Overview

overview

7

Static

static

1

TabularEdi...t8.exe

windows11-21h2-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250217-en
  • resource tags

    arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    18-02-2025 09:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TabularEditor.3.Installer.x64.Net8.exe

  • Size

    41.8MB

  • MD5

    0a88da9b22e7b130313c6c828890a047

  • SHA1

    1ebafbb93872f0f2558162bcd2fbbb1703b666d2

  • SHA256

    8f5b7c34e176ec2a62b2e5a9de661dfc8b10fc2590bbbfab14ec9d06b147a0ac

  • SHA512

    2a0aa27a982edba4d1338e6e86fdcb6500ffdaafc541ab9717a82ccf015668f99f51ae9deb4d6d1c7a5295238ea1cd36d52f3b13aad97b48bb6c2db778dff0e6

  • SSDEEP

    786432:OJ1HSHwSmCW54uN7+qhF/A5rXtSXv6RjjOSjX6EmFOTpezsiFroGm57IyBl:OJ1HSHwSmdp+cY5rXtSX6jjOSjXxmFfa

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 62 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Blocklisted process makes network request 2 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 64 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 19 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Time Discovery 1 TTPs 1 IoCs

    Adversary may gather the system time and/or time zone settings from a local or remote system.

    discovery
  • Modifies Control Panel 1 IoCs
    defense_evasion
  • Modifies data under HKEY_USERS 19 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 11 IoCs
    defense_evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 54 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TabularEditor.3.Installer.x64.Net8.exe
    "C:\Users\Admin\AppData\Local\Temp\TabularEditor.3.Installer.x64.Net8.exe"
    1⤵
    • Loads dropped DLL
    • Enumerates connected drives
    • System Location Discovery: System Language Discovery
    • Modifies Control Panel
    • Modifies system certificate store
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:1180
    • C:\Users\Admin\AppData\Local\Temp\TabularEditor.3.Installer.x64.Net8.exe
      "C:\Users\Admin\AppData\Local\Temp\TabularEditor.3.Installer.x64.Net8.exe" /i "C:\Users\Admin\AppData\Roaming\Tabular Editor ApS\Tabular Editor 3 3.19.0\install\E5D4ED0\TabularEditor.3.Installer.x64.Net8.msi" AI_EUIMSI=1 APPDIR="C:\Program Files\Tabular Editor 3" SHORTCUTDIR="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tabular Editor 3" SECONDSEQUENCE="1" CLIENTPROCESSID="1180" AI_MORE_CMD_LINE=1
      2⤵
      • Enumerates connected drives
      • System Location Discovery: System Language Discovery
      • Modifies system certificate store
      PID:332
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4728
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding AC459914DFF21B4D3A0C66246095E279 C
      2⤵
      • Loads dropped DLL
      • Blocklisted process makes network request
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1104
      • C:\Users\Admin\AppData\Roaming\Tabular Editor ApS\Tabular Editor 3\prerequisites\.NET 8.0\windowsdesktop-runtime-8.0.6-win-x64.exe
        "C:\Users\Admin\AppData\Roaming\Tabular Editor ApS\Tabular Editor 3\prerequisites\.NET 8.0\windowsdesktop-runtime-8.0.6-win-x64.exe" /q /norestart
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2372
        • C:\Windows\Temp\{8A41891B-ECA3-4CA1-A894-9C09BA0DE620}\.cr\windowsdesktop-runtime-8.0.6-win-x64.exe
          "C:\Windows\Temp\{8A41891B-ECA3-4CA1-A894-9C09BA0DE620}\.cr\windowsdesktop-runtime-8.0.6-win-x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Roaming\Tabular Editor ApS\Tabular Editor 3\prerequisites\.NET 8.0\windowsdesktop-runtime-8.0.6-win-x64.exe" -burn.filehandle.attached=580 -burn.filehandle.self=728 /q /norestart
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • System Time Discovery
          • Suspicious use of WriteProcessMemory
          PID:484
          • C:\Windows\Temp\{A54F10A4-D2A1-4346-A327-80FCC7C33B4F}\.be\windowsdesktop-runtime-8.0.6-win-x64.exe
            "C:\Windows\Temp\{A54F10A4-D2A1-4346-A327-80FCC7C33B4F}\.be\windowsdesktop-runtime-8.0.6-win-x64.exe" -q -burn.elevated BurnPipe.{7CC429DA-8176-4970-AD08-A1E23253343A} {E9D6C58E-C52D-4DB6-8D40-66865FBF41B4} 484
            5⤵
            • Executes dropped EXE
            • Adds Run key to start application
            • System Location Discovery: System Language Discovery
            • Modifies registry class
            • Suspicious use of WriteProcessMemory
            PID:928
            • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
              "C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={942f6911-1a02-4186-8c4c-b27eb2b9733d} -burn.filehandle.self=1072 -burn.embedded BurnPipe.{62F88E7C-BC59-4DD3-A2C6-CD4A8474E72F} {393DDB48-BC61-4DAE-B7E4-EDC5841C96FA} 928
              6⤵
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:1756
              • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
                "C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe" -burn.filehandle.attached=544 -burn.filehandle.self=560 -uninstall -quiet -burn.related.upgrade -burn.ancestors={942f6911-1a02-4186-8c4c-b27eb2b9733d} -burn.filehandle.self=1072 -burn.embedded BurnPipe.{62F88E7C-BC59-4DD3-A2C6-CD4A8474E72F} {393DDB48-BC61-4DAE-B7E4-EDC5841C96FA} 928
                7⤵
                • Loads dropped DLL
                • System Location Discovery: System Language Discovery
                • Suspicious use of WriteProcessMemory
                PID:4908
                • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
                  "C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe" -q -burn.elevated BurnPipe.{4D232D8F-F35E-497B-B1E8-DF657D38137C} {CCFBC88E-E58D-4C8F-B8F6-8914B51F70AA} 4908
                  8⤵
                  • System Location Discovery: System Language Discovery
                  • Modifies registry class
                  PID:4624
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 3E202D016EE038DE2196721E384B5D78
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:4764
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 5671A7EAA079CA22AF80DCBCF296804B
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:1344
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 0BA6F1E3E185FA5E44B284B13AD3A518
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:4584
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 646B4FF2D5FCF2B14296731786DD752F
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:4824
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 69202A4EB6ABF4DA55CBD59641B9AB41
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:3932
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding AD05E796865BE40299718A2DF936BD2A
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:3336
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding E5B81D00BE9732A491F9A0A4EA3CA1D8
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:4204
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 17249C9C66B2A3EC75B558ED5673979D
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:4940
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding AFAEA7144D51D7CE0E4C0F0A43441BA9 E Global\MSI0000
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2228
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe "C:\Windows\Installer\MSIB5A1.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240694734 379 TabularEditor3.Installer.CA!TabularEditor.Installer.CustomActions.RegisterWithPowerBI
        3⤵
        • Loads dropped DLL
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        PID:1820

