0ce5e5be2bd5eea2fe56e9332eb9f7aee3d7c78df61fe41ba3fde8e268076f12

Analysis

max time kernel
152s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/06/2024, 14:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

MSIAfterburnerSetup465.exe
Size

53.4MB
MD5

38404e93313965e5a1120df7f41ea13c
SHA1

c45b093120627cce2006f2497d3a611175e8f6b2
SHA256

0ce5e5be2bd5eea2fe56e9332eb9f7aee3d7c78df61fe41ba3fde8e268076f12
SHA512

f7e1b10a85f347971b3618003953ce12d1fee1cadb4cab6f606707d2b2ffe6470e9abc30f660818bd74e66bb60f761344278dee35fb05ae00eba170e371c0e1b
SSDEEP

1572864:wmnOEc9uXqGt76mP7e5Gt76FPRX8i7kpOMPp:wmOfszt7TeYt7xZAMPp

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 6 IoCs

pid	Process
2760	vcredist_x86.exe
2156	install.exe
856	vcredist_x64.exe
568	install.exe
1436	MSIAfterburner.exe
1948	RTSSSetup.exe

Loads dropped DLL 30 IoCs

pid	Process
1100	MSIAfterburnerSetup465.exe
1100	MSIAfterburnerSetup465.exe
1100	MSIAfterburnerSetup465.exe
1100	MSIAfterburnerSetup465.exe
1100	MSIAfterburnerSetup465.exe
1100	MSIAfterburnerSetup465.exe
1100	MSIAfterburnerSetup465.exe
1100	MSIAfterburnerSetup465.exe
2760	vcredist_x86.exe
2156	install.exe
1100	MSIAfterburnerSetup465.exe
856	vcredist_x64.exe
856	vcredist_x64.exe
860	Process not Found
860	Process not Found
568	install.exe
2500	msiexec.exe
2500	msiexec.exe
2500	msiexec.exe
2500	msiexec.exe
1436	MSIAfterburner.exe
1436	MSIAfterburner.exe
1436	MSIAfterburner.exe
1436	MSIAfterburner.exe
1436	MSIAfterburner.exe
1100	MSIAfterburnerSetup465.exe
1948	RTSSSetup.exe
1948	RTSSSetup.exe
1948	RTSSSetup.exe
1948	RTSSSetup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\MSI Afterburner\Localization\FR\Help\Properties\General\UNLOCK_VOLTAGE_MONITORING	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Localization\GER\Help\Properties\Monitoring\FORMULA	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Localization\JP\Translation\Localization\CHN\Description	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Localization\POL\Help\Properties\User interface\SHOW_TOOLTIPS	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Localization\PTBR\Translation\MSIAfterburner.oem\FanPresets	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Localization\CHN\Help\Properties\Fan\SW_AUTO_FAN_CONTROL	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Localization\FR\Help\TEXT_THERMAL_LIMIT	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Localization\FR\Help\Properties\General\SYNC_GPU	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Localization\RUS\Help\SLIDER_FAN_SPEED	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Localization\TC\Help\BUTTON_DETACH	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Localization\UKR\Translation\Localization\CHN\Description	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Localization\DUT\Help\Properties\Fan\SW_FAN_SPEED_UPDATE_PERIOD	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Localization\RUS\Help\BUTTON_PROFILE5	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Localization\UKR\Help\Properties\Profiles\2D_PROFILE_COMBO	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Localization\RUS\Help\Properties\Video capture\PTT_HOTKEY	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Localization\TC\Help\Properties\On-Screen Display\OSD_TOGGLE_HOTKEY	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Localization\TR\Help\Properties\Video capture\VIDEO_CAPTURE_FOLDER	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Localization\UKR\Help\TEXT_VERSION	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Localization\UKR\Help\Properties\Video capture\CONFIGURE_VFW	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Localization\ID\Translation\Localization\POL\Description	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Localization\PTBR\Help\Properties\Fan\TEMPERATURE_HYSTERESIS	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Localization\PTBR\Help\Properties\Monitoring\OSD_ITEM_TYPE	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Localization\POL\Help\Properties\Monitoring\SHOW_IN_LCD	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Localization\PTBR\Help\Properties\General\SYNC_GPU	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Localization\TR\Help\Properties\Profiles\PROFILE2_HOTKEY	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Help\TEXT_AUX2_VOLTAGE	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Localization\ID\Help\Properties\Profiles\PROFILE5_HOTKEY	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Localization\ITA\Help\Properties\User interface\TIME_FORMAT	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Localization\ITA\Help\TEXT_DEVICE	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Localization\KOR\Help\SLIDER_CORE_VOLTAGE	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Localization\PTBR\Help\BUTTON_SHOW_THERMAL_PANEL	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Localization\TR\Help\Properties\Screen capture\VIEW_SCREEN_CAPTURE_FOLDER	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Localization\UKR\Help\Properties\Fan\SW_FAN_SPEED_CURVE_EDITOR	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Localization\DUT\Help\Properties\Screen capture\BROWSE_SCREEN_CAPTURE_FOLDER	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Localization\FR\Translation\MSIAfterburner.exe\Internal	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Localization\ID\Help\Properties\Monitoring\HARDWARE_POLLING_PERIOD	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Localization\JP\Help\Properties\Monitoring\LOG_LIMIT	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Localization\KOR\Help\BUTTON_PROFILE5	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Localization\KOR\Help\TEXT_FAN_SPEED	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Localization\RUS\Help\Properties\Fan\TEMPERATURE_HYSTERESIS	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Localization\TC\Help\Properties\Monitoring\BROWSE_LOG_PATH	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Graphics\LCD\font10x12.dat	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Localization\DUT\Translation\Localization\KOR\Description	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Localization\JP\Help\BUTTON_SETUP	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Localization\TR\Help\Properties\Screen capture\SCREEN_CAPTURE_HOTKEY	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Localization\TR\Help\Properties\Video capture\VIDEO_CAPTURE_HOTKEY	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Localization\PTBR\Translation\MSIAfterburner.exe\Internal	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Help\Properties\Profiles\PROFILE3_HOTKEY	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Localization\CHN\Help\Properties\User interface\SKIN_PREVIEW	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Localization\PTBR\Help\Properties\Fan\SW_FAN_SPEED_UPDATE_PERIOD	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Localization\PTBR\Help\Properties\Monitoring\SHOW_IN_TRAY	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Localization\TR\Help\Properties\Profiles\PROFILE3_HOTKEY	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\SDK\Localization\Installer\AfterburnerJP.nsh	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\SDK\Samples\Plugins\Monitoring\CPU\CPUTopology.cpp	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Help\BUTTON_PROFILE3	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Localization\KOR\Help\Properties\General\UNLOCK_VOLTAGE_CONTROL	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Localization\PTBR\Help\Properties\General\ERASE_STARTUP_SETTINGS	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Localization\POL\Help\Properties\Monitoring\SOURCES_LIST	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Localization\PTBR\Help\Properties\General\GPU_TYPE	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Localization\SPA\Help\TEXT_CORE_CLK	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Localization\GER\Help\BUTTON_MIN	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Localization\ID\Help\Properties\Video capture\VIDEO_CAPTURE_QUALITY-done	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Localization\JP\Help\Properties\Video capture\VIDEO_CAPTURE_QUALITY	MSIAfterburnerSetup465.exe
File created	C:\Program Files (x86)\MSI Afterburner\Localization\KOR\Translation\Localization\JP\Description	MSIAfterburnerSetup465.exe

