256 | b6904e7c94a1b81fe23910a816f82b745f1ed7833609dd5e0631ec5f1c92236e |
| SHA512 | 8940e39f14deda798f03ccea24c7303657fcb83452d79e119e3e641a7c15502bd9b1042759c97a5dec6ebaacf60fda8f5fe75ddd287730d1b69aac12e96e71a7 |
C:\EC-APPS\NFS\SGDAT\13DXC883.ipo
| MD5 | 1afb81ffefb0467012207d637cf3c9d3 |
| SHA1 | f0127146c9b13ebf2ebdc01afb0052eae94d198b |
| SHA256 | a0593126a9ad213f19de9d5c9c347737cad53a4b26bca683f15368bd24f39ee0 |
| SHA512 | 3cb13b301b2cf7bb14f92aec3f2278a8296a47f77a0968316f5268e25b4b1bff93d258f0974cfe4430bb355eb27cd80be233d39ba38aa60f62504cbb67e9d9b7 |
C:\EC-APPS\NFS\SGDAT\46CC6260.ipo
| MD5 | bcac5f90e01d7bf9f50323e6575b34be |
| SHA1 | 86fe950e673d4d99bc1818c832f49161d565205a |
| SHA256 | a9d2f458bd37d6523d05a063d0c12d84378c82918c368414483ad3b290107552 |
| SHA512 | 61abfa3eca675227f5b7faaf60c57a9f63908da59c28bf36bc4111de5d82dfd3d8ff567ec61af0ee0fe352d3880071ebced1d814d92438d9806eafcc89d258c7 |
C:\EC-APPS\NFS\SGDAT\08000100VMHFB1.ipo
| MD5 | 8aca226a5fede1cf87dd6d9c54c29d5c |
| SHA1 | d8ad247025712e699662a0af80761f70776a8676 |
| SHA256 | 3761ce97c57d9c2c9a8a1dfc19dd7663e52d77fb28fd4d4ef65510baea867e89 |
| SHA512 | 1a6f0bf206f9b1278ee7e9fa1518f2839b4183da05044203fd0cf188f28b5688ae72ac40b9e9fc69249ebaf110c86a2f251afacbbe8f894bfa655a3dca6f50c9 |
C:\EC-APPS\NFS\SGDAT\A_6MOT.ipo
| MD5 | 7eabd174d7fc5202cbe60d72c7260801 |
| SHA1 | 48a53ca89de7e3e1003db25aede8e897d3abff80 |
| SHA256 | 17ad58c65bea04889122d3a18a44486b072e07999a10b2c7cee0d53291a9e83a |
| SHA512 | 93300987c9439ca83e4a37c084afe11b2cc65eab74a9148cfa8d0289d93a4041ea334aafc4f889e477a668421d3b277e94da4055cf1bb699789b36779cc6acf8 |
C:\EC-APPS\NFS\SGDAT\A_E60CT1.ipo
| MD5 | a017c50c7b17715a8e8c15a8a01c011a |
| SHA1 | 708f2c3ff3582e2d5f671a977076c1b604496463 |
| SHA256 | feb427d61a2fb236e94c29bbcf4ba37f78c929afec9ab0e68d7bbc26f00f2f67 |
| SHA512 | 16ae714f145bd4828b87f3252ff675cb8173a052a2903aa19217853075eb8092fedb479666da386c3edb35829b34ecb7479a4b85db4a5e1bac69694052548987 |
C:\EC-APPS\NFS\SGDAT\A_E60LM.ipo
| MD5 | 026c3ecd450a168c085a629ae4ec5cd3 |
| SHA1 | 68a896885e50a26bfd68d4fc0422411ed57a1323 |
| SHA256 | c20682ff5b8b234df1ed7499a558c6d19ab5e0ae427efa15642d91060e6c47c4 |
| SHA512 | 33973975271589657a9a98450023edf9b73e472750d877858bc208be7ace324f08b8f4aca4bb3ecb70692bad3a8edfea9a0c75d6355118d09cecbbf0574792db |
C:\EC-APPS\NFS\SGDAT\A_E65R.ipo
| MD5 | 7ae1e096503c51a943cf74f6e6d89e01 |
