d73e40b366acfd7adebc7d90ef7762f8d8e8e80f44265dc135b02c3701cd75be

Analysis

max time kernel
60s
max time network
62s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-11-2024 11:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

UniSDP_20240330SP_20240708V5.3.0.14.exe
Size

82.0MB
MD5

825e920d558d1cd51625f626a17f7611
SHA1

877fff845dc7b4c82f1c60612b1bc838214e7143
SHA256

1721cc210c60da50a27d4502eb7b513bd0c104f8fff7954cdd0d3fe451acacd1
SHA512

420cfe52a5a6a3409212240fc562dac7ff4d5b96569aa9784a8d9f834468d3fc033b017d8b541ad9d02782e85d9dc3869d1912fe55091202c9d31e719f88a88f
SSDEEP

1572864:kB3u04SAfmX1fygZTtu6lwWJfDb48CeMbmdMSpx4qX:kBe5SmmX16gZTtZlwaDb4/tqdPx4

Score

8^/10

bootkit defense_evasion discovery persistence privilege_escalation

Malware Config

Signatures

Drops file in Drivers directory 1 IoCs

Processes:

SDPProxyClient.exe

description ioc process

File opened for modification C:\Windows\system32\drivers\etc\hosts SDPProxyClient.exe
Event Triggered Execution: AppInit DLLs 1 TTPs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
persistence privilege_escalation

AppInit DLLs
T1546.010

description	ioc	process
File opened for modification	C:\Windows\system32\drivers\etc\hosts	SDPProxyClient.exe

Sets service image path in registry 2 TTPs 9 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

UniSDPAccessAgent.exeUniSDPAccessAgentDaemon.exeservices.exeUniSDPAccessAgentDaemon.exeSDPProxyClient.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\UniKInjectSDP\ImagePath = "\\??\\C:\\Windows\\LVUAAgentSDPInstBaseRoot\\drivers\\UniKInjectSDP.sys"	UniSDPAccessAgent.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\UniSDPProtect\ImagePath = "\\??\\C:\\Windows\\LVUAAgentSDPInstBaseRoot\\drivers\\UniSDPProtect.sys"	UniSDPAccessAgentDaemon.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SDPSbieDrv\ImagePath = "\\??\\C:\\Windows\\LVUAAgentSDPInstBaseRoot\\safebox\\SDPSbieDrv.sys"	services.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\UniSDPProtect\ImagePath = "\\??\\C:\\Windows\\LVUAAgentSDPInstBaseRoot\\drivers\\UniSDPProtect.sys"	UniSDPAccessAgentDaemon.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\sdptdi\ImagePath = "\\??\\C:\\Windows\\LVUAAgentSDPInstBaseRoot\\SDPDriver\\SdpTdi.sys"	SDPProxyClient.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SDPSbieDrv\ImagePath = "\\??\\C:\\Windows\\LVUAAgentSDPInstBaseRoot\\safebox\\SDPSbieDrv.sys"	SDPProxyClient.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SDPSbieSvc\ImagePath = "C:\\Windows\\LVUAAgentSDPInstBaseRoot\\safebox\\SDPSbieSvc.exe"	services.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\sdptdi\ImagePath = "\\??\\C:\\Windows\\LVUAAgentSDPInstBaseRoot\\SDPDriver\\SdpTdi.sys"	services.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SDP_NAT\ImagePath = "\\??\\C:\\Windows\\LVUAAgentSDPInstBaseRoot\\SDPDriver\\SDP_NAT.sys"	services.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 31 IoCs

Processes:

7z.exeUniSDPAccessAgentDaemon.exeFocaccino.exeUniSDPAccessAgent.exeVienna.exeUAAExt.exeUniSDPAccessAgent.exeUAAExt.exeAsMyWish.exeUniSDPAccessAgent.exeUAAExt.exeUniSDPAccessAgent.execsrss.exewinlogon.exetaskhost.exeDwm.exeExplorer.EXEUniSDPAccessAgentDaemon.exeUAAExt.exeUniSDPAccessAgentTray.exeDllHost.exeAsMyWish.exeSDPProxyClient.exeSDPProxyClient.exeSDPNSPInstaller.exeSDPNSPInstaller.exeSDPSbieSvc.exeSDPSbieCtrl.exeSDPSbieSvc.exeUAAExt.exeUAAExt.exe

pid	process
600	7z.exe
1600	UniSDPAccessAgentDaemon.exe
1580	Focaccino.exe
592	UniSDPAccessAgent.exe
1792	Vienna.exe
1752	UAAExt.exe
1656	UniSDPAccessAgent.exe
792	UAAExt.exe
2468	AsMyWish.exe
2548	UniSDPAccessAgent.exe
2720	UAAExt.exe
1516	UniSDPAccessAgent.exe
396	csrss.exe
432	winlogon.exe
1120	taskhost.exe
1196	Dwm.exe
1256	Explorer.EXE
2268	UniSDPAccessAgentDaemon.exe
2656	UAAExt.exe
1696	UniSDPAccessAgentTray.exe
860	DllHost.exe
2064	AsMyWish.exe
1496	SDPProxyClient.exe
2024	SDPProxyClient.exe
380	SDPNSPInstaller.exe
2244	SDPNSPInstaller.exe
1960	SDPSbieSvc.exe
2808	SDPSbieCtrl.exe
2632	SDPSbieSvc.exe
1668	UAAExt.exe
1760	UAAExt.exe

Impair Defenses: Safe Mode Boot 1 TTPs 9 IoCs

defense_evasion

Safe Mode Boot

T1562.009

Processes:

UniSDPAccessAgentDaemon.exeUniSDPAccessAgent.exeSDPProxyClient.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UniSDPProtect.sys	UniSDPAccessAgentDaemon.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UniKInjectSDP.sys	UniSDPAccessAgent.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UniSDPAccessAgent\ = "Service"	UniSDPAccessAgent.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SDPSbieDrv	SDPProxyClient.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SDPSbieDrv.sys	SDPProxyClient.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SDPSbieSvc	SDPProxyClient.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UniSDPProtect	UniSDPAccessAgentDaemon.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UniKInjectSDP	UniSDPAccessAgent.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UniSDPAccessAgent	UniSDPAccessAgent.exe

Indicator Removal: Clear Windows Event Logs 1 TTPs 1 IoCs
Clear Windows Event Logs to hide the activity of an intrusion.
defense_evasion

Clear Windows Event Logs
T1070.001

Processes:

svchost.exe

description ioc process

File opened for modification C:\Windows\System32\Winevt\Logs\Microsoft-Windows-WER-Diag%4Operational.evtx svchost.exe

description	ioc	process
File opened for modification	C:\Windows\System32\Winevt\Logs\Microsoft-Windows-WER-Diag%4Operational.evtx	svchost.exe

Loads dropped DLL 64 IoCs

Processes:

UniSDP_20240330SP_20240708V5.3.0.14.exe7z.exeFocaccino.exeUniSDPAccessAgent.exeUniSDPAccessAgent.execonhost.exeUAAExt.exe

pid	process
1804	UniSDP_20240330SP_20240708V5.3.0.14.exe
600	7z.exe
1804	UniSDP_20240330SP_20240708V5.3.0.14.exe
1804	UniSDP_20240330SP_20240708V5.3.0.14.exe
1580	Focaccino.exe
592	UniSDPAccessAgent.exe
592	UniSDPAccessAgent.exe
592	UniSDPAccessAgent.exe
592	UniSDPAccessAgent.exe
592	UniSDPAccessAgent.exe
592	UniSDPAccessAgent.exe
592	UniSDPAccessAgent.exe
592	UniSDPAccessAgent.exe
592	UniSDPAccessAgent.exe
592	UniSDPAccessAgent.exe
592	UniSDPAccessAgent.exe
592	UniSDPAccessAgent.exe
592	UniSDPAccessAgent.exe
592	UniSDPAccessAgent.exe
592	UniSDPAccessAgent.exe
592	UniSDPAccessAgent.exe
592	UniSDPAccessAgent.exe
592	UniSDPAccessAgent.exe
592	UniSDPAccessAgent.exe
592	UniSDPAccessAgent.exe
592	UniSDPAccessAgent.exe
592	UniSDPAccessAgent.exe
592	UniSDPAccessAgent.exe
592	UniSDPAccessAgent.exe
592	UniSDPAccessAgent.exe
592	UniSDPAccessAgent.exe
592	UniSDPAccessAgent.exe
592	UniSDPAccessAgent.exe
592	UniSDPAccessAgent.exe
592	UniSDPAccessAgent.exe
592	UniSDPAccessAgent.exe
592	UniSDPAccessAgent.exe
592	UniSDPAccessAgent.exe
592	UniSDPAccessAgent.exe
592	UniSDPAccessAgent.exe
592	UniSDPAccessAgent.exe
592	UniSDPAccessAgent.exe
1656	UniSDPAccessAgent.exe
1656	UniSDPAccessAgent.exe
1760	conhost.exe
1656	UniSDPAccessAgent.exe
1656	UniSDPAccessAgent.exe
1656	UniSDPAccessAgent.exe
1656	UniSDPAccessAgent.exe
1656	UniSDPAccessAgent.exe
1656	UniSDPAccessAgent.exe
1656	UniSDPAccessAgent.exe
1656	UniSDPAccessAgent.exe
1656	UniSDPAccessAgent.exe
1656	UniSDPAccessAgent.exe
1656	UniSDPAccessAgent.exe
1656	UniSDPAccessAgent.exe
1656	UniSDPAccessAgent.exe
1656	UniSDPAccessAgent.exe
1656	UniSDPAccessAgent.exe
1656	UniSDPAccessAgent.exe
1656	UniSDPAccessAgent.exe
1656	UniSDPAccessAgent.exe
1752	UAAExt.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates connected drives 3 TTPs 2 IoCs
Attempts to read the root path of hard drives other than the default C: drive.

Query Registry
T1012

Peripheral Device Discovery
T1120

System Information Discovery
T1082

Processes:

DllHost.exeUniSDPAccessAgent.exe

description ioc process

File opened (read-only) \??\F: DllHost.exe
File opened (read-only) \??\F: UniSDPAccessAgent.exe
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

Vienna.exe

description ioc process

File opened for modification \??\PhysicalDrive0 Vienna.exe
Drops file in System32 directory 1 IoCs

Processes:

UniSDP_20240330SP_20240708V5.3.0.14.exe

description ioc process

File created C:\Windows\system32\MeiLinGuanSDP.exe UniSDP_20240330SP_20240708V5.3.0.14.exe
Drops file in Program Files directory 1 IoCs

Processes:

UniSDPAccessAgent.exe

description ioc process

File created C:\Program Files\Mozilla Firefox\mozilla.cfg UniSDPAccessAgent.exe

description	ioc	process
File opened (read-only)	\??\F:	DllHost.exe
File opened (read-only)	\??\F:	UniSDPAccessAgent.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	Vienna.exe

description	ioc	process
File created	C:\Windows\system32\MeiLinGuanSDP.exe	UniSDP_20240330SP_20240708V5.3.0.14.exe

description	ioc	process
File created	C:\Program Files\Mozilla Firefox\mozilla.cfg	UniSDPAccessAgent.exe

Drops file in Windows directory 64 IoCs

Processes:

UniSDP_20240330SP_20240708V5.3.0.14.exeFocaccino.exeAsMyWish.exeUniSDPAccessAgent.exeUniSDPAccessAgentTray.exeSDPProxyClient.exeUniSDPAccessAgent.exe

description	ioc	process
File created	C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieDll.dll	UniSDP_20240330SP_20240708V5.3.0.14.exe
File created	C:\Windows\LVUAAgentSDPInstBaseRoot\ServicePluginSoftUpdate.dll	UniSDP_20240330SP_20240708V5.3.0.14.exe
File created	C:\Windows\LVUAAgentSDPInstBaseRoot\32\api-ms-win-core-profile-l1-1-0.dll	UniSDP_20240330SP_20240708V5.3.0.14.exe
File created	C:\Windows\LVUAAgentSDPInstBaseRoot\face\tray\traypluginpac\image\btn_close.png	UniSDP_20240330SP_20240708V5.3.0.14.exe
File created	C:\Windows\LVUAAgentSDPInstBaseRoot\face\ui\uimain\image\newcs_tab.png	UniSDP_20240330SP_20240708V5.3.0.14.exe
File created	C:\Windows\LVUAAgentSDPInstBaseRoot\face\ui\uimain\image\red_dot.png	UniSDP_20240330SP_20240708V5.3.0.14.exe
File created	C:\Windows\LVUAAgentSDPInstBaseRoot\lan\Tchaikovsky_zh-CN.lan	UniSDP_20240330SP_20240708V5.3.0.14.exe
File created	C:\Windows\LVUAAgentSDPInstBaseRoot\policy\sdp_sbie_conf.ini	UniSDP_20240330SP_20240708V5.3.0.14.exe
File created	C:\Windows\LVUAAgentSDPInstBaseRoot\personal\AgentWinSysFileKeyMainInfoLib.arc	Focaccino.exe
File opened for modification	C:\Windows\LVUAAgentSDPInstBaseRoot\log\AsMyWish1_20241121_113549.log	AsMyWish.exe
File created	C:\Windows\LVUAAgentSDPInstBaseRoot\CAS.dll	UniSDP_20240330SP_20240708V5.3.0.14.exe
File created	C:\Windows\LVUAAgentSDPInstBaseRoot\face\tray\traymain\image\main_btn_min.png	UniSDP_20240330SP_20240708V5.3.0.14.exe
File created	C:\Windows\LVUAAgentSDPInstBaseRoot\face\tray\traypluginexamineinfo\xml\page_sandbox_details.xml	UniSDP_20240330SP_20240708V5.3.0.14.exe
File created	C:\Windows\LVUAAgentSDPInstBaseRoot\face\ui\uimain\image\calendar_back.png	UniSDP_20240330SP_20240708V5.3.0.14.exe
File created	C:\Windows\LVUAAgentSDPInstBaseRoot\face\ui\uimain\image\computer_big.png	UniSDP_20240330SP_20240708V5.3.0.14.exe
File created	C:\Windows\LVUAAgentSDPInstBaseRoot\policy\TurbineEngineRulesSWYZ201.arc	UniSDP_20240330SP_20240708V5.3.0.14.exe
File created	C:\Windows\LVUAAgentSDPInstBaseRoot\face\tray\traypluginexamineinfo\image\btn_main_item_edit.png	UniSDP_20240330SP_20240708V5.3.0.14.exe
File created	C:\Windows\LVUAAgentSDPInstBaseRoot\face\tray\traypluginpac\uires.idx	UniSDP_20240330SP_20240708V5.3.0.14.exe
File created	C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\sys\sys_btn_minimize.png	UniSDP_20240330SP_20240708V5.3.0.14.exe
File created	C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\sys\sys_tree_checkbox.png	UniSDP_20240330SP_20240708V5.3.0.14.exe
File created	C:\Windows\LVUAAgentSDPInstBaseRoot\UniSDPNetMode.ini	UniSDP_20240330SP_20240708V5.3.0.14.exe
File created	C:\Windows\LVUAAgentSDPInstBaseRoot\vccorlib140.dll	UniSDP_20240330SP_20240708V5.3.0.14.exe
File created	C:\Windows\LVUAAgentSDPInstBaseRoot\mfc90u.dll	UniSDP_20240330SP_20240708V5.3.0.14.exe
File created	C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\Manifest2.txt	UniSDP_20240330SP_20240708V5.3.0.14.exe
File created	C:\Windows\LVUAAgentSDPInstBaseRoot\SDPAgentLogin.exe	UniSDP_20240330SP_20240708V5.3.0.14.exe
File created	C:\Windows\LVUAAgentSDPInstBaseRoot\32\SDPNSPInstaller.exe	UniSDP_20240330SP_20240708V5.3.0.14.exe
File created	C:\Windows\LVUAAgentSDPInstBaseRoot\face\sys\sys_tree_checkbox.png	UniSDP_20240330SP_20240708V5.3.0.14.exe
File created	C:\Windows\LVUAAgentSDPInstBaseRoot\face\ui\uimain\image\device_os.png	UniSDP_20240330SP_20240708V5.3.0.14.exe
File created	C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\sys\sys_slider_thumb.png	UniSDP_20240330SP_20240708V5.3.0.14.exe
File created	C:\Windows\LVUAAgentSDPInstBaseRoot\TSDrvFace.dll	UniSDP_20240330SP_20240708V5.3.0.14.exe
File created	C:\Windows\LVUAAgentSDPInstBaseRoot\log\Version.log	UniSDPAccessAgent.exe
File created	C:\Windows\LVUAAgentSDPInstBaseRoot\ssleay32.dll	UniSDP_20240330SP_20240708V5.3.0.14.exe
File opened for modification	C:\Windows\LVUAAgentSDPInstBaseRoot\custom_tray.ico	UniSDPAccessAgentTray.exe
File created	C:\Windows\LVUAAgentSDPInstBaseRoot\api-ms-win-crt-private-l1-1-0.dll	UniSDP_20240330SP_20240708V5.3.0.14.exe
File created	C:\Windows\LVUAAgentSDPInstBaseRoot\face\tray\traymain\image\tag_pg_bg.png	UniSDP_20240330SP_20240708V5.3.0.14.exe
File created	C:\Windows\LVUAAgentSDPInstBaseRoot\face\tray\traymain\xml\dlg_super.xml	UniSDP_20240330SP_20240708V5.3.0.14.exe
File created	C:\Windows\LVUAAgentSDPInstBaseRoot\face\tray\traypluginexamineinfo\image\lcex_header_arrow.png	UniSDP_20240330SP_20240708V5.3.0.14.exe
File created	C:\Windows\LVUAAgentSDPInstBaseRoot\face\tray\traypluginpac\xml\page_resourceocc_page.xml	UniSDP_20240330SP_20240708V5.3.0.14.exe
File created	C:\Windows\LVUAAgentSDPInstBaseRoot\font\LICENSE_Apache2.txt	UniSDP_20240330SP_20240708V5.3.0.14.exe
File created	C:\Windows\LVUAAgentSDPInstBaseRoot\lan\MoFace_zh-CHT.lan	UniSDP_20240330SP_20240708V5.3.0.14.exe
File created	C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\sys\sys_btn_close.png	UniSDP_20240330SP_20240708V5.3.0.14.exe
File created	C:\Windows\LVUAAgentSDPInstBaseRoot\api-ms-win-crt-locale-l1-1-0.dll	UniSDP_20240330SP_20240708V5.3.0.14.exe
File created	C:\Windows\LVUAAgentSDPInstBaseRoot\BraiseUI.exe	UniSDP_20240330SP_20240708V5.3.0.14.exe
File created	C:\Windows\LVUAAgentSDPInstBaseRoot\face\sys\sys_tab_page.png	UniSDP_20240330SP_20240708V5.3.0.14.exe
File created	C:\Windows\LVUAAgentSDPInstBaseRoot\face\ui\lang\en.xml	UniSDP_20240330SP_20240708V5.3.0.14.exe
File created	C:\Windows\LVUAAgentSDPInstBaseRoot\face\ui\uimain\image\faq.png	UniSDP_20240330SP_20240708V5.3.0.14.exe
File created	C:\Windows\LVUAAgentSDPInstBaseRoot\face\ui\uimain\xml\login_report_infor.xml	UniSDP_20240330SP_20240708V5.3.0.14.exe
File opened for modification	C:\Windows\LVUAAgentSDPInstBaseRoot\custom_tray.ico	SDPProxyClient.exe
File opened for modification	C:\Windows\LVUAAgentSDPInstBaseRoot\public\LVGShare.arc	UniSDPAccessAgent.exe
File created	C:\Windows\LVUAAgentSDPInstBaseRoot\32\Microsoft.VC90.MFC.manifest	UniSDP_20240330SP_20240708V5.3.0.14.exe
File created	C:\Windows\LVUAAgentSDPInstBaseRoot\face\tray\traypluginexamineinfo\image\btn_close.png	UniSDP_20240330SP_20240708V5.3.0.14.exe
File created	C:\Windows\LVUAAgentSDPInstBaseRoot\face\tray\traypluginpac\image\info_tip.png	UniSDP_20240330SP_20240708V5.3.0.14.exe
File created	C:\Windows\LVUAAgentSDPInstBaseRoot\WeakPwd.dat	UniSDP_20240330SP_20240708V5.3.0.14.exe
File opened for modification	C:\Windows\LVUAAgentSDPInstBaseRoot\UniAccessAgent.ini.TimeMachine.Bak	UniSDPAccessAgent.exe
File created	C:\Windows\LVUAAgentSDPInstBaseRoot\api-ms-win-core-heap-l1-1-0.dll	UniSDP_20240330SP_20240708V5.3.0.14.exe
File created	C:\Windows\LVUAAgentSDPInstBaseRoot\face\tray\trayplugin010\xml\menu_about.xml	UniSDP_20240330SP_20240708V5.3.0.14.exe
File created	C:\Windows\LVUAAgentSDPInstBaseRoot\policy\FontMark	Focaccino.exe
File created	C:\Windows\LVUAAgentSDPInstBaseRoot\32\SetGlobalVar.exe	UniSDP_20240330SP_20240708V5.3.0.14.exe
File created	C:\Windows\LVUAAgentSDPInstBaseRoot\face\tray\traypluginexamineinfo\image\item_bg.png	UniSDP_20240330SP_20240708V5.3.0.14.exe
File created	C:\Windows\LVUAAgentSDPInstBaseRoot\face\ui\uimain\image\refresh.png	UniSDP_20240330SP_20240708V5.3.0.14.exe
File created	C:\Windows\LVUAAgentSDPInstBaseRoot\gmcerts\gm_enc.key	UniSDP_20240330SP_20240708V5.3.0.14.exe
File created	C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\sys\sys_menu_skin.png	UniSDP_20240330SP_20240708V5.3.0.14.exe
File created	C:\Windows\LVUAAgentSDPInstBaseRoot\version.ini	UniSDP_20240330SP_20240708V5.3.0.14.exe
File created	C:\Windows\LVUAAgentSDPInstBaseRoot\face\ui\uifloatwindow\image\frame1.png	UniSDP_20240330SP_20240708V5.3.0.14.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