Drops file in Windows directory 7 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSIC333.tmp	msiexec.exe
File opened for modification	\??\c:\Windows\Installer\f77af2a.ipi	msiexec.exe
File created	\??\c:\Windows\Installer\f77af25.ipi	msiexec.exe
File opened for modification	\??\c:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIB184.tmp	msiexec.exe
File opened for modification	\??\c:\Windows\Installer\f77af25.ipi	msiexec.exe
File created	\??\c:\Windows\Installer\f77af2a.ipi	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2D	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2F	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2D\52C64B7E	msiexec.exe

Modifies registry class 47 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\67D6ECF5CD5FBA732B8B22BAC8DE1B4D\VC_RED_enu_amd64_net_SETUP	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\67D6ECF5CD5FBA732B8B22BAC8DE1B4D\SourceList	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\Microsoft.VC90.OpenMP,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32" = 5300530073002b005a0066007a00250039003500390027006e006a004d0066002c00350072002700460054005f00560043005f005200650064006900730074005f004f00700065006e004d0050005f007800380036003e0032005f0072002700710025004a006a004a0034007600780044002800660049004c0067005a00780000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\6E815EB96CCE9A53884E7857C57002F0\VC_RED_enu_x86_net_SETUP	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\6E815EB96CCE9A53884E7857C57002F0\Servicing_Key	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\Microsoft.VC90.CRT,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64",type="win32" = 3600540043006c0046002e005f007400740035006200290038002100600024004b005a0046006d00460054005f00560043005f005200650064006900730074005f004300520054005f007800360034003e0028002e006f0034002e0054004c005e00690033005a00760060007d00610026003f0049002900260000000000	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\policy.9.0.Microsoft.VC90.ATL,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64",type="win32-policy" = 3600540043006c0046002e005f007400740035006200290038002100600024004b005a0046006d00460054005f00560043005f005200650064006900730074005f00410054004c005f007800360034003e006a0068004f00670050007e006b003600580037002e00580036005000780024002e0028005f00530000000000	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\policy.9.0.Microsoft.VC90.MFCLOC,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64",type="win32-policy" = 3600540043006c0046002e005f007400740035006200290038002100600024004b005a0046006d00460054005f00560043005f005200650064006900730074005f004d00460043004c004f0043005f007800360034003e004d0059006800540068002a003300600053003300260021006b00460048006f00490055007600570000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\67D6ECF5CD5FBA732B8B22BAC8DE1B4D\FT_VC_Redist_MFCLOC_x64 = "VC_Redist_12222_amd64_enu"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\67D6ECF5CD5FBA732B8B22BAC8DE1B4D\SourceList\LastUsedSource = "n;2;c:\\b3fb4643c2e239ec82b4c69d\\"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\Microsoft.VC90.ATL,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32" = 5300530073002b005a0066007a00250039003500390027006e006a004d0066002c00350072002700460054005f00560043005f005200650064006900730074005f00410054004c005f007800380036003e00550029004600250024002a0025005a00370038002c005d007b002d007400430064004f003700310000000000	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\Microsoft.VC90.MFC,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32" = 5300530073002b005a0066007a00250039003500390027006e006a004d0066002c00350072002700460054005f00560043005f005200650064006900730074005f004d00460043005f007800380036003e00660074005a003f002800770035002b002e0034002c007e007b0044004700380037002b007800260000000000	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\policy.9.0.Microsoft.VC90.MFC,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32-policy" = 5300530073002b005a0066007a00250039003500390027006e006a004d0066002c00350072002700460054005f00560043005f005200650064006900730074005f004d00460043005f007800380036003e005500410049003f00470048002e007b005d0037006a005a003f0034005d0041006e0062002400420000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6E815EB96CCE9A53884E7857C57002F0\SourceList\Net	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\policy.9.0.Microsoft.VC90.ATL,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32-policy" = 5300530073002b005a0066007a00250039003500390027006e006a004d0066002c00350072002700460054005f00560043005f005200650064006900730074005f00410054004c005f007800380036003e004e002e004b004300300068004d0064007b00340060006d002b00380039004f002e002e003100540000000000	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\policy.9.0.Microsoft.VC90.MFC,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64",type="win32-policy" = 3600540043006c0046002e005f007400740035006200290038002100600024004b005a0046006d00460054005f00560043005f005200650064006900730074005f004d00460043005f007800360034003e005e002a00320070005a00740060003f0050003500620061005700370038003400280076006c006b0000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\67D6ECF5CD5FBA732B8B22BAC8DE1B4D\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\67D6ECF5CD5FBA732B8B22BAC8DE1B4D\FT_VC_Redist_ATL_x64 = "VC_Redist_12222_amd64_enu"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\67D6ECF5CD5FBA732B8B22BAC8DE1B4D\FT_VC_Redist_MFC_x64 = "VC_Redist_12222_amd64_enu"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\policy.9.0.Microsoft.VC90.CRT,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32-policy" = 5300530073002b005a0066007a00250039003500390027006e006a004d0066002c00350072002700460054005f00560043005f005200650064006900730074005f004300520054005f007800380036003e006f006f0063007b006200340036003f004500380042006a005f0079005d005d007e004f006f002c0000000000	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\Microsoft.VC90.MFCLOC,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32" = 5300530073002b005a0066007a00250039003500390027006e006a004d0066002c00350072002700460054005f00560043005f005200650064006900730074005f004d00460043004c004f0043005f007800380036003e0027002a005b0069005b00320062006e004100340070006b0046005d006b004b0057007e005800300000000000	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\policy.9.0.Microsoft.VC90.MFCLOC,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32-policy" = 5300530073002b005a0066007a00250039003500390027006e006a004d0066002c00350072002700460054005f00560043005f005200650064006900730074005f004d00460043004c004f0043005f007800380036003e0042005b00240070007200510032006f004d003800720048007b00720067003d00320065006e002e0000000000	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\policy.9.0.Microsoft.VC90.OpenMP,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32-policy" = 5300530073002b005a0066007a00250039003500390027006e006a004d0066002c00350072002700460054005f00560043005f005200650064006900730074005f004f00700065006e004d0050005f007800380036003e00690060003700480050004400240062002400350035007e004a007b00730074007e0029006200780000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\6E815EB96CCE9A53884E7857C57002F0	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6E815EB96CCE9A53884E7857C57002F0\SourceList	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\Microsoft.VC90.OpenMP,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64",type="win32" = 