c3beb21543af720a1b5ee9f817bf1ebb06561acdfd4a9c78005b1b7a1557c64d

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
15-06-2024 02:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a6b202df06fd1d811fb8ee3280132d53.exe
Size

3.0MB
MD5

a6b202df06fd1d811fb8ee3280132d53
SHA1

90b4136f74bb47285211925adeaed70fc13cb17b
SHA256

c3beb21543af720a1b5ee9f817bf1ebb06561acdfd4a9c78005b1b7a1557c64d
SHA512

ac9c286c96e059d6e7e5fabce3f780b568347bde579db7ead5d4f0211e7d8cd778f7611641c2bb6c3cd7a39bc39c5022359b7012e2732a04df9ba7832ff5b7c0
SSDEEP

49152:Ompgb0ADdXEevuvTytxb9GEgpUnCkpMavQ5BH7dawFzF:Om2b09e2vTytxb9FUUnCZjdrFB

Score

8^/10

discovery persistence spyware stealer

Malware Config

Signatures

Sets DLL path for service in the registry 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\eac_notifysvc\Parameters\ServiceDll = "C:\\PROGRA~2\\EACCEL~1\\FRAMEW~1\\eac_notifysvc.dll"	setup.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\PROGRA~2\StopSign\INSTAL~1\resources\icons\space.ico	setup.exe
File opened for modification	C:\PROGRA~2\StopSign\INSTAL~1\resources\images\stops_header_tm.gif	setup.exe
File created	C:\PROGRA~2\StopSign\INSTAL~1\resources\images\stops_header_tr.gif	setup.exe
File created	C:\PROGRA~2\StopSign\INSTAL~1\dlinst.dll	setup.exe
File opened for modification	C:\PROGRA~2\EACCEL~1\FRAMEW~1\eac_productsvc.exe	setup.exe
File created	C:\PROGRA~2\StopSign\INSTAL~1\eaccel_setup_update.exe.chk	setup.exe
File created	C:\PROGRA~2\StopSign\INSTAL~1\resources\icons\konx00.ico	setup.exe
File created	C:\PROGRA~2\StopSign\INSTAL~1\resources\icons\lites.ico	setup.exe
File created	C:\PROGRA~2\StopSign\INSTAL~1\resources\icons\word.ico	setup.exe
File opened for modification	C:\PROGRA~2\EACCEL~1\FRAMEW~1\eac_svc.exe	setup.exe
File created	C:\PROGRA~2\StopSign\INSTAL~1\sqlite3.dll	setup.exe
File opened for modification	C:\PROGRA~2\StopSign\INSTAL~1\resources\icons\backgammon.ico	setup.exe
File opened for modification	C:\PROGRA~2\StopSign\INSTAL~1\resources\icons\dominoes.ico	setup.exe
File created	C:\PROGRA~2\StopSign\INSTAL~1\resources\icons\match.ico	setup.exe
File created	C:\PROGRA~2\StopSign\INSTAL~1\resources\icons\firewall.ico	setup.exe
File created	C:\PROGRA~2\StopSign\INSTAL~1\resources\icons\dominoes.ico	setup.exe
File opened for modification	C:\PROGRA~2\StopSign\INSTAL~1\resources\help\index.chm	setup.exe
File opened for modification	C:\PROGRA~2\StopSign\INSTAL~1\resources\icons\dldguard.ico	setup.exe
File opened for modification	C:\PROGRA~2\StopSign\INSTAL~1\resources\images\stops_dlg_header_tr.gif	setup.exe
File created	C:\PROGRA~2\StopSign\INSTAL~1\resources\html\install_ty_paid.htm	setup.exe
File opened for modification	C:\PROGRA~2\StopSign\INSTAL~1\resources\icons\syspatch.ico	setup.exe
File opened for modification	C:\PROGRA~2\StopSign\INSTAL~1\resources\icons\popupdet.ico	setup.exe
File created	C:\PROGRA~2\StopSign\INSTAL~1\resources\icons\checkers.ico	setup.exe
File opened for modification	C:\PROGRA~2\StopSign\INSTAL~1\resources\images\stops_dlg_header_tl.gif	setup.exe
File opened for modification	C:\PROGRA~2\EACCEL~1\FRAMEW~1\eac_surrogate.exe	setup.exe
File created	C:\PROGRA~2\StopSign\eAccelComponents\a6b202df06fd1d811fb8ee3280132d53.exe	eaccelsetup.exe
File opened for modification	C:\PROGRA~2\StopSign\INSTAL~1\eaccel_updater.exe	setup.exe
File created	C:\PROGRA~2\StopSign\INSTAL~1\resources\icons\9pool.ico	setup.exe
File created	C:\PROGRA~2\EACCEL~1\FRAMEW~1\eac_product.dll	setup.exe
File created	C:\PROGRA~2\StopSign\INSTAL~1\resources\icons\t4c00.ico	setup.exe
File opened for modification	C:\PROGRA~2\StopSign\INSTAL~1\resources\icons\match.ico	setup.exe
File opened for modification	C:\PROGRA~2\StopSign\INSTAL~1\resources\icons\compass.ico	setup.exe
File opened for modification	C:\PROGRA~2\StopSign\INSTAL~1\resources\icons\oodlz.ico	setup.exe
File opened for modification	C:\PROGRA~2\StopSign\INSTAL~1\resources\icons\gzpr.ico	setup.exe
File created	C:\PROGRA~2\StopSign\INSTAL~1\resources\images\stops_header_tm.gif	setup.exe
File opened for modification	C:\PROGRA~2\StopSign\INSTAL~1\resources\icons\stopsign.ico	setup.exe
File created	C:\PROGRA~2\StopSign\INSTAL~1\resources\icons\slide.ico	setup.exe
File opened for modification	C:\PROGRA~2\StopSign\INSTAL~1\resources\icons\t4c00.ico	setup.exe
File opened for modification	C:\PROGRA~2\StopSign\INSTAL~1\resources\icons\chess.ico	setup.exe
File created	C:\PROGRA~2\StopSign\INSTAL~1\resources\icons\es_voyager.ico	setup.exe
File opened for modification	C:\PROGRA~2\StopSign\INSTAL~1\resources\icons\es_windmail.ico	setup.exe
File opened for modification	C:\PROGRA~2\StopSign\INSTAL~1\sqlite3.dll	setup.exe
File opened for modification	C:\PROGRA~2\StopSign\INSTAL~1\resources\icons\geoball_icon2.ico	setup.exe
File opened for modification	C:\PROGRA~2\StopSign\INSTAL~1\resources\html\intro.htm	setup.exe
File created	C:\PROGRA~2\StopSign\INSTAL~1\resources\icons\dvcr.ico	setup.exe
File opened for modification	C:\PROGRA~2\StopSign\INSTAL~1\resources\icons\8pool.ico	setup.exe
File opened for modification	C:\PROGRA~2\StopSign\INSTAL~1\resources\icons\space.ico	setup.exe
File opened for modification	C:\PROGRA~2\StopSign\INSTAL~1\resources\images\ss_general_ss.gif	setup.exe
File opened for modification	C:\PROGRA~2\StopSign\INSTAL~1\firstprods.ini	setup.exe
File opened for modification	C:\PROGRA~2\StopSign\INSTAL~1\resources\html\install_ty.htm	setup.exe
File opened for modification	C:\PROGRA~2\StopSign\INSTAL~1\resources\icons\blocks.ico	setup.exe
File created	C:\PROGRA~2\StopSign\INSTAL~1\resources\icons\freecell.ico	setup.exe
File created	C:\PROGRA~2\StopSign\INSTAL~1\resources\icons\revenge.ico	setup.exe
File created	C:\PROGRA~2\StopSign\INSTAL~1\eaccelsetup.exe	setup.exe
File created	C:\PROGRA~2\StopSign\INSTAL~1\resources\icons\geoball_icon2.ico	setup.exe
File opened for modification	C:\PROGRA~2\StopSign\INSTAL~1\resources\icons\es_voyager.ico	setup.exe
File created	C:\PROGRA~2\StopSign\INSTAL~1\resources\images\stops_dlg_header_tl.gif	setup.exe
File created	C:\PROGRA~2\StopSign\INSTAL~1\resources\html\install_ty.htm	setup.exe
File opened for modification	C:\PROGRA~2\StopSign\INSTAL~1\resources\icons\klondike.ico	setup.exe
File opened for modification	C:\PROGRA~2\StopSign\INSTAL~1\resources\icons\slide.ico	setup.exe
File created	C:\PROGRA~2\EACCEL~1\FRAMEW~1\eac_toast.dll	setup.exe
File created	C:\PROGRA~2\StopSign\INSTAL~1\stopsact.dll	setup.exe
File opened for modification	C:\PROGRA~2\StopSign\INSTAL~1\resources\icons\lites.ico	setup.exe
File opened for modification	C:\PROGRA~2\StopSign\INSTAL~1\resources\icons\revenge.ico	setup.exe