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Config.Msi\e57ff43.rbs
    Filesize

    47KB

    MD5

    a0703d686f74a2b519fa93ee9b219507

    SHA1

    435978ee3de037e914234edbf08888f9dabf3b6b

    SHA256

    4770246095cde8816faf1a2c53ec46e04c7449fe7a95af2b4eb58c0362cafe92

    SHA512

    83b300e0931053ffea3713d0ab0481b6d6884a22271349ef796e40952dcc4d20594829d18a530fc9df4bad6e2e2a1d2fefb2ecb956371810a87f1fb6a7382062

    Download Submit

  • C:\Config.Msi\e57ff48.rbs
    Filesize

    9KB

    MD5

    dd388094499a14251f0a305b8b23dc82

    SHA1

    a47648c9994937870d91bc99d5a3636e7bed1ba8

    SHA256

    00ea7dce6ae0600443eb5337e042ac0fce6d5fdd7d3539219642a603dd21bc5b

    SHA512

    d5888b770fd5e77299465ef5adccce460dcd3359c1242634a43332010e8fa5e556df94cf557674556f00b5577f5976a1f01d9d1003f5591b9a02391deff28d5c

    Download Submit

  • C:\Config.Msi\e57ff4d.rbs
    Filesize

    11KB

    MD5

    f68a8fc5446f49631966a42f932b8acc

    SHA1

    0a2f9ff9fb11f4364cec64aea424868793585e57

    SHA256

    cd392711d13917ab5ec388a250f03ed5560e89f1c334bed39a4642851ec989f7

    SHA512

    e532e5cc177a57b688ed353c57e92b0a7aeaa3223df007cb33e8077f189d1d94fd19d809ff8642e76359a6444523c0e81b460b2beb7db96b2439cc965990d39f

    Download Submit

  • C:\Config.Msi\e57ff52.rbs
    Filesize

    8KB

    MD5

    2c15afdc1eb1c625c4b92066002ab4ef

    SHA1

    80b84e0d53563b0a1694008902824bad042af699

    SHA256

    ef0d4d734a58f13e72783b319763e3d0f5bf06c704fb476472189658d0c2c7ff

    SHA512

    7190fc6bbe5439e8850b951d29ad61399857512070a380771017a4a0b296e2e507470620f667bd53ef8a3f3bc70c712c985268b9b74e21e625891406cc007a62