3600540043006c0046002e005f007400740035006200290038002100600024004b005a0046006d00460054005f00560043005f005200650064006900730074005f004f00700065006e004d0050005f007800360034003e0061005b0046005f0031006a0048006a005d003300680065005f004f005400590026006b003f00400000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\67D6ECF5CD5FBA732B8B22BAC8DE1B4D\Servicing_Key	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\policy.9.0.Microsoft.VC90.OpenMP,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64",type="win32-policy" = 3600540043006c0046002e005f007400740035006200290038002100600024004b005a0046006d00460054005f00560043005f005200650064006900730074005f004f00700065006e004d0050005f007800360034003e007900700040005500210076003f005400490037006c007a004c00450075005a003d005a003100730000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\67D6ECF5CD5FBA732B8B22BAC8DE1B4D\FT_VC_Redist_OpenMP_x64 = "VC_Redist_12222_amd64_enu"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\Microsoft.VC90.CRT,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32" = 5300530073002b005a0066007a00250039003500390027006e006a004d0066002c00350072002700460054005f00560043005f005200650064006900730074005f004300520054005f007800380036003e004b00520050005200400047006b006e005d0033003d002b004c00380047003600210061002e00490000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\6E815EB96CCE9A53884E7857C57002F0\FT_VC_Redist_CRT_x86 = "VC_Redist_12222_x86_enu"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6E815EB96CCE9A53884E7857C57002F0\SourceList\LastUsedSource = "n;2;c:\\cb4daf6e3927d60bf60405ed\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6E815EB96CCE9A53884E7857C57002F0\SourceList\Net\2 = "c:\\cb4daf6e3927d60bf60405ed\\"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\Microsoft.VC90.MFC,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64",type="win32" = 3600540043006c0046002e005f007400740035006200290038002100600024004b005a0046006d00460054005f00560043005f005200650064006900730074005f004d00460043005f007800360034003e00360057002e002700490055007a0028005000330071003f0064004c0051004e00440029002500290000000000	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\Microsoft.VC90.MFCLOC,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64",type="win32" = 3600540043006c0046002e005f007400740035006200290038002100600024004b005a0046006d00460054005f00560043005f005200650064006900730074005f004d00460043004c004f0043005f007800360034003e0077006e002e005a006000290063004000760034003d004b002c0044004f00360056007e0028006e0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\67D6ECF5CD5FBA732B8B22BAC8DE1B4D\VC_Redist_12222_amd64_enu	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\67D6ECF5CD5FBA732B8B22BAC8DE1B4D\SourceList\Net\2 = "c:\\b3fb4643c2e239ec82b4c69d\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\6E815EB96CCE9A53884E7857C57002F0\FT_VC_Redist_ATL_x86 = "VC_Redist_12222_x86_enu"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\Microsoft.VC90.ATL,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64",type="win32" = 3600540043006c0046002e005f007400740035006200290038002100600024004b005a0046006d00460054005f00560043005f005200650064006900730074005f00410054004c005f007800360034003e0049005b00280055004d0049005b007600260036006a006d005f004f0071005400570060004100370000000000	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\policy.9.0.Microsoft.VC90.CRT,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64",type="win32-policy" = 3600540043006c0046002e005f007400740035006200290038002100600024004b005a0046006d00460054005f00560043005f005200650064006900730074005f004300520054005f007800360034003e002c007d0050004e002c00320065006e007a003300270070005b00550021006c004900720021006e0000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\67D6ECF5CD5FBA732B8B22BAC8DE1B4D	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\67D6ECF5CD5FBA732B8B22BAC8DE1B4D\FT_VC_Redist_CRT_x64 = "VC_Redist_12222_amd64_enu"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\6E815EB96CCE9A53884E7857C57002F0\VC_Redist_12222_x86_enu	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\6E815EB96CCE9A53884E7857C57002F0\FT_VC_Redist_MFC_x86 = "VC_Redist_12222_x86_enu"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\6E815EB96CCE9A53884E7857C57002F0\FT_VC_Redist_MFCLOC_x86 = "VC_Redist_12222_x86_enu"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\6E815EB96CCE9A53884E7857C57002F0\FT_VC_Redist_OpenMP_x86 = "VC_Redist_12222_x86_enu"	msiexec.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2500	msiexec.exe
2500	msiexec.exe
2500	msiexec.exe
2500	msiexec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2156	install.exe
Token: SeIncreaseQuotaPrivilege	2156	install.exe
Token: SeRestorePrivilege	2500	msiexec.exe
Token: SeTakeOwnershipPrivilege	2500	msiexec.exe
Token: SeSecurityPrivilege	2500	msiexec.exe
Token: SeCreateTokenPrivilege	2156	install.exe
Token: SeAssignPrimaryTokenPrivilege	2156	install.exe
Token: SeLockMemoryPrivilege	2156	install.exe
Token: SeIncreaseQuotaPrivilege	2156	install.exe
Token: SeMachineAccountPrivilege	2156	install.exe
Token: SeTcbPrivilege	2156	install.exe
Token: SeSecurityPrivilege	2156	install.exe
Token: SeTakeOwnershipPrivilege	2156	install.exe
Token: SeLoadDriverPrivilege	2156	install.exe
Token: SeSystemProfilePrivilege	2156	install.exe
Token: SeSystemtimePrivilege	2156	install.exe
Token: SeProfSingleProcessPrivilege	2156	install.exe
Token: SeIncBasePriorityPrivilege	2156	install.exe
Token: SeCreatePagefilePrivilege	2156	install.exe
Token: SeCreatePermanentPrivilege	2156	install.exe
Token: SeBackupPrivilege	2156	install.exe
Token: SeRestorePrivilege	2156	install.exe
Token: SeShutdownPrivilege	2156	install.exe
Token: SeDebugPrivilege	2156	install.exe
Token: SeAuditPrivilege	2156	install.exe
Token: SeSystemEnvironmentPrivilege	2156	install.exe
Token: SeChangeNotifyPrivilege	2156	install.exe
Token: SeRemoteShutdownPrivilege	2156	install.exe
Token: SeUndockPrivilege	2156	install.exe
Token: SeSyncAgentPrivilege	2156	install.exe
Token: SeEnableDelegationPrivilege	2156	install.exe
Token: SeManageVolumePrivilege	2156	install.exe
Token: SeImpersonatePrivilege	2156	install.exe
Token: SeCreateGlobalPrivilege	2156	install.exe
Token: SeRestorePrivilege	2500	msiexec.exe
Token: SeTakeOwnershipPrivilege	2500	msiexec.exe
Token: SeRestorePrivilege	2500	msiexec.exe
Token: SeTakeOwnershipPrivilege	2500	msiexec.exe
Token: SeRestorePrivilege	2500	msiexec.exe
Token: SeTakeOwnershipPrivilege	2500	msiexec.exe
Token: SeRestorePrivilege	2500	msiexec.exe
Token: SeTakeOwnershipPrivilege	2500	msiexec.exe
Token: SeRestorePrivilege	2500	msiexec.exe
Token: SeTakeOwnershipPrivilege	2500	msiexec.exe
Token: SeRestorePrivilege	2500	msiexec.exe
Token: SeTakeOwnershipPrivilege	2500	msiexec.exe
Token: SeRestorePrivilege	2500	msiexec.exe
Token: SeTakeOwnershipPrivilege	2500	msiexec.exe
Token: SeRestorePrivilege	2500	msiexec.exe
Token: SeTakeOwnershipPrivilege	2500	msiexec.exe
Token: SeRestorePrivilege	2500	msiexec.exe
Token: SeTakeOwnershipPrivilege	2500	msiexec.exe
Token: SeRestorePrivilege	2500	msiexec.exe
Token: SeTakeOwnershipPrivilege	2500	msiexec.exe
Token: SeRestorePrivilege	2500	msiexec.exe
Token: SeTakeOwnershipPrivilege	2500	msiexec.exe
Token: SeRestorePrivilege	2500	msiexec.exe
Token: SeTakeOwnershipPrivilege	2500	msiexec.exe
Token: SeRestorePrivilege	2500	msiexec.exe
Token: SeTakeOwnershipPrivilege	2500	msiexec.exe
Token: SeRestorePrivilege	2500	msiexec.exe
Token: SeTakeOwnershipPrivilege	2500	msiexec.exe
Token: SeRestorePrivilege	2500	msiexec.exe
Token: SeTakeOwnershipPrivilege	2500	msiexec.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1436	MSIAfterburner.exe