Executes dropped EXE 18 IoCs

pid	Process
1460	syscheck.exe
2440	setup.exe
1644	eaccelsetup.exe
1780	eaccelsetup.exe
2256	eac_framework_install.exe
3040	syscheck.exe
2208	setup.exe
1208	eac_productsvc.exe
2860	eac_svc.exe
2760	eaccel_updater.exe
2672	setup.exe
864	eacsvc.exe
2808	eacsvc.exe
2896	eaccelsetup.exe
2796	eac_productsvc.exe
1048	eac_productsvc.exe
1464	eaccelsetup.exe
1908	eaccelsetup.exe

Loads dropped DLL 64 IoCs

pid	Process
2236	a6b202df06fd1d811fb8ee3280132d53.exe
2236	a6b202df06fd1d811fb8ee3280132d53.exe
2440	setup.exe
2440	setup.exe
2440	setup.exe
2440	setup.exe
2440	setup.exe
2440	setup.exe
2440	setup.exe
2440	setup.exe
2440	setup.exe
2440	setup.exe
2440	setup.exe
2440	setup.exe
2440	setup.exe
2440	setup.exe
2440	setup.exe
2440	setup.exe
2256	eac_framework_install.exe
2256	eac_framework_install.exe
2208	setup.exe
2208	setup.exe
2208	setup.exe
2208	setup.exe
2208	setup.exe
2208	setup.exe
2208	setup.exe
2208	setup.exe
2208	setup.exe
2208	setup.exe
2208	setup.exe
2208	setup.exe
2208	setup.exe
2208	setup.exe
2208	setup.exe
2208	setup.exe
2208	setup.exe
2208	setup.exe
2208	setup.exe
2208	setup.exe
2208	setup.exe
2208	setup.exe
2208	setup.exe
2208	setup.exe
2208	setup.exe
2208	setup.exe
2440	setup.exe
2860	eac_svc.exe
2760	eaccel_updater.exe
2672	setup.exe
2672	setup.exe
2672	setup.exe
2672	setup.exe
2672	setup.exe
2672	setup.exe
2440	setup.exe
2896	eaccelsetup.exe
2896	eaccelsetup.exe
2896	eaccelsetup.exe
2896	eaccelsetup.exe
2796	eac_productsvc.exe
2796	eac_productsvc.exe
2796	eac_productsvc.exe
1048	eac_productsvc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	eaccelsetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	eaccelsetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	eaccelsetup.exe

Modifies data under HKEY_USERS 46 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	eac_productsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs	eac_productsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	eac_productsvc.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "0"	eac_productsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	eac_productsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates	eac_productsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	eac_productsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	eac_productsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	eac_productsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs	eac_productsvc.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	eac_productsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	eac_productsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs	eac_productsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates	eac_productsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs	eac_productsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs	eac_productsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs	eac_productsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates	eac_productsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs	eac_productsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	eac_productsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	eac_productsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs	eac_productsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	eac_productsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates	eac_productsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs	eac_productsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs	eac_productsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	eac_productsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	eac_productsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	eac_productsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	eac_productsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs	eac_productsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates	eac_productsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates	eac_productsvc.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "1"	eac_productsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	eac_productsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates	eac_productsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates	eac_productsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs	eac_productsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	eac_productsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs	eac_productsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	eac_productsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs	eac_productsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	eac_productsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	eac_productsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs	eac_productsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs	eac_productsvc.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{36E1C862-7C6C-4870-9913-F2A68BDE8088}\ProxyStubClsid32\ = "{36E1C862-7C6C-4870-9913-F2A68BDE8088}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4594CA2-2C5E-4D72-A14A-032219EEDD94}\LocalizedString = "@C:\\PROGRA~2\\StopSign\\INSTAL~1\\stopsact.dll,-100"	eaccelsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1EF677C9-3954-4A6C-ACBA-2B59995F1AEE}	eaccelsetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A601896B-1A9F-4639-B430-51F04B417940}\TypeLib\Version = "1.0"	eaccelsetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\eac_productsvc.EacBrandInfo\CurVer\ = "eac_productsvc.EacBrandInfo.1"	eac_productsvc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\eac_productsvc.EacProductManager	eac_productsvc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E1536218-BD0B-4A67-AD1B-771570561D05}\InProcServer32\ThreadingModel = "Both"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BA6BF99C-121C-451A-BD02-354DEAA6B2D1}\ = "EacToaster Class"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{81A6A5C3-69BF-470B-9A0E-5E4F0F6366AB}\ProxyStubClsid32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FD1C6822-DD89-4FB7-A23B-E86423865484}\Elevation	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{36E1C862-7C6C-4870-9913-F2A68BDE8088}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5EC40B45-CD9A-4EA2-9206-10FC5BFE136F}\ProxyStubClsid32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FD68B701-2C74-4700-AD9B-8FC91AA52EAF}\ProxyStubClsid32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{508B2EA6-806E-4B1A-A84E-FCDF38924476}\1.0\HELPDIR\ = "C:\\PROGRA~2\\StopSign\\INSTAL~1"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{36E1C862-7C6C-4870-9913-F2A68BDE8088}\ProxyStubClsid32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\eac_toast.EacToaster.1\CLSID	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5EDB750D-3375-48D2-9C2C-3910067B19F0}\1.0\0\win32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2B1B65E9-EB6C-4435-AF6F-CB81A2AA1E83}\TypeLib	eac_productsvc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D0AE409E-9E52-45F4-B7B8-0B2F34A61EA8}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5EC40B45-CD9A-4EA2-9206-10FC5BFE136F}\InProcServer32\ = "C:\\PROGRA~2\\EACCEL~1\\FRAMEW~1\\eac_toast.dll"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DBA79994-E135-4B44-ACCD-79A94E1C2B91}\TypeLib\Version = "1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\eac_productsvc.EacBrandInfoCollection.1	eac_productsvc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FD1C6822-DD89-4FB7-A23B-E86423865484}\InprocServer32\ = "C:\\PROGRA~2\\StopSign\\INSTAL~1\\eaccelsetup.dll"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\eac_toast.EacToaster.1\CLSID\ = "{BA6BF99C-121C-451A-BD02-354DEAA6B2D1}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\eac_notifysvc.EacMessage\CurVer	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\eac_notifysvc.EacNotifier\ = "EacNotifier Class"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FD68B701-2C74-4700-AD9B-8FC91AA52EAF}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\eac_productsvc.EacProductManager.1\CLSID\ = "{B2DBC94D-EA4F-4567-8B09-64E2945FE784}"	eac_productsvc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BA6BF99C-121C-451A-BD02-354DEAA6B2D1}\TypeLib\ = "{E4CDFE6E-AF6C-46B6-9CD6-0352CAAD75EB}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\eac_productsvc.EacBrandInfo\CurVer	eac_productsvc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\eac_productsvc.EacProductManager.1	eac_productsvc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F53AC96D-9712-4726-9BEF-B1BC88B4ED69}\ProgID	eac_productsvc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F53AC96D-9712-4726-9BEF-B1BC88B4ED69}\VersionIndependentProgID	eac_productsvc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A8F6D57D-530B-4F4D-BF1D-F2BAC47236D2}\TypeLib\Version = "1.0"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A8F6D57D-530B-4F4D-BF1D-F2BAC47236D2}\NumMethods	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B278BECA-0708-4B8D-8AF7-0D8CCC81A0B2}\ = "IEacProductManagerUpdates"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B4594CA2-2C5E-4D72-A14A-032219EEDD94}	eaccelsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1EF677C9-3954-4A6C-ACBA-2B59995F1AEE}\TypeLib	eaccelsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{76D2C26B-70B4-4144-BB2D-EA16CF3F4E47}\ProxyStubClsid32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\eac_notifysvc.EacMessage\CLSID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\eac_productsvc.EacProductManager.1\ = "EacProductManager Class"	eac_productsvc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B2DBC94D-EA4F-4567-8B09-64E2945FE784}\TypeLib	eac_productsvc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\eac_productsvc.EacProductInfo\CurVer\ = "eac_productsvc.EacProductInfo.1"	eac_productsvc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{76D2C26B-70B4-4144-BB2D-EA16CF3F4E47}\TypeLib\ = "{508B2EA6-806E-4B1A-A84E-FCDF38924476}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{05EBECE9-EC58-425A-B0D6-7D7DAF7C7A00}\ = "IEacToasterHoster"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{03CCE3F2-9B04-44B5-934A-65E39453CEE1}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A2A7BBD7-B2C1-4C76-AB9B-6E2F82A72E95}\TypeLib\ = "{71F9AAF0-C278-436E-A1DA-4863C0EDA0B1}"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E1536218-BD0B-4A67-AD1B-771570561D05}\ProxyStubClsid32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E1536218-BD0B-4A67-AD1B-771570561D05}\ = "PSFactoryBuffer"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1258AF3B-37F8-40F9-8F20-3518C9DBCDB2}\TypeLib	eaccelsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A601896B-1A9F-4639-B430-51F04B417940}	eaccelsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\eac_productsvc.EacProductManager\CLSID	eac_productsvc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FD1C6822-DD89-4FB7-A23B-E86423865484}\InprocServer32\ThreadingModel = "Apartment"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{55CA72FC-3BEE-46FA-8E6F-3495F557009E}\ = "IEACServiceMgr"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FD68B701-2C74-4700-AD9B-8FC91AA52EAF}\TypeLib	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6320A926-229B-4CE1-B232-007932C4D634}\TypeLib\Version = "1.0"	setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000_CLASSES\VirtualStore\MACHINE\Software\Acceleration Software International Corporation\eAnthology\userlevel = "2"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A4CCEF83-DB28-4A7A-B10A-B1B4F65448DC}\AppID = "{73598F01-7FD2-43D2-8710-6E162BA284B0}"	eac_productsvc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FA42F667-D8CE-46CD-B299-B1627357C509}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F129438D-5B30-4A93-9A8D-2149CF3E3141}\ProxyStubClsid32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\eac_framework_dll.EACFramework.1\CLSID	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{55CA72FC-3BEE-46FA-8E6F-3495F557009E}\TypeLib	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CBB7290C-281A-4FAE-8A73-6272356798C4}\TypeLib	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\eac_productsvc.EacProductManager\ = "EacProductManager Class"	eac_productsvc.exe