    Download Submit

  • C:\Config.Msi\e57ff53.rbf
    Filesize

    143KB

    MD5

    33b4c87f18b4c49114d7a8980241657a

    SHA1

    254c67b915e45ad8584434a4af5e06ca730baa3b

    SHA256

    587296f3ff624295079471e529104385e5c30ddc46462096d343c76515e1d662

    SHA512

    42b48b4dcd76a8b2200cfafddc064c053a9d1a4b91b81dee9153322c0b2269e4d75f340c1bf7e7750351fb656445efaf1e1fe0f7e543497b247dd3f83f0c86f9

    Download Submit

  • C:\Config.Msi\e57ff54.rbf
    Filesize

    3B

    MD5

    21438ef4b9ad4fc266b6129a2f60de29

    SHA1

    5eb8e2242eeb4f5432beeec8b873f1ab0a6b71fd

    SHA256

    13bf7b3039c63bf5a50491fa3cfd8eb4e699d1ba1436315aef9cbe5711530354

    SHA512

    37436ced85e5cd638973e716d6713257d692f9dd2e1975d5511ae3856a7b3b9f0d9e497315a058b516ab31d652ea9950938c77c1ad435ea8d4b49d73427d1237

    Download Submit

  • C:\Config.Msi\e57ff58.rbs
    Filesize

    87KB

    MD5

    ba28fd79b61a29d490ff55982f0bf6e1

    SHA1

    42fa325f95c661249d25b258dca3b6f91488e389

    SHA256

    6dc72ceaede918c90b52ac9941af24d1b4855301a3170b2e590ed06066983893

    SHA512

    51070fadf5f9370ecd9333ab8e52ec09d25b1b0247c4a17b9134c8f7879b8d6bbf2a1b7e9c40b38452f7bb55be01f9372c2db0aa7b691db526336a2bf3dccd54

    Download Submit

  • C:\Config.Msi\e57ff5c.rbs
    Filesize

    131KB

    MD5

    4affb5f917ecd66b3e9479acc0a42ff3

    SHA1

    60bcfbbf14deccc8a41af9eca1c848d60fdad987

    SHA256

    93d7da2f8a8aa4c8041562dcbc309184dc8cd904ebfe43fb713b447b74085d80

    SHA512

    09a580ba28181a5598389cf3c5e7b161e1537e0dba2d036c9c38713751c7fccf3160a4a43dd4e25f2d0ad7edd12bdb97cf92f872ca1f3bba31b1534b4c86e6e4

    Download Submit

  • C:\Config.Msi\e580079.rbs
    Filesize

    8KB

    MD5

    2be89ff17dbb4e47d86d020b0b3ab92b

    SHA1

    cfafff8cb41353418ebf0118003b4f37c1764e54

    SHA256

    18ebf8f4dd3bac06a42524ab9a8cfd087c6a0a727496baaa6f47f5e4ef4c8e2c

    SHA512

    8f177954068d50c0c7bfc25be0a4dae1222339cab12d0cbad43c5afae3393b4955d012069bf3c2a11a84878a69c314611df234a581c489029046377e8eca0a1d

    Download Submit

  • C:\Config.Msi\e58007d.rbs
    Filesize

    85KB

    MD5

    3a25f47d3dd9a028596d2548b5d43828

    SHA1

    fbff4520da3660fbb1b1acba9d3d99aa513f1708

    SHA256

    107a76189c558935bd54abdf56de4167938632470b29c51e5ee5a241a61c7d93

    SHA512

    a9bab6b74ed18c152fa4790339617858a1721808e478048cb9fb0c1210b11a9082e328d1773d89b24d1e5d19ab7d6bd0859800abb754e4087fb147d22d64307b

    Download Submit

  • C:\Config.Msi\e580137.rbs
    Filesize

    38KB

    MD5

    94900691aad34e186333fd08b934a41d

    SHA1

    5100f84d3a422e7cb46e24054c8ab473a3397546

    SHA256

    0da4ea66c9c38cfab12716ed5465030d512acccb96ec85b04d5f5959e22683ad

    SHA512

    6080ba44823d9b45272a3e28b1506df33532bfdc014ee57d536711c436c18511d404516b10591dc8502901ff77f3c409eb18e7d683906c814de28fd288c78876

    Download Submit

  • C:\Program Files\Tabular Editor 3\TabularEditor3.exe
    Filesize

    162KB

    MD5

    51df28006beec16f1b2bfe35c5b659d7

    SHA1

    8e1b22c789fdd1bdf6146164bcc54d0d83ae7102

    SHA256

    5567609caf1577ef94d2dc0dffb82e8f173dda78073cbde581346fb643b5a10e

    SHA512

    883506794aee8e59814fc23a8304471b6e1622a1dee5ed663a8b13cc345c63cdf77b9a79cdcb157b5c1875e48990f24d203e03324e0619f6d958a60fd211bc46