| SHA1 | 49b5d51c2b02dfaee96e781b6c4a209a90f1a60f |
| SHA256 | 90be28f82c6a93d0aa96ef1cb07e185d5150aec679150954d71ca39e7a8c1739 |
| SHA512 | b8e8889e418c20f068992d3d5850c6bf3617aff7bd5ad77c3fba2bcd097f6cae05dbb58bc4c12094335cfea2cb4c2b64c585383e88678017f6796dfd8c1f7fa9 |
C:\EC-APPS\NFS\SGDAT\A_GT.ipo
| MD5 | bcbba96224a282d0b1dd7beca05b2c9b |
| SHA1 | 59b8f075809f7257fd41107d681b2d7cc7bf7af9 |
| SHA256 | b1c0c0b36c5d535c474cdd615eed980525657baa1d198d438461dcec05c99d9d |
| SHA512 | 484cbbf7f3a96ec8f066ba8ee12b51999503f04a37fe859017e8ebfb9ec332103b5e777e1a979002570b4d1d7e459551464139bf585102dc455b3c7aa55aaca0 |
C:\EC-APPS\NFS\SGDAT\A_SMCDSL.ipo
| MD5 | 83bb5b700047c87fe1f34ac3abbf49dc |
| SHA1 | b86265b5f68569d1c83434bfda12eb4615be80e5 |
| SHA256 | 53cd7a35124dd063fdaeaccb4cd0c10dc6eb3b2cec5e38ea7de08ab0ae5b4f5c |
| SHA512 | 104011fad71de3a048fd633dc9404b2fcb5eee3bf91e1a3e8a14c9bf98456cd124897d8020c4d45c7788b3898bcc2b0c0c1bd90fc33ded0836a968b46e8477f9 |
C:\EC-APPS\NFS\SGDAT\A_SMCKWL.ipo
| MD5 | 120165bcc58b5d2f1a1ac32437f6b36b |
| SHA1 | b6f49557308b283ff849500f10c07bc6227571ca |
| SHA256 | 3c73ac583c0a74a1cb87b22a91d604762ae3fc2148df7bc0dde49ce1271ac67c |
| SHA512 | f0ef8a4755e38746ce8ab3cdda5ff3fef4f3cae0d0d8df9c4f267ddd1a7ff996b1e0c9c9a620ae9c791268cfe36f60c223e5d641e813966162f1a424a307b8bb |
C:\EDIABAS\Ecu\33CM63F1_01.prg
| MD5 | 88d12c09afdce519f2f36707d6e79afa |
| SHA1 | 3fa4fda0acd95701f701adc0fc936aee630d1cf7 |
| SHA256 | 678077f28d994b4501c15fd5b162731dbad3caad175933cfaf5a577aacfa658e |
| SHA512 | 868cd5d9e506a9ec3927c3ed1a143d7dbe7f940a3da7c0251a14a20f7ed55638809c074180f16eff826690efdc5e6499fbd23b0230bb6a350e5ef8aaa36f6791 |
C:\Windows\Installer\{CC94D767-0DEA-4D47-AD8F-641268491ACC}\winkfpt.exe_C8F2E55ACE9547F7997DE018526DF035.exe
| MD5 | c59e49a506d05d3f1283282fddd8b753 |
| SHA1 | ead12a9731f9d36c6500420584d8e290520c21fa |
| SHA256 | 8eef9ccdb24a83ecf221d302ed328432003cbe55415e0d68641805a9c04ad887 |
| SHA512 | 35a694d3a4e09d8eec7c4172c16ea6cec815c824a19cae1e712bb9a5a6f5ef123b926aafd1933ddd757f6b9706a6a0257ac7528a13c2d8fd5e04f5cd1d0cbd40 |
C:\Windows\Installer\{CC94D767-0DEA-4D47-AD8F-641268491ACC}\INPA.exe1_C6EC8CA68FF942ED94E23AF7F179D2F9.exe
| MD5 | c996c76c0bf1c6791d5e622527230af4 |
| SHA1 | b8d86074a86cff0a3d8c2075a6d77e7759efdcae |
| SHA256 | c5b4af9afbe7e82cce6cb23b289b43e482bf11eb85cd455e368e517e372dc98f |