Suspicious use of WriteProcessMemory 36 IoCs

description	pid	Process	procid_target
PID 1100 wrote to memory of 2760	1100	MSIAfterburnerSetup465.exe	30
PID 1100 wrote to memory of 2760	1100	MSIAfterburnerSetup465.exe	30
PID 1100 wrote to memory of 2760	1100	MSIAfterburnerSetup465.exe	30
PID 1100 wrote to memory of 2760	1100	MSIAfterburnerSetup465.exe	30
PID 1100 wrote to memory of 2760	1100	MSIAfterburnerSetup465.exe	30
PID 1100 wrote to memory of 2760	1100	MSIAfterburnerSetup465.exe	30
PID 1100 wrote to memory of 2760	1100	MSIAfterburnerSetup465.exe	30
PID 2760 wrote to memory of 2156	2760	vcredist_x86.exe	32
PID 2760 wrote to memory of 2156	2760	vcredist_x86.exe	32
PID 2760 wrote to memory of 2156	2760	vcredist_x86.exe	32
PID 2760 wrote to memory of 2156	2760	vcredist_x86.exe	32
PID 2760 wrote to memory of 2156	2760	vcredist_x86.exe	32
PID 2760 wrote to memory of 2156	2760	vcredist_x86.exe	32
PID 2760 wrote to memory of 2156	2760	vcredist_x86.exe	32
PID 1100 wrote to memory of 856	1100	MSIAfterburnerSetup465.exe	34
PID 1100 wrote to memory of 856	1100	MSIAfterburnerSetup465.exe	34
PID 1100 wrote to memory of 856	1100	MSIAfterburnerSetup465.exe	34
PID 1100 wrote to memory of 856	1100	MSIAfterburnerSetup465.exe	34
PID 1100 wrote to memory of 856	1100	MSIAfterburnerSetup465.exe	34
PID 1100 wrote to memory of 856	1100	MSIAfterburnerSetup465.exe	34
PID 1100 wrote to memory of 856	1100	MSIAfterburnerSetup465.exe	34
PID 856 wrote to memory of 568	856	vcredist_x64.exe	35
PID 856 wrote to memory of 568	856	vcredist_x64.exe	35
PID 856 wrote to memory of 568	856	vcredist_x64.exe	35
PID 856 wrote to memory of 568	856	vcredist_x64.exe	35
PID 1100 wrote to memory of 1436	1100	MSIAfterburnerSetup465.exe	36
PID 1100 wrote to memory of 1436	1100	MSIAfterburnerSetup465.exe	36
PID 1100 wrote to memory of 1436	1100	MSIAfterburnerSetup465.exe	36
PID 1100 wrote to memory of 1436	1100	MSIAfterburnerSetup465.exe	36
PID 1100 wrote to memory of 1948	1100	MSIAfterburnerSetup465.exe	37
PID 1100 wrote to memory of 1948	1100	MSIAfterburnerSetup465.exe	37
PID 1100 wrote to memory of 1948	1100	MSIAfterburnerSetup465.exe	37
PID 1100 wrote to memory of 1948	1100	MSIAfterburnerSetup465.exe	37
PID 1100 wrote to memory of 1948	1100	MSIAfterburnerSetup465.exe	37
PID 1100 wrote to memory of 1948	1100	MSIAfterburnerSetup465.exe	37
PID 1100 wrote to memory of 1948	1100	MSIAfterburnerSetup465.exe	37

C:\Users\Admin\AppData\Local\Temp\MSIAfterburnerSetup465.exe
"C:\Users\Admin\AppData\Local\Temp\MSIAfterburnerSetup465.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1100
- C:\Program Files (x86)\MSI Afterburner\Redist\vcredist_x86.exe
  "C:\Program Files (x86)\MSI Afterburner\Redist\vcredist_x86.exe" /Q
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2760
- - \??\c:\cb4daf6e3927d60bf60405ed\install.exe
    c:\cb4daf6e3927d60bf60405ed\.\install.exe /Q
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of AdjustPrivilegeToken
    PID:2156
- C:\Program Files (x86)\MSI Afterburner\Redist\vcredist_x64.exe
  "C:\Program Files (x86)\MSI Afterburner\Redist\vcredist_x64.exe" /Q
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:856
- - \??\c:\b3fb4643c2e239ec82b4c69d\install.exe
    c:\b3fb4643c2e239ec82b4c69d\.\install.exe /Q
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:568
- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
  "C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe" /LANG
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1436
- C:\Program Files (x86)\MSI Afterburner\Redist\RTSSSetup.exe
  "C:\Program Files (x86)\MSI Afterburner\Redist\RTSSSetup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1948

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Loads dropped DLL
- Enumerates connected drives
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\f77af26.rbs

Filesize
29KB

MD5
f3049d0c1917f2236f19decb6dba4d23

SHA1
503db13c339c5b534d43d5cf160a1998924790e4

SHA256
d8c7b7618e1920a5a71cf24bc29f76cb5f7d5fa2f9f320d7aa3194f27bd3382b

SHA512
af99c69d0d2f7010160994ccd0ba21b9261922e7ff7d830cc0192b4d3b5a70ad4acbbdc7e6ef55ad1941bc2ac1ab8171002768e8b566d9d4ca246abb95f9035a

Download Submit
C:\Config.Msi\f77af2b.rbs

Filesize
29KB

MD5
e5ff0d2677964a029859161cf1178d68

SHA1
0f9f2fbb5bf4bedf2aa3155e79482dba10133efb

SHA256
f83d386a949f7870bec497a4b7e28b3c15c4b0fee6aff4b50b666563e33f9608

SHA512
a68b68a6ba7f28c2f4631395201ced6b39b0a80940c4a412a07be7be922d54e2d0580df116dae6c5ef29bfed6c95ef1e49bc9a64b8daa5376a59841db8f19754

Download Submit
C:\Program Files (x86)\MSI Afterburner\Localization\CHN\Description

Filesize
108B

MD5
1544f4f6ad5fff1aef29e51e164a0f10

SHA1
158c15af2b2af58b92c17d9b8659c754c81030cc

SHA256
3ad80354705490092ebd22597a1a9ad28649c7415cba105244b2343b21e005af

SHA512
340fb0eca1eef2ef0c7656f50eeff2e10135b4077ba200c0d856ea4091e32f7c996f8af1b0a613c9c25e7072ea47cd10bdc53b5f33079aaeb5d17197e03e5771