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_1180\background
    Filesize

    134B

    MD5

    a0efb0e7b9cee25b09e09a1a64e96ba6

    SHA1

    0c1e18f6f5e6e5e6953e9fb99ca60fdec35d6e39

    SHA256

    f044f542bc46464054084c63596877f06c6e2c215c0e954c4ace9787ced82787

    SHA512

    7e53f9f564aaa529b3b15035671957c2923ec98ddee93758ea7a4c8645ee9058962078771b853e3490290fde1f57030dff5092d40d69418776ffee89f79c8a7c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_1180\checkbox
    Filesize

    1KB

    MD5

    0b044ccde7aa9d86e02a94030d744ac2

    SHA1

    0594ebb3737536703907ba5672ccd351c6afb98a

    SHA256

    bce5b6de3a1c7af7ec14b6643da25f7c9e15bd5f1c4a38abfcddc70a5e93bdd3

    SHA512

    dbfba793722589f1a76dbc75c9a2f3646733e4a079a6b70003716a7f7b8fa1a6a2b234ec9132f5737e91d20d460db1e29826b2d7ac740f73136975f19e336cd8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_1180\frame_bottom_left.bmp
    Filesize

    66B

    MD5

    1fb3755fe9676fca35b8d3c6a8e80b45

    SHA1

    7c60375472c2757650afbe045c1c97059ca66884

    SHA256

    384ebd5800becadf3bd9014686e6cc09344f75ce426e966d788eb5473b28aa21

    SHA512

    dee9db50320a27de65581c20d9e6cf429921ebee9d4e1190c044cc6063d217ca89f5667dc0d93faf7dcc2d931fe4e85c025c6f71c1651cbd2d12a43f915932c3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_1180\frame_bottom_mid.bmp
    Filesize

    66B

    MD5

    71fa2730c42ae45c8b373053cc504731

    SHA1

    ef523fc56f6566fbc41c7d51d29943e6be976d5e

    SHA256

    205209facdebf400319dbcb1020f0545d7564b9415c47497528593e344795afd

    SHA512

    ea4415619720cc1d9fb1bb89a14903bfd1471b89f9c4847df4839084aae573d49b4969d3799ad30ff25b71f6e31f8d9f30701e1240d3cd6a063819c04873f21f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_1180\frame_caption.bmp
    Filesize

    206B

    MD5

    8641f45594b8d413bf1da25ce59f1207

    SHA1

    afebb23f5a55d304d028ca9942526b3649cddb52

    SHA256

    0403ed31d75dcc182dd98f2b603da4c36b6325e9d159cac4371e1448244bb707

    SHA512

    86a5f959f8462f866466dc706d3ae627b1fb019b8a33ee7fe48e3b69f92bf33dc0f1417c0d5116552b25b488bcb5d9050a33773e6883ebe08410267d95b2353a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_1180\frame_left.bmp
    Filesize

    66B

    MD5

    30384472ae83ff8a7336b987292d8349

    SHA1

    85d3e6cffe47f5a0a4e1a87ac9da729537783cd0

    SHA256

    f545ec56bc9b690a6b952471669a8316e18274d64e2ebc9e365fcf44363a125a

    SHA512

    7611f930a0a1089cc5004203ec128c916f0c2aedae3a6fcc2eaffa8cd004dcbf154714e401947921a06896ca77c77daec7f9bda82369aacd3bb666f8a0331963

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_1180\frame_left_inactive.bmp
    Filesize

    66B

    MD5

    4b84f29fbce81aab5af97a311d0e51e2

    SHA1

    60723cf4b91c139661db5ecb0964deca1fc196ea

    SHA256

    c93be5a7c979c534274fc1a965d26c126efa5d58c14066b14937e5aba3b9eb55

    SHA512

    775eadccc44fddbd1e0d4231bc90d222f0a9749199e1963449ad20285ea92941a5685cdc12c0cd8c0ef0a21e10bdacaf139e5c69cd5e402cc110679323c23df1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_1180\frame_top_left.bmp
    Filesize

    154B

    MD5

    1966f4308086a013b8837dddf88f67ad

    SHA1

    1b66c1b1ad519cad2a273e2e5b2cfd77b8e3a190

    SHA256

    17b5cd496d98db14e7c9757e38892883c7b378407e1f136889a9921abe040741

    SHA512

    ec50f92b77bca5117a9a262ba1951e37d6139b838099e1546ab2716c7bafb0fc542ce7f1993a19591c832384df01b722d87bb5a6a010091fc880de6e5cfa6c17

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_1180\frame_top_mid.bmp
    Filesize