7z.exeAsMyWish.exeSDPNSPInstaller.exeregedit.exeUniSDP_20240330SP_20240708V5.3.0.14.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AsMyWish.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SDPNSPInstaller.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regedit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	UniSDP_20240330SP_20240708V5.3.0.14.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

svchost.exe

description	ioc	process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	svchost.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

UniSDPAccessAgent.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	UniSDPAccessAgent.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	UniSDPAccessAgent.exe

Gathers network information 2 TTPs 1 IoCs
Uses commandline utility to view network configuration.

System Information Discovery
T1082

Command and Scripting Interpreter
T1059

Processes:

ipconfig.exe

pid process

2864 ipconfig.exe

pid	process
2864	ipconfig.exe

Modifies data under HKEY_USERS 6 IoCs

Processes:

SDPNSPInstaller.exeSDPNSPInstaller.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	SDPNSPInstaller.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "0"	SDPNSPInstaller.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "1"	SDPNSPInstaller.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	SDPNSPInstaller.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "0"	SDPNSPInstaller.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "1"	SDPNSPInstaller.exe

Modifies registry class 64 IoCs

Processes:

regsvr32.exeUniSDPAccessAgent.exeSDPProxyClient.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2D08241-B9A6-4C61-BA72-0C042E2962AA}\1.0\0\win64\ = "C:\\Windows\\LVUAAgentSDPInstBaseRoot\\safebox\\ExportMenu.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.lvenc4\ = "lvenc4file"	UniSDPAccessAgent.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lvenc4file\Shell\Open	UniSDPAccessAgent.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lvenc2file\Shell\Open	UniSDPAccessAgent.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SDP528Client\shell	SDPProxyClient.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ExportMenu.ExportFile.1\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ExportMenu\ = "{407C6AE8-1192-4068-89EF-B1F693D1F9E9}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\ExportMenu	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6C1FCC7E-B553-47FE-99E2-6D3861DC03B8}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{407C6AE8-1192-4068-89EF-B1F693D1F9E9}\VersionIndependentProgID\ = "ExportMenu.ExportFile"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lvenc4file\Shell\Open\Command\ = "\"C:\\Windows\\LVUAAgentSDPInstBaseRoot\\ImportApplyRes.exe\" \"%1\""	UniSDPAccessAgent.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.lvenc2	UniSDPAccessAgent.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lvenc2file	UniSDPAccessAgent.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{10D63AD7-6EBC-43A9-A997-FEC1AE9C6EDE}\ = "ExportMenu"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ExportMenu.ExportFile.1\CLSID\ = "{407C6AE8-1192-4068-89EF-B1F693D1F9E9}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ExportMenu.ExportFile\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ExportMenu.ExportFile\CurVer\ = "ExportMenu.ExportFile.1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ExportMenu	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lvenc4file\DefaultIcon	UniSDPAccessAgent.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{10D63AD7-6EBC-43A9-A997-FEC1AE9C6EDE}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ExportMenu.ExportFile	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2D08241-B9A6-4C61-BA72-0C042E2962AA}\1.0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SDP528Client\URL Protocol	SDPProxyClient.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ExportMenu.ExportFile\CurVer	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6C1FCC7E-B553-47FE-99E2-6D3861DC03B8}\ = "IExportFile"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.lvenc2\ = "lvenc2file"	UniSDPAccessAgent.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lvenc2file\DefaultIcon\ = "\"C:\\Windows\\LVUAAgentSDPInstBaseRoot\\LvEncBrowser.exe\""	UniSDPAccessAgent.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SDP528Client\shell\open	SDPProxyClient.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2D08241-B9A6-4C61-BA72-0C042E2962AA}\1.0\0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6C1FCC7E-B553-47FE-99E2-6D3861DC03B8}\ = "IExportFile"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6C1FCC7E-B553-47FE-99E2-6D3861DC03B8}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lvenc4file\DefaultIcon\ = "\"C:\\Windows\\LVUAAgentSDPInstBaseRoot\\LvEncBrowser.exe\""	UniSDPAccessAgent.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ExportMenu\ = "{407C6AE8-1192-4068-89EF-B1F693D1F9E9}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2D08241-B9A6-4C61-BA72-0C042E2962AA}\1.0\0\win64	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6C1FCC7E-B553-47FE-99E2-6D3861DC03B8}\TypeLib\ = "{C2D08241-B9A6-4C61-BA72-0C042E2962AA}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lvenc4file\ = "Offline Approval Result"	UniSDPAccessAgent.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lvenc2file\Shell\Open\Command	UniSDPAccessAgent.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SDP528Client	SDPProxyClient.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ExportMenu.ExportFile\ = "ExportFile Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2D08241-B9A6-4C61-BA72-0C042E2962AA}\1.0\FLAGS\ = "0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2D08241-B9A6-4C61-BA72-0C042E2962AA}\1.0\HELPDIR	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6C1FCC7E-B553-47FE-99E2-6D3861DC03B8}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6C1FCC7E-B553-47FE-99E2-6D3861DC03B8}\TypeLib\ = "{C2D08241-B9A6-4C61-BA72-0C042E2962AA}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.lvenc4	UniSDPAccessAgent.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lvenc2file\Shell\ = "Open"	UniSDPAccessAgent.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SDP528Client\shell\open\command\ = "\"C:\\Windows\\LVUAAgentSDPInstBaseRoot\\UniSDPAccessAgent.exe\" \"%1\""	SDPProxyClient.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lvenc2file\DefaultIcon	UniSDPAccessAgent.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{407C6AE8-1192-4068-89EF-B1F693D1F9E9}\ = "ExportFile Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6C1FCC7E-B553-47FE-99E2-6D3861DC03B8}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6C1FCC7E-B553-47FE-99E2-6D3861DC03B8}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lvenc2file\Shell\Open\Command\ = "\"C:\\Windows\\LVUAAgentSDPInstBaseRoot\\FileApplyResProcess.exe\" \"%1\""	UniSDPAccessAgent.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{407C6AE8-1192-4068-89EF-B1F693D1F9E9}\VersionIndependentProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lvenc4file\Shell\ = "Open"	UniSDPAccessAgent.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lvenc4file\Shell\Open\Command	UniSDPAccessAgent.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ExportMenu.ExportFile\CLSID\ = "{407C6AE8-1192-4068-89EF-B1F693D1F9E9}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{407C6AE8-1192-4068-89EF-B1F693D1F9E9}\ProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{407C6AE8-1192-4068-89EF-B1F693D1F9E9}\TypeLib\ = "{C2D08241-B9A6-4C61-BA72-0C042E2962AA}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ExportMenu	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6C1FCC7E-B553-47FE-99E2-6D3861DC03B8}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lvenc2file\Shell	UniSDPAccessAgent.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{407C6AE8-1192-4068-89EF-B1F693D1F9E9}\ProgID\ = "ExportMenu.ExportFile.1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{407C6AE8-1192-4068-89EF-B1F693D1F9E9}\InprocServer32\ = "C:\\Windows\\LVUAAgentSDPInstBaseRoot\\safebox\\ExportMenu.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2D08241-B9A6-4C61-BA72-0C042E2962AA}\1.0\ = "ExportMenu 1.0 ÀàÐÍ¿â"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C2D08241-B9A6-4C61-BA72-0C042E2962AA}\1.0\HELPDIR\ = "C:\\Windows\\LVUAAgentSDPInstBaseRoot\\safebox"	regsvr32.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

SDPProxyClient.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0DC12667DC00DA38E66986535A2B2CE60ADCDD2E	SDPProxyClient.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0DC12667DC00DA38E66986535A2B2CE60ADCDD2E\Blob = 0300000001000000140000000dc12667dc00da38e66986535a2b2ce60adcdd2e20000000010000003a090000308209363082051e020900c97e177b362da686300d06092a864886f70d01010b0500305d310b300906035504061302434e3112301006035504080c096775616e67646f6e673111300f06035504070c087368656e7a68656e3111300f060355040a0c086c656167736f66743114301206035504030c0b6c656167736f6674204341301e170d3139303832363231333331355a170d3239303832333231333331355a305d310b300906035504061302434e3112301006035504080c096775616e67646f6e673111300f06035504070c087368656e7a68656e3111300f060355040a0c086c656167736f66743114301206035504030c0b6c656167736f667420434130820422300d06092a864886f70d01010105000382040f003082040a0282040100daf8c150e6978c89d8ae7e1f5661a985919c920825ee95386fe80d555ccc2e1d643b54f1c080b2586fdc5cda22cb6c7c5c819ff9c844406f7916c51fc8cb5bab76548076f55869d94f62cbff72b5b42808b4ed51f096807c9798f388e70ea102b37575c32b937ceec5ff6c6d9a5c341f532096c05f23fdb65e9632cb3d0f2fe06ab691a256eb6e6496347d4838d9ade091848a8a933a426761330754dfe3a15e4cc881e113358dec737ea44d569735955f1b8d5e600c0b4315ac8e5b13010ed2d6b374b57aa74cfd03ed374a37cba5850e7b03e1520fc6d46ac1a5cfd81a9189b47140b34301ee7d5eca4b640ac100cf282281324d3a4ba2beb414c02c25f76cc3a75fa073a276b780f6c37e7e14d2391e92ec7cccc7f8f2c966c6cf881384d5b06d37f90153902fa6c57a8364d3450e8831513377380fa7df95848f85b9e56b41fde9021834c909dcfd4f8370601d7087f1c1a4a46cc503745be75bf25c5a5283e3e7b0a9ca86e2140a4a4c91780325de2246dbe4fa6f84efa333f6ae344e08e4589ffea62af8b4f9f3c17291a9939e9cf590ef6c12a3b79a15258172208a4f0d5f6848e9bb6ca10e6437a2c6fa23338a48e41014e497f606f1920fcab1180b68b853b22913af10a2f91faf74b368e30f7d2ab868d94294d7e9e454df3e8422205b6014d0dcf39ac05a3b8fd4070962bd5b87034ba948f898e87642d3fc1f76fac82ce058022c7623178e33ff465c96f4ff3fd599e7e9fc0a9fd73f0e94e373e101ecb2670b196aa49844e231084b97ef5adbc463c966784deef7fc5103368f200866baef511f26d7e62fe30d16fac4db8e18d9f4d07b15b230d5cf3db53ff456092df4e129f1590251403c022295f04001882e27e871fe08ec4e59b1678761d5b2b14286aeca707f74c5e3cc87f2f7824a435f9cd8f33a06de2008f556a8213abdfaef6af2f0083d709e1291cb62210bbad8f45c8575a5b33371973e34e8c7b68317cd9b6fc54c4617ec93656fd4cfac2c9042e5abb804e4e2f416e13671aff597a4dca56441288edd3b3f8dd28b426e052d429da404b81fd201cfd07b29f29ac8283fba359daf476a4b48ae132b33b19d5f7c9ce99934343617b738b4090d025005b824dc6b29657a2b5bc5315d03c94fec81dd8e05a05218883c622889b02d98641a5222d50e9053ad4d38c5be28fefcdfbfa875b517f695dcec1f6d66ba6da049d2470951ab82fe10bc11f0fe2fe27320b7ef275b9e66009262739f325e74869b441c234c8d6319299dc5ec31c64c083bb0df5c10cb34570b8109c01062e06e1ae64a454b1f4144d376a463b558ee7f75251dbc77185ce460c19a80b10521515368b92f9c217074b6ae4985c0ec9eea03e8beeb2a654d93ded970916114dc2580043968833377240bf2ca071888abb2afb7cb652117cc7ee5aa59e7e3bf0203010001300d06092a864886f70d01010b0500038204010032ff104ac9955e22cc69abe5521ce2505f0a6a44f7ad5d069ec286984b2b32bb078efc1ded40b009eb6cb749919f1c74c0267b872478560b3d6da91847acebfa578c440cd3c876561813dce6641cb94b0ebd7316023753358fb30c6f10b1a09232734dee770cdd3aab261d86908cae6a988dae9485a2b8c5adbd067e9844a04f514a977eab8e65ff3a517a2667e4a5834541fa79b684a3b424cff09f9f9a1f466c75058900b2800aa938b16de1962ae04de0ed29f94ccf4f350c3b5f8796a72bbfe92b2e430c7ee73c5a00e4d39c7aa15b82f2da0a2c4b85c13eb7f03965739ea28a3905914557fcf0828d10f93016a8928a8fa95d20538645a2ec20b2332295c56800329d518a6598223e481329cb9ea70368d5353c7ff39b9b8498e6c6964047250e3125dbf31719254eac5440751c55af69721ab771465658e9ce23a1dba6f8990080ef6abfd1d82839b048e1e141f3cded8fc4d6c6b955da64fc15a9d134de81bd6645233de95df821dba3724ae77786bcabf06f54def40d697a5d9f4ad5fd14fa102d2b66ef7ba5302c42f1a9835bc792bd6a4a96e6f2084e67fae95955a17ca4581ef192dace5fce73443e70e7057faec1f00a18af597441bdc0da388544110d0a67bdc613e1b3a356bc5a4dad9727e56ac210878060e47d6533bd37bd0c6f32a72de5716a1810e3b11a4e3209d3cf4bf45cba2681ff7c17603f8b15615d8dd6a344e9a51eb77a2ebe7ec39245e7218bdef9722cba59562c1a64244c86fad2b4550ec8be17f5da30c5f1d21678273da0c2d42b0a8f9b4a0c157917d54998841a351950c7299ae4fc3fca3d2efe11cbe7a72959428d84df3e398fc7d813d19713bc91421079c363cf609ef5f0b63a54160cbbdb6b818528fcbb326a65dd58ae9ab8ca4036ab52cade40f7f3d8cbd311804de6813799782d280935eb99249154c4b23acd0ad1089204b52bbef80f254c3bc1aa3c1510cb6796b00f17a9ca4e5dec9fa82663b7e9ecd0173023e60f2cac141ce173f735df8ca57c2c64aeee9dd5c8bf8a1f8c0a290be8f7e8eb2c5dff2f99e2f49a11ca1b9cbafbc297093161e1dfbbecdf6fee6f11c655767bb04718b7a4ee80408db7d15d17149b3f65e5b6489da72f9b87b8dcc3164d4131e0214ea1c4d7cfe85a9734e2099eccdefca2b9df583f8975a157884809a041e6350943c35c473c5093745d4588f9a9a35311ec0ecfabf382b01884183971afb915d0acb3f6dd8f8317754bdda55bc02bbd1b9539f4a5ea84547ee8e3db42eda5771e702f38fd5e4581cd8e1fa0a27fe6bae320f9f26b25d748c6b3422a6ff3dcaf57108ee304204d5bbeaa592026d16816079064ddbeffac5f7a472651883fb61b8564d57ce3fd4ca5256dc54ffe30d27323ae9068417d47a9d77d5e264c7f8d690a70195387f335f882defdc778b2ab5325	SDPProxyClient.exe

Runs .reg file with regedit 3 IoCs

Processes:

regedit.exeregedit.exeregedit.exe

pid process

2988 regedit.exe
2592 regedit.exe
2044 regedit.exe

pid	process
2988	regedit.exe
2592	regedit.exe
2044	regedit.exe

Suspicious behavior: EnumeratesProcesses 55 IoCs

Processes:

