limerat | 9a541f72be5b468a4045c8dcefb9eb96ab1b1d864b51e3946b52544ff3078c22

Analysis

max time kernel
144s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
14-07-2024 03:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

442d38dd58513f6a0de7da51976b4839_JaffaCakes118.exe
Size

1.1MB
MD5

442d38dd58513f6a0de7da51976b4839
SHA1

58676f0f25a6b7bed1f740e9c092570c4eb4d096
SHA256

9a541f72be5b468a4045c8dcefb9eb96ab1b1d864b51e3946b52544ff3078c22
SHA512

307047530d41fd9d6e48c782a60ef0f2bfd3c000e3168accf5515aa3ff177a1cd045a79288affe593d9373b9dd028e9d6887ad425c8d2b21ebef04036152c045
SSDEEP

24576:Do2nuQAXlNcyezFS8aFgwd8TD28I494VdwZYnYfoxRyUmItl:nnnANex76A94VdwAY0yAtl

Score

10^/10

limerat rat

Malware Config

Extracted

Family

limerat

Attributes

antivm
false
c2_url
https://pastebin.com/raw/SKyptWbF
download_payload
false
install
false
pin_spread
false
usb_spread
false

Signatures

LimeRAT
Simple yet powerful RAT for Windows machines written in .NET.
rat limerat

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	442d38dd58513f6a0de7da51976b4839_JaffaCakes118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	secs.exe

Executes dropped EXE 4 IoCs

pid	Process
3168	secs.exe
3928	NDP452-KB2901954-Web.exe
3524	Setup.exe
3204	secured.exe

Loads dropped DLL 5 IoCs

pid	Process
3524	Setup.exe
3524	Setup.exe
3524	Setup.exe
3524	Setup.exe
3524	Setup.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
13	pastebin.com
14	pastebin.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Setup.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Setup.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
4804	schtasks.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3524	Setup.exe
3524	Setup.exe
3524	Setup.exe
3524	Setup.exe
3524	Setup.exe
3524	Setup.exe
3524	Setup.exe
3524	Setup.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3204	secured.exe
Token: SeDebugPrivilege	3204	secured.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 3704 wrote to memory of 3168	3704	442d38dd58513f6a0de7da51976b4839_JaffaCakes118.exe	86
PID 3704 wrote to memory of 3168	3704	442d38dd58513f6a0de7da51976b4839_JaffaCakes118.exe	86
PID 3704 wrote to memory of 3928	3704	442d38dd58513f6a0de7da51976b4839_JaffaCakes118.exe	87
PID 3704 wrote to memory of 3928	3704	442d38dd58513f6a0de7da51976b4839_JaffaCakes118.exe	87
PID 3704 wrote to memory of 3928	3704	442d38dd58513f6a0de7da51976b4839_JaffaCakes118.exe	87
PID 3928 wrote to memory of 3524	3928	NDP452-KB2901954-Web.exe	88
PID 3928 wrote to memory of 3524	3928	NDP452-KB2901954-Web.exe	88
PID 3928 wrote to memory of 3524	3928	NDP452-KB2901954-Web.exe	88
PID 3168 wrote to memory of 4804	3168	secs.exe	90
PID 3168 wrote to memory of 4804	3168	secs.exe	90
PID 3168 wrote to memory of 3204	3168	secs.exe	92
PID 3168 wrote to memory of 3204	3168	secs.exe	92