    66B

    MD5

    4e0ac65606b6aacd85e11c470ceb4e54

    SHA1

    3f321e3bbde641b7733b806b9ef262243fb8af3b

    SHA256

    1d59fe11b3f1951c104f279c1338fc307940268971d016ebe929a9998a5038ee

    SHA512

    7b28bcb4e76af3b863a7c3390b6cd3316c4631434e1d1e2df8d6e0eb9987a61a4f1a24de59567394e346d45e332403a0817ed0b0b64d7a624dbe48e30db9bb64

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_1180\logotransp.png
    Filesize

    2KB

    MD5

    591181aa7b9e1df21a5b5e1ea49092bc

    SHA1

    0b62267faa9b131d82ef355724e5579cb3e1bb4c

    SHA256

    26b881052c0b2287b4e5de4fb23d4e7bf99a5104eb8d6080445ffc5877e922e3

    SHA512

    3d3a7dc5b877fb20cec9810731be412c187a43710e29eb9775ae97ad7afd066f33fa84dab73854fdb4103dd4f81af96831c736105e7b8e437d5ee959da81811e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_1180\nextcancelbuttons.xaml
    Filesize

    1KB

    MD5

    3dec9f3886a7d180b1da7a72541dbf81

    SHA1

    07f3ba034be78970a86d055daed59bf7d87f8d21

    SHA256

    fb1c5df8785650b20612b61a66ecbda5e1ed323d6c8ac45b2ebccbe9193779f8

    SHA512

    0250b81a2795fcac69e3f2c95bdff406f01ff207e81bead96b2739f28e26dd2d97d82cccbfbd92b7141b1eabd2310db048618fef1cc5261fdff212d19bb910bf

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_1180\sys_close_hot.png
    Filesize

    276B

    MD5

    17242d201d004bb34449aab0428d2df1

    SHA1

    77a332c6a6c4bfc47a2120203cfeabb8a2268a6b

    SHA256

    15405855866fa2b7c60afbc8ba720aae8f2ba7fb60bfa641dc9d10361e56f033

    SHA512

    605a97e2614c664417d53263be21c67b1504a46ee61b92b0a84ac18a7baab05eb56b72d4cf27372ae6c157928080ba16e24081e95458eb122ba18f3722c2d21f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_1180\sys_close_normal.png
    Filesize

    225B

    MD5

    8ba33e929eb0c016036968b6f137c5fa

    SHA1

    b563d786bddd6f1c30924da25b71891696346e15

    SHA256

    bbcac1632131b21d40c80ff9e14156d36366d2e7bb05eed584e9d448497152d5

    SHA512

    ba3a70757bd0db308e689a56e2f359c4356c5a7dd9e2831f4162ea04381d4bbdbef6335d97a2c55f588c7172e1c2ebf7a3bd481d30871f05e61eea17246a958e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_1180\sys_min_hot.png
    Filesize

    180B

    MD5

    1a883668b735248518bfc4eefd248113

    SHA1

    1112803a0558a1ad049d1cac6b8a9d626b582606

    SHA256

    bcbb601daa5a139419f3cd0f6084615574c41b837426ebff561b7846dfec038e

    SHA512

    d321878ed517544c815fd0236bdff6fcb6da5c5c3658338afba646f1d8f2e246c6c880d4f592ff574a18f9efdf160e5772bbf876fb207c8fd25c1f9dd9ddfd04

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MSIB566.tmp
    Filesize

    1001KB

    MD5

    de574f7f5256f98f356a2d620c4a2288

    SHA1

    1d57d182bb748170f5cefb7ecf594b4998e113b8

    SHA256

    e831a5aebc7bd941fa815a9441e552a0ba699f9bd5454036a68ccbb42200353a

    SHA512

    431f3ea61d23028e1c538af3c808e7213d629615e3cb22b41d44715ff805323da82880c35bc90fffe95621132dad96eab5bfcc395863f167664a5666369d0d5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MSIB7EB.tmp
    Filesize

    1.1MB

    MD5

    dd194cab81ba0394a9300fac3290fd22

    SHA1

    3ef676605e239b53bec63310e14b7df75e0d42f8

    SHA256

    1b21039c84e860b0619a17d9f1508e5e622a1d4834b86e1b8eeffafe5d59f683

    SHA512

    14bc3815b0367830759ca3e48edbe7061423ca72cea5ed0b2070674ee3acd7c17e8f3ce7dc6b9f83b9215507402daa0b162d68afd809b76612009fa73831f8dc