| SHA512 | 1c4ed972532e690f43d3afa1e289e0afbe886d1a7fba6b9a30d2760692b68cd471a11e9b8117326592b7905add8c8f2ad129b3af536ce0baaaee60fd4c82ff95 |
C:\USB Driver\checkOS.bat
| MD5 | 06cb42a749ae4a0bd75602c173f06cad |
| SHA1 | 009c4be3645f915242189b93893dd8818ce0fee3 |
| SHA256 | f8f580082cbc86d27e7fee25576adf403e28cf671ed26f120114ab94c0ba40e9 |
| SHA512 | 90c1b26128f8ac3216be2ec249f6c9cf027923aa86f70154adfca746f3fb2fe99d1df80fa31399f243b595a85917f104024d07fd5c72020b6479fdcb3b5fe8a8 |
C:\USB Driver\dpinst-amd64.exe
| MD5 | 051cfc801aebf138613e2aac61dd4321 |
| SHA1 | 0dfd251b3e09c30e7448da6929b5b73c14f1d05c |
| SHA256 | d770482f49e8825f9339dde01e98ba8085a901d1f56137015bfc159191f43ba3 |
| SHA512 | d6554c82888b345da1fd6779f43d5ebbcc65e7c19c99511a0bfc631fb85a2ddc4dac720d50e8fd207ff9f52b0ffffa966f3495e67332fca40bf65c6358c3ffe6 |
C:\USB Driver\dpinst.xml
| MD5 | bbb46e3360f3fcabc5d03ca33dc10458 |
| SHA1 | c442cab7ea74d8a1dd3bf97786bad844e8913b44 |
| SHA256 | 65e9bc1f59de53462ed2e6b002c0be26cd3f37b1e360938a0a32aa452ed58030 |
| SHA512 | 1594e0bd1ba7d9541ff5a44f65da6acdf1b27cfdd72f4a04c07be0f815f6d05d773d8980595da18ecc1ab1bc2587fc248e0997873b02c151dca096a741cd4d78 |
C:\USB Driver\licence.txt
| MD5 | 5f2bd5bd92fb7740033159c59a8d1215 |
| SHA1 | b8e38a2f4ebcc4dad9dd5e73cff82509f6043511 |
| SHA256 | 4097665303729e520334b2db9915dc3ef955e3518d08846af73d464bfdaea3a6 |
| SHA512 | 18b59c28af8ba6bab439fbdf32868e63aef6e8a6432847ce44b551f40ecb3c66f797c77d6ebd4e271563bcf71e7357a9301ff73ff0e5e70577584a91807c4e28 |
C:\Config.Msi\e58e9b0.rbs
| MD5 | 2048755c4954870c508545dddc34d401 |
| SHA1 | 0eb8b9856fe945252496dced480e39889ab57b42 |
| SHA256 | 0f7cc28dfda9703e1142ee8e2a0b007442d72a56bc14d32efb63993f486ede01 |
| SHA512 | c87524e9acaa9ecb180196344e2ba96fb996894d12064256492def3705acd59c5c134f56ea454470de193a464db75540d1b77d475a00fb56dafb201d17705c9a |
C:\Users\Admin\AppData\Local\Temp\MSI7630.tmp
| MD5 | 04289ede648990e01435a99f616c8fdf |
| SHA1 | bc81ff546d812d0f88ed7a98717e77d5e34b61fb |
| SHA256 | 6629a2fe72efaded5d12e072a18b0cf065b2c9600a6401645ca1d7804f7edd14 |
| SHA512 | cacbadaa96d1f6200fa02ff0c643324c870f95b587e27460af0da525105815380fede9d8d196fbdcabfaa007c404b7487e43407b46585b919f6fa68ea8de358d |
C:\EC-APPS\readme.rtf
| MD5 | aebc6c69b046c0f0a523f756d4d3ce30 |
| SHA1 | 286c793588e5b7d75349162b04f7ee583a660676 |