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\442d38dd58513f6a0de7da51976b4839_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\442d38dd58513f6a0de7da51976b4839_JaffaCakes118.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:3704
- C:\Users\Admin\AppData\Local\Temp\secs.exe
  "C:\Users\Admin\AppData\Local\Temp\secs.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:3168
- - C:\Windows\SYSTEM32\schtasks.exe
    schtasks /create /f /sc ONLOGON /RL HIGHEST /tn LimeRAT-Admin /tr "'C:\Users\Admin\AppData\Local\Temp\secured.exe'"
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:4804
- - C:\Users\Admin\AppData\Local\Temp\secured.exe
    "C:\Users\Admin\AppData\Local\Temp\secured.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:3204
- C:\Users\Admin\AppData\Local\Temp\NDP452-KB2901954-Web.exe
  "C:\Users\Admin\AppData\Local\Temp\NDP452-KB2901954-Web.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:3928
- - C:\fefa836f9e51fcf908f4865caf28f8\Setup.exe
    C:\fefa836f9e51fcf908f4865caf28f8\\Setup.exe /x86 /x64 /web
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Suspicious behavior: EnumeratesProcesses
    PID:3524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\HFIAC6D.tmp.html

Filesize
15KB

MD5
cd131d41791a543cc6f6ed1ea5bd257c

SHA1
f42a2708a0b42a13530d26515274d1fcdbfe8490

SHA256
e139af8858fe90127095ac1c4685bcd849437ef0df7c416033554703f5d864bb

SHA512
a6ee9af8f8c2c7acd58dd3c42b8d70c55202b382ffc5a93772af7bf7d7740c1162bb6d38a4307b1802294a18eb52032d410e128072af7d4f9d54f415be020c9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\NDP452-KB2901954-Web.exe

Filesize
1.1MB

MD5
ca41dba55a727f01104871b160cd5b1d

SHA1
5b71b20a455f6eeab79dd1edcab0ba66ad0d2208

SHA256
bd173d14a371e6786c4ae90be1f2c560458d672ba4cbeb3cf55bebfef2e2778a

SHA512
90a3a5a57ea8a6508eee0d129303c7cb012aabf651dd9a6befc20da3bbdb09fc47fd087645051d3d45bff909dfc6e6039c22c4816fbc793a847e81701248639e

Download Submit
C:\Users\Admin\AppData\Local\Temp\secs.exe

Filesize
90KB

MD5
6fb99828380efda6fb357be8e59524f6

SHA1
94a3911a1813273e7464e030b6a52859f62dd1f4

SHA256
0c34a4722c74afd100e8d59d69d21da8b9c1cd813663b9ba5c55737e6f6170ad

SHA512
9e6729262f38f3f200309e5ed810b5899adda6295411d20883445c55095f16df63eef44b6d0951ee8fb66e39dc74e8fcab7874576ff88500ae825b1b8c1b21ed

Download Submit
C:\fefa836f9e51fcf908f4865caf28f8\1025\LocalizedData.xml

Filesize
75KB

MD5
36299b49a0d3dd743284754d9d8a0dea

SHA1
f012f6a102e2fd7179fc20737bc43cd67d60d93c

SHA256
762b4311928f1f2be9bf8aa3cf0c54b53ded0a87cdf015c370d0aaf81d3247f5

SHA512
839d5b016b2e21a6a4fc29b61d3dfe0736e5648e4058925b34dd93ce43598bc6b59a21ee3f73c15af0d919d997c1bc5922bc9c78df2dd97abfc12d6d9e36fbb6

Download Submit
C:\fefa836f9e51fcf908f4865caf28f8\1028\LocalizedData.xml

Filesize
64KB

MD5
02610419c4367dc8ca6e6c1b1aa7d00c

SHA1
8ce2f790ebc62e72f933a009d0dcc26e16a481b3

SHA256
fbb93c31ddec3cf0e3a402c5861c5ce9f38077465ea37321a8bc8bd9138bcbe8

SHA512
848ac4e1f0639f923227c96a58e9e72355c1638dc5c87bd42586a3dcce0a04f06848637819e949b0fa5c28e69c364af297c89d3d61646b60e89cbe42709799e1

Download Submit
C:\fefa836f9e51fcf908f4865caf28f8\1029\LocalizedData.xml

Filesize
80KB

MD5
07c962a72af57b19cac85c0959cf9e9f

SHA1
757a89226cb71f88e96c3ada64b996406ccbaa3f

SHA256
38bbb29178bcc905b2a3f67b19356e3c2e64b30ee836c53dbdb945003e7fa685

SHA512
f74f3286648368eeddc2bbb6d9b7954af82bb5c9bbdc4e980ff7716545fa7ee4c976c3db1f6de101ee289a6688012b7722f3c088c99e77d52f8a8dfad8654fbd