Modifies system certificate store 2 TTPs 7 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5	eac_svc.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c90300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e52000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	eac_svc.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 1400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e50f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c92000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	eac_svc.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 040000000100000010000000cb17e431673ee209fe455793f30afa1c0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c90300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e51400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331332000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	eac_svc.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 190000000100000010000000d8b5fb368468620275d142ffd2aade371400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e50f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c9040000000100000010000000cb17e431673ee209fe455793f30afa1c2000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	eac_svc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5	eaccelsetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 0300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e52000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	eaccelsetup.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1644	eaccelsetup.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1908	eaccelsetup.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1908	eaccelsetup.exe
1908	eaccelsetup.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2236 wrote to memory of 1460	2236	a6b202df06fd1d811fb8ee3280132d53.exe	28
PID 2236 wrote to memory of 1460	2236	a6b202df06fd1d811fb8ee3280132d53.exe	28
PID 2236 wrote to memory of 1460	2236	a6b202df06fd1d811fb8ee3280132d53.exe	28
PID 2236 wrote to memory of 1460	2236	a6b202df06fd1d811fb8ee3280132d53.exe	28
PID 2236 wrote to memory of 2440	2236	a6b202df06fd1d811fb8ee3280132d53.exe	29
PID 2236 wrote to memory of 2440	2236	a6b202df06fd1d811fb8ee3280132d53.exe	29
PID 2236 wrote to memory of 2440	2236	a6b202df06fd1d811fb8ee3280132d53.exe	29
PID 2236 wrote to memory of 2440	2236	a6b202df06fd1d811fb8ee3280132d53.exe	29
PID 2236 wrote to memory of 2440	2236	a6b202df06fd1d811fb8ee3280132d53.exe	29
PID 2236 wrote to memory of 2440	2236	a6b202df06fd1d811fb8ee3280132d53.exe	29
PID 2236 wrote to memory of 2440	2236	a6b202df06fd1d811fb8ee3280132d53.exe	29
PID 2440 wrote to memory of 1644	2440	setup.exe	30
PID 2440 wrote to memory of 1644	2440	setup.exe	30
PID 2440 wrote to memory of 1644	2440	setup.exe	30
PID 2440 wrote to memory of 1644	2440	setup.exe	30
PID 2440 wrote to memory of 1644	2440	setup.exe	30
PID 2440 wrote to memory of 1644	2440	setup.exe	30
PID 2440 wrote to memory of 1644	2440	setup.exe	30
PID 2440 wrote to memory of 1780	2440	setup.exe	31
PID 2440 wrote to memory of 1780	2440	setup.exe	31
PID 2440 wrote to memory of 1780	2440	setup.exe	31
PID 2440 wrote to memory of 1780	2440	setup.exe	31
PID 2440 wrote to memory of 1780	2440	setup.exe	31
PID 2440 wrote to memory of 1780	2440	setup.exe	31
PID 2440 wrote to memory of 1780	2440	setup.exe	31
PID 2440 wrote to memory of 2256	2440	setup.exe	32
PID 2440 wrote to memory of 2256	2440	setup.exe	32
PID 2440 wrote to memory of 2256	2440	setup.exe	32
PID 2440 wrote to memory of 2256	2440	setup.exe	32
PID 2440 wrote to memory of 2256	2440	setup.exe	32
PID 2440 wrote to memory of 2256	2440	setup.exe	32
PID 2440 wrote to memory of 2256	2440	setup.exe	32
PID 2256 wrote to memory of 3040	2256	eac_framework_install.exe	33
PID 2256 wrote to memory of 3040	2256	eac_framework_install.exe	33
PID 2256 wrote to memory of 3040	2256	eac_framework_install.exe	33
PID 2256 wrote to memory of 3040	2256	eac_framework_install.exe	33
PID 2256 wrote to memory of 2208	2256	eac_framework_install.exe	34
PID 2256 wrote to memory of 2208	2256	eac_framework_install.exe	34
PID 2256 wrote to memory of 2208	2256	eac_framework_install.exe	34
PID 2256 wrote to memory of 2208	2256	eac_framework_install.exe	34
PID 2256 wrote to memory of 2208	2256	eac_framework_install.exe	34
PID 2256 wrote to memory of 2208	2256	eac_framework_install.exe	34
PID 2256 wrote to memory of 2208	2256	eac_framework_install.exe	34
PID 2208 wrote to memory of 1208	2208	setup.exe	35
PID 2208 wrote to memory of 1208	2208	setup.exe	35
PID 2208 wrote to memory of 1208	2208	setup.exe	35
PID 2208 wrote to memory of 1208	2208	setup.exe	35
PID 2208 wrote to memory of 2860	2208	setup.exe	36
PID 2208 wrote to memory of 2860	2208	setup.exe	36
PID 2208 wrote to memory of 2860	2208	setup.exe	36
PID 2208 wrote to memory of 2860	2208	setup.exe	36
PID 2440 wrote to memory of 2760	2440	setup.exe	37
PID 2440 wrote to memory of 2760	2440	setup.exe	37
PID 2440 wrote to memory of 2760	2440	setup.exe	37
PID 2440 wrote to memory of 2760	2440	setup.exe	37
PID 2440 wrote to memory of 2760	2440	setup.exe	37
PID 2440 wrote to memory of 2760	2440	setup.exe	37
PID 2440 wrote to memory of 2760	2440	setup.exe	37
PID 2760 wrote to memory of 2672	2760	eaccel_updater.exe	38
PID 2760 wrote to memory of 2672	2760	eaccel_updater.exe	38
PID 2760 wrote to memory of 2672	2760	eaccel_updater.exe	38
PID 2760 wrote to memory of 2672	2760	eaccel_updater.exe	38
PID 2760 wrote to memory of 2672	2760	eaccel_updater.exe	38
PID 2760 wrote to memory of 2672	2760	eaccel_updater.exe	38