Download Submit
C:\Program Files (x86)\MSI Afterburner\Localization\CHN\Kvip.ico

Filesize
1KB

MD5
aad9080734b65c3830bcc1d1805099b6

SHA1
7529ee505810ea5c36435ea75b16827e11e3074c

SHA256
ffc0b50cf7e6f83faa873e6be33c496e0b87ac1fa31d49be5866ab4358e70832

SHA512
4ce313e7e4815a91b8d050311a60eb10d5b17145330fe1b6648242ab74adc8553765cd10c27ac44b90a7a755758bd7e2181d6e5bbf48071069df8c8c482cedf8

Download Submit
C:\Program Files (x86)\MSI Afterburner\Localization\DUT\DUT.ico

Filesize
318B

MD5
2b5eb2fb597ddfbe149d844294e22fb0

SHA1
34ce8d7c1decbbefbeac33975e874aa09caba5e4

SHA256
ad22f034e6edc2edc4193fbeecc46b58008b9180d46dbba6c36d806366a86c54

SHA512
396f3399611dad52be2f2e839c4219df242bdbe50759b34144e34886051363e4b8665c08c768f39968b226c2f63ebc1e5c4f5910b6d4020bd00e6bf662744251

Download Submit
C:\Program Files (x86)\MSI Afterburner\Localization\DUT\Description

Filesize
111B

MD5
06bda8cbf88f8a65d708c1dbb24a7995

SHA1
ab2c7ad30727f8e7e8a82c3ba984f016849c1a80

SHA256
d0cf43fe6979ddb75a29b469cdf58b5ad4b8599808f64b972c5385364c288532

SHA512
7b1f65eb09008ac4592a56133ddbfae65d4794dd78550f8a75c6196e54ed4fbd9474b65d1b1d6de6a0f1c4baa2955d729efed09e754c32f7f1ecfc4c98da52cf

Download Submit
C:\Program Files (x86)\MSI Afterburner\Localization\FR\Description

Filesize
121B

MD5
2a04d67ec84be1b1a860b51a7889b7d6

SHA1
b8d6a0a5d8e5edba27ebeeba7c5365aeb10a7210

SHA256
929e5be3e63132d29d1e80a77dd09c1bcfe3663e46eaf653426d04bce02c15b3

SHA512
93493d454fee6107a40a8cac306e0ee3cd344bfea50230b17537d7052fb16e20ed336459ab09151b7d074425c2b85262d185cedfde969622191b73590a921112

Download Submit
C:\Program Files (x86)\MSI Afterburner\Localization\FR\FR.ico

Filesize
894B

MD5
8ff5eaadf0bbb680176a4dbe92e57a59

SHA1
550e39bd32a237ce16825bc6e93ef529c1bcd276

SHA256
4d6e1d2ad29776f68fa8a685423990358c1c0be596314ba05be8ae85fce1f5d8

SHA512
d5edf58e3d22cf07c97bef9c88c6a4feb23efbb6a04f2cf0c4d18833d6ffe9f4d8b5cbe1d9a134dd7aaf91bed238726acdef6122f2a5e9f3949a5fdb18280ec7

Download Submit
C:\Program Files (x86)\MSI Afterburner\Localization\GER\Description

Filesize
114B

MD5
f061a7a3c5293c930b600bb668bd8284

SHA1
09fb842595ff9ce1f40ede005a5aabf9134569c3

SHA256
ed18d685fbe47bc2ee7ae9d5fdd6e2a7b9b1e821277d50401d5e7d940d2053e1

SHA512
aa138b58a53471b4264f234c888661781924f9bca4bcc0cf13fa0899d1912289b86198adefe389f6176240d1d65d6b974ac8af292a8d804545d72d31bc627b42

Download Submit
C:\Program Files (x86)\MSI Afterburner\Localization\GER\Ger.ico

Filesize
1KB

MD5
e613c85861b289db57eea4d7b17ea71e

SHA1
ef573b4df50cd818a690fd8d03c4c667b577766a

SHA256
52f51aec3a9df0b18000745a4a5fbcb7e765611bd7041474143f0bbc2df47b4f

SHA512
884d8635cd4ae784b55e525969c318ed96909d3aa164da0fafdfabe5ee1ad9a1b84468fabfb7ffcf82fca0286ad8dd013638dd3ebc9803ef9e4f3b94a1b0eacc

Download Submit
C:\Program Files (x86)\MSI Afterburner\Localization\ID\Description

Filesize
48B

MD5
edc50a4c190450d9c8c9957080506ca3

SHA1
9b0a281a76e2fe63c17d7385133c1fec87458ca6

SHA256
4dfbd323f49f4a141178de3ce95873d7f5cb28ca5428590e61ba46aca1403ca8

SHA512
cb698a492b3b627556992378163111be5c0f726b21a1fc7b1298b634aa5eecac9224dd9929559f5eda52dfb1669e42cc3280dedc12e540983e8a97e7c9528891

Download Submit
C:\Program Files (x86)\MSI Afterburner\Localization\ID\ID.ico

Filesize
1KB

MD5
9bb4cfb946a767f8d14925b1cca739fb

SHA1
bcc21d66a2c4a163a4f92124da545a74861ac230

SHA256
9d20af809469fa85ffe4bb84159bfb47e16484dd30f39f12d9009117544cb57e

SHA512
deead0cff3461ee3ed1e8362301051b05ba8278d926f0d62325b90cde1db0fdcde97e1d69eba6ef80d7166c89c7b9a33f6b5eb088dca66978248cab8b508f374

Download Submit
C:\Program Files (x86)\MSI Afterburner\Localization\ID\Translation\Localization\PTBR\Description

Filesize
27B

MD5
c4c8a93acc52d8a8c98fca0ad3c23ed7

SHA1
c85da95a906594cfa9526c1a851381d53065c413

SHA256
bf9b5f5dd80f73b363e5268b021a5f76bbceb7108016e994f52a1f191f7c0b19

SHA512
7e55d0ac4a2a34dcf592659d694159799d8d7cb364f7bb8dae2ebb8b3b61b080ef5e5f091d761b247a620d055d6853813156c17a202511919b62de3770b1069d

Download Submit
C:\Program Files (x86)\MSI Afterburner\Localization\ITA\Description

Filesize
101B

MD5
d4b73ce1963257e79a3565fa7aba4101

SHA1
15e16f7e7b8c890fc3b8191c79d210d9174110e8

SHA256
2c26a0d5e7c201d30c3eff712d9117990a5ec2294f9b23bbd38942b308aedb39

SHA512
8adc23c5ae50d56370682a11cc1aca0f45ec88c2185989ca0f1656073c15151f37f1258445de1dc479912561df5aeb24619b6297988e3a43a90ad9b8de7086ee

Download Submit
C:\Program Files (x86)\MSI Afterburner\Localization\ITA\ITA.ico

Filesize
1KB

MD5
14469550215e68c4c4c46c051cda6df6

SHA1
4d9e0a7622376994deeaf27b8a49604f3fbb7cfc

SHA256
c443261a9884fd5080d4c7cb80440c128d9827e4fc52c33a72d80a371c645690

SHA512
7625bd33f81ac33b97d3a5e6c8ef871b71602048b26c5c4e46f7f44c60bda1e72f41e71de83b67985a7cd3172edc0dfb863a3a53d0a557513bfceac56bea022e