Download Submit
C:\fefa836f9e51fcf908f4865caf28f8\1030\LocalizedData.xml

Filesize
78KB

MD5
111044d7549526b58dc10ca58112787a

SHA1
4ff9b611b36ca1c4a6853383810a0d2c3ee9cf8d

SHA256
d0ac98e2da9bd6543ff4b3865dde2af96f8bf9cdcbf42e1ebb9b87fb8080cd37

SHA512
8eaeb85f1ba0a4f38c0ef8726f3fe9f5466b62208cabbc4fbd4002737cbbf9f261a79ff868fbb74a34b07ed5cf636fe1d6fb8b410fdfbb7dcef7ec643c1268ac

Download Submit
C:\fefa836f9e51fcf908f4865caf28f8\1031\LocalizedData.xml

Filesize
82KB

MD5
89a3fb7103317a6e267d182be4ae0d16

SHA1
0a8ef00064cf10705258199284b239672d1e1c5a

SHA256
7b0e08284718cc55504e4d003d1b4714c272eae670fe5c3977c1334aba2c82bd

SHA512
a3e91b0fd206b54d62b28cd0d9f7899fe58865f5d48812929ff81596464a48f285054f2b1a1f2b8bc4c4e1a7a26dc9e0649881a84aa322da01d6f37107c442e6

Download Submit
C:\fefa836f9e51fcf908f4865caf28f8\1032\LocalizedData.xml

Filesize
84KB

MD5
9a04fe417b406b9c7cf2226fe9f0af7d

SHA1
e173c8ba058d040a3c478b376e42abe8efd0d221

SHA256
cf056fe4b9db893d36c15c998fc6d5d7b4a6a6e1939166019e58f33052fe4f7c

SHA512
79f3a4e50c0d145c4a6e3600efcbe50dd0678f1cf08b08802e55ab199ccd99f40882c4cafadae7b92143b9962942c97e563705e6dec742e1e0a3b8ad71373bcb

Download Submit
C:\fefa836f9e51fcf908f4865caf28f8\1033\LocalizedData.xml

Filesize
78KB

MD5
cdc9ababfc281df11a1256c16c37f298

SHA1
9a6a48e77d3e3d464e8517a2aa42aaf35396afd5

SHA256
d1f065f8de3936021626c3edaa1efbc29d3ad040cd1e4c842c1f33426e573ebe

SHA512
d6a15f0ce360af32860f6c8bf553db7887884d077e01a84fbd950242347d12ae3bdaa460658f31f1c71c5cb10af66a9b57dfdc739b6a0d6fce8acf3a52a710b4

Download Submit
C:\fefa836f9e51fcf908f4865caf28f8\1033\SetupResources.dll

Filesize
28KB

MD5
1a83c2fbc264d052d140936c3c45022a

SHA1
1875ad490270d592f332322862911997ad687af0

SHA256
622d6db165fb8e6707c77bf56f54806aec394706ff36baf11821cb16fc0de24b

SHA512
b781a3a3274b2b8c4a673eaa37a53f9d7ae04b6e51142060608b272dcebc75a246658989d5912f325b82051e29732022ab066c17a3b927191872798f664868b4

Download Submit
C:\fefa836f9e51fcf908f4865caf28f8\1035\LocalizedData.xml

Filesize
79KB

MD5
7d735c8a4ef08c7d5909964cd06475f6

SHA1
45fa00364bfe4e9499f29a3669d3b69c666a4f91

SHA256
878a063ea2031a74b86d382a9ea9fe7b908945d3584b1d6875c22f31d0cc0b5c

SHA512
33863a827fc97b3176ea4db1dd4b4ae4eee660b28cd754b63f5c922e2b2e448715a15541e5fda4fc3a82bccea6790c614a63422f4cbe72c10c3908388d929c2c