| SHA256 | 6bc8d7baa9e9fca3ae4123a231222dc4d53df97e123e2e60a889af66c8e7b6d8 |
| SHA512 | 4f9a8356476b30c0bb2a7ca4947d6199e5c0c08f4a8cd0b5fb2b93b6b1f69174cfe232083185a5313c73e09d7972617fe4b21e7344b8a55deeeb61b1043f0227 |
memory/3752-6718-0x00007FFC8C150000-0x00007FFC8C160000-memory.dmp
memory/3752-6720-0x00007FFC8C150000-0x00007FFC8C160000-memory.dmp
memory/3752-6722-0x00007FFC8C150000-0x00007FFC8C160000-memory.dmp
memory/3752-6721-0x00007FFC8C150000-0x00007FFC8C160000-memory.dmp
memory/3752-6719-0x00007FFC8C150000-0x00007FFC8C160000-memory.dmp
memory/3752-6723-0x00007FFC8AF30000-0x00007FFC8AF40000-memory.dmp
memory/3752-6724-0x00007FFC8AF30000-0x00007FFC8AF40000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\{B7AA5505-3F6A-43A1-BDFE-08972ED674B7}\_ISMSIDEL.INI
| MD5 | db9af7503f195df96593ac42d5519075 |
| SHA1 | 1b487531bad10f77750b8a50aca48593379e5f56 |
| SHA256 | 0a33c5dffabcf31a1f6802026e9e2eef4b285e57fd79d52fdcd98d6502d14b13 |
| SHA512 | 6839264e14576fe190260a4b82afc11c88e50593a20113483851bf4abfdb7cca9986bef83f4c6b8f98ef4d426f07024cf869e8ab393df6d2b743b9b8e2544e1b |
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
| MD5 | 06cc88c561ea3a0834d4a1a4e3f6ebc6 |
| SHA1 | 6f11b0b611920180eb608de47f4e6e6722a95eb1 |
| SHA256 | ed75b63aa27827cc123ec0c9816702886ef6a4f7aa7b4abdd46ece07da5cce0b |
| SHA512 | 47a328ce1d5493498f3cba150faf31cd11f656bb8c1ca9d7b7270a6ba05f4a23983a9a5c840e4bfa7a2629e09af926277781a41cf7bc14183234fd9df504e01b |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
| MD5 | 1c8d67f3a68241c1516f90d537f1b487 |
| SHA1 | c9446c9473568d7c51f0d01a05a9a3d80b309f91 |
| SHA256 | ac19e154a806617e75e9acb5a3a308a88903349ff07851fdc8eaf2de138bedfd |
| SHA512 | c434d6003b2ba5faf104007bc36abb3a8c1a1393c5697c663f7277711eb20ed5ba3cbe4c9a7266aa5c9da5a7b0262f087dbc0803093114c9d505441fb3794597 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
| MD5 | f13577e44c6a7794ae92cf4fad654289 |
| SHA1 | b014e367b253b1f13c68649bbe5c03e59c06190d |
| SHA256 | 21d96c6862ffd88a5d49be63606c97de3ab7728154bc344d5a8e01c20f6efa9e |
| SHA512 | c8648497bf76275f7ae8e6712d2939d543c8ebcab81b2014727cecda58349a03aa80fa525c5e37aefc58f73cc51d6c8bc7542a99f919b198e85b709d89216000 |
C:\Users\Admin\AppData\Local\Temp\TCDBED4.tmp\iso690.xsl
| MD5 | ff0e07eff1333cdf9fc2523d323dd654 |
| SHA1 | 77a1ae0dd8dbc3fee65dd6266f31e2a564d088a4 |
| SHA256 | 3f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5 |
