General Info

File name

SDClient-Setup.exe

Full analysis
https://app.any.run/tasks/bc7e2c17-b4ab-437d-a424-6496efc72c27
Verdict
Malicious activity
Analysis date
11/8/2018, 11:35:02
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows
MD5

f28ba2c881af54948c23c14f01f3e46b

SHA1

fdc51e364063dda572b145db6ec08cabf0259ee9

SHA256

7cf6f593c5e4a264a0c2cc50dc446d77bde176941d109b3c4d4f3a3d7619d090

SSDEEP

98304:MPmY8sjk2m5+0srtjnvuNkf29w2NcjJBY4eaCOB3SZW5IXCGLgkly3nQ:MNjbmETvMkO9Ji04twCGLgz3Q

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
off

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • sf_setupmain.exe (PID: 3644)
  • suda.exe (PID: 3000)
  • sf_setupmain.exe (PID: 3184)
  • EasyPrint.exe (PID: 4004)
  • EasyPrint.exe (PID: 2112)
Executable content was dropped or overwritten
  • suda.exe (PID: 3000)
  • SDClient-Setup.exe (PID: 2276)
  • suda.tmp (PID: 2064)
Changes IE settings (feature browser emulation)
  • EasyPrint.exe (PID: 2112)
Application was dropped or rewritten from another process
  • suda.tmp (PID: 2064)
Loads dropped or rewritten executable
  • suda.tmp (PID: 2064)
Creates a software uninstall entry
  • suda.tmp (PID: 2064)
Creates files in the program directory
  • suda.tmp (PID: 2064)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win64 Executable (generic) (76.4%)
.exe
|   Win32 Executable (generic) (12.4%)
.exe
|   Generic Win/DOS Executable (5.5%)
.exe
|   DOS Executable Generic (5.5%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2016:11:22 03:30:25+01:00
PEType:
PE32
LinkerVersion:
12
CodeSize:
283648
InitializedDataSize:
191488
UninitializedDataSize:
null
EntryPoint:
0x36d87
OSVersion:
5.1
ImageVersion:
null
SubsystemVersion:
5.1
Subsystem:
Windows GUI
FileVersionNumber:
5.9.2.10735
ProductVersionNumber:
5.9.2.10735
FileFlagsMask:
0x003f
FileFlags:
(none)
FileOS:
Windows NT 32-bit
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
Chinese (Simplified)
CharacterSet:
Unicode
FileVersion:
5.9.2.10735
ProductVersion:
5.9
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
22-Nov-2016 02:30:25
Detected languages
Chinese - PRC
English - United States
Debug artifacts
E:\svn2\rczip2\bin\Win32\release\pdb\HaoZip7zSetup.pdb
FileVersion:
5.9.2.10735
ProductVersion:
5.9
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x00000108
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
5
Time date stamp:
22-Nov-2016 02:30:25
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x0004527B 0x00045400 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.64156
.rdata 0x00047000 0x00011A60 0x00011C00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.73902
.data 0x00059000 0x0000A180 0x00003A00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 4.67134
.rsrc 0x00064000 0x00013FDC 0x00014000 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 6.45203
.reloc 0x00078000 0x000055E0 0x00005600 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_DISCARDABLE,IMAGE_SCN_MEM_READ 6.48033
Resources
1

2

3

107

129

131

132

304

563

626

627

628

629

630

631

632

633

634

635

636

637

638

639

640

641

1251

1252

1253

1254

1255

1256

1257

1258

1259

1260

1261

1262

1263

1264

1265

1266

1267

1268

1269

1270

1271

1272

1273

1274

1276

1277

1278

1279

1280

1281

1282

1283

1284

1285

1286

1287

1288

1291

1292

1293

1294

1295

1296

1297

1298

1299

1300

1301

1302

1303

1304

1305

1306

1307

1308

1309

1310

1311

1312

1313

1314

1315

1316

1317

1318

1319

1320

1321

1322

1323

1324

1325

1326

1327

1439

1440

1445

1446

1447

1448

1449

1451

1452

1453

1455

1456

1457

1458

1459

1460

1461

1462

1463

1464

1465

1466

1467

1468

1469

1497

1498

1499

1500

1501

1502

1503

1504

Imports
    COMCTL32.dll

    SHELL32.dll

    KERNEL32.dll

    USER32.dll

    GDI32.dll

    ole32.dll

Exports

    No exports.

Screenshots

Processes

Total processes
45
Monitored processes
7
Malicious processes
1
Suspicious processes
0

Behavior graph

+
drop and start drop and start start drop and start sdclient-setup.exe sf_setupmain.exe no specs sf_setupmain.exe suda.exe suda.tmp easyprint.exe no specs easyprint.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2276
CMD
"C:\Users\admin\Downloads\SDClient-Setup.exe"
Path
C:\Users\admin\Downloads\SDClient-Setup.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Version
5.9.2.10735
Modules
Image
c:\users\admin\downloads\sdclient-setup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\propsys.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\sspicli.dll
c:\users\admin\appdata\local\temp\sf_setupmain.exe
c:\windows\system32\mpr.dll

PID
3644
CMD
"C:\Users\admin\AppData\Local\Temp\sf_setupmain.exe"
Path
C:\Users\admin\AppData\Local\Temp\sf_setupmain.exe
Indicators
No indicators
Parent process
SDClient-Setup.exe
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
Description
Aut2Exe
Version
3.3.14.2
Modules
Image
c:\users\admin\appdata\local\temp\sf_setupmain.exe
c:\systemroot\system32\ntdll.dll