Download Submit
C:\fefa836f9e51fcf908f4865caf28f8\1036\LocalizedData.xml

Filesize
82KB

MD5
b4418708f11b2bf02dc0efd9e6fcf13b

SHA1
35b75a1db263a9660fb481cc9021e0e970384e57

SHA256
aad3228b4e64116a8f3ecf9b261fe87e207b0396d40d52856618336e9b85e977

SHA512
564a83cadb5680cee85bb20094acbf0cdb69b733ddaf55ea0d98c308bac77682af5cff469e7ca4dc803a6614d8c58af93dd9f95e918ebfc1cb4a403dc5a29ae3

Download Submit
C:\fefa836f9e51fcf908f4865caf28f8\1037\LocalizedData.xml

Filesize
73KB

MD5
e86180d0c4410b9589f38fd338307c38

SHA1
52d2dde64a7abf6728ae3cc979b7cf4d11317220

SHA256
3fa9430eb031b9d1ceb0b4b15b4c655e181376cb59137f1997de3f19431840e6

SHA512
aa7bfe90ff7a4a5e7dd906f9f0439e144c4162e8b15ceb4f79baedbdd3fe3d79df9137b9fa3dcfa37f83ae378f10ac5f5feb7d717be3b354777ef6872875a0a9

Download Submit
C:\fefa836f9e51fcf908f4865caf28f8\1038\LocalizedData.xml

Filesize
81KB

MD5
c6d12ad2e34f2e8532e6b106fcb7a1bb

SHA1
768e07bdb24e78d68ebc7c63ef4f762ca851c3bb

SHA256
599aecb8f3a82f2252151f8dd34b31b3ef8221f055a0516db6c96ad9d0dea564

SHA512
ac5c556150c70a256eec764c63f9b437d29723842f053cd9b1d563002c811cd1d055241ec61508d9d84577539272e16045935277f1a7793f433bef656ba0e55b

Download Submit
C:\fefa836f9e51fcf908f4865caf28f8\1040\LocalizedData.xml

Filesize
80KB

MD5
322828cac4996e388aa80b6b4595db18

SHA1
014cd3c79b47aab94bbc956f996e587425648e90

SHA256
414e1a512061ea81919484d0261026b30ccbcac4dfe26debc4014e0faba45821

SHA512
540721cd54ec5e41bfb843e77e87db89c136fc1fc5464cbd0d1149918774021c33c4fdf5fb36edaabdf573b33ec4a0bd473c582ed108bd2e671366d183f8d061

Download Submit
C:\fefa836f9e51fcf908f4865caf28f8\1040\eula.rtf

Filesize
143KB

MD5
67a9f0946d135a41e51d90220c0c8c67

SHA1
81079fbfe8423e87fd5a7ea2b42e34dca7385587

SHA256
1478376f05d1bbe824cf1efdebc485d736e3ba1aa72dc8dff69cc9e3b8127cf8

SHA512
7b4087bf0e6ffdac910bf1ea004247f89c64ef65b717ae69971d71e3d3d223809fd0a58b5dd618bce242dbdd19c355cfabdf0613c0c1787e20d5072f2edc1a8c

Download Submit
C:\fefa836f9e51fcf908f4865caf28f8\1041\LocalizedData.xml

Filesize
70KB

MD5
2bad10a78f811664e82c7934bffd6694

SHA1
8125490619be7aa09997dba5000b3878e53190c4

SHA256
9319adb57c8244c30e3d850f62c8612789d3b7f875d173e16bbbc7171291cad5

SHA512
4b64f75545ef56fb66aab2142db3d78c97f8274742028d504d2d1c600b48aa4104e6214541fec9bea3362bda4942c4677919ed63c1a3b22864b7397a7547eaf6