| SHA512 | b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d |
memory/3752-7273-0x00007FFC8C150000-0x00007FFC8C160000-memory.dmp
memory/3752-7274-0x00007FFC8C150000-0x00007FFC8C160000-memory.dmp
memory/3752-7272-0x00007FFC8C150000-0x00007FFC8C160000-memory.dmp
memory/3752-7275-0x00007FFC8C150000-0x00007FFC8C160000-memory.dmp
C:\EC-APPS\INPA\BIN\INPALOAD.exe
| MD5 | 90760cabb19dabc994d486bb8ebf2e3e |
| SHA1 | 04194d70665ceab2ded4e6245f2cc26df1cf3994 |
| SHA256 | 41add167c149db9c10162f8813d47210b0c8afcdb5cf1683bd023623d294a753 |
| SHA512 | 858ac96e9509e1b6a3fbfa857091b3378cce77021ee56d2c22439c3f170882f815363bdebde7a96c8329198ecb43f168a79218647f8b9e76b22aff30d83785c1 |
C:\EDIABAS\Bin\api32.dll
| MD5 | dc7c5ac055897b49387e7509fdb0f02f |
| SHA1 | 0f4acce46e73f4a01fb49e3da606ff5a9623d48c |
| SHA256 | 15265157215b814f44397df49c9964448f5f0a9f8a02e1b432406c92e6215a48 |
| SHA512 | 1972b909c7ca9b65e0bd0de8f72e7d323ed7b9a6f019b5cdd00fc239ebe47e0c2e0ba5d5826e88036adc6c648eeb4753ee193a0073714921d2d77349c41da8f4 |
C:\EC-APPS\INPA\BIN\INPAUS.dll
| MD5 | a5adad8efd85b258e00a15286d52d183 |
| SHA1 | d12df0299b455939e2ec002c525ad1ae467ca016 |
| SHA256 | bec615148a6b50d352a3504919176712ceecc4fe609063ab3adcfbf9798a711a |
| SHA512 | 90c7a6cacfc0d9172b3651bec4597fc2a707e103760fd98bec7a87a30927fc93935b5ab511f193f2f37b11e797cabf20df01280ee3dd67fe9cf0ad126f8a8036 |
memory/4100-7284-0x0000000001FE0000-0x0000000001FFC000-memory.dmp
C:\EC-APPS\INPA\cfgdat\inpa.ini
| MD5 | 21a0b3c6943255ede696db5675fa4407 |
| SHA1 | d290f56b4994588569651fb7ce996a5885932403 |
| SHA256 | 9b3e546fab5fd507e7ef2aeaf3961df2fd6d6d6bf18f84fff07645057861e632 |
| SHA512 | 39c7cacbe37a89066932b71b4abcfa162376d2166d6eacabe2fb55603a6d09a54ff18d92a4a567829c7c350f970b3a8dd4296479bfa91ac87939b5aa4351b3d3 |
C:\EC-APPS\INPA\cfgdat\startus.ipo
| MD5 | 8331084d935307ce3efeb734c3f82332 |
| SHA1 | 966180fdbd73ad41b30fb2db9fb856fec5c4e329 |
| SHA256 | 35cadbe21185954946079476dfa07ce875113abe17cce5473d3ab7403ad43bad |
| SHA512 | fd7731f137512c81b6c4ff11c15c9e12a2bf36020aa8c53f2f80f77be59c807028ffabded653714e573846334cd9e4707d2e998979af9c958339462ce87bf309 |
C:\EC-APPS\INPA\cfgdat\startus.ini
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\EC-APPS\INPA\prt\englisch\E3ETIKET.DMF
| MD5 | 44f1836a2347dc692981fa1668421249 |
| SHA1 | 5e09e2abb84b5673b4bc16025996dbdda268c25f |