UniSDP_20240330SP_20240708V5.3.0.14.exeUniSDPAccessAgent.exeAsMyWish.exetaskhost.exeUniSDPAccessAgent.exeExplorer.EXEDllHost.execonhost.execonhost.exeAsMyWish.exeUniSDPAccessAgentDaemon.exeipconfig.exeregedit.exeregedit.exeSDPProxyClient.exeregedit.exe

pid	process
1804	UniSDP_20240330SP_20240708V5.3.0.14.exe
1804	UniSDP_20240330SP_20240708V5.3.0.14.exe
592	UniSDPAccessAgent.exe
592	UniSDPAccessAgent.exe
2468	AsMyWish.exe
2468	AsMyWish.exe
2468	AsMyWish.exe
2468	AsMyWish.exe
1120	taskhost.exe
1516	UniSDPAccessAgent.exe
1516	UniSDPAccessAgent.exe
1516	UniSDPAccessAgent.exe
1516	UniSDPAccessAgent.exe
1256	Explorer.EXE
860	DllHost.exe
1760	conhost.exe
888	conhost.exe
2064	AsMyWish.exe
2064	AsMyWish.exe
1516	UniSDPAccessAgent.exe
2268	UniSDPAccessAgentDaemon.exe
2268	UniSDPAccessAgentDaemon.exe
1516	UniSDPAccessAgent.exe
1516	UniSDPAccessAgent.exe
1516	UniSDPAccessAgent.exe
1516	UniSDPAccessAgent.exe
1516	UniSDPAccessAgent.exe
1516	UniSDPAccessAgent.exe
1516	UniSDPAccessAgent.exe
1516	UniSDPAccessAgent.exe
1516	UniSDPAccessAgent.exe
1516	UniSDPAccessAgent.exe
2864	ipconfig.exe
2988	regedit.exe
2592	regedit.exe
2024	SDPProxyClient.exe
2024	SDPProxyClient.exe
2024	SDPProxyClient.exe
2024	SDPProxyClient.exe
2024	SDPProxyClient.exe
2024	SDPProxyClient.exe
2024	SDPProxyClient.exe
2024	SDPProxyClient.exe
2024	SDPProxyClient.exe
2024	SDPProxyClient.exe
2024	SDPProxyClient.exe
2044	regedit.exe
1516	UniSDPAccessAgent.exe
1516	UniSDPAccessAgent.exe
2268	UniSDPAccessAgentDaemon.exe
2268	UniSDPAccessAgentDaemon.exe
2268	UniSDPAccessAgentDaemon.exe
2268	UniSDPAccessAgentDaemon.exe
2268	UniSDPAccessAgentDaemon.exe
2268	UniSDPAccessAgentDaemon.exe

Suspicious behavior: LoadsDriver 16 IoCs

Processes:

services.exeUniSDPAccessAgentDaemon.exeSDPSbieSvc.exeSDPSbieSvc.exe

pid	process
476	services.exe
2268	UniSDPAccessAgentDaemon.exe
476	services.exe
2268	UniSDPAccessAgentDaemon.exe
476	services.exe
2268	UniSDPAccessAgentDaemon.exe
1960	SDPSbieSvc.exe
476	services.exe
2632	SDPSbieSvc.exe
476	services.exe
476	services.exe
2268	UniSDPAccessAgentDaemon.exe
476	services.exe
2268	UniSDPAccessAgentDaemon.exe
476	services.exe
2268	UniSDPAccessAgentDaemon.exe

Suspicious use of AdjustPrivilegeToken 54 IoCs

Processes:

UniSDP_20240330SP_20240708V5.3.0.14.exe7z.exeVienna.exeAsMyWish.exeUniSDPAccessAgentDaemon.exeservices.exeUniSDPAccessAgent.exeUniSDPAccessAgentTray.exesvchost.exeAsMyWish.exeSDPProxyClient.exeSDPProxyClient.exeSDPSbieSvc.exeSDPSbieSvc.exe

description	pid	process
Token: SeDebugPrivilege	1804	UniSDP_20240330SP_20240708V5.3.0.14.exe
Token: SeRestorePrivilege	600	7z.exe
Token: 35	600	7z.exe
Token: SeSecurityPrivilege	600	7z.exe
Token: SeSecurityPrivilege	600	7z.exe
Token: SeDebugPrivilege	1792	Vienna.exe
Token: SeDebugPrivilege	2468	AsMyWish.exe
Token: SeLoadDriverPrivilege	2268	UniSDPAccessAgentDaemon.exe
Token: SeLoadDriverPrivilege	476	services.exe
Token: SeDebugPrivilege	1516	UniSDPAccessAgent.exe
Token: SeCreateGlobalPrivilege	1696	UniSDPAccessAgentTray.exe
Token: SeDebugPrivilege	1696	UniSDPAccessAgentTray.exe
Token: SeAuditPrivilege	868	svchost.exe
Token: SeAuditPrivilege	868	svchost.exe
Token: SeAuditPrivilege	868	svchost.exe
Token: SeAuditPrivilege	868	svchost.exe
Token: SeAuditPrivilege	868	svchost.exe
Token: SeAuditPrivilege	868	svchost.exe
Token: SeAuditPrivilege	868	svchost.exe
Token: SeAuditPrivilege	868	svchost.exe
Token: SeAuditPrivilege	868	svchost.exe
Token: SeAuditPrivilege	868	svchost.exe
Token: SeDebugPrivilege	2064	AsMyWish.exe
Token: SeBackupPrivilege	1804	UniSDP_20240330SP_20240708V5.3.0.14.exe
Token: SeLoadDriverPrivilege	2268	UniSDPAccessAgentDaemon.exe
Token: SeTcbPrivilege	1516	UniSDPAccessAgent.exe
Token: SeDebugPrivilege	1496	SDPProxyClient.exe
Token: SeDebugPrivilege	1516	UniSDPAccessAgent.exe
Token: SeDebugPrivilege	2024	SDPProxyClient.exe
Token: SeLoadDriverPrivilege	476	services.exe
Token: SeLoadDriverPrivilege	2268	UniSDPAccessAgentDaemon.exe
Token: SeBackupPrivilege	1960	SDPSbieSvc.exe
Token: SeRestorePrivilege	1960	SDPSbieSvc.exe
Token: SeDebugPrivilege	2024	SDPProxyClient.exe
Token: SeBackupPrivilege	2632	SDPSbieSvc.exe
Token: SeLoadDriverPrivilege	476	services.exe
Token: SeBackupPrivilege	476	services.exe
Token: SeRestorePrivilege	476	services.exe
Token: SeSecurityPrivilege	476	services.exe
Token: SeTakeOwnershipPrivilege	476	services.exe
Token: SeRestorePrivilege	2632	SDPSbieSvc.exe
Token: SeLoadDriverPrivilege	476	services.exe
Token: SeBackupPrivilege	476	services.exe
Token: SeRestorePrivilege	476	services.exe
Token: SeSecurityPrivilege	476	services.exe
Token: SeTakeOwnershipPrivilege	476	services.exe
Token: SeDebugPrivilege	2024	SDPProxyClient.exe
Token: SeTcbPrivilege	1516	UniSDPAccessAgent.exe
Token: SeLoadDriverPrivilege	476	services.exe
Token: SeLoadDriverPrivilege	2268	UniSDPAccessAgentDaemon.exe
Token: SeLoadDriverPrivilege	476	services.exe
Token: SeLoadDriverPrivilege	2268	UniSDPAccessAgentDaemon.exe
Token: SeLoadDriverPrivilege	476	services.exe
Token: SeLoadDriverPrivilege	2268	UniSDPAccessAgentDaemon.exe

Suspicious use of FindShellTrayWindow 3 IoCs

Processes:

Explorer.EXEUniSDPAccessAgentTray.exe

pid process

1256 Explorer.EXE
1256 Explorer.EXE
1696 UniSDPAccessAgentTray.exe
Suspicious use of SendNotifyMessage 2 IoCs

Processes:

Explorer.EXE

pid process

1256 Explorer.EXE
1256 Explorer.EXE
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

SDPSbieCtrl.exe

pid process

2808 SDPSbieCtrl.exe
2808 SDPSbieCtrl.exe
Suspicious use of UnmapMainImage 8 IoCs

Processes:

csrss.exesvchost.exesvchost.exewininit.exeservices.exelsass.exe

pid process

396 csrss.exe
612 svchost.exe
768 svchost.exe
384 wininit.exe
384 wininit.exe
476 services.exe
492 lsass.exe
492 lsass.exe

pid	process
1256	Explorer.EXE
1256	Explorer.EXE
1696	UniSDPAccessAgentTray.exe

pid	process
1256	Explorer.EXE
1256	Explorer.EXE

pid	process
2808	SDPSbieCtrl.exe
2808	SDPSbieCtrl.exe

pid	process
396	csrss.exe
612	svchost.exe
768	svchost.exe
384	wininit.exe
384	wininit.exe
476	services.exe
492	lsass.exe
492	lsass.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

UniSDP_20240330SP_20240708V5.3.0.14.exeFocaccino.exeUniSDPAccessAgent.exeUAAExt.exeAsMyWish.execsrss.exe

description	pid	process	target process
PID 1804 wrote to memory of 600	1804	UniSDP_20240330SP_20240708V5.3.0.14.exe	7z.exe
PID 1804 wrote to memory of 600	1804	UniSDP_20240330SP_20240708V5.3.0.14.exe	7z.exe
PID 1804 wrote to memory of 600	1804	UniSDP_20240330SP_20240708V5.3.0.14.exe	7z.exe
PID 1804 wrote to memory of 600	1804	UniSDP_20240330SP_20240708V5.3.0.14.exe	7z.exe
PID 1804 wrote to memory of 1600	1804	UniSDP_20240330SP_20240708V5.3.0.14.exe	UniSDPAccessAgentDaemon.exe
PID 1804 wrote to memory of 1600	1804	UniSDP_20240330SP_20240708V5.3.0.14.exe	UniSDPAccessAgentDaemon.exe
PID 1804 wrote to memory of 1600	1804	UniSDP_20240330SP_20240708V5.3.0.14.exe	UniSDPAccessAgentDaemon.exe
PID 1804 wrote to memory of 1600	1804	UniSDP_20240330SP_20240708V5.3.0.14.exe	UniSDPAccessAgentDaemon.exe
PID 1804 wrote to memory of 1580	1804	UniSDP_20240330SP_20240708V5.3.0.14.exe	Focaccino.exe
PID 1804 wrote to memory of 1580	1804	UniSDP_20240330SP_20240708V5.3.0.14.exe	Focaccino.exe
PID 1804 wrote to memory of 1580	1804	UniSDP_20240330SP_20240708V5.3.0.14.exe	Focaccino.exe
PID 1804 wrote to memory of 1580	1804	UniSDP_20240330SP_20240708V5.3.0.14.exe	Focaccino.exe
PID 1580 wrote to memory of 592	1580	Focaccino.exe	UniSDPAccessAgent.exe
PID 1580 wrote to memory of 592	1580	Focaccino.exe	UniSDPAccessAgent.exe
PID 1580 wrote to memory of 592	1580	Focaccino.exe	UniSDPAccessAgent.exe
PID 592 wrote to memory of 1048	592	UniSDPAccessAgent.exe	regsvr32.exe
PID 592 wrote to memory of 1048	592	UniSDPAccessAgent.exe	regsvr32.exe
PID 592 wrote to memory of 1048	592	UniSDPAccessAgent.exe	regsvr32.exe
PID 592 wrote to memory of 1048	592	UniSDPAccessAgent.exe	regsvr32.exe
PID 592 wrote to memory of 1048	592	UniSDPAccessAgent.exe	regsvr32.exe
PID 592 wrote to memory of 1672	592	UniSDPAccessAgent.exe	regsvr32.exe
PID 592 wrote to memory of 1672	592	UniSDPAccessAgent.exe	regsvr32.exe
PID 592 wrote to memory of 1672	592	UniSDPAccessAgent.exe	regsvr32.exe
PID 592 wrote to memory of 1672	592	UniSDPAccessAgent.exe	regsvr32.exe
PID 592 wrote to memory of 1672	592	UniSDPAccessAgent.exe	regsvr32.exe
PID 592 wrote to memory of 1792	592	UniSDPAccessAgent.exe	Vienna.exe
PID 592 wrote to memory of 1792	592	UniSDPAccessAgent.exe	Vienna.exe
PID 592 wrote to memory of 1792	592	UniSDPAccessAgent.exe	Vienna.exe
PID 592 wrote to memory of 1792	592	UniSDPAccessAgent.exe	Vienna.exe
PID 592 wrote to memory of 1752	592	UniSDPAccessAgent.exe	UAAExt.exe
PID 592 wrote to memory of 1752	592	UniSDPAccessAgent.exe	UAAExt.exe
PID 592 wrote to memory of 1752	592	UniSDPAccessAgent.exe	UAAExt.exe
PID 592 wrote to memory of 1656	592	UniSDPAccessAgent.exe	UniSDPAccessAgent.exe
PID 592 wrote to memory of 1656	592	UniSDPAccessAgent.exe	UniSDPAccessAgent.exe
PID 592 wrote to memory of 1656	592	UniSDPAccessAgent.exe	UniSDPAccessAgent.exe
PID 1752 wrote to memory of 792	1752	UAAExt.exe	UAAExt.exe
PID 1752 wrote to memory of 792	1752	UAAExt.exe	UAAExt.exe
PID 1752 wrote to memory of 792	1752	UAAExt.exe	UAAExt.exe
PID 592 wrote to memory of 2468	592	UniSDPAccessAgent.exe	AsMyWish.exe
PID 592 wrote to memory of 2468	592	UniSDPAccessAgent.exe	AsMyWish.exe
PID 592 wrote to memory of 2468	592	UniSDPAccessAgent.exe	AsMyWish.exe
PID 592 wrote to memory of 2548	592	UniSDPAccessAgent.exe	UniSDPAccessAgent.exe
PID 592 wrote to memory of 2548	592	UniSDPAccessAgent.exe	UniSDPAccessAgent.exe
PID 592 wrote to memory of 2548	592	UniSDPAccessAgent.exe	UniSDPAccessAgent.exe
PID 592 wrote to memory of 2660	592	UniSDPAccessAgent.exe	regsvr32.exe
PID 592 wrote to memory of 2660	592	UniSDPAccessAgent.exe	regsvr32.exe
PID 592 wrote to memory of 2660	592	UniSDPAccessAgent.exe	regsvr32.exe
PID 592 wrote to memory of 2660	592	UniSDPAccessAgent.exe	regsvr32.exe
PID 592 wrote to memory of 2660	592	UniSDPAccessAgent.exe	regsvr32.exe
PID 592 wrote to memory of 2364	592	UniSDPAccessAgent.exe	regsvr32.exe
PID 592 wrote to memory of 2364	592	UniSDPAccessAgent.exe	regsvr32.exe
PID 592 wrote to memory of 2364	592	UniSDPAccessAgent.exe	regsvr32.exe
PID 592 wrote to memory of 2364	592	UniSDPAccessAgent.exe	regsvr32.exe
PID 592 wrote to memory of 2364	592	UniSDPAccessAgent.exe	regsvr32.exe
PID 592 wrote to memory of 2720	592	UniSDPAccessAgent.exe	UAAExt.exe
PID 592 wrote to memory of 2720	592	UniSDPAccessAgent.exe	UAAExt.exe
PID 592 wrote to memory of 2720	592	UniSDPAccessAgent.exe	UAAExt.exe
PID 2468 wrote to memory of 336	2468	AsMyWish.exe	csrss.exe
PID 2468 wrote to memory of 384	2468	AsMyWish.exe	wininit.exe
PID 2468 wrote to memory of 396	2468	AsMyWish.exe	csrss.exe
PID 2468 wrote to memory of 432	2468	AsMyWish.exe	winlogon.exe
PID 396 wrote to memory of 432	396	csrss.exe	winlogon.exe
PID 2468 wrote to memory of 476	2468	AsMyWish.exe	services.exe
PID 2468 wrote to memory of 492	2468	AsMyWish.exe	lsass.exe

C:\Windows\system32\csrss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
1⤵
PID:336
- C:\Windows\system32\conhost.exe
  \??\C:\Windows\system32\conhost.exe "370668392-733594805-274889264960068721-1132027701011155972-330847655-458113217"
  2⤵
  PID:2768
- C:\Windows\system32\conhost.exe
  \??\C:\Windows\system32\conhost.exe "1377072923-8701964091311625410-1990043303-1163430851100782366-4632049161779645173"
  2⤵
  PID:1888
- C:\Windows\system32\conhost.exe
  \??\C:\Windows\system32\conhost.exe "-1007856791-819395383-1303520312-830301619-1692963177135556448-813783381-1511610369"
  2⤵
  PID:1048
- C:\Windows\system32\conhost.exe
  \??\C:\Windows\system32\conhost.exe "-1845351334-1989806682-130152300014023392731846996825-9684640832112819885-484395228"
  2⤵
  PID:2368

C:\Windows\system32\wininit.exe
wininit.exe
1⤵
- Suspicious use of UnmapMainImage
PID:384
- C:\Windows\system32\services.exe
  C:\Windows\system32\services.exe
  2⤵
  - Sets service image path in registry
  - Suspicious behavior: LoadsDriver
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of UnmapMainImage
  PID:476
- - C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    3⤵
    - Suspicious use of UnmapMainImage
    PID:612
  - - C:\Windows\system32\wbem\wmiprvse.exe
      C:\Windows\system32\wbem\wmiprvse.exe
      4⤵
      PID:1236
  - - C:\Windows\system32\DllHost.exe
      C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
      4⤵
      Executes dropped EXE
      Enumerates connected drives
      Suspicious behavior: EnumeratesProcesses
      PID:860
  - - C:\Windows\system32\DllHost.exe
      C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
      4⤵
      PID:1184
- - C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    3⤵
    PID:692
- - C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    3⤵
    - Indicator Removal: Clear Windows Event Logs
    - Checks processor information in registry
    - Suspicious use of UnmapMainImage
    PID:768
- - C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    3⤵
    PID:832
  - - C:\Windows\system32\Dwm.exe
      "C:\Windows\system32\Dwm.exe"
      4⤵
      Executes dropped EXE
      PID:1196
- - C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k netsvcs
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:868
- - C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalService
    3⤵
    PID:980
- - C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    3⤵
    PID:272
- - C:\Windows\System32\spoolsv.exe
    C:\Windows\System32\spoolsv.exe
    3⤵
    PID:112
- - C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    3⤵
    PID:1084
- - C:\Windows\system32\taskhost.exe
    "taskhost.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:1120
- - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
    3⤵
    PID:2032
- - C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    3⤵
    PID:2220
- - C:\Windows\system32\sppsvc.exe
    C:\Windows\system32\sppsvc.exe
    3⤵
    PID:2272
- - C:\Windows\LVUAAgentSDPInstBaseRoot\UniSDPAccessAgent.exe
    "C:\Windows\LVUAAgentSDPInstBaseRoot\UniSDPAccessAgent.exe"
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Windows directory
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1516
  - - C:\Windows\LVUAAgentSDPInstBaseRoot\UAAExt.exe
      C:\Windows\LVUAAgentSDPInstBaseRoot\UAAExt.exe --unisoftetc -icf agentremote
      4⤵
      Executes dropped EXE
      PID:2656
  - - C:\Windows\LVUAAgentSDPInstBaseRoot\UniSDPAccessAgentTray.exe
      C:\Windows\LVUAAgentSDPInstBaseRoot\UniSDPAccessAgentTray.exe -hide
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      PID:1696
  - - C:\Windows\LVUAAgentSDPInstBaseRoot\SDPProxyClient.exe
      C:\Windows\LVUAAgentSDPInstBaseRoot\SDPProxyClient.exe install
      4⤵
      Sets service image path in registry
      Executes dropped EXE
      Impair Defenses: Safe Mode Boot
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      PID:1496
    - - C:\Windows\system32\regsvr32.exe
        
        regsvr32.exe /s C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\ExportMenu.dll
        5⤵
        Modifies registry class
        