Download Submit
C:\fefa836f9e51fcf908f4865caf28f8\1042\LocalizedData.xml

Filesize
68KB

MD5
ae3d8abc864f0355c94ee0427340e780

SHA1
9021b48a2209bf5b96898206efe1795012b8be3c

SHA256
95fc7873f94c5f4e061aac21a6e72f646b94582b266c079d21ea5b3142478604

SHA512
30da881b2e3ea0a70bab1b90fe0b10e48a29e9ceba002b919fcb0421b2951b7944c9012a1a4f45398f5ac3fecabebd8865ff479b6b957ea58d332668028f8a63

Download Submit
C:\fefa836f9e51fcf908f4865caf28f8\1043\LocalizedData.xml

Filesize
80KB

MD5
a0963a5cb208a5188eb6b99d0022b770

SHA1
6de0ec37065241be89fa9ca4b7224c160b6d13fb

SHA256
3231146c17b376611245f654bf886bea56a98e1bae2045d04e18bfd3c23f023f

SHA512
a06ab6ad0822d5c36c2528aadf011283187c9dcdf1b065bce8e01fc827b376af61176c3f812e9714696bf01cf2a67acb931a3efedd11e8f80d2412324daa45bc

Download Submit
C:\fefa836f9e51fcf908f4865caf28f8\1044\LocalizedData.xml

Filesize
79KB

MD5
8129335ad250d11640c5f916004a0510

SHA1
379f82c01ddb8704b22818b28e0d781a3f292ce1

SHA256
69156fa84009e79b95374f1cb034843273a7f0bb4508eeb689a7f37f9a818410

SHA512
bfc454d02c4e5e7c8841dc32d3b7c3f6ed11df106bd3472ffce87c7237b962caa22573632da4bd6a5dd1b989a516e66c4d69ebc8970b0dfa33c60155777972a6

Download Submit
C:\fefa836f9e51fcf908f4865caf28f8\1045\LocalizedData.xml

Filesize
82KB

MD5
df8773afe81f42771b380af5793e1884

SHA1
947828f2b8dcf0e129fe7b9cfad2c5016dab495f

SHA256
61aa6d64c71e342fb60d1621daed8801774e2901babab484f646be8c317031fd

SHA512
53ffb488428d1a3856d986e9874fb5509451ddd688c0d7ae28fceb730c7e109c3e997eeee5176cd0546fe5214b73102677b0f7103de53a157cdcf24be29f623f

Download Submit
C:\fefa836f9e51fcf908f4865caf28f8\1046\LocalizedData.xml

Filesize
79KB

MD5
7bcf32de27b17b486a81363e98562a4a

SHA1
6d08dd72c36190984a589402d7c0b608d6aecbb4

SHA256
a5fddd50c8c54ebff1caddf75dbf34ebabf96746e0cdbd6b5190cac18c037f97

SHA512
bdc549b334772d8db9baf00ecc9fee0d904b2d0aa17a292b15fca29076513c003f376818d047f66c4c327ea707d2509f509897a05b3578daf21a3668046f0a88

Download Submit
C:\fefa836f9e51fcf908f4865caf28f8\1049\LocalizedData.xml

Filesize
81KB

MD5
0f60c968bbb0534bbe2ea7da40bcd571

SHA1
661c0e6372cebc7d343af29a08eb0c5b189773b7

SHA256
dcd832b208f3d02bce0bf320c8c0b3486f92cf8c7eac0c136d6dddea0964e858

SHA512
1aaf6ca9a256029257e1752f00c514b5751f2ef4022d5497e8d57a6426fff8f4a7e1040f662d81675ef7e1acc52f8d671bb1f414396a643e1a2587eb71c1b2c6

Download Submit
C:\fefa836f9e51fcf908f4865caf28f8\1053\LocalizedData.xml

Filesize
78KB

MD5
d21f3f1f18812b8a3d18e8976c131d18

SHA1
63045886d22e76c11df23a827147c4e1b155beb4

SHA256
ac4676cc053f3f2577e526d2c395ff28368bc30284a1e8565017264c5c223bac

SHA512
ba35495b6c6233bb9d453370af577d98bed79612530cdb577f0c1862879e9109719f5fb21dccfce930606ecc22b5796a712848282c513d2cc9705b60df2a5c41