C:\Users\Admin\AppData\Local\Temp\a6b202df06fd1d811fb8ee3280132d53.exe
"C:\Users\Admin\AppData\Local\Temp\a6b202df06fd1d811fb8ee3280132d53.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2236
- C:\Users\Admin\AppData\Local\Temp\EAC4064425120_00000000\syscheck.exe
  C:\Users\Admin\AppData\Local\Temp\EAC4064425120_00000000\syscheck.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Users\Admin\AppData\Local\Temp\EAC4064425120_00000000\setup.exe
  C:\Users\Admin\AppData\Local\Temp\EAC4064425120_00000000\setup.exe /Cmd C:\Users\Admin\AppData\Local\Temp\A6B202~1.EXE "C:\Users\Admin\AppData\Local\Temp\a6b202df06fd1d811fb8ee3280132d53.exe"
  2⤵
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:2440
- - C:\Users\Admin\AppData\Local\Temp\EAC406~1\eaccelsetup.exe
    C:\Users\Admin\AppData\Local\Temp\EAC406~1\eaccelsetup.exe /close
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:1644
- - C:\Users\Admin\AppData\Local\Temp\EAC406~1\eaccelsetup.exe
    C:\Users\Admin\AppData\Local\Temp\EAC406~1\eaccelsetup.exe /cert
    3⤵
    - Executes dropped EXE
    - Modifies system certificate store
    PID:1780
- - C:\PROGRA~2\StopSign\INSTAL~1\eac_framework_install.exe
    C:\PROGRA~2\StopSign\INSTAL~1\eac_framework_install.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2256
  - - C:\Users\Admin\AppData\Local\Temp\EAC4078467120_00000000\syscheck.exe
      C:\Users\Admin\AppData\Local\Temp\EAC4078467120_00000000\syscheck.exe
      4⤵
      Executes dropped EXE
      PID:3040
  - - C:\Users\Admin\AppData\Local\Temp\EAC4078467120_00000000\setup.exe
      C:\Users\Admin\AppData\Local\Temp\EAC4078467120_00000000\setup.exe /Cmd C:\PROGRA~2\StopSign\INSTAL~1\EAC_FR~1.EXE C:\PROGRA~2\StopSign\INSTAL~1\eac_framework_install.exe
      4⤵
      Sets DLL path for service in the registry
      Drops file in Program Files directory
      Executes dropped EXE
      Loads dropped DLL
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:2208
    - - C:\Users\Admin\AppData\Local\Temp\EAC407~1\eac_productsvc.exe
        
        C:\Users\Admin\AppData\Local\Temp\EAC407~1\eac_productsvc.exe /WaitForAutoStartSvcs
        5⤵
        Executes dropped EXE
        
        PID:1208
    - - C:\PROGRA~2\EACCEL~1\FRAMEW~1\eac_svc.exe
        
        C:\PROGRA~2\EACCEL~1\FRAMEW~1\eac_svc.exe /restore
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies system certificate store
        
        PID:2860
- - C:\PROGRA~2\StopSign\INSTAL~1\eaccel_updater.exe
    C:\PROGRA~2\StopSign\INSTAL~1\eaccel_updater.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2760
  - - C:\Users\Admin\AppData\Local\Temp\EAC4085643120_00000000\setup.exe
      C:\Users\Admin\AppData\Local\Temp\EAC4085643120_00000000\setup.exe /Cmd C:\PROGRA~2\StopSign\INSTAL~1\EACCEL~1.EXE C:\PROGRA~2\StopSign\INSTAL~1\eaccel_updater.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Modifies registry class
      PID:2672
    - - C:\Program Files (x86)\Common Files\eAcceleration\eacsvc.exe
        
        "C:\Program Files (x86)\Common Files\eAcceleration\eacsvc.exe" /install
        5⤵
        Executes dropped EXE
        
        PID:864
- - C:\PROGRA~2\StopSign\INSTAL~1\eaccelsetup.exe
    C:\PROGRA~2\StopSign\INSTAL~1\eaccelsetup.exe /regserver install
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies registry class
    PID:2896
  - - C:\PROGRA~2\EACCEL~1\FRAMEW~1\eac_productsvc.exe
      C:\PROGRA~2\EACCEL~1\FRAMEW~1\eac_productsvc.exe /Service
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Modifies registry class
      PID:2796
- - C:\PROGRA~2\StopSign\INSTAL~1\eaccelsetup.exe
    C:\PROGRA~2\StopSign\INSTAL~1\eaccelsetup.exe /checkifupdate C:\Users\Admin\AppData\Local\Temp\EAC4064425120_00000000\setup.exe /Cmd C:\Users\Admin\AppData\Local\Temp\A6B202~1.EXE "C:\Users\Admin\AppData\Local\Temp\a6b202df06fd1d811fb8ee3280132d53.exe"
    3⤵
    - Executes dropped EXE
    PID:1464
- - C:\PROGRA~2\StopSign\INSTAL~1\eaccelsetup.exe
    C:\PROGRA~2\StopSign\INSTAL~1\eaccelsetup.exe /firstrun C:\Users\Admin\AppData\Local\Temp\EAC4064425120_00000000\setup.exe /Cmd C:\Users\Admin\AppData\Local\Temp\A6B202~1.EXE "C:\Users\Admin\AppData\Local\Temp\a6b202df06fd1d811fb8ee3280132d53.exe"
    3⤵
    - Drops file in Program Files directory
    - Executes dropped EXE
    - Modifies Internet Explorer settings
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:1908

C:\Program Files (x86)\Common Files\eAcceleration\eacsvc.exe
"C:\Program Files (x86)\Common Files\eAcceleration\eacsvc.exe"
1⤵
- Executes dropped EXE
PID:2808

C:\PROGRA~2\EACCEL~1\FRAMEW~1\eac_productsvc.exe
"C:\PROGRA~2\EACCEL~1\FRAMEW~1\eac_productsvc.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies data under HKEY_USERS
PID:1048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~2\EACCEL~1\FRAMEW~1\eac_framework.dll

Filesize
282KB

MD5
b5ee2223f7cfd072bc3960a4d24444eb

SHA1
56d54a3ec8f8ca1867457fafef4f917e57201d07

SHA256
452cc692c3b51c416106b93d0dddd0be23f731d8dfc2443206e03dfb07ee0a9f

SHA512
bd290ba0e094ed2d02bd16941fddee83d5318c730f43b05fe51d97457f02bc84baf0c99006c1712a201457cc4bd93f684f79d62d53b001459ff52c35a07e4e5b

Download Submit
C:\PROGRA~2\EACCEL~1\FRAMEW~1\eac_notifysvc.dll

Filesize
230KB

MD5
e7d0e43232a4fd356de5c96a7cb417f6

SHA1
67c8ab79351241907614293e9bfbc70b8dc9cc50

SHA256
e7c0e39d5f243d0426b91da158924191203bfec3e33a89e9f5a465bb553b5636

SHA512
9e2539d968dcfbf04f1eb4ab1ca673900b1fd7b0fb4c9de512bf5ce24cfd676c8e9cdb21e9df1142b4581f74f8dea75aac6ce1681ae7645191ceaf83a03b631b

Download Submit
C:\PROGRA~2\EACCEL~1\FRAMEW~1\eac_product.dll

Filesize
82KB

MD5
dda8fae2085b98b1123f7b364e710291

SHA1
7953285e13c75a64f5f7f7056d35be21563d1545

SHA256
5ad99e4bc0a774b3443bc0677fd8b25b0ef4c3179838e2aabd89397741798886

SHA512
878cc7e7b5aad8fb8c4e860e81c5a6c23668710929c23cda1f71dc3d82849d9cd57918bb520abbb7889f7d18d898ccbdefc52c1b6b3a6590b078eeb7c0d600c7

Download Submit
C:\PROGRA~2\EACCEL~1\FRAMEW~1\eac_productsvcPS.dll

Filesize
82KB

MD5
9c9b3a4e8bb031300442bfc4a67d62ea

SHA1
4adde9a0ca63eb54e70249dcb7623b2698fe2201

SHA256
b27933fca167a6f487c843157084f3902d5d53aa564606f595354ed8d3a5f1ee

SHA512
5ddec0c76c3adbdc9924bb845e114968d0639d4e31147fc18f052c09a5645d8f42e932af4ce68a4b463d462a6ce25a91e944c013bf41bca7028c75edbb1c26c0

Download Submit
C:\PROGRA~2\EACCEL~1\FRAMEW~1\eac_svc.exe

Filesize
113KB

MD5
7bd08161c6d1241fe20ed27367ecc330

SHA1
3e0f477893187377a5514b08e9fa1f66ce0a58fb

SHA256
11529433e222ad76727839e3678be89d25d6051aa9dd677bcc0c265d80a5b860

SHA512
3d8818402b26de4009e9d7a18eac1d2e41d05f242bc7b5531eabb2574ee2b2cd2f645a99573b4c296da8455a07e3d0eced02222809944e1373b418bdb15986e9