        PID:960
  - - C:\Windows\LVUAAgentSDPInstBaseRoot\SDPProxyClient.exe
      C:\Windows\LVUAAgentSDPInstBaseRoot\SDPProxyClient.exe
      4⤵
      Drops file in Drivers directory
      Executes dropped EXE
      Drops file in Windows directory
      Modifies system certificate store
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2024
    - - C:\Windows\LVUAAgentSDPInstBaseRoot\SDPNSPInstaller.exe
        
        "C:\Windows\LVUAAgentSDPInstBaseRoot\SDPNSPInstaller.exe" install
        5⤵
        Executes dropped EXE
        Modifies data under HKEY_USERS
        
        PID:380
      - C:\Windows\regedit.exe
        
        "C:\Windows\regedit.exe" /e "C:\Windows\LVUAAgentSDPInstBaseRoot\public\NameSpace_Catalog5_BAK.reg" "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5"
        6⤵
        Runs .reg file with regedit
        Suspicious behavior: EnumeratesProcesses
        
        PID:2988
    - - C:\Windows\LVUAAgentSDPInstBaseRoot\32\SDPNSPInstaller.exe
        
        "C:\Windows\LVUAAgentSDPInstBaseRoot\32\SDPNSPInstaller.exe" install
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies data under HKEY_USERS
        
        PID:2244
      - C:\Windows\SysWOW64\regedit.exe
        
        "C:\Windows\System32\regedit.exe" /e "C:\Windows\LVUAAgentSDPInstBaseRoot\32\public\NameSpace_Catalog5_BAK.reg" "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5"
        6⤵
        System Location Discovery: System Language Discovery
        Runs .reg file with regedit
        Suspicious behavior: EnumeratesProcesses
        
        PID:2592
    - - C:\Windows\system32\ipconfig.exe
        
        ipconfig /flushdns
        5⤵
        Gathers network information
        Suspicious behavior: EnumeratesProcesses
        
        PID:2864
    - - C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieCtrl.exe
        
        C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieCtrl.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2808
    - - C:\Windows\regedit.exe
        
        regedit.exe -s C:\Windows\LVUAAgentSDPInstBaseRoot\public\win7.reg
        5⤵
        Runs .reg file with regedit
        Suspicious behavior: EnumeratesProcesses
        
        PID:2044
  - - C:\Windows\system32\regsvr32.exe
      regsvr32.exe /s /u C:\Windows\LVUAAgentSDPInstBaseRoot\system32\MiRoboticIE.dll
      4⤵
      PID:328
  - - C:\Windows\LVUAAgentSDPInstBaseRoot\UAAExt.exe
      C:\Windows\LVUAAgentSDPInstBaseRoot\UAAExt.exe --unisoftetc -ins_init_dll
      4⤵
      Executes dropped EXE
      PID:1668
    - - C:\Windows\LVUAAgentSDPInstBaseRoot\UAAExt.exe
        
        C:\Windows\LVUAAgentSDPInstBaseRoot\UAAExt.exe --unisoftetc -ins_init_dll2
        5⤵
        Executes dropped EXE
        
        PID:1760
  - - C:\Windows\system32\regsvr32.exe
      regsvr32.exe /s /u C:\Windows\LVUAAgentSDPInstBaseRoot\SysWOW64\MiRoboticIE.dll
      4⤵
      PID:2204
- - C:\Windows\LVUAAgentSDPInstBaseRoot\UniSDPAccessAgentDaemon.exe
    "C:\Windows\LVUAAgentSDPInstBaseRoot\UniSDPAccessAgentDaemon.exe"
    3⤵
    - Sets service image path in registry
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: LoadsDriver
    - Suspicious use of AdjustPrivilegeToken
    PID:2268
- - C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exe
    C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: LoadsDriver
    - Suspicious use of AdjustPrivilegeToken
    PID:1960
- - C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exe
    C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: LoadsDriver
    - Suspicious use of AdjustPrivilegeToken
    PID:2632
- C:\Windows\system32\lsass.exe
  C:\Windows\system32\lsass.exe
  2⤵
  - Suspicious use of UnmapMainImage
  PID:492

C:\Windows\system32\csrss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
1⤵
- Executes dropped EXE
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:396
- C:\Windows\system32\conhost.exe
  \??\C:\Windows\system32\conhost.exe "-173840333315555838161945705059-1716517289366744571230217528-13184418061931318985"
  2⤵
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:1760
- C:\Windows\system32\conhost.exe
  \??\C:\Windows\system32\conhost.exe "-1205248541940889643-152221948313887518911418909228-669703438-16641810681930723166"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:888
- C:\Windows\system32\conhost.exe
  \??\C:\Windows\system32\conhost.exe "1294892986-234522802-246623607-156956988112899187631040200821-1473030881957305092"
  2⤵
  PID:2196

C:\Windows\system32\winlogon.exe
winlogon.exe
1⤵
- Executes dropped EXE
PID:432

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1256
- C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14.exe
  "C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14.exe"
  2⤵
  - Loads dropped DLL
  - Drops file in System32 directory
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1804
- - C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\7z.exe
    "C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\7z.exe" x "C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install.7z" -o"C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install" -y
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:600
- - C:\Windows\LVUAAgentSDPInstBaseRoot\UniSDPAccessAgentDaemon.exe
    "C:\Windows\LVUAAgentSDPInstBaseRoot\UniSDPAccessAgentDaemon.exe" -i
    3⤵
    - Sets service image path in registry
    - Executes dropped EXE
    - Impair Defenses: Safe Mode Boot
    PID:1600
- - C:\Windows\LVUAAgentSDPInstBaseRoot\Focaccino.exe
    "C:\Windows\LVUAAgentSDPInstBaseRoot\Focaccino.exe" --pre_inst
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Windows directory
    - Suspicious use of WriteProcessMemory
    PID:1580
  - - C:\Windows\LVUAAgentSDPInstBaseRoot\UniSDPAccessAgent.exe
      C:\Windows\LVUAAgentSDPInstBaseRoot\UniSDPAccessAgent.exe --unisoft_instance
      4⤵
      Sets service image path in registry
      Executes dropped EXE
      Impair Defenses: Safe Mode Boot
      Loads dropped DLL
      Drops file in Program Files directory
      Drops file in Windows directory
      Modifies registry class
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:592
    - - C:\Windows\system32\regsvr32.exe
        
        regsvr32.exe /s C:\Windows\LVUAAgentSDPInstBaseRoot\system32\CarnegieHallShellCore.dll
        5⤵
        
        PID:1048
    - - C:\Windows\system32\regsvr32.exe
        
        regsvr32.exe /s C:\Windows\SysWOW64\CarnegieHallShellCore.dll
        5⤵
        
        PID:1672
    - - C:\Windows\LVUAAgentSDPInstBaseRoot\32\Vienna.exe
        
        C:\Windows\LVUAAgentSDPInstBaseRoot\32\Vienna.exe -GetComputerID
        5⤵
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        Suspicious use of AdjustPrivilegeToken
        
        PID:1792
    - - C:\Windows\LVUAAgentSDPInstBaseRoot\UAAExt.exe
        
        C:\Windows\LVUAAgentSDPInstBaseRoot\UAAExt.exe --unisoftetc -ins_init_dll
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1752
      - C:\Windows\LVUAAgentSDPInstBaseRoot\UAAExt.exe
        
        C:\Windows\LVUAAgentSDPInstBaseRoot\UAAExt.exe --unisoftetc -ins_init_dll2
        6⤵
        Executes dropped EXE
        
        PID:792
    - - C:\Windows\LVUAAgentSDPInstBaseRoot\UniSDPAccessAgent.exe
        
        UniSDPAccessAgent.exe -i
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1656
    - - C:\Windows\LVUAAgentSDPInstBaseRoot\AsMyWish.exe
        
        C:\Windows\LVUAAgentSDPInstBaseRoot\AsMyWish.exe leagsoft
        5⤵
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:2468
      - C:\Windows\LVUAAgentSDPInstBaseRoot\32\AsMyWish.exe
        
        C:\Windows\LVUAAgentSDPInstBaseRoot\32\AsMyWish.exe leagsoft
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2064
    - - C:\Windows\LVUAAgentSDPInstBaseRoot\UniSDPAccessAgent.exe
        
        UniSDPAccessAgent.exe -s
        5⤵
        Executes dropped EXE
        
        PID:2548
    - - C:\Windows\system32\regsvr32.exe
        
        regsvr32.exe /s C:\Windows\LVUAAgentSDPInstBaseRoot\system32\MiRobotic.dll
        5⤵
        
        PID:2660
    - - C:\Windows\system32\regsvr32.exe
        
        regsvr32.exe /s C:\Windows\LVUAAgentSDPInstBaseRoot\SysWOW64\MiRobotic.dll
        5⤵
        
        PID:2364
    - - C:\Windows\LVUAAgentSDPInstBaseRoot\UAAExt.exe
        
        C:\Windows\LVUAAgentSDPInstBaseRoot\UAAExt.exe --unisoftetc -cleankbreg
        5⤵
        Executes dropped EXE
        
        PID:2720
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1256 -s 524
  2⤵
  PID:1316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

AppInit DLLs

T1546.010

Component Object Model Hijacking

T1546.015

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

AppInit DLLs

T1546.010

Component Object Model Hijacking

T1546.015

Defense Evasion

Impair Defenses

T1562

Safe Mode Boot

T1562.009

Indicator Removal

T1070

Clear Windows Event Logs

T1070.001

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Log\UniSDP_20240330SP_20240708V5.3.0.14_20241121_113530.log

Filesize
5KB

MD5
ec22a801688e9c3579ebdc6075f72b09

SHA1
cac5179373e7f39a7e7d5ded919fdde290e343ab

SHA256
2b2523c551051e66e50d9116e1805510077c47428207e7004bd5d4b1aa8f7e2b

SHA512
296f42848c9fa3e13891e413e76baa96a930948c116f64919941f03385bdff24eb4d3fcd1831815dcccbabbf971529679277a72d92587d5d772b622c2ed49b3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\7z.dll

Filesize
1.1MB

MD5
5ab1f3606b4b0680aba82af857c9e7d4

SHA1
6c973e14eb0a6fad3202c006aa0a604d3ba0c2c0

SHA256
51234aee28d858295f715bc61d07aad991791e2493232e8d35aa21177109f6b7

SHA512
d337d92a34ae2c87a983b091889531787f8559440b4d5d7fad7c91734bc261060b38ce3f8813def81939cf519733b373e68b9edcc63f1bdc8e42f7745fd645ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install.7z

Filesize
46.2MB

MD5
fdb424cc347b94d709bb29c2c80b3f4d

SHA1
dcbb74ecafbdfacc69696f4a8b06dca50c6df752

SHA256
a1a9172dda43e8b6a96f34f1543c63f50f8e12224703e0032b28dbf0840f12ab

SHA512
4a48af6d8388ad069edbff455489232550cf57e3b03aa18def89fe70c3ae5584a61754f8e44f7b45d2473fd358d34df6c1226c6052e725e87399cce8b744ea3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\%system32%\MeiLinGuanSDP.exe

Filesize
1.1MB

MD5
c72c313b5e1c7d86d6db5869e3c32f71

SHA1
d4b6e2d4067be03b75ffc5b4e8ad0eb848a25ef0

SHA256
dd7392a231ed91a88d8c2f27e9eab1086f8c1b35adcc4a0384d5a2ab3c4dbd51

SHA512
2bd76f83cd374131ca77edb08e09578d509d8bc51882868237581aaa6be82dbe491b35562675cdb58bf5a2db3180f0c0694f51549addaefcadce99419c9c320f

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\API-MS-Win-core-xstate-l2-1-0.dll

Filesize
19KB

MD5
e536b81cf7c6a943d7178d763c613172

SHA1
4f67ad45df5e8cc5e9f82f6bd5b4a2ae798c82ac

SHA256
e3651cbd3a91b742d662dc11a9d9a6b4e03c652b8b694d90298d38d446885039

SHA512
6d70ffb621ee8a6d77a409fdd5d7691090567888253d6b18f256d6f35d1eac52d72921c9acff32b5c5b246d2145101bd037b42180b565f728dc989c93a32b7a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\AsMyWish.exe

Filesize
28KB

MD5
7d87aef5b3b0bb7b59078ca1255e4204

SHA1
7d1cc0ae83dc2e9faa83b0e7743e427f189f9947

SHA256
77cbcde8c222e62a0f2ac39768f932fdc09e9ca1c3b99dd06f77c5189f28e5a9

SHA512
1b6cb3fb68c0363c5dfb6a995db5aaacbb17aa420dc27af52c76c9907a0c371ce5190b254cf8c7de36160b5d49ee76cf2e0ff9f85ee4e3e904390cc51d4048ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\BlowSnow.dll

Filesize
3.0MB

MD5
34e8fc1779c248241f51877fc9d35e18

SHA1
35ea582285273c8032fd6befcba53f9954d6f72b

SHA256
3197fca6d91f15d1ec21dcd18c9df0907f20ab52e71261721439619ebcd3ca9c

SHA512
76dedc9700873d6ac8f9cef49a84bf8a2baed554dc5b08c0c866d0e13e96aa73652b26f767867ac7f820bd3602e987495fc4b2b810d5dd31dca9032f6ce767fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\Microsoft.VC90.CRT.manifest

Filesize
1KB

MD5
eb75c86ac086a7834a26ab681f8bf49e

SHA1
372fb34c5ccb415910580a339a428c896920c357

SHA256
637bc117f358af52cd0c2fd2b9c22ca48df53071f936263957ae1bbe5e755dc6

SHA512
08b69250ca75b91693ce663ad9d102128f45ad88bf2999d7cd60218436297660d4e7043453b919c233b022dec163620e2ba7723126a9aa3e8efe165365af2d83

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\Microsoft.VC90.MFC.manifest

Filesize
2KB

MD5
856628c116fca29589c9cb3fc114feb5

SHA1
cc212968823eb0ad828c2724773f36e2e0f797a5

SHA256
b6493fd205d29b419040dd3b81ece5f3d02f9319b5a93d3363063f947c19a716

SHA512
bcda8632050a558b50d523adfa4829ea426f5caf1245b5d4c8bf88933cfb2bdc8530c9e02f276cbc06e286a0fbc3b05fb115e88660b981c5470676036261ad40

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-core-console-l1-1-0.dll

Filesize
20KB

MD5
a47a7084d4ed2fb6b9181075f91729a0

SHA1
b58e9474a3e7ff023c3a181a3912e7884e8e1a7d

SHA256
9490c5938112242cadc2c676f82b60fdcc7e5f56caa7aa2d2ba3a6ed358683d4

SHA512
0b5fe71b2e3cd7ffd836a0bf49f44818a59ca3cdb1934c6402dac1cb132aaea0b540624537f2c2b1e99922e551990d7b27f29f9b9a87e6e1ce5d4f6ba7e7d63b

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-core-console-l1-2-0.dll

Filesize
19KB

MD5
9b630e1445f1e687284077eecd999b03

SHA1
88b8da8b1fbaf0b91699e2a0ba212c5e8adc6e5d

SHA256
efd664c9f87b370a530cea5fcaec3d248f5c9d79e749862b3eb63448292ab20f

SHA512
32ae20bfd579b8bacbdf3cc6a7250662dcca5f2cc24f36e7034384ce2e3cc6e61f7cd7a5b54865ffa4ccd2bbe61d5bc9c5c9894ecb4981c410b66b19a485d1df

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-core-datetime-l1-1-0.dll

Filesize
19KB

MD5
72f8626388893a536d0ee370acc9e456

SHA1
66cf9103fd285fc34ff018eef98c3bef0fdcba96

SHA256
5c9d7085295dae9a9b2d3a9c66d99d0061d0ba14f218b95e95e8b01bb7204c87

SHA512
7253b85867977cb8823bbff120f2fbdff2d499862a58b6b7d8bde083e7e07260294411ebf84cae4ce98963501d5ce7656f00dd0249fef7413cad727697e75477

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-core-debug-l1-1-0.dll

Filesize
19KB

MD5
5bf7aafd1e8ab7b806dba539a0b33474

SHA1
53a476277856de2ef21db9a4f56930f77e69d45f

SHA256
d9100e99b2b915623294e18377d162afe9fd354bf0c4a7208f1270721714a553

SHA512
369733aa72d84579c17de3094b5396ff9c760b84f161b36be814512a7dd10c61ddb63bbf889fcf6875311a665efb545d8da4e08fc232030cbd3cf4b607da45c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-core-errorhandling-l1-1-0.dll

Filesize
19KB

MD5
a960e117840acb5ff1d2dcfbbe574e21

SHA1
46747ee4f408e063cf88c86a685412c08ae78473

SHA256
5695695176a80a3e7f9eac80bb3d92df1a5592be42b939b14087a3a6ae6efadf

SHA512
5bfbb2e49c9825b31a5d63e09e58dc7e05d8b5e49530753b879971531a398ec46f7a0fe3ef5ef605f396f7440a650e26bf2b6d933324c95410608ff48d13f3b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-core-file-l1-1-0.dll

Filesize
22KB

MD5
50fee042cee2a4aaba502d2f5087ae70

SHA1
347c3a75d19b784223296f19da64aded95056c3a

SHA256
656d1b11a6242142b9b289445fbe7617ad9b5f6fcf47ad6983ff09194c867bbc

SHA512
d2e4f9f13996a6d11cad2f5c2db74a155cc86db70820b33ec2cfe86882955ab96f79fde57901b3880d74775700c3bcabff7b270207a57959f948fa3e50e188d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-core-file-l1-2-0.dll

Filesize
19KB

MD5
045e4617b49e817007d8a88652af7734

SHA1
305026109a1eabf49bf7ae6a233a4a11e2a22580

SHA256
fd387d4e358e3755db38a618066fb72cd03b17b54d058dbe3dab82065519edc7

SHA512
7e21cf4982ce6f4aa52f0281eae101287a850152c70577b456876356201e12983c9d211d04e05d2c81f80a56bc11ab54eaefa7e492e3910af21af14ff10962cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-core-file-l2-1-0.dll