| SHA256 | 31342d3dac8e7102c89b10b1450af1c6dd181c92e42235978760f3605ed96092 |
| SHA512 | 4951e7e7773aa4baa2f212061fd129e678ccc76c0491a26651960ab7bbf1ee65085a66b861f34b07eb5b01b7b38b66b1c0e00bd8259f56f74e05a53dcfdd0d59 |
C:\EC-APPS\INPA\prt\englisch\E3PROTOK.DMF
| MD5 | e9e04d15d60154b941339ff72fc15ff9 |
| SHA1 | 1d98815be279cb6cf91b8a3c262a77b596f50b82 |
| SHA256 | 81920208683ddf6b7ee02630a405b42f503b03734ecae5d8f610820e862b0545 |
| SHA512 | 89b8befc1b7c4cb3eb834c82e45932a1b070d94ad7b4b7867575949a2d7b976ef569424c353a004cce0d3341d8510421ff2c2864395d6630d309e1e957bee18a |
C:\EC-APPS\INPA\BIN\edierror.txt
| MD5 | 1d86dfc5d038da807cba53ad04a3bc24 |
| SHA1 | 50ec2407344815934ac8895a4359055fb06a1987 |
| SHA256 | 54d04147e92ca3cc74477d87a311046858501e410584d6c23981cecc7d720468 |
| SHA512 | a0485c8d36ca791a745ec0b1e52c2de5b3de594f5efcf914d911ac713ea2f2f07c946e67c206269694ef706acc1471ced82d71d185a2d50aee2f3dc7bb4fe4e6 |
memory/4100-7310-0x0000000000640000-0x0000000000650000-memory.dmp
C:\EDIABAS\Bin\twfile32.dll
| MD5 | 679068b1bd36e0738ebfff63a0eea438 |
| SHA1 | 2112359055a8941d47c96b0faebcb3acff41d71f |
| SHA256 | cad3e8b3e0d47fb19ddf65f66dc8b05040e7fc0b49ad12787b4114d5c6665332 |
| SHA512 | 43f26d0bc8c92e1f89a93f043d0c0e41968408e4033ab76ca59f211b829a90d0d11dc4164edf454f0e760945266809aca311fcb86fa7f6ce17f74314bd179127 |
C:\ediabas\bin\ediabas.ini
| MD5 | 04482dc4573ef2dd080cba4157d8b748 |
| SHA1 | ef09b0dcbe6551cef1adfe5b3fcb4b7fa154ed5a |
| SHA256 | 27cb98b35bdc2641c802522225c490b9e951e94c3b224a961803ba96be0f7ac1 |
| SHA512 | 2ee6d309f1f107a36f6a6ee099e885c3549c641bf727c2548886b06f419ba59d9f372c245ef34fc51c29e4e85986bc11d5c45c2466779ace691bff9b1469ecfb |
C:\ediabas\bin\EBAS32.EXE
| MD5 | 0cced2ea2f326c38bc9c3f1ca4bda6e8 |
| SHA1 | 1412fae1a69fc9bbdf7e0f12c3d55047b4db96d4 |
| SHA256 | 41292745323a4b51919eb2e41577901bd6861fb743301ceda1164addfe7227a3 |
| SHA512 | 4ec6429f674c4837b3a6cbbbb8639dd954f71a886b79cfa10697a3a9c5cf36a2ba91c77bd30a49e297bb7659a14576badd155cd9e3d638cc4970346d02873dcb |
memory/4100-7305-0x00000000022A0000-0x00000000022B7000-memory.dmp
C:\EDIABAS\Bin\ebascc32.dll
| MD5 | 65212f506fb205d2502d3daff98c4caf |
| SHA1 | 1914b5bb1a57eaed173db70b6ffc146e48befd0e |
| SHA256 | 38491ba8d3ad1511a00615ad898f8af2c5e315c9bb064587a5b0c9cdcb741204 |
| SHA512 | 70d70b314b1566c576c315b5e98255ce9dd832bcb1af68887a819bb7c8e6c148e19623a1b43a128b1882223cf355720588354d617f81065810c868accc09a868 |