Download Submit
C:\PROGRA~2\EACCEL~1\FRAMEW~1\eac_toast.dll

Filesize
210KB

MD5
879b597a97a6ac29d6fc621e0adb7e4d

SHA1
9776604d8bdec783eec641dbfd2409c177d53179

SHA256
e2cfb975b251d439ce25b30ba5ffc6a9d6ef3f6f91334a30de884d30d49c2ecb

SHA512
8a7f11b0c093e94da830aa9785b774f6483ffe96306ad26fb0f09c0b3d1ff4e8d1b72bff3535c0d933f60dfaf6dee15ae6aa335f142d2c6af59fcab90b1b50e7

Download Submit
C:\PROGRA~2\StopSign\INSTAL~1\resources\images\stops_dlg_header_tm.gif

Filesize
287B

MD5
79f50b80e482c459f6bebc56d4bc68c5

SHA1
1d54f2bbd05e24284a1262a7fa9d3f088db1dffa

SHA256
1d2210dadff8f28e9b93e127459c0e05c246bca2bd520a93277f0a77ef6726f2

SHA512
8b8b4da2ac7037b337b930227e2b66837088543222de4b2b93be20d517e7d95d4624788a164e2a387140b2a7599a697b55e856b70149d23ebb5af2d29648036d

Download Submit
C:\PROGRA~2\StopSign\INSTAL~1\resources\images\stops_header_tm.gif

Filesize
531B

MD5
a4454dd4940b26bccfdd7fbda2b84741

SHA1
f53ef8e91a776cd5d540439e3d505c0606adf548

SHA256
607ecfb3755612b0b754d00ccab085c39d929eb05bd1fa09a26faa580e22ab7e

SHA512
2afa52c6cb5cedd2baa9d5c93131e35ee1f7b25d820c86bea2232c94b2de4b931f81f149b93b7d16c696d35db6c0e9fa509cb5437bc305efa66a4fc98f89fb3d

Download Submit
C:\Program Files (x86)\Common Files\eAcceleration\eacsvc.exe

Filesize
137KB

MD5
35a5359b866c76e17ac516275dc99ab3

SHA1
e716f87b305892504e7267f76ecc286d6c1a3044

SHA256
1cd7e520cbb825022cf616928b2538d7fbb6f1520365fac58d60b6abcd6f236b

SHA512
66ac145ba4d89ac032cf568652511a45692d4591f3e4a59543e5a88c296fa9babb21cbc5eb1a6477747b4f0cfe656226052440db99cebb8fcaae9997bfdba4d2

Download Submit
C:\Program Files (x86)\Common Files\eAcceleration\eanthmngr.dll

Filesize
537KB

MD5
fe75371b53d4f651f05a0903e86d2dfc

SHA1
faa9e05561d410ad631a2bb354a5502c77b7aa75

SHA256
42c21c09ccce862229200391156702b95d2516df1176a55b0fe91f8df7039951

SHA512
ca5f7dbdb01cf244faf47b5fa3b8d445929e5aeabeca79101c6b5b12632950a21cde0cec5f2d095f7a49d556c0c6c72efc116c73c15d47af7e43d82bf55e056c

Download Submit
C:\ProgramData\eAcceleration\resources\help\index.chm

Filesize
246KB

MD5
327a1a2a7282f08cba9ff402f3f3331c

SHA1
0d2f73ddd4770f429b2650c3cfb75afe5641df84

SHA256
a3af8b2df0f58a4e5ee4d2c60f1ab1829bfc23b3f11975a1fb9df44a0bc72357

SHA512
005dcf811b0089ca2cd78155d24058ccc14d7d8e123b9cf066b042b341459c36a4e68eeba58e2b7bc62957a58cf34059a7715defc53f18284e97ace5a0e41f27

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab22BF.tmp

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\EAC4064425120_00000000\dlinst.dll

Filesize
420KB

MD5
3d0b71f258e8dffd8e68e0129bed176b

SHA1
f7b0e40ed8fb46b14c36cd6ccd641441360a6da4

SHA256
84476fe62f3fc5d90cd71ddd6e523bdf173a1bf0242190421193e76cf778d68c

SHA512
c49a03581a06c40b9189f326e894616179c921f83e2931cad7f6340a3be01b8e946dd93aa03e971cd71d5ec00fcd52f89e29b25c7602457aeb03b284defbe8b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\EAC4064425120_00000000\eac_framework_install.exe

Filesize
1013KB

MD5
ae12ddeab086a2996f6e4ec56509a525

SHA1
6d348602d0a8d94fdd51fdc740a6f65c4e63e816

SHA256
4af55e98393c8109983071d38c098281773de513ddb09d46fd33bc4af56cc391

SHA512
12d7e26d3313745e9bbb7235a7dec71ac8d7bb81d191b2c302822255ea1410c48e2a4c97d41d74a04177728023c7f44dba4eb6bb052f8c6cba8dfa9b9c6d1a2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\EAC4064425120_00000000\eaccel_updater.exe

Filesize
547KB

MD5
1b243c8fd645e11a9100d3d0517f8424

SHA1
dfa24afb2c2501ed43db6769d3cd944f640a3ddf

SHA256
b93e402c5652d130c52fa8698315209a3ae2758e5454dede5258dd5533bf269e

SHA512
b6311dad7d72db671b701c74d072ecd731a0d8c1442d7ce03bd0d21375d3f8e9e54d62472954e912fb3b393f3fdd80733d759bcfc836786116c03b7b7fd24daa

Download Submit
C:\Users\Admin\AppData\Local\Temp\EAC4064425120_00000000\eaccelsetup.dll

Filesize
185KB

MD5
8867833366aefa40e08e52d53423a567

SHA1
719902f9516283bc6b8f172f0cd7d65c831d6e3d

SHA256
de10bd5c4f7691f41916a1a6134204306735d5adfd14daff415c62625ecde58e

SHA512
c111fbbd2d83cdc7ab271609f10fa13768614685713fa9a1fac6f355202be4ca345a82fd1b12cba51e8fff03eea7761f8ed24571f41d4f72b2b259011e98206d

Download Submit
C:\Users\Admin\AppData\Local\Temp\EAC4064425120_00000000\eaccelsetup.exe

Filesize
695KB

MD5
415776b23057880db52428fe0b22ecc9

SHA1
96d784dd4aac8b8d5503db8cc4f3b07c327b800a

SHA256
537fbb4b3ecfc03b092f4914ecbed63d2a2ab3c6699cd5fe228db4145c793d9a

SHA512
8c7f2daf790eb21f50962fe66b41e5d5f8b224bb15a22bd502c4d7af9ae4c97f985f23cff8bbb16c2bff31d85809d085387c265f148563789e436fda87436a99

Download Submit
C:\Users\Admin\AppData\Local\Temp\EAC4064425120_00000000\filecheck.dat

Filesize
620B

MD5
3d3fff3e782751153f6619b7dfe4f912

SHA1
5e37169efd64dc2bdcdbb9e13418af7b9fca0cfc

SHA256
26a55308a4b13134c7a67d2b55766c4ebd9dd8952c729bd091071887e4ccb9a5

SHA512
04ad5bd41bf9e3452bb25687fb31ec527d1f607c77ebf61038ee7e63f381dd54bdefc0e43e8b8cba27a4a2be74f8991a4052e679bf412090a159021affd0cfc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\EAC4064425120_00000000\firstprods.ini

Filesize
3KB

MD5
676cda246e1d0c8f546f5c6218125445

SHA1
4fff977705f861b64fe78ffae7749c35e766d609

SHA256
acf497b875ab089fc3682b9199d5df2fb688cf044387350f5e1d6ac6557f957e

SHA512
0cb21dd8b3b0e4471b4b0183650c4251653dea7d9db2f57d1eec9dd1addd9ce2625a2abe1b623187cfae0c5a2ce3adeb10d8b042891b3e661447a168a1860405

Download Submit
C:\Users\Admin\AppData\Local\Temp\EAC4064425120_00000000\setup.exe

Filesize
179KB

MD5
ffa1959fd12b2990995729e2c0bba327

SHA1
235c51018a2e5a14de3e51eeebcee3e5b50175f0

SHA256
e9aca401766508dd9f40054aa13bbdcaddaef558a86cde19963ceecd7ccb09e7

SHA512
ecc579b2e362b25631efe839214970b5d307e085e3049585e75818f1c03ada165ab61291babd7137dfbbb50b74a0bbe8215ce070af51165fe230414ec9ed636f

Download Submit
C:\Users\Admin\AppData\Local\Temp\EAC4064425120_00000000\setup.ini

Filesize
3KB

MD5
4ab5ef8997a02d18b16539d86f9df184

SHA1
90a906dcfece408ff5bbe87ee032ecf30b6d4847

SHA256
9f0e3f6cbbcd7a0cd6f43f88fe97bc4b9735a2961445756f0ed566e6d50f2291

SHA512
1a06e693a3d23caeed0958821932bfd0c7ea18514b0a5284f84272b207d006823dff925e57725247ce18b0c2ba9a2ba99b5a5c5a742d3cd31a3fa3368a6e0001