Download Submit
C:\Program Files (x86)\MSI Afterburner\Localization\JP\Description

Filesize
44B

MD5
3019d559a188434d636382b6e683ea69

SHA1
6eb265a97a90df1edf440951adccb16709111813

SHA256
09eac03b7f931ca40e78634719de083c98abb0604673d52ebfed2b0530d162e7

SHA512
c43c94b79635c84fa539c86fa96aa70c07fac91bf6051ad8aef9d03f8f143befe7add4b7fd18de26a063389c0182b0cb28085e5482e1b279be4a021857f8686d

Download Submit
C:\Program Files (x86)\MSI Afterburner\Localization\JP\Translation\Localization\TR\Description

Filesize
24B

MD5
847ce1e557124131d6072fb4f70ddd1d

SHA1
e8ddfd2072fab668e09d7b45c41f22b14101cb6e

SHA256
47c6acea7faacb9bc4c45f841370380d59523271b9b5cbfaba32f20b2491566b

SHA512
f01253cef67ccb1e2a56db62ac8700de4c9063777ca7d7f6a603b3e9580cbceb269b442ca68400e663cf84469c2d3a4dcec712e086b6bf032ea3ee3102cd3c78

Download Submit
C:\Program Files (x86)\MSI Afterburner\Localization\KOR\Translation\MSIAfterburner.oem\FanPresets

Filesize
53B

MD5
6bde7bcd391222b63bc1dabac303054c

SHA1
b330daff065646dfeee2978fde55de7864560532

SHA256
6ec7d87d8b57526a10337804b79edb72032cf0b3013434a9ff3cd2f58464ecb6

SHA512
f34cd476ffc124ef99062d4a22e9afacebb6d7cd10c7c9f0a70e2d6519f6b81283949500a886e3797d1ff03847ca8a203cddd577d5674aa088da756fe41bd9be

Download Submit
C:\Program Files (x86)\MSI Afterburner\Localization\SPA\Translation\Localization\POL\Description

Filesize
23B

MD5
caabb86c161b41b5788b0e6883c521ba

SHA1
4f76190683aabc86158012aa8442a5c33bb89a11

SHA256
54f3d0e0614fc1ed085ebee938f02200ee17ef8b73268b024b9c5d2d5712ce5b

SHA512
0ad2a4295a49c84a86faecc8d717398a217c2bebc86ac5b2263e2bfcc412a511419c1c23437844d9ac9b3ede1c1547a7e432362efc81d8a336aeb90e858d62d2

Download Submit
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.cfg

Filesize
7KB

MD5
08e067ffb1f51cf62bdb400c82082323

SHA1
1494c87ded54e3139f616127501860bfdcd24066

SHA256
8941f8ce12a05eb93bd00349174404e4db25ddeb6ce031b82d7b455b9ab63a9c

SHA512
21e0d38fe6e547b53e62aff235460eca4f114c1be9e8fbcfcb9e8e74b501236efd666e13fc3062d86360dfcdfd42ffdedbff80baccb5d10f8781277c85fe8977

Download Submit
C:\Program Files (x86)\MSI Afterburner\RTCore.dll

Filesize
227KB

MD5
6fc0afef23955bd2a17fc4ee7ea40938

SHA1
7ad239a3e9f942e4e2cf05cd4581ecf0d122fd15

SHA256
e1ecb3cb8b64573fc45298c06db53be494bdaf1cfc31de18f926a53e46759052

SHA512
126162e038d08ea270e2d28a62f737692681ad905fa76b9e6ec0d4ba27708b489e089e5ca82103fda2dcb106407c0dbf9bcb43d12b09cb66b75f1517a4f31cb1

Download Submit
C:\Program Files (x86)\MSI Afterburner\SDK\Localization\Installer\AfterburnerJP.lic

Filesize
1KB

MD5
daf24b1d8e4cccd9088aeb06b6c22d2e

SHA1
5ff38efd71f1e20969933872c3c1de0a82680e5e

SHA256
e3129e07b790cc7854a78ae8d124482d0954b17db1155f00c42f8f99e1964fcc

SHA512
cf2913b2db35df2f76e27fa7b957afbb1a63c9c97277d81699af967bfc0c5ef2889f16519bc0a3a569a04fc23a7c03e6828a02412bcf98b1b00d8f0fada5562e

Download Submit
C:\Program Files (x86)\MSI Afterburner\SDK\Samples\Plugins\Monitoring\SMART\StdAfx.h

Filesize
1KB

MD5
fd2e80a0b1f4b19a928dad2111f26b70

SHA1
2f45b149f26652abdc421fa94d78970872461650

SHA256
ac9fe5cda0f037212342503288716cc1e3c705cd2417bf558c43a8a4cdcb75d5

SHA512
9a041edefce8c32b54147b5d279962d3bc2ce0dbdf893e4bd39442390ea3e83a99b0b2c567543606ca7258c352a66429012cf8cf2c959a6294b7b61689cce962

Download Submit
C:\Users\Admin\AppData\Local\Temp\VWLCE57.tmp

Filesize
392B

MD5
de28b104a0e875b78dc7681cfe734bf8

SHA1
39f21248b0b6f5ac6d367229968dd7f4d9bc7ed4

SHA256
1d118a204d589c83bbf30e0a68c5bf9ec53d9c66f11b9e75399b38ffac2a2dd3

SHA512
427a24ffe2971898516ebca8f616dd2ded521ddba39147d1cc126217129c91d5007b1584750e5a1522ee21ba17614495eaaacc00e49261c428c0b13846bd1ff7

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredistMSI5555.txt

Filesize
1KB

MD5
868d06661cd11dd5157c90ad61b74bf0

SHA1
5d819f52e165c2eab6d56573a3e28ccf1b7c59c5

SHA256
0768e74a6062075d6b6104e14a2ae0cb527e850dd70e5d908aa99bb46a0f2921

SHA512
c5d2370b9d7d8d24e048000f1daede198e73a32461a17fcabb9c16112069e172d5322f3df692108f1d1e2c7ffa9d5754ba5b111f9eff7137cc91ab4473fdcf95

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredistMSI5566.txt

Filesize
1KB

MD5
3939d1e871a895e4a37793fc5777fd8d

SHA1
f3c46a25d8427bda2d9ca548ee3cdbf42f8a23a1

SHA256
d38e56621dd3db2253188fde412f41436659547ba452811de9346353f1407e69

SHA512
7732e4d52e61292ba484de10d962d93178ec0733800f445da18450dc783c149bc5e818d10603a46397ec8e9506e0f4376ca8057c17a1f79733f26c9b4a3c6531