Filesize
19KB

MD5
adfc5bebc4a2c52023f47a1e548b0cc9

SHA1
a2562ef8534b1448409adfa6c5d7e283ad005a70

SHA256
7de5743f68d9bd6cff0fb8021c22d4069e2e993d97735db0ef65756ff915f39c

SHA512
89665104bd17f9020a871215f03acd40294302e933e503ad22b208ec7c96dddcf5f7b1ae1aa2c3d83fbd608d525d36ff2f7ee86762e44e441153124da352a278

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-core-handle-l1-1-0.dll

Filesize
19KB

MD5
1f6a4f144e52a23767cc74fe2f796ff0

SHA1
646f55fcf4cc0654f9e01e66fb20e463c1ac9c86

SHA256
634924290057ae9c0e4599d2c70656916be24bd594ab1904c0be7a8ea91ddc7c

SHA512
0e52078ad12bc9bf1d74d5ec98a547cf3db508532098bfefb8bbba8f4f7305bae2365dac50e9c010642c6a9bbbbeb3660c6fc658b00e8370cd3647c65ab7d403

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-core-heap-l1-1-0.dll

Filesize
19KB

MD5
7001bee6d2b9189081f4b558050fe106

SHA1
561dd7a7c58fd2599ff8694beaa908d2e3aaf68e

SHA256
6bbbc652ac07511af4126a4a820661eafaa3903c6a6993e2f5c0cdff541ae195

SHA512
301bb940359732dd2e263f6327df11a3c24f95c8d6396a0e2731b1b9d8179de196cc54baf2ab29e6175c66192db5d6e0513ba01655bc81af94ac29b02f2e560c

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-core-interlocked-l1-1-0.dll

Filesize
19KB

MD5
109032959967f8cb078d72e397238509

SHA1
bd80538edb47f8620d78ae8ba6127e5748ae5889

SHA256
c05208903446e2bd528f726af1287be05243dd6cd1e42359440f9303fb7790be

SHA512
b2825341a8ffdfd1317c24a418ea581b513cd4e6628a989ae11e19b51083b29b5a7588bffbce21ded5127910b2d486d3e1436e6504595015218f6c84d98990a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-core-libraryloader-l1-1-0.dll

Filesize
20KB

MD5
146e9998951e897a4f7f5a97baefa823

SHA1
0b822d157e4a0a21e1192bdd1d559219ac73f913

SHA256
ac011f904f8aa7c9a2577d959f7e430cda544ca13a1b3818c69d8514d079399a

SHA512
3deecb532e24790405054de1c63aa5937ecbced0791aa209b0fd1b0d4e68735a38a96dd86167ca3b1c340da0c2f8d2a6d33b2e34845ddbfd539941856c22ba5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-core-localization-l1-2-0.dll

Filesize
21KB

MD5
2a3da8e1cd09aca0fc13be43848c7695

SHA1
72380005fde41e6c6b37db5a46cdb0efc3d6cb08

SHA256
c3f671d3b41fffa444a33f79c0e65df7ca01e56598e4b2f90e7af18c77b97652

SHA512
e4b659aa290a6c256799a76890c296e702316094b132b9bc4b393dc6bff7640b7e62de0f05097932291db411dfb871533f7473cc6c55805f69d75562aae6dc44

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-core-memory-l1-1-0.dll

Filesize
19KB

MD5
163d64f0558d8d93b86acd1055ef2ca8

SHA1
5727ffb8ca641cb2b9daba4fd8341528dd1b7c30

SHA256
94af705ccfd2e10d65a06451226ace0e13eaa1fe5af9b3f7ab81d96ed0775c4b

SHA512
74862f8cf84f6d56ff45ae135d685b181c8dc9eb6b0bd20bc5f3c25e656f60a014c89f71a7e5f381ab06b3515454ce836a75fbbe7d2b1c7770656d144ed555c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-core-namedpipe-l1-1-0.dll

Filesize
19KB

MD5
1922b0a9ab3cbb0f4a93c0df1e812996

SHA1
c3bb5c4682dd0cd16d828ee96e6cd02c047d8f44

SHA256
89c930d2e4482799f4f0f040b994c457310912ed1bbf2a4b61e58cc98f31f0d5

SHA512
10464a4027a62815a29dd888e870186f3c3ed809080784465eb5577051b42ae3064949c4fe8f4abe846b1253562436eda4514ebcdc8fc9d73a7d68f0fa8646d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-core-processenvironment-l1-1-0.dll

Filesize
20KB

MD5
114a2b70fdcf21357f3070dc0c070b3c

SHA1
466c1006877e63f404269990da6926057cbc4ce7

SHA256
d91f680b1f54dcceddd9ead63dc08ee11845803f2cc6de7c545335803016f2d0

SHA512
af75aca3fbd6430eb2975cc6339501acbfd31f4dfb6eb9d3493448946ff301e9ec0bc252ab679cc2508ada510b15bdbb0dabe002ce2f7e4f1c1b437527c76667

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-core-processthreads-l1-1-0.dll

Filesize
21KB

MD5
a66bd19055465d56d2918beaafcb6a04

SHA1
106973cc2e03293cb4a03826f843d387431666f3

SHA256
3129f7b002b724cda522230ca7a9cb4b24f0679bf572d4fc990058d6b36cc293

SHA512
873a9e63608d70725e6046999e36b15dc99e362e0bafa4de1ccebc09bf7123d6bc5d21dff1f778f8b8cd3413b45b82344784f9f2e1b31f54ad34cb3a2754f0a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
19KB

MD5
1f462654c1bbc1ced7e4d8e879732e14

SHA1
a56a7c4154870db07395d50f4d8d963e4cce92ab

SHA256
b8e6deceacbc5f8e483ad076196df819377d2731e146eb4f48c5a59da9abdd65

SHA512
917edfc5cbf3f82708d6cb84a2ad31c41b1b02cf44a921b6934bff614b69d0754115c35aaf4d181085a4b77ebd816fe06cb9def01addc5c68846da0850fe8cce

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-core-profile-l1-1-0.dll

Filesize
18KB

MD5
e52748f87b1f5905fd6d562533523c33

SHA1
c1f3b2b6bd929ba6b4deb79498204c9a5e0d5fb7

SHA256
b1e857e184818a6fa21e44c658fa3d6a752881ce909b18cc2d677dba0e2db87c

SHA512
25c80c468e43df617c0e18d06697f14c3bb1594b233dd7cea5aa76d49730aeba9e5f7d435acf9ff40a8dc66d9431721d44f2740ea34b1b667a0c7bb8faa78f74

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-core-rtlsupport-l1-1-0.dll

Filesize
18KB

MD5
01ee5032cb31b9a83c6b0eaed810315a

SHA1
36cad637293a5b01c0e0adbc16c55a37992b15c3

SHA256
a2cee2281a78f0a58f2a6c1e735f1725e96512c5dee49f021c549cac3c618ba7

SHA512
58b857c589870d2c4c3fdcb61198cf6c49ba5496b86b8ee6b60805d08b7da712674b41f1014433f125c1db5e255e18b5e2911c278316174fa54bae07f3c6b986

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-core-string-l1-1-0.dll

Filesize
19KB

MD5
7dd35c4be2ec4d74946177698990b1bb

SHA1
b35fb40dca5f76f2ff9bcc0956659a834310e8bd

SHA256
ae67d1bda3d9c10560819e9e02ba475aeb3f7df7e8f73586d546f44ba6ef8046

SHA512
caac4e0e8bbff5e83964ea1502a96113fb1fd421f32fe70029352a533f4b95c826c827ee57c0d1c3d47c5e3b792cfd8c5c1477a6485eef6299601aeea947e684

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-core-synch-l1-1-0.dll

Filesize
21KB

MD5
ebfc306560273b257d3a1ef9861e35d6

SHA1
7834fb653634a181890531fb3e91c55eb0ed5745

SHA256
85aa1cdddda9ec9eba75f68cd98fc43430f1ecb68b957a7b70a7a6049feae76f

SHA512
bc3aa3b7ac552912c3dd405a3b0f0218ddddae459a16edb99c1870b020d41102762b24315be5b55781a8eafe99195888ec9f976842de165b95c423c43fc90a7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-core-synch-l1-2-0.dll

Filesize
19KB

MD5
5a8978023b93c8c369d3696c8251b71d

SHA1
1ffc61471c2f49a80d5e3f83df2a9010d3c5a1c7

SHA256
dba254b1446808887d452bcd6c27685462c39dc2f1da181765f0898b4eb1b953

SHA512
53ae57280e593d886b609d55c313e2ef208c3f0ce53b5d015f57aaf3cce901a192efe60b24d9e9b5c6e9ef7779c9103a951e813780a53d12a27680965e5b39ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-core-sysinfo-l1-1-0.dll

Filesize
20KB

MD5
b816bd9eef2adf08d27a22620feca795

SHA1
a8b8d1cb1e2fdc605449cd17c0e2f62db582b266

SHA256
4214f1c07c4abd241634cde318f4f73c9d1aeb931413c4245b6c61f77f3b54db

SHA512
d78616f681cea3317b9ffb86ae7b11778b90f47cb57fa92f8c8666f6e36fb6831e38c37d2fc9f5c81e743f8b77f25ccf657f28ff8b5f0599d70cade5c9ec9bbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-core-timezone-l1-1-0.dll

Filesize
19KB

MD5
ed3a91953d5ce03d65bd90fa46c1e29d

SHA1
92cdac4071850ac96759ae77a0b3c5f6bebdc2ef

SHA256
35ea6ec01e55108182c743b47fed5be381acf295982be87d92b4588ccb71240d

SHA512
edb4539b6081e73bb410668c420d437a0a746fc4aba28f7f15f7a2debc8bf8eb11e03f38957b438bfb95e86652b44c1bdb0162f449146df467ff5e1de281e56d

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-core-util-l1-1-0.dll

Filesize
19KB

MD5
d8e04bf7a8feae0cb8afe43a87d9ec93

SHA1
8fc010890f4ac7a8117dd5c3db21171a49eb6f06

SHA256
e1000ef817a5d8db82d1d58022c7ee3e1edffd2f9da15781902a4de2b71242e1

SHA512
116bdb64752dcb30d0557b2cf1a09ff692d621f0844cd59d69813dd0fd47735b0e1df34d077bbb4bea563655ca3460437a644ba26897026405af573035d9032e

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-crt-conio-l1-1-0.dll

Filesize
20KB

MD5
53f2e4ec1efe147f8df45e4ab05a07de

SHA1
ac03a30639a717b4895407e8d153f8919ff5bbbb

SHA256
b79bb037437212a95f18b1110a907a0f474878f40a7bb906f297eb5d24352e6a

SHA512
b435470311ed47f163cf42adb6334a9caa906580925d19e9febf3c979668c62e25d8232fd5bcebf2f86307708ac165d7e62608c7225c1aeb7ed1530aecb7c288

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-crt-convert-l1-1-0.dll

Filesize
23KB

MD5
2e7fcee0944d063d8528399f22c9b2b7

SHA1
05a68b73e778817f52885e6f27800e99125efdca

SHA256
a38f46fe1a1bba3a8c7cc942bac945413c5c0e992ca599f9f09181b7f5645f52

SHA512
df689de14369d858412b79156acd8e2fcafeb45793eac91f1ce0cba37bcc2e88c53533934647960176c48133c1e5383f406eef859bfb5231f49730acf4320d95

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-crt-environment-l1-1-0.dll

Filesize
19KB

MD5
f966b9ff936d60de02c37b16b9d23e4e

SHA1
7dffea259d7e5ffdf005900ac9417319acc66f33

SHA256
90788cc217e4f5e78ec988061552fcd1c1a3ab61c6df3de132aae606383fbc27

SHA512
bc27f4871e872d76b89d7f0ba5ed7d7062a04218bdf9a741598bfce82cd788e866d2c20513594726948e1701bfdb17afc2280405b0d994aaa3cd2ebefc1c8cf7

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
21KB

MD5
735d7e5ae0a53b644482f5e70efeff5d

SHA1
8e99689cf9d24aa4268a51bd377015e9d9ad7f64

SHA256
e9d88aa96743aa2ff29ac8d7930ba0c8ebb21372329a1bf5926cce59a4b39f4b

SHA512
12239d14a634b7cdaa07e39186b674bc905f73c928db5230752407650f274bd401d10487b3ac2c426cc8da708f0ca6fbaffc2a5075e299901961bd205ad7bbd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-crt-heap-l1-1-0.dll

Filesize
20KB

MD5
6521cf7e6a66c747726fd09e51a1f92d

SHA1
b89168c27063a2b4f81c69df4ce23f144b55bcc4

SHA256
dc8ae6136313ed0ee26aed6e9d3a192413d62e12c7c568fae5a7abb784ca4c72

SHA512
03a63ed3c2e0be3e1e918eb01e5fb722be06d8e32179782ed3f7106048f522426bda045cd3ae605a066403bded2621923a8c33d075bf8e11b58c432a69481ac2

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-crt-locale-l1-1-0.dll

Filesize
19KB

MD5
281399c6a7ca9c52c6b20c78938ec2d3

SHA1
5e76793588075edaeedab8d30297d9a8031c74b5

SHA256
58e0f4ae04529a03bc5a453cdb891fcdaf82e4d7ec2757b3f88f5f967407fc94

SHA512
459fe7cb8433fa23dc765894b78c1e2fd007ac3ed659d6f4fc9191a589e349107f7c4c03718e34c9a9231324fdcd970fae75e2772c153a97001933869628a7e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-crt-math-l1-1-0.dll

Filesize
29KB

MD5
2b20bc164f817ffbba1b547857b0da2a

SHA1
c40095898cfe64c6132e81090333317563184c3c

SHA256
a7a4ba2270ae7e5679ff9413d1e53ba706a95bec28c906de378ab4b1a8fbf6e7

SHA512
a760294cd9b9f3c0c9c0ec4800536df874ef7d3757cad9469da96c293187a9382867f332caf714f91c9059a90a3dda7670b265f3a5e2339b9e12ca05eb373e56

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-crt-multibyte-l1-1-0.dll

Filesize
27KB

MD5
e92ba8ab3be45a5fa0b0439966583d8b

SHA1
88ec890850a4d531476151ddabb6f6def5d87273

SHA256
f65bb318be803581780fed95f57d0fd7b5c1b0e070e0062a8d06e4e5dde4c9ee

SHA512
4a5d11dfb7ed1c95eb2b839c9a094f7a8cd32e78d3af9f1eefe52857d9b17cc69649638b8afd8ae581518cf9b223c352ccdf84a46990ac56b57577502a9035dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-crt-private-l1-1-0.dll

Filesize
72KB

MD5
8ff98e2ceb2724d9c7ce121a75036560

SHA1
5d0eb20c46c4c1ce1c188a5c3cfaf416617a58ff

SHA256
80ec395c2c5ad8b9728784d6aec611e0ce7a5ddefebef093235b420fdb74a7ab

SHA512
c029a78834236a6a4616ee93e0d06e44e880560c354a4872489d24497133462e8629c03af707825fc6fd447437922c863e5395f0851d5b19585bffa42d9ce4ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-crt-process-l1-1-0.dll

Filesize
20KB

MD5
4bfd59d316c51af7c1f7d347477b5629

SHA1
96b6291180ae0a12b8a650557291ff60c1243367

SHA256
57998a0a8168a75eb8e5958019b29f86edee70931bdbcc18e06c9b93f4b70cbe

SHA512
cd9620909eaa85151edf996d506a6969d4f892fe11939158513e14c9e73c862eedda61faad3eb28e55f3ea10347253e5b7bdfaee624de6c514fdb4f902d085fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
23KB

MD5
f24259dabe9905bf00eef0374053937b

SHA1
b1949c85cfaeb2b2cdf99b51d3191e4e3bd0dd54

SHA256
f99a3f408880834ce3c762fb434cea98c87bc6df19b63d509d1093f2295bbc8e

SHA512
fc46db162ba62b46106c7b5c942e2ee186b126deebb8f2e48daf9892620d4b4acaa244fb4b65e1e6f02e06072a8b61d95e49e2ecbfa676cedc361735abb34f01

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
25KB

MD5
5f158413a85e905b0ceb5aaa1aa35f28

SHA1
8807fa016b184ae6e8b66177bf34f1810f5d6095

SHA256
93780b67e8ff9dd076cc67c620d1baa7b5518ecb5cf45ecc1dbf92e6bafcf646

SHA512
e20e433e45ac817f74fca61be03bb9a998adfb2038b50f4476bcb2fcaf0e09236844dc2a9fa4200724d62c646aa9ea5ad315e51fcb4aa9fbf1add1a55a735983

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-crt-string-l1-1-0.dll

Filesize
25KB

MD5
c04f55920b25221f81575231bbb5e4d7

SHA1
b0a65c6ee855e49a4a1d937572f7aaa7b6d9539a

SHA256
c87e13d8fb07cdf07deb3222270afec1de7fc7e481a9fb22068eee74f2a60685

SHA512
2159de09ae92d8a88feb7eb1d0072b928c726fad94a3a72d3523fb15e41a2ad9cb26affdb23cb3d6441fd2b377f29b3df5cd7e0db0ec48871c9dcdaa35a4a000

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-crt-time-l1-1-0.dll

Filesize
21KB

MD5
32abf928ec4678c2bd68a894da7de229

SHA1
eccc5e68ecf49a8bc448b88a6a8887a570ce47d4

SHA256
ae60603ed90d3ce024a9c05bdac449abb34ba43251241a27298f4a717a27c249

SHA512
0e71ba1249f65e05461c3e416876502104dc302131312d44151ebde2d95df9433b6faeea3ca0e1afe5831172d59eaf3f348735609894e5ecec3f8d31d199ab2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\api-ms-win-crt-utility-l1-1-0.dll

Filesize
19KB

MD5
59bf6195153eab0d466f501bf8f14f68

SHA1
e6e156d6c3eed6b4190a266f7374cafac8ad1c07

SHA256
28af247eca739d17fd68979b8c5067deaf85d4bf8478f480d00dc0337c06f47c

SHA512
abd4e96c6e1f54e989e3167402188136aca172cd926e9910a456094bcd0fade2f0eaac97887dcd1bdef658d8b6d5606a9a493d6b0687653a0496228cf1907ecd

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\concrt140.dll

Filesize
238KB

MD5
bb7293add679a5688fcdd03f44de4b90

SHA1
4ffb7d8acd1bfec663d99694172c0c8c28a92900

SHA256
f3093cb216bf8ecc8d869e46d8cda3aaca28a326cb865ccbef329e1b13abc834

SHA512
ea094064c1454cceec03b4f54ad122be169c8bbfa6eece9b4f58eb6d59cbefa16af3a9b6f04461e438e4c208b6224a69a15c10cca6cf4cd5527cf0fe90052711

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\mfc140.dll

Filesize
4.5MB

MD5
e9503911178352a473eeba6ab0768ff7

SHA1
b5f037668d7d6e7fb3fec27b6c1fb8c7c78fc7c2

SHA256
79808c7b51377c75ceefcca636ce23362ec94509f19ba4f364ffc7414ed7ee5a

SHA512
f5b3d57214b84085130ee312c918c05a25b185d67305f7d65f02c6c85a8a84128df0540aa929ca28168946ad4fb7c7117becc4f2423aa7981b580825c6fe296a