Download Submit
C:\Users\Admin\AppData\Local\Temp\EAC4064425120_00000000\stopsact.dll

Filesize
209KB

MD5
64286a35905324af987f64ff54525eda

SHA1
6b00bfe602b452d62a4eb098f7d48047cb4f4d46

SHA256
b66ef60459fabf95fc88c7f2ede675fffe5fb2945bbf0ad5b205514db41646b9

SHA512
00eef7bcf417615b97da370e4e6003a042e8a97ba18794035b98602d753cdf98c76dca8cbb816a8e6ceccf0ebc26125925f903a4de07c06c2cb922e2fa9371f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\EAC406~1\eaccel_setup_update.exe.chk

Filesize
43KB

MD5
f6fe7860b12baf343e578c75b5fd2aad

SHA1
851e91f0c7aef0068dd19e0c6e6c64b421be08ac

SHA256
716bd51fae17a7185966e74934a020cd28fc7402e076f598d0697517febf7307

SHA512
aeaf2ce47f51f48a7b2222418dccd552e265885d7714e8c4cb9f8d910af4979fb9f51d9df5b3374ff7f78c3c4d64242e51ffbef82facd54bee9844693fc8efc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\EAC406~1\resources\html\eula.htm

Filesize
27KB

MD5
375f70f9f32c69a53e9ede9839653528

SHA1
499a542ff0deb51b9f5073ab3d7fc420e8c8b991

SHA256
58081aaecfdd9a948f925e7186925acfc97a8409c68a6ec3bab175cd252287b1

SHA512
cc3356fdfd9cb9c74e76edf03d81ed1878f739335e82c726cfe2b2f433497b2a1ccf806d38baf393f3fe002d3f14e3f887ce2738264e04947fedfa05db533708

Download Submit
C:\Users\Admin\AppData\Local\Temp\EAC406~1\resources\html\install_ty.htm

Filesize
1022B

MD5
bd8e8d6c00e92e0a3b7e6c1450ac8f14

SHA1
bcc1c7ea5318f671f0ce5075f28fab5f1b58abdd

SHA256
4713f989b50653a2070a37a0949fd346fc8f167a4ee620ad5cb65db092f08b45

SHA512
949bae2c6b9fd503a863001936f72a38dd966568c8bedc893e1cdd6e041e7c9134fe68ceb75daf866b31a9e88489e7bee8794f0ca5bbb5a6c0794d480cd97558

Download Submit
C:\Users\Admin\AppData\Local\Temp\EAC406~1\resources\html\install_ty_alt.htm

Filesize
903B

MD5
f77268eb137c0115cfb5702d80729ed9

SHA1
13ec0d5a4b906d1e0702dd74296b650b2d1a6320

SHA256
8643b7d8914d6b59c7ceead29618cc0902b435891bce6aae68840bcabf0d1ee8

SHA512
f173b86b4fc9572ff0bbc1784efe7ec629d1c58da4124c84821f71d2e82eb346702141498cbaeb5b923f060c8fc34fa337f8779685b0bb954106c13473dc71a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\EAC406~1\resources\html\install_ty_paid.htm

Filesize
3KB

MD5
09f8a1047534775675ae4703df76f5c0

SHA1
189e7e4befff7d223647e21f03614dcf336af70f

SHA256
5a9c90c0dc249be8c3f2a8c35911e37536acb245a86ea992d1a8db284277aac8

SHA512
731d15dabcf85e376147fd977c9386030674049ced2c5535472e0ed5b353453c840c27ef4c6300fddeaad470b4d269929de5280c312fead495c459b1a7af70d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\EAC406~1\resources\html\intro.htm

Filesize
1KB

MD5
0f25e7db1c17976d5c082a3dc8e74627

SHA1
1c1f0d2effcd06943f6e9f1f1ff32c5f6e3f487c

SHA256
e8991cdf0189e467a6c8202d2d61126dcc740394d97e9255407f00a313be7023

SHA512
e1e67b322fa4dae134f3399a48d6bc981688396097e277d0c70ce4ac26880be4b58c1f4491e1ebbee9c3eb0e4090128ec3bd05d7cbf2630073a497a1d2ed4cb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\EAC406~1\resources\icons\8pool.ico

Filesize
2KB

MD5
03e3f8fe19b25a18bbdec74dc1e24cc5

SHA1
b471d207af01d04d3c287d61deff64503a62af39

SHA256
174f94a4bc1eac0b6032f8ce81f03cda2247aa1c922e99bddadb48909e32c76f

SHA512
5b3f538fc72c45f5ee1f6210c097d6e651f91e0a194b0e2d3db0bb1d90f78f6734cdcc94690f5865d4d350677e81d9d8ed03be3e24a61f87cea8e400674d71bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\EAC406~1\resources\icons\9pool.ico

Filesize
2KB

MD5
cd33d937aa455a1c28b99b206a210b46

SHA1
4ea739df63668848f2b4d9ecdc76dfd955a6fa93

SHA256
25acfacd3d5c6f8d9bf77108e4d3334a93bd8fd7ea14a7dcb33fbb6c6459b91e

SHA512
2808f34da65a7d8c9ace7145cde4d6f40b23de80ceec106dd4cd6b7a1f15f3b135035ba2c2923a3ccedd9c07f1c849885aa6b849b59b897500acbcb80dad8cb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\EAC406~1\resources\icons\backgammon.ico

Filesize
2KB

MD5
70a767e08a35a268ef6da458565a7b37

SHA1
9d467960b7e46f3a2c3eac844a879d8a57089e15

SHA256
4a6a1d42b8d843b7bcebfb84d7bc63aa4157d7d35aaba2f37aeb44fb11aa033e

SHA512
0594b57ea790fbf42efccf9241216a5a03e749de3f1fb123bb64dc864715b4ca2ca287abe4f147b3a740f1ca524f0820b3574c3fa4cf2531728718a564ccc2a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\EAC406~1\resources\icons\blocks.ico

Filesize
3KB

MD5
87046e8cbef8da530a3d6a6aac651aa9

SHA1
8be300e9812a8027ffe6d52ce36df095be5d2e93

SHA256
1d02ef97ae4a111a6aa4a784e790bc6a78ea2694af37336f047b2a096b310942

SHA512
5604a813968be93560677e62bb8b752ef1893e3295814cc63d272f9bd00169c9e91ea6f3e0aee9ffbee579da840eba79dc1ad3a0ce68869d270c5fce1512044d

Download Submit
C:\Users\Admin\AppData\Local\Temp\EAC406~1\resources\icons\checkers.ico

Filesize
2KB

MD5
1aa4bfc8748ea90bd97fc836023f5e35

SHA1
86474c8e6146b5bf4f211647ed904227b3a039bf

SHA256
a4a6b16d96422906cd9805577938565ff310b05e8ace356de35f14815bd5bbec

SHA512
042a032738c48551aa0f5ff7582d97072a1d6b2ad3625ed3d62b8e8f0553fadfdc9dc2537fe8c385155acbc8b567571082e0bb194974e12dd58f2eb6e4f4b84a

Download Submit
C:\Users\Admin\AppData\Local\Temp\EAC406~1\resources\icons\chess.ico

Filesize
2KB

MD5
c507310aabe2ace045ca7b13c7183001

SHA1
02a181791cf7881672a6cd874ecfe9f97deb8f9a

SHA256
5d7fcfcf45832064012a0afe11a787f2de8fe86cb7f397c1508f0535517cbb57

SHA512
f21c0701211437fd0fce2e67e0166515c9e9bdac2ecc7cd84345777471a719f71f5b7315a2f386eb6fc686316f053c4529d30846c3e6f85d44d1a5d6d70d7d38

Download Submit
C:\Users\Admin\AppData\Local\Temp\EAC406~1\resources\icons\compass.ico

Filesize
2KB

MD5
648080d7a3efc2f0a0b3c4f43bbda489

SHA1
efbdab2168de6b4424703dd57c3948b45c6be8f9

SHA256
bce37910de18febb8830a2133a9e3f81c1ebf3a074707260f6353414b250e9e0

SHA512
54130a4e4da4eb33417f4fdae620427fc0ee9e72ad80265bb402ac02ddfbae48995eff4433775057a692e8b66180077203d015bd9dd00d5e8925f73621c353f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\EAC406~1\resources\icons\dldguard.ico