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MSIBA9B.tmp
    Filesize

    893KB

    MD5

    1e105e916a38059af2253769bc9be624

    SHA1

    521ec39ffafd44ddd5cd793ecc126481f1ee411a

    SHA256

    3b4bac5bbb4bf191691a1b052926418d4bcab5e9aad9d535f4e1e87a19617308

    SHA512

    eec650afe3ccb812241716530722129e35917043bca41cbba3b7e17b9f560f346908b9559d4c2f2313032348a5ba1cbf3f1d4dc66553b1da9d956c754322059a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_8.0.2_(x64)_20250218090138_000_windowsdesktop_runtime_8.0.2_win_x64.msi.log
    Filesize

    1KB

    MD5

    78c4a022b51222783e966c7de6aab1c2

    SHA1

    4506561ce4ba67576ede3868cc2c9b8ede9577c6

    SHA256

    7571a9acd413691e505b96376cae9e7de0af4016a2e08f3a1bb28621b6778665

    SHA512

    b0e391cd682dd30a0cf1825391d44189d87692bfb1edd5ec72b17f624c0ea39710af6564340d63fb5e1cc4daaeeebc22f20fced2f21ed88445a6fcf0badb73da

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_8.0.2_(x64)_20250218090138_001_dotnet_hostfxr_8.0.2_win_x64.msi.log
    Filesize

    1KB

    MD5

    b8d01d7732d7ee016cd8d61c8e0b2ec7

    SHA1

    c86f8e7f165cc0a8e4f75707dd524257596485a7

    SHA256

    cc4ee76ab25b250559b7b86faf9e56b3527aa3d0470aa4266ec1eee0654dfd5e

    SHA512

    e38800b58f62523460ffe1e7e5e52849a3a3c90affb986c0c96e840746cded8a763273f185394a1fefed50753d021a634d69b573fcba3f8e96bfdb8d7e586921

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_8.0.6_(x64)_20250218090127_000_dotnet_runtime_8.0.6_win_x64.msi.log
    Filesize

    4KB

    MD5

    ed58426c4f82880222c294093808dcee

    SHA1

    6b5f871bcb98cfaaa375d561b2a25dcbdbc60f9a

    SHA256

    94a35187a88780c1f5f81c7cfb740dd0b20f8da660fe5348e85d2ae9beff72b9

    SHA512

    1b7a44b947e7c0d9d24c60d7f0f02cb21024f574cf2379409f9e814b71ce0e3a85656e9f333e5943131a93ba92b11d1e379d0b390009ed5e9d805da910ce9d8c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_8.0.6_(x64)_20250218090127_001_dotnet_hostfxr_8.0.6_win_x64.msi.log
    Filesize

    3KB

    MD5

    d1d9fa5eb3032b4effa099e6c1aa401e

    SHA1

    bc15eb0e426ed8d39d1f55616c14d7e060be126d

    SHA256

    f2e86ae926f4f59fa5750c0134b4d84dafeb5d5015ab719de1b5d51a6d958f6a

    SHA512

    8d9b517ef6726c7a876e6e78d8718307784cab1e26b69df44bc249a86e0456d40f5bc08ace3c2d38a4451378d98c740dcbd563eddba1db19349d1a7a168704ec

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_8.0.6_(x64)_20250218090127_002_dotnet_host_8.0.6_win_x64.msi.log
    Filesize

    3KB

    MD5

    4c85a39d0f26d9aaacd91e0f97d787a8

    SHA1

    7a7f29102c53b0f920e8c3f726e55c77378391fc

    SHA256

    bcf3bf4405705f99a47e8e66acb9e988b1c37e405c44097987e45d4ff282ecd5

    SHA512

    c335d0c0ac4e6ed3ee2edd9b538c582b19275ef56efd598eff624d9dbb711a0c03534c743db6f95b9ccb2fe06c049db533669559810828eb78c75865a96b153b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_8.0.6_(x64)_20250218090127_003_windowsdesktop_runtime_8.0.6_win_x64.msi.log
    Filesize

    2KB

    MD5

    12aff8cf505265981fd1178529acd4dd

    SHA1

    560d315eb3327ef4524dcc13c1b1613887fd44fa

    SHA256

    415c3fe9a806c45875dcd793da191203c81a7aaf7757c294a88ab1e0babee6f7

    SHA512

    1b485a62b1c019ac9ef7f4ccd0193f44ee93e64a2cbc5cb9499ef399ca137a860e4fbdef822725bdb518582609d0916877a8324ce6b41ffc0533077f31925c64

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\shiA071.tmp
    Filesize

    5.0MB

    MD5

    b40e4304f279119d9345be970babce41

    SHA1

    f76f5b30e7c333efcba1d4e19215ef1fd21d6943

    SHA256

    06285446d57089fe85b3b6127bbc92508773af458ad5cf20abf4570d41c0fee7

    SHA512

    ad7e6b30b3ba32d641737f499874f23ccda7c4539def0465d1723d579c79c5e3e981df8526d31f2eb79dc0fe572eb4b71a780eb63df11170d4b6a0786f588299