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\mfc140u.dll

Filesize
4.8MB

MD5
06f307b7ddb0994b448b9786cf5811b8

SHA1
4d70c5206e84b23916e4c686f430e5dcdc70dfc3

SHA256
dde3c8e9e7d414913a29979798311d095c1b8869ee405a1c3fcbba14da90446d

SHA512
b26bcfca4569ce9fb4b7196c952ce38b0e3a30aeff2e7ac4b2ea1c695c658c1d92029fb7e31ad231e62de8dff2a86ab3821aa1f9d5c944d88b263d88efeca16a

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\mfc90.dll

Filesize
3.6MB

MD5
5963633010616b25503ee126f55e8de4

SHA1
1cb2080133ac915863e6988b0f377d46cd91e6d5

SHA256
a1a6f3e18b097ab046e8771a01f8b727a44348b28b82b5beb15ee311ad27cdd6

SHA512
562eeab7c6e3ea727441ec6b8a748dc5938a91d7bbee04cdaade9683eee9d02651d3872b7249f8a829fa778378469716ea7a5905f72659a28d362fcc6354c98e

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\mfc90u.dll

Filesize
3.6MB

MD5
ca6ade4f7761bb15b3325356dc3b82bb

SHA1
effaaf31465ebf248b5a4f91a179797306b326c9

SHA256
0ea4cd410da764916ea201c0c1e16752e0d3dc9d8571510782af4aae62509af7

SHA512
b920cdaa8b668b00a141fab799c2e26e9bb8195e3ea799c4fd9252bbddf7637c484c5179dc9ce606ac0149324002f28b1fb68c32e522dd7afcf6b1c4a27702ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\msvcp100.dll

Filesize
412KB

MD5
ed40615aa67499e2d2da8389ba9b331a

SHA1
09780d2c9d75878f7a9bb94599f3dc9386cf3789

SHA256
cd28daeda3c8731030e2077e6eccbb609e2098919b05ff310bef8dce1dce2d8d

SHA512
47d94c5f4829a0f901b57084c22b24adefb4aec2f7b8df9ea838e485dbc607aa837ed6d3c7186159499c44a3ff488fb04f770c624649a406854d82cd3baf72ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\msvcp140.dll

Filesize
429KB

MD5
d25c3ff7a4cbbffc7c9fff4f659051ce

SHA1
02fe8d84d7f74c2721ff47d72a6916028c8f2e8a

SHA256
9c1dc36d319382e1501cdeaae36bad5b820ea84393ef6149e377d2fb2fc361a5

SHA512
945fe55b43326c95f1eee643d46a53b69a463a88bd149f90e9e193d71b84f4875455d37fd4f06c1307bb2cdbe99c1f6e18cb33c0b8679cd11fea820d7e728065

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\msvcp90.dll

Filesize
556KB

MD5
4c39358ebdd2ffcd9132a30e1ec31e16

SHA1
70ac82988285f9f7069faa9a0612aeba7fb001c4

SHA256
06918cf99ad26cd6cf106881c0d5bdb212dc0bac4549805c9f5906e3d03d152c

SHA512
eb5348d2f258767281fe954d45999bd6eb7af61411ea3a5c63fcdafc83e487cee51e1dfe2d86590243b21f6a135e0dd5116e66b0f22cf0937bd147e54a1df391

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\32\msvcr100.dll

Filesize
756KB

MD5
ef3e115c225588a680acf365158b2f4a

SHA1
ecda6d3b4642d2451817833b39248778e9c2cbb0

SHA256
25d1cc5be93c7a0b58855ad1f4c9df3cfb9ec87e5dc13db85b147b1951ac6fa8

SHA512
d51f51336b7a34eb6c8f429597c3d685eb53853ee5e9d4857c40fc7be6956f1b8363d8d34bebad15ccceae45a6eb69f105f2df6a672f15fb0e6f8d0bb1afb91a

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\UniSDPAccessAgentDaemon.exe

Filesize
952KB

MD5
1ce02320eaed5021c44d3cc521c69f58

SHA1
0e0b97d7eb61fd0ec8cb0ccb2cd931c22deb22b6

SHA256
42497aac5f17d662f9998810e944e931c7bc4dd470576a85de2dab0d56000e31

SHA512
ae8e3c78a9ee01fe0debdd137e28c64444cf0c39e33504f23caf22c097e192e6c6943fda9587b0d5b968a5e62c795e849d657a46e26845cf459beb2aeb5d184a

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\face\sys\sys_shadow.png

Filesize
1KB

MD5
c862a34218b511107eea62d397a512e6

SHA1
5a946cf1dccdc1b152969f1d2c8eee76f86c63ec

SHA256
d7af42463781a038080739e566d5f38ab52e5bf21e4826a0ef5428474d4dd2cb

SHA512
24401db4feb5de7e611682afe4d503cecf998404a5ba25cca51f568898d726dff9148a749377eacc7ca356350e51bcbfc32475f74a46d081626e283f11a0bebb

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\face\tray\traypluginpac\image\btn_close.png

Filesize
620B

MD5
8f42e8caf9361f3f363fd4418ec6e4fd

SHA1
f0cafcdaff1544cae66ef7961e086f3072607ea5

SHA256
d104f13f86772bf541815884b6ce39c900f0a1533f2ebfca05c7e1b131c996b8

SHA512
787afe42b526557130c3ffbed1c825d90a180090e9272b52a19327b0731cecc5494f27a4bb55ab42ebe521452b71baabb283987c855796c763505af60fd72275

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\face\tray\traypluginpac\image\item_bg.png

Filesize
319B

MD5
1ca9c5a8b1074e204848eb3594f57d56

SHA1
388371a5c22ee230761cafb55996ce855b342a19

SHA256
88e4cc15e7caf1584f043146bf86d6eb06107a26108ded5ca49da9a75121d838

SHA512
04d17f77811199ce6d72bb1a2c52f2e91503b566caa15f8fb9602d07a793a6fec5dd58513016e423cbbe5f95cd90bd4cd60cbb0278590364086da407ae83cca1

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\face\tray\traypluginsdplogin\image\lcex_header.png

Filesize
1KB

MD5
f2e9b590761bd30791b7b73671078237

SHA1
2e9fcc7c65dbbecdf33195f602caea26a97af7ea

SHA256
05a8356258239f7c42bf3dfbcc4424c9d4ac16717280380b95941bd3dd12a831

SHA512
ba151978f046391e96591fff983063be4ddee000a1fc1a7f3f79eeeffd4500c0e77d41fcb49ee2c77704a2acbe9f784623a192c09e5570268e398b8d6ca283f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\face\tray\traypluginsystemset\image\btn_main_item_add.png

Filesize
682B

MD5
f46ede64a8d47d20d8604b884e14170d

SHA1
876ce9ed049c20d927c8c0c36e440ce470e5ee82

SHA256
d01ea92f44b47af06794407bea1bc54507e1192fb2e857ba5dd728fc174a6826

SHA512
80a506e9d4b311ca2119657e617392298b1061f617708209c9b303bfc859f8b494fc5793161a4c21c9527ba6d00770406d94432e7cb3e1864465a2e2d5f52372

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\face\tray\traypluginsystemset\image\btn_main_item_delete.png

Filesize
1KB

MD5
cde45dc2b8a08cef100bc430849a82cf

SHA1
3cdb2e5329ac8e010a3b7c2e2ce6f3a20bcf6cd9

SHA256
d9b45edcf482022e024d97ea88f45af77743329b047dad2b85bd4fd0a8544852

SHA512
7d168a07d9b276d1371611ef6687a92ad121a553d97d18b64afd1e27b55f6d2227e188b2e4fcc837fa0a82307037121f7175bef750161adc57eb8d6fc0a03297

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\face\tray\traypluginsystemset\image\btn_main_item_edit.png

Filesize
1KB

MD5
1e0bd3e19aec7b21e88e77cc516fab77

SHA1
593e59d48994718f912f8e1e6ac9226c89c4403c

SHA256
176cd9308c5374651ec72c17b030b313f975b47cc5c029bfa4e3b15a5f93ed19

SHA512
403fbdcce3feea65760f9124315e4f708b9bbbb5e08f6482e144cf6eb9ba92e6345cca1195ef7b51a3967b7d2df2fba5d75466562a68bcea4983ab191a0a7de2

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\face\tray\traypluginsystemset\image\cm_check_btn.png

Filesize
1023B

MD5
5026afacd0beced18a9576a167cd7256

SHA1
d12f89c37735555350259a92f96c339aaff7c7a6

SHA256
5dfda9971a8bcfd20b5d5aa464e217025853c7fb261274ed584cbbf8196ef092

SHA512
c88a9b47d2b07e845b999e90362bc5eb8d14d6321f43f12f0be1002e2ae677414e066fe32378edb96b406e9b4af532d2f7b9eddb948e48cb770cd0668d06335a

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\face\tray\traypluginsystemset\image\info_tip.png

Filesize
563B

MD5
1ec646ec32892f6cf4372ec443735623

SHA1
f8de945d44de818da7e1dcc88b5fb2d2e7688239

SHA256
f6251db838a91e8b1505730303ba7cec18cb79b2ef0db38b364ab1a69e4206a8

SHA512
54c62b85ecf72f096e6cdfd6844f16d338b089710e992ada685a62935437876b2393704e712c7c434d7986477748f02701d7a5bff5cf0aea8a5dd17c7c442e8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\face\tray\traypluginsystemset\image\lcex_header_arrow.png

Filesize
2KB

MD5
320b5784ae6fea133e28722afac616a5

SHA1
7473601a48898508a0db3e5c3c9736c43d575bb4

SHA256
78bbf6632312bda5092b3113d1be092929cecd262f570431ad4e5f95b3cf2994

SHA512
f191482b26c84285c421249921ad120211264bec8c004f0abd4955bfd2d414fcee1063c815a498651d29f1c19693a4549c515d20df50e03364fcc9389216ffbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\face\tray\traypluginsystemset\image\set.png

Filesize
2KB

MD5
01698db5b2007b42776aaf3a808208df

SHA1
2d569ba7bb4c143713b487c0ad9b7c4903816173

SHA256
f6d3988923dd9c029ab802dfe3fb18c7d39e01016f147926a3e8d26544896d92

SHA512
bf4c4f1055ede1ce7b9e6ce12a972368fdf2be4dc6e704870d4fb8295c3c0a69a5ef9cd2a3f1dc1f6e2efd31d85eab28621a72dc6f24f369368cfaec86220907

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\face\ui\uimain\image\btn_button259.png

Filesize
38KB

MD5
8037cad31e58a6d07be4030d5524affe

SHA1
a9d3c3459a662d280b9ee6e6a71e2b6294df41d0

SHA256
f6878b082f2f9b82a8d69d72d13b8a1661d47fe237a440498a4c652d2c24b08b

SHA512
a177b8d4960209aa50a99a2dfee7badbc8fc9ca2273a5d9fd18e1326d5da1aa7e92e7717fe1a7991db3b47907f924bf149d851a00e5f26e1090f08e2b8de5ebf

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\face\ui\uimain\image\btn_button68.png

Filesize
533B

MD5
3faffdc7178cde3deebb984763170968

SHA1
b5fa2bce9e9c4a62b1b154fbb2ac35f83fa7f62a

SHA256
dce600a4656d9f24c01c1fe9cdb86087865cd894afbfccc2c77a1fc52fb3a596

SHA512
04b89a22a41696d5530d03e654910a7bda24449bed5e2ce95a427e3dbb635ca272518da6d54aea22efc8b5a72f3f75d15a600035fc8b923a0db7a5b7172243ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\face\ui\uimain\image\btn_button80.png

Filesize
397B

MD5
25cf5126bcc5100b21e62c3b4f798084

SHA1
f2eac27b0599199e9972a6bf2ee0c36a18aa3bdd

SHA256
707732db2a6c51935896476b23cdde43c4b5bdf342ca98aac1de8e512a86e2dd

SHA512
3cad30da9ad7af83f17f071a38d71982a3423d15fadb11644841d3ee4cf44354c6373302ef59790fafc391f9a1ff19e3d035af3a722cf300ee8e75f862ea9e9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\face\ui\uimain\image\btn_feedback.png

Filesize
213B

MD5
a17b4e5ec2cc0284e4ac5dd3bd5ad10c

SHA1
ba72a028e9f62ca4806244157b47e613e801fde0

SHA256
f80505e3cce67a346e93c429b6fc471c693d017e632b13a43908ef5df31fbfcf

SHA512
fb404913a964413d1d647fc375bb31a5ab2da9bcf5e8321bb72cada8646d50b0ead63c5f26e5a1c69a58ebe0fd6dcdfe26e745db4c3d28ab20b4477b49727c43

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\face\ui\uimain\image\main_btn_close.png

Filesize
3KB

MD5
e17fa849eabe2f289d815fecbb0e0c61

SHA1
0d27ebc47635fef5336474935f067195dd288c1d

SHA256
b89dee6d77c9fa125396aa913809c07602c4bdb60eb1ac4753282d14dbf9367d

SHA512
106f41090f0a5e59b7a35fe3bbd28710bd721419988e4e1fba953c1816ce259ae021c8c60d617a75b5d3d4bd15ea5aa67dec2319b4e99a80730b13d29ba119d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\safebox\sandbox\mainui\image\menu_right_skin.png

Filesize
991B

MD5
36d2e27d715ff05cce8397d863bbbc97

SHA1
93a7f387ebbae25174076449ebe9c9db9a0b69ee

SHA256
f40cfb0d3d4552add82ddb6e24f3cea2eea7363c0a5d89c1208d23888061a62f

SHA512
1fdf51aa3515635ed23a2696f56a60b6857e73d3a0df8f74bf65fa82009033bbfba7514f56bbb493a10cd4b86553ffbe635694d0e48c2d925b9e247a39293c99

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\Install\safebox\sys\sys_prog_bkgnd.png

Filesize
458B

MD5
409c0797ced6cdd36fd754a9cf410747

SHA1
db05e78544f4d81cfa3ae050b9d7a6a3edcfe0ff

SHA256
02bf33e75df4ce3c97d391cd88afa94eabffc16bfcc66a303e7371173dd87f44

SHA512
bc1336489ac78c127e465bda4f4b2fdb1074d4fcf74d3b0ea1331642def96217c315fa296cee96be530b6b1b3ce844e95b33c34a9117d83c78826644052c1630

Download Submit
C:\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\UniAccessAgent.ini

Filesize
16KB

MD5
3533ed1ce2dee9eabfd1fb9998366eb2

SHA1
b538c0a14cc527a9f292888c4cab3204170d200b

SHA256
69e312b3222fb5bae87908538318e09f81f8123d39c485d818a50d44345b4147

SHA512
3ba072104ad861b98fb1f995be7bfff613150bbe6e82515225e27e8492c2fe0c1508d133764c7a19f12adabfb896d8b1d6f9e13556cc19ad4b9c8007dbdf9573

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\32\log\SDPNSPInstaller_20241121_113552.log

Filesize
4KB

MD5
7fe5c8df020f159b7a30257f85c7d533

SHA1
98925f85daeed8d22d5752254df81a105a5cb625

SHA256
3c69e3bbe27c1183dc148a1c8f637a81ddce4af61ec82c45db81422f9ac792e2

SHA512
fd4a64da701426367a05af374c21f97b156feb5bd18594811aecb9d381a1aad2736cbd20a358c4efc87a00c470fc96fd38a1248b5380abd98373761fee10e9bf

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\NRServerAgent.ini

Filesize
28B

MD5
0f00eb83c286f52dc0eb229dc5c85d8d

SHA1
a54fc7282b5cb6d1005d91a016929bceef824a64

SHA256
26c29339443e3a4b725d34bfc5a536cbfb2aeaabf473d9076a1ba7dcbad17528

SHA512
d882c006e36b2bf38b14439c396ce557833a945dbe6f92d8f92b9eae5d394ec1c8ebb1f6bb6c7854083230ab297a96ca9d9c27b9914b7fe6bb996d6d07cc08d3

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\SDPNSPInstaller.exe

Filesize
169KB

MD5
840c886400bdfe1a22470a4ddf0398b4

SHA1
328260dbab7690e9104f14b709aca06da823f948

SHA256
d703b3b6c160dec623f3e57bdb30bba795e8c9f0c36c723d20163d19ecfd3bc1

SHA512
6b8c6699f75d390eb9bf699ac44ce61c72628af7cd2e753ad10d4d44de394f2ac693e7e6f2706334140b4639a127bce2c7fba93f7c58aed7cb924790cef5f351

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\SysWow64\VozokopotSDP.dll

Filesize
390KB

MD5
df46e2ce103e16ff90182d7e7b600c49

SHA1
6a96cd1280f509439cd6720c31fde735f9d0f4ff

SHA256
b928773a60380ea25664c893b62a199f47e8e42a66c6ff5e49ce88c7d0e9c639

SHA512
87d724d15650d52f7d10c89860f9d6b9491444e2c0201d3dd8a0dfb529b205d3777485dbb5979d430bc97e8b66bf5c3af1dbb375ad210fef74ac8f79439de381

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\UAAExt.exe

Filesize
77KB

MD5
d5f394a66524301ea5b02f27a945b984

SHA1
d689bd5f4febc26443492bf02a67527898f8f8d4

SHA256
e55c4c11ca5173bb1a65c8efcfcdf5f510d4b3c50c99951570c9eef33c402246

SHA512
d26ab997718c729deb9ff76d4da2e53757489e497b3f72f029f810b81dd1202db520a6b9c88dc991161a933e058204cb742bfdc47d8adc1e5aa96483f1912fd3

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\certs\SDProot.crt

Filesize
2KB

MD5
4f00a9bd8b8ac3f8821824b018cb9e1b

SHA1
d9a293180fae09a80d4735db4c898fec6dd9d952

SHA256
6d1aba9a9886b4f452ce379b43aa7c612d74ab6e9c5f097f08570ba9781097de

SHA512
223fc2e353add7bb47832d2c45055d4ad831a12e5df8ba163ba2ba32887f6cb4d340213ae05452b0529a2d8808d12028febef7de7a4a2d6efd7500dea91e5aa2

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\certs\SDProot.key

Filesize
1KB

MD5
6e816199d279d19ecdc3364d9972a18f

SHA1
d68b34479b0e01d788f0448317362ceeb7ff0960

SHA256
87205e35d3f434e578c93a3660e0c7a79882216f13666b3d95605dd459a796d0

SHA512
128c965d590f9a5ad9b974935e9bcef927073bb295282961b6efc6c2b3b57c475366f9b63696151bdc1727868f8b41766ca8b882d14ad898a4f3e026542a4733