Download Submit
C:\fefa836f9e51fcf908f4865caf28f8\1053\eula.rtf

Filesize
145KB

MD5
8ca89fafa113bdca3dfb5a141e206b84

SHA1
529075ffb30e400e4a24f4aac678295b04502c62

SHA256
411414181d515ad8ca0ed1b1f462a067648a98d26451b7414d91601c1e6c449a

SHA512
a90179a9a8a14e6d6ddefcbc1641ebeff567fa028d65705429fa81b352647c6a973b5fb5bc585c23ef9dc2587566ce3e0086f9cfb31b8eeb5d4fc2fd7a7b1bf7

Download Submit
C:\fefa836f9e51fcf908f4865caf28f8\1055\LocalizedData.xml

Filesize
78KB

MD5
305bfad75d969521b49193a7d2300502

SHA1
047d8a833c6c735a773b45045294b4e53ff469e7

SHA256
b733ceaa74c6a49ef36957d47e37e7b6d231574529c745d8c9ea2e1f4cd356ef

SHA512
3631a0ba4ec98cee474e562ed3a9d68b8251201c309ba4e0b8a23359748674dd5b263e53d39beaefee67ebcd4e050fc60e398785951a0ba4e91271acd580fd52

Download Submit
C:\fefa836f9e51fcf908f4865caf28f8\2052\LocalizedData.xml

Filesize
64KB

MD5
a905e8fc19234d4535ae9fd752976b91

SHA1
6979d6591d8d5f8282a159a7c4d8cd27de5296f4

SHA256
0ab0473df4a26cc1b0e3798959dce598d89030ae1d9449568565326a11bdcb11

SHA512
b5546b5eb2cfd77812cc34198cbe5b57ef2978f821cebe7fc887e0db4b43b2fad52b2aab6c8729693704b2391a2ecaba138fe93f5371ca6c64a95e7835fe3084

Download Submit
C:\fefa836f9e51fcf908f4865caf28f8\2070\LocalizedData.xml

Filesize
81KB

MD5
90758f62ecc928cd4e2ef9be9e6a97de

SHA1
74b2cf1c6c5cf0b82a08c6821caf9491534dcb10

SHA256
9b1576ac369acc11686c4dc313beac4077fe0b812f9762b65aa50c6c7efa8470

SHA512
e9f01f01510afeb8d47b3ab1352986e9f9b263eb85fdb073a21413c0cceb5d8d6ee8d0d7bac8ec546270e03b2d76ba702c0e41a3016468a8617415ad6a9c51cb

Download Submit
C:\fefa836f9e51fcf908f4865caf28f8\3082\LocalizedData.xml

Filesize
80KB

MD5
df442eaac1e1abd82633edb1fffa0859

SHA1
540b85f121296c53128e46b00c61967a26f9971d

SHA256
5122037a4881bed83ba15c65913911b7a58d9fa9caf073ee2aa092bf03f5c999

SHA512
99812f8b5c075e5b6acf2223c340c6a75992ec79acf3b4502c368115cd9fe2882b8d3777e432b2e6466d8fc0d91d34b024def8e8ad3f486c0f7214e38ee92c40

Download Submit
C:\fefa836f9e51fcf908f4865caf28f8\ParameterInfo.xml

Filesize
1.7MB

MD5
449d88028f698021c18fedc4e1c55711

SHA1
e84650f3045dcbb500e3532f0088612d536d1b17

SHA256
7f74b977ce488cbff129fa2688ecb99a67f761d64b5d5c2721b9299f4049a344

SHA512
df93050d9ee6bd8ea7073420597eb0dc9a7aa72f11c58aaf146b09f8341f880db03d16401a136ce8dab24a84cde30f37366320a123ea4d199e6e1e26d0cc4981