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Tabular Editor ApS\Tabular Editor 3 3.19.0\install\E5D4ED0\TabularEditor.3.Installer.x64.Net8.msi
    Filesize

    4.4MB

    MD5

    2e065c5da874710a5dfd76a9db7b3913

    SHA1

    bd68000e9cb0caf70cec42d30b9c0e9616be2cc9

    SHA256

    30dbdb77cc11ef3b6d4f855efedaa0b4ddea05ea9e5f9aa9e812c19e228b6725

    SHA512

    cf9293e4ff530a7da46c2c8f787e91bbf496100cf8f45680a41e5df9209309fb6522711436c32cb1046cdc09a6bafd4948fe3e54f18f5f1e1299365215aa9418

    Download Submit

  • C:\Windows\Installer\MSI13D9.tmp
    Filesize

    225KB

    MD5

    d711da8a6487aea301e05003f327879f

    SHA1

    548d3779ed3ab7309328f174bfb18d7768d27747

    SHA256

    3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

    SHA512

    c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

    Download Submit

  • C:\Windows\Installer\MSIB5A1.tmp-0\Newtonsoft.Json.dll
    Filesize

    685KB

    MD5

    081d9558bbb7adce142da153b2d5577a

    SHA1

    7d0ad03fbda1c24f883116b940717e596073ae96

    SHA256

    b624949df8b0e3a6153fdfb730a7c6f4990b6592ee0d922e1788433d276610f3

    SHA512

    2fdf035661f349206f58ea1feed8805b7f9517a21f9c113e7301c69de160f184c774350a12a710046e3ff6baa37345d319b6f47fd24fbba4e042d54014bee511

    Download Submit

  • C:\Windows\Installer\MSIFFEB.tmp
    Filesize

    244KB

    MD5

    60e8c139e673b9eb49dc83718278bc88

    SHA1

    00a3a9cd6d3a9f52628ea09c2e645fe56ee7cd56

    SHA256

    b181b6b4d69a53143a97a306919ba1adbc0b036a48b6d1d41ae7a01e8ef286cb

    SHA512

    ac7cb86dbf3b86f00da7b8a246a6c7ef65a6f1c8705ea07f9b90e494b6239fb9626b55ee872a9b7f16575a60c82e767af228b8f018d4d7b9f783efaccca2b103

    Download Submit

  • C:\Windows\Temp\{411D2977-B8B0-46AD-A30C-6CB9B2847364}\.ba\1033\thm.wxl
    Filesize

    5KB

    MD5

    d5070cb3387a0a22b7046ae5ab53f371

    SHA1

    bc9da146a42bbf9496de059ac576869004702a97

    SHA256

    81a68046b06e09385be8449373e7ceb9e79f7724c3cf11f0b18a4489a8d4926a

    SHA512

    8fcf621fb9ce74725c3712e06e5b37b619145078491e828c6069e153359de3bd5486663b1fa6f3bcf1c994d5c556b9964ea1a1355100a634a6c700ef37d381e3

    Download Submit

  • C:\Windows\Temp\{411D2977-B8B0-46AD-A30C-6CB9B2847364}\.ba\wixstdba.dll
    Filesize

    197KB

    MD5

    4356ee50f0b1a878e270614780ddf095

    SHA1

    b5c0915f023b2e4ed3e122322abc40c4437909af

    SHA256

    41a8787fdc9467f563438daba4131191aa1eb588a81beb9a89fe8bd886c16104

    SHA512

    b9e482efe9189683dabfc9feff8b386d7eba4ecf070f42a1eebee6052cfb181a19497f831f1ea6429cfcce1d4865a5d279b24bd738d702902e9887bb9f0c4691

    Download Submit

  • C:\Windows\Temp\{8A41891B-ECA3-4CA1-A894-9C09BA0DE620}\.cr\windowsdesktop-runtime-8.0.6-win-x64.exe
    Filesize

    636KB

    MD5

    06d322e819a7adb25748c3b389831908

    SHA1

    78db40c7525145938a108212f8532cd73c49546d

    SHA256

    f3d4e358135c533ce225ba64370119d41f4c84e643d2670fc99c82807ee708d1

    SHA512

    920dcc3c7db8f01f3888f46d815271e3273a09476b69e6e63979199cb4d093a7414475a52ffaff266afd1db0e91441c80d8cba8959cad971c1aa7e721bf07a0c