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\certs\SDProotCA.crt

Filesize
3KB

MD5
85e2bbe22f1a5508252ed507c970fd30

SHA1
cd385c5c54b4ef0c37dfbdc74030480cb1ee9509

SHA256
95d38d3f03b230b4c4e3d724d68c811b75885acdc2f7aa3097b4f536d34baa02

SHA512
f58ee28891b1abee1bd1bbe1aad786c0cbdd6575d8a75ef2e547b476545cd2b654e6206bc87ac2260241f05c2ed6dfbe8a33c7eefde3f4ad5d8fa8169763d63d

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\certs\rsa_controller_public_key.pem

Filesize
460B

MD5
d748bd755c36ea6cb4fcaa8b2f432da2

SHA1
1cf70b679355e30b841d094149698e3a518f2c75

SHA256
af7098b7843b1390c983cc3406cb1cc2b661cc30b33209903aa6e549abf90f36

SHA512
ef741e324f2ae3b6f2c55b70b0cc3c1bbf086430d53698f44ae8904b002c335f5a36a13ad6cc950fa562f621ee4da5ffb5922c67482e807de627bfe534b5af81

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\certs\rsa_gateway_public_key.pem

Filesize
460B

MD5
560601aedae695b8da4a7dd524ccdc95

SHA1
7e28ca1636acba60dcfacc52a6c500123940694c

SHA256
7920c0525a7621f89a1094f980765714a2b269f53bbfd26ada71d2afcdf56cf5

SHA512
55f6a259bd721c7b12dcc94ad3c8ffdc66cdfa60672e3b230cc47445646b9860c3b91cccd30ca71fb4d013ba0c24bc22efe75a6317fe89f1b9914d96c9c4f4a7

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\face\goldcircle.ico

Filesize
16KB

MD5
fcdf189d48b1aa66aad68384b9619d81

SHA1
e25e5478de559a91b3f71c2b9db00f9e02cdb536

SHA256
e654c090e275a0c6e8da510614d6782e15b1cc1465f92168d0a48e03e6e68508

SHA512
86dbc75bc4ec6c0b73fd46dbc2d93330ddf50bfe771f3b121897e8ff3d8d1c7584b17ad31ab5fdf48ceac4357657922df82d891c04dcde61b3ea55a1de5a8125

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\face\sys\msg_info.png

Filesize
882B

MD5
bb0896a39e2bc953bd624529ebaf3712

SHA1
8690ebd2efe7f8d06dc4355e28be16713ad86b17

SHA256
9e2ca154f156a117b90d80e8f99499f930f32ac8f8273612b97238259c7e51e7

SHA512
91495735daf89bdfe483e24f0659c006deadcb3f202ad0249ece7c2bc25b7c761bb52700e051b211f75e0cbcdd2430c2ad4c86e2296147beef3866b4aea7f101

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\face\sys\sys_border.png

Filesize
1KB

MD5
9043d0bc91b3efd9eaff55eb6f2d33f8

SHA1
37e3a053abedd9a8c9c487334eee607f29c75f34

SHA256
d1722645497d4813c4061f7e39091e9516719110cf6b8c99aaa8ffa57adf9526

SHA512
2a031fa72ea16b98c837888410fcc9863bc4832c7b89766bb713b3e9c97ea2cad04e86f4de3c28404e6472205a6bc3b28bb17402747151cda3596fa0277c15f0

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\face\sys\sys_btn_close.png

Filesize
4KB

MD5
db810ed7b8b54879b76ae7e93778503e

SHA1
bb228085cd8a5d6c8cba89ee2f72ebe76885641b

SHA256
6e8fdf0e8c9a1578d55668d11d87e7ea9b1d50224c47901dc1e1078d409dafb7

SHA512
102e486195f62591c97593338ff5901635574ef3c96dbb12c0e5dcebc94d48af2f45838f09902f1626cd63b35cfd400cce43d3df9d11aa1b3dc3fc36cf9f3144

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\face\sys\sys_btn_maximize.png

Filesize
3KB

MD5
e55d9af5f55d0457d4631cb4bf85e994

SHA1
7268e9ea4d4b823f8701c76113a6cc2e4cd42212

SHA256
b9c0add584b48098a9737b0957ff294dfed58136364bf76cc4b01e0dffbcc121

SHA512
a0a7a9f435ab0e1c6f2f8926628d9df087c558a8fa79a037f5dd8584f4de2e47508bdebc2d0f7c8b686b90c0a60d0381cb3ecce6b03c24999a8c95140d412028

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\face\sys\sys_btn_minimize.png

Filesize
3KB

MD5
c553582e00feb08ee9b60df1428ec56b

SHA1
bd17d93b72c1c38f737538fbfb1c93e8d6f1b414

SHA256
61d39ba8e12b41c93e69ea263d9146bb7974f6da11b4780a705727c57fb5e738

SHA512
175137a6f0dd7278e3abd69705e3ffbe8f8c11787cd0e9f725400772b10ea879901c1f9281285d58184c3dbe7417a00cbb051fe903c4b146617539d728819850

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\face\sys\sys_btn_restore.png

Filesize
3KB

MD5
69466bd970dc2a8539cc5f65bc67a0df

SHA1
3b997c2118014753f3979d55eb85f47aeb0328de

SHA256
8da23497400e6b1aca1d5a395eab3f11c95f21818a0db13911554d457085675d

SHA512
1b4f2c64656aa982aa0a7f857c67c4c2b2130f4253e063f7b318e1f6d0c1c86cea5c9ada956edb4e071759e080c20cf8ad28107482da0945d67cde7a8a676b3a

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\face\sys\sys_checkbox.png

Filesize
3KB

MD5
64cc3502f3dddc4ed1ec30cdd2311667

SHA1
1829eb3d8b514aa12a333f5a845d1d24480b6b81

SHA256
b9118d1275c3f5f2343cc742b4e1bfce251ceadadb5728a84ffedf69fe1ced7b

SHA512
9c84dc774a66c64fbd3dbe4ac2dc160bccf16ecb69f09375f2d3e3c2dcb27c0281d4fba2e3234c2a73e82fbf5707828092569cf426d3f365ffd23b181c19d27b

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\face\sys\sys_dropbtn.png

Filesize
3KB

MD5
afbdc0f36eef061579f497d13c54b674

SHA1
d1a7de22e7487c22d96af5a0bad7e0684adbac17

SHA256
5c70502666bf8531d697ebf0ab416380b31c7576a10b3d6fa828a2436f8b4ce6

SHA512
ff9e7d124284210fe4aff489a4c877e9b6673324220d334fc17fac94c58574391338a9496dbc583e5cb6ea66da9df17eb555b44c32faaf742664077e29bdc732

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\face\sys\sys_focus_checkbox.png

Filesize
2KB

MD5
e04c30ddf4f7bb505ccfe4c33cf25c2a

SHA1
dc219e37c20bd501c7bf5b0424f2ca2ce954d84d

SHA256
2e0c370804287ed0e90157580fa5f461cde0d3b06e0655b89475163dccc9db71

SHA512
a24921588a02f104406d68ea4c99fa9579fd2d8f78259feea49bb1b393e59dec55f1e911100435cd24c0a5d4c3d17272e4ab170f76c4dd1cb7e0e74100986c4c

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\face\sys\sys_focus_radio.png

Filesize
3KB

MD5
549be830bf7c7fe81a490f575d156c62

SHA1
a426bc40874cadc3f8cbf989148d546f10302b7c

SHA256
c4a94f9c7b33e6512dae3a9fc879300e7abc10a3aebc843815bc550ae9344f8f

SHA512
d170bd9499e8d452675bf62cfd8316bbac0280297899788571bf718f628853c6d04739ec22373a790bfe76133cf0f806ef9e8b08979cd856ab857367ac321742

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\face\sys\sys_header.png

Filesize
1KB

MD5
f47bfa8780f7e4000d2060d9149e4a81

SHA1
65fc00f641016ba201a8127730a32e6f804d7d3c

SHA256
67844e3ff3ff031ec6fed76ba293c05080256fc21aaf2827416c4801402f5a62

SHA512
e2bfee20d75cdc1bdc68c2c0bbc89672e5c7698208192b2b109d0cf93a3fb00069eca32e0f71a83cd026b1a582f1b68fa05f281d1d85e4f32bc2c481032c6086

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\face\sys\sys_icons.png

Filesize
6KB

MD5
4875220db9913fab9e8c0b4d38423ae1

SHA1
18f1cc2cf04594d469db5242484cb95a98aa7a47

SHA256
75b2847643f270e959ab30f55b51ffc920e364171bea2135c0a7f5eb3248a20d

SHA512
461249c574eb4d6e5176ef155640c4ce13a754e778fa2bebd82f945d0af54d7b5a2044455679e42b0201f1d5e7699e4ca964a8f7934e6d49018171805735d54e

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\face\sys\sys_menu_arrow.png

Filesize
2KB

MD5
ebd147b36b7fd15a1c62aeb25b8fc02f

SHA1
3def2a3909797f55f1c43287ec8b32902147ccfe

SHA256
f1088fab6167f9d1428a2d2ca5ac8f3999061cb10fc077182d38356b59fefb20

SHA512
382eb073587b33a824cc4d0c95cc719d88fe8e0249e3bff40957c31cafa890a6ffad7b64d88ef7ed95b87efc5a547a5ae2a4e97b9e33ee3762f0e0296089538b

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\face\sys\sys_menu_border.png

Filesize
2KB

MD5
09c465828be44eefc3f35d7c792d10bb

SHA1
4301282a58664ca37f6f68e18abbb4a4ac01ff82

SHA256
56e8987c006758e9b1eac3e5e9513e984c8359a28a20fa84e303bb89f95381ec

SHA512
78638218c8baa53e7774246d2069660542ccad90003fa2aa9d3284cde2768f36b4f3f82b62a33d9680878c17f5ee5ce7be96cde103d681bc890121cba56519e5

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\face\sys\sys_menu_check.png

Filesize
3KB

MD5
61131aceeac097063135bde0083d9a9c

SHA1
1d69aad7b955032c67dc26b0efac3c848118681b

SHA256
1049090203c086e91f9aa5cfc5e2b0e12c45ca18e38f5ea6920b454e7800f7ec

SHA512
c7b2198abc96e44bedd38e0938b7a4d4a41a6bc605a232737b4ec710684ee5cd33f3cf19f30848dbbf94d62908bc6c3571c74c89bf50ac337ba59569742f9d71

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\face\sys\sys_menu_sep.png

Filesize
2KB

MD5
5ae7e0526cc65a438a08d32759b32d90

SHA1
c9d65ca2c3144f7b569eefa02bc095b348c3c49e

SHA256
bc7b9d0f40b3733fb29839de5f6b3a6103262ab25451e8ec03178f0d93183142

SHA512
068b217080c4e99429ec87c953a467a17c6385a9fedc664cc1c60f14db3a03dd4e6eae6cd8d23df6732512f5a021c4f6547979b3627aa38bc54c488da333b5f6

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\face\sys\sys_menu_skin.png

Filesize
2KB

MD5
776925528d0adb8888184862ce3e4531

SHA1
6b2653a14892633abf274ca541aa0ea9f770a12f

SHA256
cc1c48942d288ed61bb8f5c8e159bbef1d6d860659ef182bddca628879588d20

SHA512
2d71d0fef5622249eb77bf05a54b4aecd7579dae57eedbcdb687250aebb74d36d39f663f5b837990ad6f2d56a259c8b83536c2253cd9b11a704ef01849b4421b

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\face\sys\sys_prog_bar.png

Filesize
230B

MD5
8f2ff3eb2b21253879b526cb3b5e5f2d

SHA1
e014ff34ed217ae8bad168200448781d94a7e962

SHA256
72dd5dffbc7398b8ea9828f4d00f2e1c9d1ff2e17f1fb68da01022bd282374a7

SHA512
4a515d72d87fbc81829585885f1ba1b38ce86b189a78e229412cb5a234f9f66b9a37ecc8892afdf215adc52765a0f14cd6a1c288dae7a2357c2ef9ba9c2622f7

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\face\sys\sys_radio.png

Filesize
4KB

MD5
ed6bf91433c68635e7d77e5fdf9f8190

SHA1
f494f8986de83ddbea0c1f297265232b71144dcc

SHA256
8e1150f1ffc99366f7ac7adb1c8f8cff4b1d21476c3896acff5b38ff55b30ba8

SHA512
d398dfb020fcca0acda00e1eb88430bd58685ff5c5bd1222615de9bf0537c36c1764246a04882d7b654cc9b3ed93ab722043c118d90e6396facc7fb96e1edae7

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\face\sys\sys_scrollbar.png

Filesize
4KB

MD5
b221d8242808f98906b7b143cdffcdf9

SHA1
ff5ed2f36bfd5a9911fa801c968675d0e954e207

SHA256
e25997d287c756adf5cfbe63cec9b7bffed13f2d9e7ef790f3b3ed606dfe1f91

SHA512
7bdf62084f6d22320e904a644b5ef553beb4216b5e654c1b43aa256b72e7a6ca422dc91389d452a790de63bf264e6d1b209f964cce3d6518a4454c17d6a6a4c9

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\face\sys\sys_slider_thumb.png

Filesize
5KB

MD5
ba7c3ef136287e2e555f1fca843706d0

SHA1
1d23e6b0d196ba0bdff917d97ad5d1cc3d2b1181

SHA256
b23cbdfa9c5e9b4f9ae16b4335d2546400bd36188fd052d30753340cc91d3819

SHA512
943d10f4ab6985f01e907d2291ebc845dfb17bae1120b955238cc5e2768ecf0526db9bfa2a5a3331e8f3512518daed4af7cfebdfb239dee2b08817269df69a6d

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\face\sys\sys_split_horz.png

Filesize
3KB

MD5
6e13a42e6fd0892805abf4bb0cdf0315

SHA1
fd859e23dd51c6e06df2f81fa69a212f3e968cb2

SHA256
9a5f45d6b2dc4620ec486e777af7dc5dbc943e2c9a0fafe3221c41602059bd16

SHA512
7c08d53a361e8b73ea49c08771e2104babd6deeb832b31b94e8345e32a973eeed90b8de33fd75872bb2d0fa0c3514a2c890c095aefd8b9b313c267550806ca4b

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\face\sys\sys_split_vert.png

Filesize
3KB

MD5
e52c225824596312041143823bb9e19c

SHA1
96473727200094de4ec128bac18027559167801b

SHA256
397fce4d6ec0acfcd4b285cb774b8bc28d52f56f8210749b3737b9836ee06e01

SHA512
27aaab067657713bdaec960489b7e32ef31912905ed8a13ad1cb994373b79e366c4c39396ab485a92045cefc8841affead3a6db1d16b969c83b1e313264c7297

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\face\sys\sys_tab_page.png

Filesize
1018B

MD5
3a9adb52eae5d44c3612e4ae8c877f32

SHA1
f66eb6e08382c0b73c44ad02412f6b29bb700a9d

SHA256
f8d49533dc65bd79cd16e94c7d9ad3d3a311c195ea99d815d627b0866d8fbc4f

SHA512
9b2dfbb9eb520732863b321f5a6e26decbd9e84062408c6a587b738dd03997edec2ef6a4910ebf639d25b0b3429079c21566ff326f5466e5ac1ec2935846205d

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\face\sys\sys_tree_checkbox.png

Filesize
3KB

MD5
43feb0a7f721f305996062f3f552e4df

SHA1
d70e7882005b16e2267b73f6d5a0c3d6f14ba492

SHA256
bda3c12ac769460e1920468d6186ee83533b539fc5f19fc7801670afc6077d7f

SHA512
856cabfd1548c00446f121d8f1b985b8d1059642c253660a241f3434076d98f6c102a2dabea0479fd3e9ad943891b05abacf2c2755ab75ed627fc967cebbb18a

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\face\sys\sys_vert_prog_bar.png

Filesize
2KB

MD5
1a07f86c0e9b7d8cc9a2dcb110b9008d

SHA1
6fc81e2de8fe1919684b04e2dcf77bf548557b1f

SHA256
a6120b6e8a014a251339bea6568d2f00ff8bb571cd4146ead28b38e9c9424c5c

SHA512
6771597f50cabbbadee083ecaf17c839512e30f91d450fe9da9d76555194e9317eec8fed5baf8ebfc459679094cb841095dc969d8e8beef0f1b51c8d5500bdae

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\face\sys\sys_wnd_bkgnd.png

Filesize
1KB

MD5
de957fec788ac7617bebf9256038b6ae

SHA1
2d9ba69ab6cee9e80b0a23fe480089eb8e56f9e9

SHA256
decf0951e1a7e335d1fefe4727fa8498a4337e94a6cecc330e8373dc221ef2ba

SHA512
a5482695e9f0f2cf84f19c2626e3ae317b0dc675edf9ef94f8f6f5f6df46e9e8921018f64b7d13ef34b10652770686666e56d194aab4ab40e494132bc2e55140

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\face\sys\sys_xml_editmenu.xml

Filesize
352B

MD5
a0d0d2feaaab3d8cb7dde6d3d3859d9f

SHA1
655d482f9af0b057d80edfdf3c0795d4cee327c1

SHA256
3cd1dc85218c01e66cfcd7ff21c98d4786014f49b85ac19da0175ad8ca2ce74a

SHA512
3c1330ba1717489d8aa53da884f3e1751fac47182236866e7d31d1fff3390b6ad9cbd926c240018c87d8cdc7d5864f9ee78209872aa3d725df99d81e7b7292da

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\face\tray\traymain\image\logo.png

Filesize
8KB

MD5
9f245cf743dac51f9cf491ac0e0c8518

SHA1
b95d337e1b85a93fa6b7e4ffea6b73e5a6e4fb1c

SHA256
530a6d789b04ce47cb7d08ad7404238d04ccdd047fa7c2916466497e1f5dd523

SHA512
5a226321d91f47766e496f3d6f719d681cf5a626e22e43f837e96fc9e6050627cfbab6a96bd0d18ea11c264e57ee760d2e06c399b41fcfce06cec068eb2dcaee

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\face\tray\traymain\image\main_btn_min.png

Filesize
2KB

MD5
8f118ab5c65cd8afcf25fe1118f8472b

SHA1
7e6afd7fe0a8ecef5ff9a8124ccc51728b09653a

SHA256
36b74c01d95c4c73a489963ad7d4f6dd7c5ebd058ef76217d9152beae04bf407

SHA512
ac02444379992d563bdca4b13d763cde832fd5056aec50a2c4a5f3934e9b725afdb3d2a199c56f86bbd441a0ebb98b8d16313c62728600b385d29658b93d27eb

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\face\tray\traymain\image\tips_icon.png

Filesize
415B

MD5
084625b461cfc2c666448f033e3c8d07

SHA1
5ca28cd1e38b745ce53295c4f586e7adaec9fa26

SHA256
91506c47f0bd2501c8fd66020e6ede1eb5b52ad0bf1c63ba6724ef9d4342ca8c

SHA512
b981ee8850447a1f4d30cd8ddf33eeb3248a0e3f86309140a4c09d0a53f64d842f63f5b522b560a1d63825520652058bc5f4cb2706c7c18467c46107db160751