Download Submit
C:\fefa836f9e51fcf908f4865caf28f8\Setup.exe

Filesize
85KB

MD5
c40d7a37493b19dd3e561031bf75b2c0

SHA1
373104ad382298bad3d071edf0c353aa0d6b08f3

SHA256
f62e3547e530261790bd18f894b36c1ae168d2b0620c155b486237e4931fffae

SHA512
35db5b3d1369ca3046c1fc297dce1b51bc948f78bdd9625ee0b8524651b7cf231cb37da607d99eddc901475b9e9a2103d6f4e0f549033470ea9283707833737e

Download Submit
C:\fefa836f9e51fcf908f4865caf28f8\SetupEngine.dll

Filesize
851KB

MD5
38116d0c084663148206c2f5d7d4e3bf

SHA1
40627acddf32a18dd7731eee737473a0514adba9

SHA256
fdea9ce112489862635f6d3384c70b14b8675cff80335e111985fd9d831778e1

SHA512
c1d817e912de3f5ea52a0958a0ff45b01aa69aabc5b8a9df58420cee1e6fb605daf1ebeeba580a6da7d58d17aee8677337a89f12d358177722249b0e4b286279

Download Submit
C:\fefa836f9e51fcf908f4865caf28f8\SetupUi.dll

Filesize
292KB

MD5
b093cfd235683b615176a6ba9df10c27

SHA1
2f6aed7a7b87322cb32d26b1f82cb325f2fad5a0

SHA256
7f88e74a3d92f6a6c5985417176bc915855a53f2cc4ea921e94e4409663709e7

SHA512
945f7f8a5c1e86374211dbc40a78d7afa70fd1800922c6889fa699da1f45bc8ac4f6b4947db837a65d737f6094630b21cc99a5f38d9b82f8a5345410de4caed7

Download Submit
C:\fefa836f9e51fcf908f4865caf28f8\SetupUi.xsd

Filesize
29KB

MD5
2fadd9e618eff8175f2a6e8b95c0cacc

SHA1
9ab1710a217d15b192188b19467932d947b0a4f8

SHA256
222211e8f512edf97d78bc93e1f271c922d5e91fa899e092b4a096776a704093

SHA512
a3a934a8572ff9208d38cf381649bd83de227c44b735489fd2a9dc5a636ead9bb62459c9460ee53f61f0587a494877cd3a3c2611997be563f3137f8236ffc4ca

Download Submit
C:\fefa836f9e51fcf908f4865caf28f8\SplashScreen.bmp

Filesize
40KB

MD5
0966fcd5a4ab0ddf71f46c01eff3cdd5

SHA1
8f4554f079edad23bcd1096e6501a61cf1f8ec34

SHA256
31c13ecfc0eb27f34036fb65cc0e735cd444eec75376eea2642f926ac162dcb3

SHA512
a9e70a2fb5a9899acf086474d71d0e180e2234c40e68bcadb9bf4fe145774680cb55584b39fe53cc75de445c6bf5741fc9b15b18385cbbe20fc595fe0ff86fce

Download Submit
C:\fefa836f9e51fcf908f4865caf28f8\Strings.xml

Filesize
13KB

MD5
8a28b474f4849bee7354ba4c74087cea

SHA1
c17514dfc33dd14f57ff8660eb7b75af9b2b37b0

SHA256
2a7a44fb25476886617a1ec294a20a37552fd0824907f5284fade3e496ed609b

SHA512
a7927700d8050623bc5c761b215a97534c2c260fcab68469b7a61c85e2dff22ed9cf57e7cb5a6c8886422abe7ac89b5c71e569741db74daa2dcb4152f14c2369

Download Submit
C:\fefa836f9e51fcf908f4865caf28f8\UiInfo.xml

Filesize
37KB

MD5
d8f565bd1492ef4a7c4bc26a641cd1ea

SHA1
d4c9c49b47be132944288855dc61dbf8539ec876

SHA256
6a0e20df2075c9a58b870233509321372e283ccccc6afaa886e12ba377546e64

SHA512
ecf57cc6f3f8c4b677246a451ad71835438d587fadc12d95ef1605eb9287b120068938576da95c10edc6d1d033b5968333a5f8b25ce97ecd347a42716cd2a102