    Download Submit

  • C:\Windows\Temp\{A54F10A4-D2A1-4346-A327-80FCC7C33B4F}\.ba\bg.png
    Filesize

    4KB

    MD5

    9eb0320dfbf2bd541e6a55c01ddc9f20

    SHA1

    eb282a66d29594346531b1ff886d455e1dcd6d99

    SHA256

    9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79

    SHA512

    9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d

    Download Submit

  • C:\Windows\Temp\{A54F10A4-D2A1-4346-A327-80FCC7C33B4F}\.ba\wixstdba.dll
    Filesize

    215KB

    MD5

    f68f43f809840328f4e993a54b0d5e62

    SHA1

    01da48ce6c81df4835b4c2eca7e1d447be893d39

    SHA256

    e921f69b9fb4b5ad4691809d06896c5f1d655ab75e0ce94a372319c243c56d4e

    SHA512

    a7a799ecf1784fb5e8cd7191bf78b510ff5b07db07363388d7b32ed21f4fddc09e34d1160113395f728c0f4e57d13768a0350dbdb207d9224337d2153dc791e1

    Download Submit

  • C:\Windows\Temp\{A54F10A4-D2A1-4346-A327-80FCC7C33B4F}\dotnet_host_8.0.6_win_x64.msi
    Filesize

    780KB

    MD5

    98b6ac90f0e0a7f43e3c88f9099ad70c

    SHA1

    564ee5e09f06404a37c9ef685f2336e5d86a44f7

    SHA256

    cdb9f64aa7845a05713ba42ece610a18c3db1aeb9b11dd33d8ad010c2c0fbd8d

    SHA512

    5feeebaa78617f46b424c4e3e17ff9ea65ec226c8e0a79d8434df3d92aa9e131f96909a64956569c36e1d23f0b9b2c6abb245ca3c89ce3c07b7c93d149028cdd

    Download Submit

  • C:\Windows\Temp\{A54F10A4-D2A1-4346-A327-80FCC7C33B4F}\dotnet_hostfxr_8.0.6_win_x64.msi
    Filesize

    848KB

    MD5

    357c01acfdb40c0d8fe9be487170da5d

    SHA1

    eeaf7b56b79013f8ddb1b9d90421f2e03378d81b

    SHA256

    4952b61ca4cd19c4690a24f30f1f437cb416d06756330345e3fa821b9b90f44f

    SHA512

    152556764f958e8c3a9096e0e87ce4893ff93358be279a9a2ad9ada58f011a99a7fd4342ab0685998b0e90673a341e02fb18bc92d8ce0d5dcf7156eb70c4aec7

    Download Submit

  • C:\Windows\Temp\{A54F10A4-D2A1-4346-A327-80FCC7C33B4F}\dotnet_runtime_8.0.6_win_x64.msi
    Filesize

    26.2MB

    MD5

    9616c0869dffc30a2923a890d8b14a67

    SHA1

    174affdbc38a3c7fc15e48528c80e7168d228be0

    SHA256

    5b58566f0b0520d92aa9fbe75b75d6942bf1cf012d80c44d3af96ded3824c3d4

    SHA512

    d5252b4a86a674fcf460a65223dd3261816b6e7865f7b6c1f387b682090e8e6f92601e7b67cff57856b52c086add10e4d55189451ef26829f2a256ba621bcf24

    Download Submit

  • C:\Windows\Temp\{A54F10A4-D2A1-4346-A327-80FCC7C33B4F}\windowsdesktop_runtime_8.0.6_win_x64.msi
    Filesize

    29.3MB

    MD5

    7f7a2c9903b501e6be319643903bd746

    SHA1

    a9701397d76ad81cb24ab9839c1f6a55fe6c53f8

    SHA256

    fc0dd518f516da1c1d23a7bf46872a36e2010fd34f5e1218d1bbc13982e5ce8f

    SHA512

    eacb67d3cb534bb87d34f57049592f164e26f3669317e0524e0ae784bb4414e63ffbde24d82a8971629c203e689a64e15631f62754feae1ad65718d772d660b2

    Download Submit

  • memory/1756-1104-0x0000000000A60000-0x0000000000AD6000-memory.dmp

    Filesize

    472KB

    Download

  • memory/1820-1549-0x0000000004FC0000-0x0000000004FEE000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1820-1551-0x0000000005010000-0x0000000005018000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1820-1553-0x00000000050D0000-0x0000000005180000-memory.dmp

    Filesize

    704KB

    Download

  • memory/1820-1557-0x00000000051B0000-0x00000000051D2000-memory.dmp

    Filesize

    136KB

    Download

  • memory/4624-1078-0x0000000000A60000-0x0000000000AD6000-memory.dmp

    Filesize

    472KB

    Download

  • memory/4908-1103-0x0000000000A60000-0x0000000000AD6000-memory.dmp

    Filesize

    472KB

    Download