Download Submit
C:\Users\Admin\AppData\Local\Temp\nszD29C.tmp\modern-wizard.bmp

Filesize
25KB

MD5
cbe40fd2b1ec96daedc65da172d90022

SHA1
366c216220aa4329dff6c485fd0e9b0f4f0a7944

SHA256
3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

SHA512
62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

Download Submit
\??\c:\b3fb4643c2e239ec82b4c69d\install.res.1033.dll

Filesize
84KB

MD5
e8ed5b7797472df6f5e1dae87c123e5e

SHA1
71e203899c3faf5e9eb5543bfd0eb748b78da566

SHA256
6ad479dd35201c74092068cccd6d12fd84a45d2c04e927b39901a9126f9e06dd

SHA512
dfdd6bba404753f6afbc804551550bdc771eccc034c01f4c5149beb6d98424cf7b86fc63aac361a1840df9bc8365c726baab672055534620db70ca2c0e2e1b3e

Download Submit
\??\c:\b3fb4643c2e239ec82b4c69d\vc_red.cab

Filesize
4.3MB

MD5
5cad07d592a2a43905d6b656b79a7abd

SHA1
9168413a66fe4e41ddd506a68e7f5e5feebf9d6b

SHA256
9f218cefe505a28a589b10f4e7c28ac479eca159e438012a9666e6f709bcf82f

SHA512
546065881b32421ba36076dd6848d98e444d89def7a4bfd3d7299d6de6f6f746a2abea2a00e24b02ba5ba2bde816a70529eb8ca48972ccc2d03f3ccb12df4261

Download Submit
\??\c:\b3fb4643c2e239ec82b4c69d\vc_red.msi

Filesize
230KB

MD5
4aa5bbddbf6b2d1cf509c566312f1203

SHA1
0557e25cf4c2aa1bcb170707cd282ae864d93d17

SHA256
017e62a7a046acf00f5565e60f8eed4c5f409913e7ddc2f431d4236bbfdabab8

SHA512
e32fad32aefb70592eec56c55eaf65d6a6ed33939a6cabe7ff0ec33f91c4687001a41575ccfcac448c4739b2af4e309c2ec9e526104fb292d04aa8746dfad8f9

Download Submit
\??\c:\cb4daf6e3927d60bf60405ed\globdata.ini

Filesize
1KB

MD5
0a6b586fabd072bd7382b5e24194eac7

SHA1
60e3c7215c1a40fbfb3016d52c2de44592f8ca95

SHA256
7912e3fcf2698cf4f8625e563cd8215c6668739cae18bd6f27af2d25bec5c951

SHA512
b96b0448e9f0e94a7867b6bb103979e9ef2c0e074bcb85988d450d63de6edcf21dc83bb154aafb7de524af3c3734f0bb1ba649db0408612479322e1aa85be9f4

Download Submit
\??\c:\cb4daf6e3927d60bf60405ed\install.ini

Filesize
841B

MD5
f8f6c0e030cb622f065fe47d61da91d7

SHA1
cf6fa99747de8f35c6aea52df234c9c57583baa3

SHA256
c16727881c47a40077dc5a1f1ea71cbb28e3f4e156c0ae7074c6d7f5ecece21d

SHA512
b70c6d67dac5e6a0dbd17e3bcf570a95914482abad20d0304c02da22231070b4bc887720dbae972bc5066457e1273b68fde0805f1c1791e9466a5ca343485cde

Download Submit
\??\c:\cb4daf6e3927d60bf60405ed\vc_red.cab

Filesize
3.7MB

MD5
0ee84ab717bc400c5e96c8d9d329fbb0

SHA1
be4ba7bbb068c7256b70f4fd7634eaeb2ad04d0a

SHA256
461d575bc1a07f64c14f1da885d2f310bd282cbbedcd0a5cf8ffa7057411805d

SHA512
4a6b0619f471a51df09fb6c1eff4ed166cdb7ef57f79ffdf709fa952a7c2a176c338084689c8ace1a94024a24579e9ee0ab6d411c25a1b42b0f517c57749d1a2

Download Submit
\??\c:\cb4daf6e3927d60bf60405ed\vc_red.msi

Filesize
222KB

MD5
7e641e6a0b456271745c20c3bb8a18f9

SHA1
ae6cedcb81dc443611a310140ae4671789dbbf3a

SHA256
34c5e7d7ea270ee67f92d34843d89603d6d3b6d9ef5247b43ae3c59c909d380d

SHA512
f67d6bf69d094edcc93541332f31b326131ff89672edb30fd349def6952ad8bfd07dc2f0ca5967b48a7589eee5b7a14b9a2c1ebe0cba4ae2324f7957090ea903

Download Submit
\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe

Filesize
785KB

MD5
7d366e36f73e00fbb6bdffce69d7f434

SHA1
aa2202b7615c7e656359c0303aed3d25eaa638d6

SHA256
303f8fa6beaf2f67c86e1d174e9e84df83f0b37d04e60f55b04e7f21be9453b1

SHA512
d3bbe53288667ceebbe3dfb18c057520d1fe7b9fc0010877de21c5a8a8487a5f462e1322836223dc5721862a67060f5d41725d6932c83badfd168eb28b123631

Download Submit
\Program Files (x86)\MSI Afterburner\RTFC.dll

Filesize
58KB

MD5
1f1f57c693dc2d7547611c230cf341cb

SHA1
63f3087add7abeff955b6d0d46c4acfbdae2b4fe

SHA256
1712ba131ce96e08474091fc35f52a1dd08024965e2832be291a1d520fcbc4b9

SHA512
ed17003604b8c5222638c1623ed55e8b868cd0f5688a331b00613f86b71107ddd7834b585d2fb506271ba0772311d3e35004efd912b37eeef2e80be6e36cd715

Download Submit
\Program Files (x86)\MSI Afterburner\RTHAL.dll

Filesize
683KB

MD5
261d75b4c6acc588866ef4112e420b54

SHA1
7f57b90358bc455d5e73793239b8e5b4803674a8

SHA256
758114e6c1960f80542f41f422fc082d12a79e1fe765155279c3d5379febbdec

SHA512
1bfbbbff75ff8cfdb9593f600bf5ad4cacdd0ad8c6670fe8406345f8749e6e2e69fb4d9a4883d4efa5a1c45122592d9d226b1cdb4f5d1a26d55d0b18b25ba9cf

Download Submit
\Program Files (x86)\MSI Afterburner\RTMUI.dll

Filesize
72KB

MD5
9d57486d095434070393928916b257d5

SHA1
1623890330f153f6de81ed9afd919ead23a1e4ca

SHA256
076f693a4f67640a7e7730b78b13ef589ff135617ced98ec87e67a7bf69d2fb5

SHA512
b3304dc129278c8902cb64cbd08a94fd5948bb633bd9b1dfa5c4aa75b25160e7a6327c3118abec46886a7b059c1915ce89e739c7ad84347076a025e6153486f0

Download Submit
\Program Files (x86)\MSI Afterburner\RTUI.dll

Filesize
363KB

MD5
8e69b7f41ff314bdd36e10e2ea9929b6

SHA1
18433cadf9294cea029312e0d148cf343018221c

SHA256
cb757132fc05df31f2c9dd879b0a02d7a12a50a4cdbd59cc61039cc629603ae9

SHA512
11aacfce2a137081584a054307310f7d96cace2960aa6338a78b4aa01063d9bfd026e4d7192cd95e0637586c1ff507951cf7a07cddfca6f4f79ec151ddd273e1