Download Submit
C:\fefa836f9e51fcf908f4865caf28f8\graphics\print.ico

Filesize
1KB

MD5
7e55ddc6d611176e697d01c90a1212cf

SHA1
e2620da05b8e4e2360da579a7be32c1b225deb1b

SHA256
ff542e32330b123486797b410621e19eafb39df3997e14701afa4c22096520ed

SHA512
283d381aa396820b7e15768b20099d67688da1f6315ec9f7938c2fcc3167777502cded0d1beddf015a34cc4e5d045bcb665ffd28ba2fbb6faf50fdd38b31d16e

Download Submit
C:\fefa836f9e51fcf908f4865caf28f8\graphics\save.ico

Filesize
1KB

MD5
7d62e82d960a938c98da02b1d5201bd5

SHA1
194e96b0440bf8631887e5e9d3cc485f8e90fbf5

SHA256
ae041c8764f56fd89277b34982145d16fc59a4754d261c861b19371c3271c6e5

SHA512
ab06b2605f0c1f6b71ef69563c0c977d06c6ea84d58ef7f2baecba566d6037d1458c2b58e6bfd70ddef47dccbdea6d9c2f2e46dea67ea9e92457f754d7042f67

Download Submit
C:\fefa836f9e51fcf908f4865caf28f8\graphics\setup.ico

Filesize
35KB

MD5
3d25d679e0ff0b8c94273dcd8b07049d

SHA1
a517fc5e96bc68a02a44093673ee7e076ad57308

SHA256
288e9ad8f0201e45bc187839f15aca79d6b9f76a7d3c9274c80f5d4a4c219c0f

SHA512
3bde668004ca7e28390862d0ae9903c756c16255bdbb3f7e73a5b093ce6a57a3165d6797b0a643b254493149231aca7f7f03e0af15a0cbe28aff02f0071ec255

Download Submit
C:\fefa836f9e51fcf908f4865caf28f8\graphics\warn.ico

Filesize
9KB

MD5
b2b1d79591fca103959806a4bf27d036

SHA1
481fd13a0b58299c41b3e705cb085c533038caf5

SHA256
fe4d06c318701bf0842d4b87d1bad284c553baf7a40987a7451338099d840a11

SHA512
5fe232415a39e0055abb5250b120ccdcd565ab102aa602a3083d4a4705ac6775d45e1ef0c2b787b3252232e9d4673fc3a77aab19ec79a3ff8b13c4d7094530d2

Download Submit
C:\fefa836f9e51fcf908f4865caf28f8\sqmapi.dll

Filesize
191KB

MD5
d475bbd6fef8db2dde0da7ccfd2c9042

SHA1
80887bdb64335762a3b1d78f7365c4ee9cfaeab5

SHA256
8e9d77a216d8dd2be2b304e60edf85ce825309e67262fcff1891aede63909599

SHA512
f760e02d4d336ac384a0125291b9deac88c24f457271be686b6d817f01ea046d286c73deddbf0476dcc2ade3b3f5329563abd8f2f1e40aee817fee1e3766d008

Download Submit
memory/3168-26-0x00007FFE5E010000-0x00007FFE5EAD1000-memory.dmp

Filesize
10.8MB

Download
memory/3168-23-0x0000000000050000-0x000000000006C000-memory.dmp

Filesize
112KB

Download
memory/3168-25-0x00000000021F0000-0x0000000002208000-memory.dmp

Filesize
96KB

Download
memory/3168-19-0x00007FFE5E013000-0x00007FFE5E015000-memory.dmp

Filesize
8KB

Download
memory/3168-24-0x00000000020C0000-0x00000000020D0000-memory.dmp

Filesize
64KB

Download
memory/3168-295-0x00007FFE5E010000-0x00007FFE5EAD1000-memory.dmp

Filesize
10.8MB

Download