memory/4100-7303-0x0000000002280000-0x000000000229A000-memory.dmp
C:\EDIABAS\Bin\tracex32.dll
| MD5 | 68c6ffe9676611e9ed391641d71ce48c |
| SHA1 | 1e86e7c23dea1b4f58389e8156fa9355eb1347a1 |
| SHA256 | 1d9bbf1a6085ec08f8b000b4383319c15bbe6008627e12dbac2f2919988dafe3 |
| SHA512 | 5fc8b7fadb0e8b10712c8dec5936f4eb68cab04b19dea87464268c45f7bd7dc939572bf43e72889aafb32875bbb0c61aa2bb51f4b8690a410bbd000f3ab4d49a |
memory/4100-7297-0x0000000004770000-0x000000000484D000-memory.dmp
C:\EDIABAS\Bin\ebas32.dll
| MD5 | 9a3ead06dd0e7e184c58d5b00ac939ec |
| SHA1 | 741565f6f77a2cc755e8d91783444a10dc20058a |
| SHA256 | c4876e43aac09bacd1a761cec413bcd0bbead53b9e038e2de0dfee01d91a4857 |
| SHA512 | 359123477de5df0a745af5fa87a683db4bbabb0aeea9790c95393fce4b0bcde445e72bf350214d69f31e4053f5aac19b5d327156fae822fb0c0951964555ccb3 |
C:\ediabas\bin\63477BC6
| MD5 | c60dd09173cc6062ceb6a4e424b6c3c0 |
| SHA1 | ccf3dfeb82fc3db9c700fb4c57b94a310bf4de90 |
| SHA256 | ab498c208ef2ce68bf42c9a1e1719c66db3637419070f3d2aaff6b641ba66883 |
| SHA512 | 9d43c6c01bbcf9b043c24362d1949d58f7e76b69e6a281fd342cc9bfae12d5ccf5339929b33fa0f4ac02fbd4f2e8f4f2baa6995ba28eb5298ae5a0a01ce63307 |
C:\ediabas\bin\Xstd32.dll
| MD5 | 50b4a6b41e526aaa224118471b1ee62e |
| SHA1 | a12ad915d45cad9849a5a580ebad91455b412f3c |
| SHA256 | 91301996c770290af14e525dfc8cf5ceaf1bcf31ecd287f2679c51dc8190de39 |
| SHA512 | d1fea2b5e58b63eb7d5ccdd994bd618eec8042c68d68023d01128942b16be0cb739542ee13dc9060d80af2c355ee7d1050b10265de2be959a2df6fc3500cca41 |
memory/4100-7322-0x0000000002890000-0x00000000028AD000-memory.dmp
C:\EDIABAS\Bin\OBD32.dll
| MD5 | 94bc54f10ebad33972954b0388061aac |
| SHA1 | 25422bc629917a70a4f97a8b9ac4c14e5f348e53 |
| SHA256 | 9c64451944a20bb351989249058a400a09fa39f22764ff3e8934796cd0bb0a54 |
| SHA512 | d471539a5d3efc63a52baa8c56e66044b3fb0655370611b59f2c4de4e50f4ca104e90912c85bb970a317e0bdc7faf42a1a432d1f0b1e2441a49cc7e6b46ebd93 |
memory/4100-7318-0x0000000002760000-0x000000000288B000-memory.dmp
C:\EDIABAS\ECU\utility.prg
| MD5 | 8335463fe053cbe46d710dfa6cebec22 |
| SHA1 | aeef5aefe247b197f8f5312e35f4ca4d635d8957 |
| SHA256 | 3895428a8e9918fe8cc433610b3c4516b12a3bcfbfded2a253bcf80532d1226e |
| SHA512 | c479f57a6b54dba83aef33641b170d33486c3b004a065cb1f5a18e36cc06b16c661304b789028b4f67d3d4a04bfb7b95f5dd360e5468eac01b97b9fd77ea706a |