Filesize
894B

MD5
6f48d6f45df6d62eb27002dff3938aa8

SHA1
dc7bb5af174818c0430c91bc0c24f28f9f404f5d

SHA256
f29b851a7c488310e1efd9fc34ed84ad3960eb34cc9be6a35286c3828d610b74

SHA512
d36f63c513cea30b30289bc5cf1b8d4e06a51d9072e952aa6662b15300a4e78c44ed747c43834d6ef498e45b6b66c36d1faeb213c9f33fcd5e7237f3f6507f25

Download Submit
C:\Users\Admin\AppData\Local\Temp\EAC406~1\resources\icons\dominoes.ico

Filesize
2KB

MD5
c22eb94c2d2ebd359bb8a87e67d1c66f

SHA1
381b9d06e598a8c12ac5a9847026ac3180e4ec99

SHA256
64597087b793852d54b6f4d0da84ebfbba17e53022ebfa6f02d9b09e009ded01

SHA512
553f19b321190e33fede21b32ca1289ff6c51ad4db2809a43ec098f238901d2b1d1f6d6d6525fbfbd33560312d1da18174e7793eb87f20da896cd8b64bf4f525

Download Submit
C:\Users\Admin\AppData\Local\Temp\EAC406~1\resources\icons\duck.ico

Filesize
3KB

MD5
a514849aab4e39fc0be78a39fabf0f6e

SHA1
8593db8d288d9dea90de94c830f984575727d9ec

SHA256
cd8aea5ecdeb8b7e8dea1832c0dc95b7afed6c257e81047ca840a3742200fb77

SHA512
369f8ced3be3d78af00d7d7f293d78a38d5cb357e0677054775725ca58080ccce147df39756c7e932e841ea48a2e42341a6956b548f2c964a9150b0cfa173adc

Download Submit
C:\Users\Admin\AppData\Local\Temp\EAC406~1\resources\icons\dvcr.ico

Filesize
3KB

MD5
cc0a5bc4a6525afb75a27823ad9cf0c0

SHA1
c70ffa1f9a14bf9a6e44aa16ac11e2b567ab3486

SHA256
c14724ca9731096abe75fba5b641eda0347246bb6a8bafaa038c7c11b2549c9b

SHA512
e5c56dfa8cdc101327e23efd09104363c8836da39c75a8b6daef9bf3dda8d2655acc7094c2d59d1f709e5a8f4e8ee6461f88a0d1337b55b09824ef39d8b0040b

Download Submit
C:\Users\Admin\AppData\Local\Temp\EAC406~1\resources\icons\emailsensor.ico

Filesize
894B

MD5
3fe861f242749d0f7f858f1697ea366a

SHA1
6bdf723b215d08e5bc35e4803b6e4d92ddfbb256

SHA256
c570f6160fab37de7bc3b11c96d54f4eb07d9f4c684f75ac00db6b06320aa788

SHA512
4f29daa57cf64e1e952ebc27cc812de9983a098148e991d1b3cf1e7e304ad6c882bb2b0df9d649a6330d65a0745b2b4a81c0d7937c4305a7272b2bfd9dbb9f49

Download Submit
C:\Users\Admin\AppData\Local\Temp\EAC406~1\resources\icons\firewall.ico

Filesize
8KB

MD5
eb75a82b26f0b72708b2887a5ffebb5a

SHA1
5169f3655733c3cd3f29aa0001a08628f64a8f50

SHA256
0bbc26956b1e9087d0759a51a3bd9a6aec4391173ca88316da1a3a2aeb1ed1b0

SHA512
1b54e995d9f29c9c789903e5b8c6dcd816fc9503c011f435a661dac2eed0d3b23a1861c75af54f805be130946aa619343c89413d8dfab446b4c04679db84feb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\EAC406~1\resources\icons\freecell.ico

Filesize
2KB

MD5
007664b6a349c081227b6e9a909e90ec

SHA1
00d8a12cb876ad066a330888791e87b8a5c322b9

SHA256
c9e640f6190c862a2840fc0ab68b671790b6d6e9cdeaac31bed745227225b327

SHA512
07c5fe0d96a3b2342395477ce27d0d74128f395094b45f6b62c14705513d3e4cc6b444382862aeb9c9638e1a90223a7e74644fca9323c5af598a0ec1ee6126d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\EAC406~1\resources\icons\geoball_icon2.ico

Filesize
2KB

MD5
5f4f7f42ae9a265649127af3f345965b

SHA1
c033241aea13c0c19f653971124d77c3f9f4738f

SHA256
9bc196b44be8a2b7e215d6ac6c210d6bace4dcd45ba91e260cda555d5f57233b

SHA512
1dcb2884148349eb734737f1178c2cbbb9197bb344f80a567ebb8c0ccd6f5d91ab077b3854a54a574a3033eff683b204cd63593ff736a9d89dcdc2dc8181260f

Download Submit
C:\Users\Admin\AppData\Local\Temp\EAC406~1\resources\icons\klondike.ico

Filesize
2KB

MD5
f3148235ec38349a43dc4ba643984c77

SHA1
ac62bdb4d297fd049af0339db9b51606be5c51ff

SHA256
42b4c8c50a5c451e08f115730a72d383700427db4cac3860f2ca1c98f4f7e23f

SHA512
91f69b20bf830a43d8cb2fee7605f59e096a984ec8535fc6999768299c40e0c9f36d60612e441f705c53ef4544b5bba6b3498cf5a0ef4a034e52b964cfd1f746

Download Submit
C:\Users\Admin\AppData\Local\Temp\EAC406~1\resources\icons\konx00.ico

Filesize
2KB

MD5
1a7432db8e7bc8ebc0b66e95abd2f3b4

SHA1
c7f3dbc93d7ef0eb8f298aa07b1caea9e27e38f7

SHA256
14405dcc603a6f89dea038a47ade9bf29fa8075292b84a23a6e8c7b4768dcba4

SHA512
e314b27e2cf47aa4f88866b0e6e17bf505ebc17e2f1c19ab61ef7c503d205690287efd47c6124b64debd661d7effcfb8700213dac889cd6edd6eae6cd81a253c

Download Submit
C:\Users\Admin\AppData\Local\Temp\EAC406~1\resources\icons\konx_mail00.ico

Filesize
894B

MD5
91d0a449d28b1b76ed8737d146d62a08

SHA1
5f2e50d500c659929c5060baa0651c9ad75abb00

SHA256
0cb9ef34eb52196a5366590df5fbe3c0f44e10e9b6d7d7e6559598ed087b2d69

SHA512
dd78ec7a813a019357864b9ea4f4e412841d09d3039486eecbc08260c38a9ed8cd81cdd4786e646ba21f669e52386a249212d0a4a7eb0f3ce37a62bc14d827a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\EAC406~1\resources\icons\lites.ico

Filesize
3KB

MD5
ca8805ff99b8422786eb4bc298e18db3

SHA1
6fd3b342b18cd6a48f07353a18452237e1b5573c

SHA256
85fd0547b25fbb182598451ca064c0d9005056f7fa6c80709274a1ee08c368a3

SHA512
a725536a805d04078b5897a3e1d76bd50c91312a9715b83330abb99cc62d55b80da12d273480793705f752567e55d9b18ec93c352868bf956464d201642cbd7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\EAC406~1\resources\icons\low.ico

Filesize
1KB

MD5
29b0ee6c6a5d89bab7947b82c265b17d

SHA1
afd291c9197f036ee4aa0dd8f06aa758acac8b98

SHA256
f92f5d8dc916b68d2dbb47a000bbfab2a196f2363699b1d042f805781901e462

SHA512
c1693d0ffb619ac23c2366c0108e25692c59c0db49d64867d4652ffa974cfd3710e076a52f9808c9a9a7816e3637fb2e609cfba05417e54738c1b3a328067042

Download Submit
C:\Users\Admin\AppData\Local\Temp\EAC406~1\resources\icons\mahjongg.ico

Filesize
3KB

MD5
9ff339ad6d237fdd5812dbd34cac2144

SHA1
5631361d6e1d0763516b1c776a7e11857a80bcac

SHA256
e0d7df18710d5c7bdd3460a2467f7d2b80adc08cb81c57d4f7bb626125fe7ad9

SHA512
5cc0c93f928429f8fe1133313f9d741e91b86da944117426664ead0e9554575d418009dbeb15641c8dfbe7059eb5871091e6b63ba3e511681aebd8730fd530bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\EAC406~1\resources\icons\match.ico