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\face\tray\traymain\image\tray.ico

Filesize
4KB

MD5
f7efc17a17465e381a11cb138ea7b5e9

SHA1
9df8ee9db9bff18b04cc6f9ae306e223334dd79b

SHA256
6ee82e7616aa3620e13fea0b79bc3f40b41c025fa4b8fe20c7c134a869202cb8

SHA512
2cd6d5b698c317ffcfeb6c49994314deb8baaa3dad3b6b44ab3af297fe0a503ed9293fd944d0ab4c5de102c5924dce9a3826f3632e25127b0770293bd5c2267f

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\face\tray\traymain\xml\dlg_host_msg_frame.xml

Filesize
176B

MD5
59d2ce734aff68bde8a4b1247032128b

SHA1
bf3c911d28f12eaa5ac97ca3a194aa8b63399733

SHA256
ebb49216d07bffdb82bb3290911f155d919646b025f3204d187e98b7211e8028

SHA512
3823ff0f125bfcedea8d748c72ae06cdd5b45fc7af2150f109777c38031bd3db13870411c22e178d744fdc9f6153bab775c13c913d529c3070af62b6c8f310ef

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\face\tray\traymain\xml\menu_multiHome.xml

Filesize
38B

MD5
237a4afd1fa1a5838a63521046f8996d

SHA1
cd0295d6d69f945b4b3c7d09bedb2d10b0883cdc

SHA256
86e0a4d4f900f574d917587d8767680fdedc64da8e542a31f08b5a06c3fe389b

SHA512
f21e1d601912cf916394e4536731f3b21922355c9bad7d3ef11e27b6ac698115c8ead5a9ba5a36ab76b6408888dc3cd07a7c81c42ed24fd1de8985cd6bfb448d

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\face\tray\traypluginpac\image\scrollbar.png

Filesize
1KB

MD5
d35de7990060d721194a58e29228eed5

SHA1
894fcb4226c3349b899dbc5db8740259a59e0b21

SHA256
473f956f44a8819911d5eb6593a2ff51bceffa369deaa91e6a4f8614c1b2f187

SHA512
9f47e774a43c8467a07a1623a4d13427b4603d48d145b2217cda4b2564d0b72edbfef5a745f7fc1b3b65cdd1f0cee8ea90e5ab971d5b1edc7336392c946b72a0

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\face\tray\traypluginpac\xml\xml_init.xml

Filesize
3KB

MD5
11b44f87d43509d2dbfb2b37d3f33aa8

SHA1
68ffc54d7273d77b56dfa7a71b301e76bade38e9

SHA256
f8038050b9a2fab8fcf28899ad61c0a98f29f54d5c05a12d6d6cc07f2aa22652

SHA512
4f3c609ae1b646a7401fb1b9d74c1e072ce45a0dd171ff2fe4ae7595e9bce8064e44191befac215f0e410b4420b13168caaffaeaa699e0571577c80bf113f1b1

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\face\tray\traypluginsdplogin\image\background.png

Filesize
183KB

MD5
1cd739c16d1f4982c13f0e698dd8f3e3

SHA1
841954974531da2518758e29b2be5d67e9886b2a

SHA256
08d92bb2ed3e99c3678ddf9e5480aa73e1827c805c0c634b8f0b4e480d30a2bc

SHA512
57ac2530e201cabbf01dcd26c01644fdca61254eac46794da2666f90d4f355e17b1fc252cf8494fd183b3da147219e47f269c936713d21c0b438e81520faa79f

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\face\tray\traypluginsdplogin\image\login_btn.png

Filesize
549B

MD5
4e9df130ac2fd7b8876937689b43a330

SHA1
8cedf02714ede42a4daf08edfe07e50f2fbcd81e

SHA256
000b5e33567a7e5a2950f073b7009b1c3989843cdddcf7a151efe23032064627

SHA512
e31a19a854b6cdf7639fedb509901e6a09eeb49ed3f4704db70500015b9c536af884f8929bac405df5b0906644ac6698a2096656b4da2c8b4399e9d8194c4e59

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\face\tray\traypluginsdplogin\image\sdpact.png

Filesize
375B

MD5
96938731aebf5ab0a3b7180e658b5a40

SHA1
b3678c67aa57fd98cb961f208a8e4c04b56116b8

SHA256
3e58a085755a56ff7b5173f17c633e005139b41736b66999f5cf31826ff036de

SHA512
e7750724358c16d644bd2523111d7c8e71c0c7704d7e45655c97a0a736e8c99987004624baa01aae7b3ca8c7cdfa4c0ac601d7056001afc563dc5e087fea8f95

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\face\tray\traypluginsdplogin\image\sdpclose.png

Filesize
196B

MD5
c2415b56f6c99d89d7d92fe9e5da6899

SHA1
e9f4340ecb4cff3e58845ca78af1b4addb61f09e

SHA256
268f1483f9e70a3f0e203fc55b21b2ef079f2244dcd9c81c07b8b4cc716f0a28

SHA512
31f3144b15af1444853e23382f9173e321409a5969f9add556c483dcfec0ade681ba2a2c3f5e7a1be9954747c1d93d7544d902202a707add91a4d7f5dba6aab8

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\face\tray\traypluginsdplogin\image\sdppwd.png

Filesize
374B

MD5
368ea20c39f2e589a28a40aea14346ae

SHA1
99e0c7d932959b52a643e63b446e359ad9a2eb15

SHA256
6e1e0e624981ecb205b8bd8e3ce1d567270c396ba2b112d159eca8025bb4f721

SHA512
44604fd75d1c445d9e7cd6aa18a8c6d59c43ec8bb3acdf269f19dc19f9d6f985b6a58d239e4b3b826086d785a331d0629d118f1043fe21579ee83a5d02f5cfce

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\face\ui\uifloatwindow\image\edit_border.png

Filesize
2KB

MD5
173df217544abef919cef5b7cdd302f9

SHA1
1af9d2542e3c60ce5480cb260579c32af66f4710

SHA256
9ad9c99d8ad2e9c0d0218c73c8ee83fffa43c20d8727f6454e7e94102f00f2dc

SHA512
a1c5413b797846cb4452038164e3a9f7da233b6ae0ad00599efaa240618ad1988de40ad62593f0898f3d597d36362bcd6be6e2aaaf527b0ba1a6dd73a46eb112

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\lan\MeiLinGuan_en-US.lan

Filesize
390B

MD5
533c2365ced1151c88b7368ca8e52db4

SHA1
4651bb7ae0f9e55f1f55e2495a765065ee8e5fad

SHA256
cdd88a00c9337d91b5580532ff62016666ccff3633108ac73142869391c80fed

SHA512
1a86036a46b9704214038e2a9a6f4d3770484fc751047ce43bc9557ae73e6b92bc6901b27e0bdbae8e0eeb830011cde9aeb248039d8cb50f677653cd711d137b

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\log\SDPNSPInstaller_20241121_113552.log

Filesize
4KB

MD5
0cca2ace7f237327bc96aec33c371d85

SHA1
f8c24b804cd3895202ac92a64c19c14f3aa26e22

SHA256
fd984dc3813ff33ebf3230b5d5a482ec52d2a70369430bbabd434b08ee433b2f

SHA512
55805e03250b90b003ea2bec83781bb162d85b2937cc6347c54246dc6887f4df9ddde968343c073abcdaeb30d2ac2dcafc76d783f9c60d74368cc85a5eec44fa

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\log\SDPProxyClient_20241121_113552.log

Filesize
6KB

MD5
eef867bb51d39b9acfc334152a61aa8c

SHA1
28a3240d4cef2b08f83a393d27cd01b3eb594581

SHA256
2d8eccd9cb7c24e24599a841f9b779029ecca404f18c1381e9573c3156977088

SHA512
e2ea0e3ef42397e9f3b286614e9d18af5a68b94ae0f7489bf66ddaff8a60c99479bad316f57d1bf0bf34b982fc106ddeba70099825dc79a1ea8736da7a4d733b

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\log\SDPWinProxyLib_20241121_113552.log

Filesize
913B

MD5
3da0c2f896cbb839ac2e69e51fabe0b1

SHA1
5f7d7c581bf47d5dccf973295f100fd3a7c3d7ac

SHA256
e25ac29ba231abaaa651e4e12d81760be0c31aca5aaa1c65059f926d638abd31

SHA512
04ad18a792f8f8747586b8430c77c5a15197a07e70a2fe15c3f1d077508c92b81beabfa69a94f1cfe6f9af932c1ac136d131afe88119bbcdb520ce93c65eaa49

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\log\SDPWinProxyLib_20241121_113552.log

Filesize
1KB

MD5
7912f584d23bae5a0b38ac315ad3d4af

SHA1
0e52092dafabf8fdb240e01e4a001b7272f2ce3b

SHA256
fbf40d3b513940b43a84735b535de60b1c1edab15c226954e5331111fc02d172

SHA512
42de41b02643d70de8956a0380083c935c68b92ca278bc09e1fe9aa9c8fe3eb502101c4a1043d8c53ff35a15c0f1ddac0e6b74f88d542d5d0bff35bde89a9266

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\log\UAAExt_20241121_113550.log

Filesize
2KB

MD5
ff67cf4096ba9ae14ca9e43ed2144413

SHA1
aeb514433ee18c2ebb36f291b540a1713e8bdce7

SHA256
d9707d041d623f284ede9d8ab6ab8bf7204c494ad0aad4922d5fe7b00a23f306

SHA512
9bd0368a36a4ace2934d6fe23b40be7114763269ffb235263c6cd8b3026df34fc95e927b701fcb7c9e21ef5007d8f9f48e7a509bfebdd14f1c11bce3712b68c9

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\log\UniSDPAccessAgentDaemon_20241121_113550.log

Filesize
5KB

MD5
9a8e3d39b50b5b8b2f005c816da37c92

SHA1
96f5d9718ba05a682e80d0201e8a428e8e770cd9

SHA256
509f4e5731d5c81b1c912070fd41dc00d615c2dbc0d28465b1a8b94cd2e65af4

SHA512
515bd1c611f5ba7c2abd22adb005e5ca57b4d7eeaf28f2e28c93bbc3c391f58397ff737976a126aaf562b247990b6ae2644aadf6002a2c4f18eb5bc17b743132

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\log\UniSDPAccessAgentTray1_Default_20241121_113549.log

Filesize
6KB

MD5
30db955f055aa0b57da513c7056244c5

SHA1
e6f937dfcd2fcc3e56703616541ece4ffe38cfa5

SHA256
ccce2639fba3188aee6878deb9670ae7a7598cacf480aa86a422ee79280eed97

SHA512
ab0934a875e1f6bfced718cad31aefd662c0d979b5c9c2affe6750752dddc1b97357e9eefde718b47b3bad103dd7f60e67bab1e59b20834724135bae2a7ddc4f

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\log\UniSDPAccessAgent_20241121_113549.log

Filesize
2KB

MD5
1992c1a27d194ec341189e535d4916d2

SHA1
c849168b79f710b0f2f44423dbade44ff90e4c49

SHA256
e9fdeb15cb9da679709bca94e624bf68c1522ce65ed1f1cc713cb9db79c31af8

SHA512
536d6993aa2445c8129cc7cf9e31335bbc41b9beec1c7c13fe3d8d41f5654331c2e752f85c6475e9112ccb719db58f4af4ba007291eb9269c9321c172fc1250b

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\log\UniSDPAccessAgent_20241121_113549.log

Filesize
6KB

MD5
39b5404d44bcc6c97c3e6bb589a9ed22

SHA1
77005135c0fdf3bf17323e8dbf3d827ea7b0d0e3

SHA256
eccfa9e4a405a9fc4cd6dd51c7348b9d61d1af687095cd760283f51edef9fe76

SHA512
835e138ccb462ea72285ce131cb8ecd8c56c5ad57561f11fd7c3f707d84a0a5a08a896936e88bbe98b23cc4723c9f1755d8e68a248de2101c9a9fc0d1dd8cb3c

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\log\UniSDPAccessAgent_noise_20241121_113550.log

Filesize
9KB

MD5
4da31def9d05ebd63f75ef793f359f89

SHA1
156419f6fc5ecfdd393e8e395046295871db740b

SHA256
5cb12fcf3b2f948133d4b5c05e17e26a0e9baacda6bb4ea88b99b25b1a2ea471

SHA512
d9ab32797e8173f9c2baf03f59e1fb65d7a825284785bae45b177d3c5a7ac66eef3a5c7ee0d3c83c67f452157613d323a98c86e00180344c53eb1644c7ffab26

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\policy\TurbineEngineRulesSWYZ201.arc

Filesize
46B

MD5
793a6d0b32c52fedaf7fc24b8cd0be27

SHA1
d5254a1c8394f7616fac3c5ee2ea519af93fab9f

SHA256
934170315aab1b90f7b57903b6c2d7810a0a2b7a8efada2e9151864a8260c6c5

SHA512
268f6c757c17187aa7c42aea5fadbf62444474a6a6a876932cbed2d3c98e335c2f88428eb23d81552f077264e84056427c77dc41521a6bf751cc25c5446b3cfa

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\policy\UAACustConfig.arc

Filesize
2KB

MD5
ad3c99c968550d63963b8e5b82280931

SHA1
c089d4b3e063a51642a6a9750b69ee277ce4e35a

SHA256
179610eb023884614db78385c2901926ef9990991b61fb7ab188c4d069f638bd

SHA512
867766b4a7d9dc7512991e61dd00a6219a9b0e4ca200d34cd48b29aff3ebdfb8f5482683eee9a269fc76d03e1539a217a855fc6ba6b80911a5a8f717b7546e72

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\public\SDPNewClient.arc

Filesize
144B

MD5
128ab7692e89ed996812becd7e65547e

SHA1
433087cfe9cc55abbc39a3095f935e177f6c5321

SHA256
0218ec71f3753f7905f9832d947824f95b34e1d07659da561729fa0656be1e5d

SHA512
3e67721b76f6f4acf7f847a049f1c962d5645990bbcb6d6774be07bca33a15a235091797972066ad96f6e9409bf1be87689966e85feb2195cd9627ffef21ff38

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\public\UserConfigInfo.arc

Filesize
1KB

MD5
2d4ce00c62ab34da2c5f7fcc6c69e339

SHA1
7cfb09ecf5e19d58879aa749cc8b47f8eeb5eef3

SHA256
1eba614205b40eba7af714fb8642f363cb1f009262d50e181a3500b35ae1e4ab

SHA512
ab86fe515ea3b22c5469bfff0f90451ef40e19b5925291d9ef7c202f13b1fcb3b47993bdfe3c05f872132a67b8e986cfdb9a81b2f40df62fd6ff0ad51db984ea

Download Submit
C:\Windows\LVUAAgentSDPInstBaseRoot\safebox\SDPSbieSvc.exe

Filesize
779KB

MD5
2143a4b6007dab727c982633664fd0e0

SHA1
b7e78ee84ae7b6246ee1e1884025d7174961f6fe

SHA256
c47c97562bed945db60d2c1e6da9eff38513fb292f5f5773a2449bde0d4aa32d

SHA512
6c553a7463f0a616db245332683dd53f1abdbe6308aafa4feb18ac2e7ba7e3718eec9d531b3dee2118802c4048118019dc7a23ea1e036be34b2ee8eae243bcbe

Download Submit
\Users\Admin\AppData\Local\Temp\UniSDP_20240330SP_20240708V5.3.0.14\7z.exe

Filesize
302KB

MD5
c42e14fe778a07ae4da7c4c195ec6547

SHA1
cc42be4023c6c835654130b6b6df443b89287ea1

SHA256
ced28353801ea01924792a01d180fb426b4aa8f09c15078c5ee35deb3296d971

SHA512
8e8f0e4f535a46d5768352b440829f396ee6ab47b4581cccb44d05b1f86dc4b210e8501623779d21a034bc59fa87047a9fd65e070e4beb8614ba7e18352bc38c

Download Submit
memory/336-3239-0x0000000000EA0000-0x0000000000EA1000-memory.dmp

Filesize
4KB

Download
memory/1120-3275-0x000007FEBF980000-0x000007FEBF990000-memory.dmp

Filesize
64KB

Download
memory/1120-3277-0x000007FEBF980000-0x000007FEBF990000-memory.dmp

Filesize
64KB

Download
memory/1120-3279-0x000007FEBF980000-0x000007FEBF990000-memory.dmp

Filesize
64KB

Download
memory/1120-3281-0x000007FEBF980000-0x000007FEBF990000-memory.dmp

Filesize
64KB

Download
memory/1120-3280-0x0000000037A60000-0x0000000037A70000-memory.dmp

Filesize
64KB

Download
memory/1120-3278-0x0000000037A60000-0x0000000037A70000-memory.dmp

Filesize
64KB

Download
memory/1120-3276-0x0000000037A60000-0x0000000037A70000-memory.dmp

Filesize
64KB

Download
memory/1120-3274-0x0000000037A60000-0x0000000037A70000-memory.dmp

Filesize
64KB

Download
memory/1120-3269-0x0000000037800000-0x0000000037810000-memory.dmp

Filesize
64KB

Download
memory/1120-3270-0x000007FEBE090000-0x000007FEBE0A0000-memory.dmp

Filesize
64KB

Download
memory/1120-3271-0x000007FEBF980000-0x000007FEBF990000-memory.dmp

Filesize
64KB

Download
memory/1120-3272-0x0000000037A60000-0x0000000037A70000-memory.dmp

Filesize
64KB

Download
memory/1120-3273-0x000007FEBF980000-0x000007FEBF990000-memory.dmp

Filesize
64KB

Download
memory/1256-3299-0x0000000037A60000-0x0000000037A70000-memory.dmp

Filesize
64KB

Download
memory/1256-3302-0x0000000037A60000-0x0000000037A70000-memory.dmp

Filesize
64KB

Download
memory/1256-3297-0x0000000037A60000-0x0000000037A70000-memory.dmp

Filesize
64KB

Download
memory/1256-3304-0x0000000037A60000-0x0000000037A70000-memory.dmp

Filesize
64KB

Download
memory/1256-3306-0x0000000037A60000-0x0000000037A70000-memory.dmp

Filesize
64KB

Download
memory/1256-3308-0x0000000037A60000-0x0000000037A70000-memory.dmp

Filesize
64KB

Download
memory/1256-3309-0x000007FEBF980000-0x000007FEBF990000-memory.dmp

Filesize
64KB

Download
memory/1804-1735-0x0000000000980000-0x0000000005B18000-memory.dmp

Filesize
81.6MB

Download
memory/1804-3938-0x0000000000980000-0x0000000005B18000-memory.dmp

Filesize
81.6MB

Download
memory/1804-15-0x0000000000980000-0x0000000005B18000-memory.dmp

Filesize
81.6MB

Download