Download Submit
\Program Files (x86)\MSI Afterburner\Redist\vcredist_x64.exe

Filesize
5.0MB

MD5
e2ada570911edaaae7d1b3c979345fce

SHA1
a7c83077b8a28d409e36316d2d7321fa0ccdb7e8

SHA256
b811f2c047a3e828517c234bd4aa4883e1ec591d88fad21289ae68a6915a6665

SHA512
b890d83d36f3681a690828d8926139b4f13f8d2fcd258581542cf2fb7dce5d7e7e477731c9545a54a476ed5c2aaac44ce12d2c3d9b99c2c1c04a5ab4ee20c4b8

Download Submit
\Program Files (x86)\MSI Afterburner\Redist\vcredist_x86.exe

Filesize
4.3MB

MD5
35da2bf2befd998980a495b6f4f55e60

SHA1
470640aa4bb7db8e69196b5edb0010933569e98d

SHA256
6b3e4c51c6c0e5f68c8a72b497445af3dbf976394cbb62aa23569065c28deeb6

SHA512
bf630667c87b8f10ef85b61f2f379d7ce24124618b999babfec8e2df424eb494b8f1bf0977580810dff5124d4dbdec9539ff53e0dc14625c076fa34dfe44e3f2

Download Submit
\Program Files (x86)\MSI Afterburner\Uninstall.exe

Filesize
101KB

MD5
3bcd40bef78a85c1c8c8265a7c0dbcf7

SHA1
1abfa8794c73ab5a73494ab36e9909590f3cf74d

SHA256
97557dee7913a80edb8191e7233b236d738ab6eac558c21c0fa2ccece68bbd1f

SHA512
a91c91b81d4a896315f9aa9f1209afa131ec828df63b98125a19491c69e10a03c1fa145f17f076771459fcce03650eaf2de4a3b4cceb38220428171a579465c7

Download Submit
\Program Files\Common Files\Microsoft Shared\VC\msdia90.dll

Filesize
835KB

MD5
b370bef39a3665a33bd82b614ffbf361

SHA1
ac4608231fce95c4036dc04e1b0cf56ae813df03

SHA256
a9f818f65074355e9376f9519b6846333b395d9b2d884d8d15f8d2f4991b860a

SHA512
66ebf1275d86c07f5c86244b10187453ef40a550d74b9eb24ac3fbf51419786b87fdefe84812d85dc269cb49377e1b51732b697ae089cfbf35123ea90932fdb8

Download Submit
\Users\Admin\AppData\Local\Temp\nsoA94B.tmp\LangDLL.dll

Filesize
5KB

MD5
08de81a4584f5201086f57a7a93ed83b

SHA1
266a6ecc8fb7dca115e6915cd75e2595816841a8

SHA256
4883cd4231744be2dca4433ef62824b7957a3c16be54f8526270402d9413ebe6

SHA512
b72e7cea5ce1f4dc64e65a1f683a3ef9e3fa2dc45cf421f569eb461f1fdcc0caf4ff62a872e62b400579f567c6ff9fc3c2e6e020cdca89d96015502c803a09b9

Download Submit
\Users\Admin\AppData\Local\Temp\nsoA94B.tmp\StartMenu.dll

Filesize
7KB

MD5
6581c243481c0ba91ec1bd9fd93f1c30

SHA1
b00b7fe38b0dbf5576239a8f62f01df7fb993e5d

SHA256
72fa1a91185fda8b68a49b9ebb8d5ddf00f899f590d1e657a58c229f9bd0a700

SHA512
c882c15e1222929369753addb023fe028dd95345c0b29a5a8c0ba00cbdee45f3a7aacafd9d4cdc5fe86e3676ba958abf841801d73361c4630e7f48ab63725055

Download Submit
\Users\Admin\AppData\Local\Temp\nsoA94B.tmp\System.dll

Filesize
12KB

MD5
6e55a6e7c3fdbd244042eb15cb1ec739

SHA1
070ea80e2192abc42f358d47b276990b5fa285a9

SHA256
acf90ab6f4edc687e94aaf604d05e16e6cfb5e35873783b50c66f307a35c6506

SHA512
2d504b74da38edc967e3859733a2a9cacd885db82f0ca69bfb66872e882707314c54238344d45945dc98bae85772aceef71a741787922d640627d3c8ae8f1c35

Download Submit
\Users\Admin\AppData\Local\Temp\nsoA94B.tmp\nsDialogs.dll

Filesize
9KB

MD5
ca5bb0ee2b698869c41c087c9854487c

SHA1
4a8abbb2544f1a9555e57a142a147dfeb40c4ca4

SHA256
c719697d5ced17d97bbc48662327339ccec7e03f6552aa1d5c248f6fa5f16324

SHA512
363a80843d7601ba119bc981c4346188f490b388e3ed390a0667aaf5138b885eec6c69d4e7f60f93b069d6550277f4c926bd0f37bc893928111dc62494124770

Download Submit
\b3fb4643c2e239ec82b4c69d\install.exe

Filesize
834KB

MD5
f0995d5ebde916fa146f51d324cf410c

SHA1
6a03e96a663051683b82601b5c7be72d72ecdb1c

SHA256
f0110ab02e8a531e3e7d196c03f907c659e6262c75861dc0c8d05f6a3ccbdd6b

SHA512
8a2ca604c06077a1c5a7ac9782ff6815a4ea1b152502707120cf5a8edddcda7c8d1a71e16c80305a3fa098acb6ecf158c770e6d0a9cb2e57a9d875fb935664b8

Download Submit
\cb4daf6e3927d60bf60405ed\install.exe

Filesize
547KB

MD5
4138c31964fbcb3b7418e086933324c3

SHA1
97cc6f58fb064ab6c4a2f02fb665fef77d30532f

SHA256
b72056fc3df6f46069294c243fe5006879bf4a9d8eef388369a590ca41745f29

SHA512
40cf2f35c3a944fca93d58d66465f0308197f5485381ff07d3065e0f59e94fc3834313068e4e5e5da395413ff2d3d1c3ff6fa050f2256e118972bf21a5643557

Download Submit
\cb4daf6e3927d60bf60405ed\install.res.1033.dll

Filesize
85KB

MD5
ff6003014eefc9c30abe20e3e1f5fbe8

SHA1
4a5bd05f94545f01efc10232385b8fecad300678

SHA256
a522c5ea3250cdd538a9ce7b4a06dfd5123e7eb05eef67509f2b975a8e1d3067

SHA512
3adc5c705bab7fa7b50517a5eb3301491f5150b56e1088ed436590458e963da204cd1875af75db89742403476a56a94c3f425c05327767bdb4bbee4859667ac2

Download Submit
memory/1436-3219-0x00000000002A0000-0x00000000002FE000-memory.dmp

Filesize
376KB

Download
memory/1436-3214-0x0000000000250000-0x000000000028C000-memory.dmp

Filesize
240KB

Download
memory/1436-3222-0x00000000004F0000-0x00000000005A0000-memory.dmp

Filesize
704KB

Download
memory/1436-3210-0x0000000000230000-0x0000000000242000-memory.dmp

Filesize
72KB

Download