Filesize
2KB

MD5
e6e5824b8c3a39fb3e11114fbf0b94a4

SHA1
d58eae1725aba1aea83cf3a55a786576cb44a5ac

SHA256
c9afba9ead96d29a98c596f51a192f7228184a1eb01786c3e7942f212bfd9228

SHA512
47fe58986c3bf8f5bce08d222a921b8923be69903cca438aeb47cc9cfedade3bbb9e2cd377cd1ba4dd1bd530d0090c6e5ef36202745009783f77650cc612d439

Download Submit
C:\Users\Admin\AppData\Local\Temp\EAC406~1\resources\icons\megdat.ico

Filesize
1KB

MD5
8d885db380cf7329afb5d29d5f3e5092

SHA1
a0fa75cd21253ee680fdb665b270053bc3df9a0e

SHA256
917c3cbd099bbb527c50d931e94c4e712438eca1119c75270154e3ed0a0b06bf

SHA512
2bd4c1717c49bc5e5b9ac7772fd226ca2ebce5fe5b515fbd31031d48ad4a63b18027d49217b44164c092011f126a22304e863d1e513f0ed7310aeb05a4fda6be

Download Submit
C:\Users\Admin\AppData\Local\Temp\EAC406~1\resources\icons\oodlz.ico

Filesize
2KB

MD5
a895f4d66bee157cd943a0f916357137

SHA1
f8a8f68299beeaa98d802c1d6cf81ef43c73cb44

SHA256
72b1884d092c78574fe6c8bd74740b5709cef894ecead6c30d523e200059e5e0

SHA512
11973d6e270817a33b417bdbac0c3febaa9883e35f2b74e1a6cd525d42b20c2f510625a8beaa72808682772d95ac934878d6862cd35a57f7912790bb63c02ddb

Download Submit
C:\Users\Admin\AppData\Local\Temp\EAC406~1\resources\icons\popupdet.ico

Filesize
1KB

MD5
9038255896563bb4c7fed29af75d0b3f

SHA1
42fedffce8f887ed51f4395a5c549ddc79051cc6

SHA256
8b9ed8ca252c751f140010c8d3c6eb4fc1ff2545da7a3db3c9aaeba76ad76f2b

SHA512
f353123bd6e1d773549f84a53eb6d3abf54c85cec22cf66d8ee4b71824699a3893954e91d4785faedd917194ea06b13e7cee98a307945c6fd1509c1db0704267

Download Submit
C:\Users\Admin\AppData\Local\Temp\EAC406~1\resources\icons\revenge.ico

Filesize
766B

MD5
8f2139f80f2dcb2da2733458041fbbca

SHA1
6750e719996efe033cc2192ad0c92bdeb83909d0

SHA256
d1c26900eb870f54e7d368cee05bbc429accf5cd5137aaea98be7f7f5792b472

SHA512
25ea83e21d0006862af84ff9b9e6f944bce354bf9a1de6bd9341866d42370e922f30fb1b004455ab8b8c660cf92128aaf810174fcea025f4a31cd3409aff8da2

Download Submit
C:\Users\Admin\AppData\Local\Temp\EAC406~1\resources\icons\reversi.ico

Filesize
2KB

MD5
b4d628e36bf5baefd9b6e5012ed57426

SHA1
7aa89714ce472ccdb8c8b384ada4d07b19e9a78d

SHA256
fa976a8dd938027f0dbd9c7c83b2fb6ca4b384ce2ea2f1c033a9531bde73a814

SHA512
555f5203fc7f4e779055b9050c501138e7c80bf2f0db086d0def4413badb1725a80a3d7539e6fbcbb90c875fad844196097738b5ae81d73e7a92e16785b555e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\EAC406~1\resources\icons\space.ico

Filesize
2KB

MD5
55d86894327699ccc7187738b3bf5899

SHA1
df1ad23f66209e0d5d866e264f8b7efe4db38eef

SHA256
33075f546dda5aeba343de8cfe8bd362a636a34f69abad76dc89a4498109bec6

SHA512
4fe8808230c8b78eaa33c51b4f31f1e66578a4c78cc13e95ee7667d6d66cb4c086e269fe9341e906e5fa7ad55a37ccf25a444cd57f9a0e7aa1eedcf732b944a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\EAC406~1\resources\icons\stopsign.ico

Filesize
7KB

MD5
a865d3aae4e6069896825034daa5d9fc

SHA1
02c9b779af166df17a56a2bd1103d8c8c3077fdc

SHA256
401bf7bf515c6b710e1b52308e4965322650610b5853ce13e9f7472fc1f7138b

SHA512
0e83928bd019fd7bd9515ab0fd3141ab34bffad08530e8a95700fb667383105e78771787a26e1a3349edf0a498781bcabc28cf8107fcbff8bb506b5e89f385bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\EAC406~1\resources\icons\t4c00.ico

Filesize
2KB

MD5
9caa7d63d19a4a51ea3b92b8e5cb3558

SHA1
3668e584a6edad3916c15b3a2a25b0d444570e69

SHA256
ef1a9103d0e865ca9daf0f2a23a26a4eb7d11d874abf854d363600dd066acf45

SHA512
c025401d2a05ecc61357216f6a7a928d7a35d90bac2a4443c17b07da969a26cf7e8259050e38ec596e4f952f84f7e3b9f9a12759e1a80565381e6579f136be92

Download Submit
C:\Users\Admin\AppData\Local\Temp\EAC406~1\resources\icons\veloz00.ico

Filesize
2KB

MD5
e60ba80c5207a89729de1ee314bea0ab

SHA1
b9d707fe7cad313b0dba816a77c971b4211f9da5

SHA256
b3bbb89046acb7022973b75e3f95c4827118ab3cbf5339f8e2630149481b5319

SHA512
edfdb9d5acacf6c369bed8c10df67788fc7fd681228231f993a72581cb17238f5145295c082d670f8859f5830459bf15d4e82a53eddf5b1cced9b46348f9e5c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\EAC406~1\verisign_root.cer

Filesize
1KB

MD5
cb17e431673ee209fe455793f30afa1c

SHA1
4eb6d578499b1ccf5f581ead56be3d9b6744a5e5

SHA256
9acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df

SHA512
d4f8105472770a2de317b3cfed61ae5c5d3edea14135b2df60e261fe3ac166a33c8854044f1d1346e38c06929d7054c344eb2c74259e5dfbd26ba89af0b36a01

Download Submit
C:\Users\Admin\AppData\Local\Temp\EAC4085643120_00000000\stops_dlg_header_tl.gif

Filesize
3KB

MD5
2360f8cc23b6251a2d03dd666c9c1cae

SHA1
f4f4fa5f872e2743421cf6947f91a64c57291f67

SHA256
a57a52a28ec7847d6d26d9d93e9d2d506a5f4376d493d6eec51ee450a7ddee03

SHA512
26ba173454881c572f56944e36e81690be5bded1c8f48ac2ebc6317ea3dd69c44e16d0477c12b56177710de670c960c94f1288421284892f08eb9bdf2e64973e

Download Submit
\Users\Admin\AppData\Local\Temp\EAC4064425120_00000000\syscheck.exe

Filesize
148KB

MD5
e1ed5c4358e35c68259205bf88a59729

SHA1
f92a15beb2d17353e8452e0625e6f29483b1cb44

SHA256
7c005fb857bde91a21849f72e5042bb82fe79bf2075a4aace14ce90c44c6749b

SHA512
2f6161aa6e8f0784c02f625ba480ab1294ae7774027b0b93eaf97c53de75bc46426d9b4871c605abb948604144ab79136864c34b68ee65cd07547e748fc1cc92

Download Submit
\Users\Admin\AppData\Local\Temp\EAC406~1\sqlite3.dll

Filesize
508KB

MD5
0f66e8e2340569fb17e774dac2010e31

SHA1
406bb6854e7384ff77c0b847bf2f24f3315874a3

SHA256
de818c832308b82c2fabd5d3d4339c489e6f4e9d32bb8152c0dcd8359392695f

SHA512
39275df6e210836286e62a95ace7f66c7d2736a07b80f9b7e9bd2a716a6d074c79deae54e2d21505b74bac63df0328d6780a2129cdfda93aec1f75b523da9e05

Download Submit
memory/1048-474-0x0000000002740000-0x0000000002753000-memory.dmp

Filesize
76KB

Download
memory/1464-475-0x0000000000130000-0x0000000000143000-memory.dmp

Filesize
76KB

Download
memory/1908-476-0x0000000000180000-0x0000000000193000-memory.dmp

Filesize
76KB

Download
memory/2208-395-0x00000000005C0000-0x0000000000607000-memory.dmp

Filesize
284KB

Download