PID
3184
CMD
"C:\Users\admin\AppData\Local\Temp\sf_setupmain.exe"
Path
C:\Users\admin\AppData\Local\Temp\sf_setupmain.exe
Indicators
Parent process
SDClient-Setup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Aut2Exe
Version
3.3.14.2
Modules
Image
c:\users\admin\appdata\local\temp\sf_setupmain.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\version.dll
c:\windows\system32\winmm.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\mpr.dll
c:\windows\system32\wininet.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\psapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\users\admin\appdata\local\temp\suda.exe

PID
3000
CMD
C:\Users\admin\AppData\Local\Temp\suda.exe
Path
C:\Users\admin\AppData\Local\Temp\suda.exe
Indicators
Parent process
sf_setupmain.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
深圳丰速科技有限公司
Description
速打线下用户专用版 Setup
Version
1.1.1.0
Modules
Image
c:\users\admin\appdata\local\temp\suda.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\users\admin\appdata\local\temp\is-p82lj.tmp\suda.tmp

PID
2064
CMD
"C:\Users\admin\AppData\Local\Temp\is-P82LJ.tmp\suda.tmp" /SL5="$80220,5211574,51712,C:\Users\admin\AppData\Local\Temp\suda.exe"
Path
C:\Users\admin\AppData\Local\Temp\is-P82LJ.tmp\suda.tmp
Indicators
Parent process
suda.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
安装/卸载
Version
51.49.0.0
Modules
Image
c:\users\admin\appdata\local\temp\is-p82lj.tmp\suda.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\mpr.dll
c:\windows\system32\version.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\users\admin\appdata\local\temp\is-6qr11.tmp\_isetup\_shfoldr.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\imageres.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\riched20.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\program files\ëù´òïßïâó㻧רóã°æ\easyprint.exe
c:\program files\ëù´òïßïâó㻧רóã°æ\unins000.exe
c:\windows\system32\netutils.dll

PID
4004
CMD
"C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\EasyPrint.exe"
Path
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\EasyPrint.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
深圳丰速科技有限公司
Description
速打线下专用客户端
Version
1.1.1.0
Modules
Image
c:\program files\ëù´òïßïâó㻧רóã°æ\easyprint.exe
c:\systemroot\system32\ntdll.dll

PID
2112
CMD
"C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\EasyPrint.exe"
Path
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\EasyPrint.exe
Indicators
Parent process
––
User
admin
Integrity Level
HIGH
Version:
Company
深圳丰速科技有限公司
Description
速打线下专用客户端
Version
1.1.1.0
Modules
Image
c:\program files\ëù´òïßïâó㻧רóã°æ\easyprint.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\version.dll
c:\windows\system32\mpr.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\winmm.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\olepro32.dll
c:\windows\system32\hhctrl.ocx
c:\windows\system32\msftedit.dll
c:\windows\system32\security.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\idndl.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\mlang.dll

Registry activity

Total events
810
Read events
769
Write events
41
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
2276
SDClient-Setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2276
SDClient-Setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2064
suda.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3a3003ed-2fb1-4546-8b04-5603fe2e0eb8}_is1
Inno Setup: Setup Version
5.3.5 (a)
2064
suda.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3a3003ed-2fb1-4546-8b04-5603fe2e0eb8}_is1
Inno Setup: App Path
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ
2064
suda.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3a3003ed-2fb1-4546-8b04-5603fe2e0eb8}_is1
InstallLocation
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\
2064
suda.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3a3003ed-2fb1-4546-8b04-5603fe2e0eb8}_is1
Inno Setup: Icon Group
ËÙ´òÏßÏÂÓû§×¨Óðæ
2064
suda.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3a3003ed-2fb1-4546-8b04-5603fe2e0eb8}_is1
Inno Setup: User
admin
2064
suda.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3a3003ed-2fb1-4546-8b04-5603fe2e0eb8}_is1
Inno Setup: Selected Tasks
desktopicon
2064
suda.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3a3003ed-2fb1-4546-8b04-5603fe2e0eb8}_is1
Inno Setup: Deselected Tasks
quicklaunchicon
2064
suda.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3a3003ed-2fb1-4546-8b04-5603fe2e0eb8}_is1
DisplayName
ËÙ´òÏßÏÂÓû§ V1.1.1.0
2064
suda.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3a3003ed-2fb1-4546-8b04-5603fe2e0eb8}_is1
UninstallString
"C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\unins000.exe"
2064
suda.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3a3003ed-2fb1-4546-8b04-5603fe2e0eb8}_is1
QuietUninstallString
"C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\unins000.exe" /SILENT
2064
suda.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3a3003ed-2fb1-4546-8b04-5603fe2e0eb8}_is1
Publisher
ÉîÛÚ·áËٿƼ¼ÓÐÏÞ¹«Ë¾
2064
suda.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3a3003ed-2fb1-4546-8b04-5603fe2e0eb8}_is1
URLInfoAbout
http://www.foonsu.com
2064
suda.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3a3003ed-2fb1-4546-8b04-5603fe2e0eb8}_is1
HelpLink
http://www.foonsu.com
2064
suda.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3a3003ed-2fb1-4546-8b04-5603fe2e0eb8}_is1
URLUpdateInfo
http://www.foonsu.com
2064
suda.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3a3003ed-2fb1-4546-8b04-5603fe2e0eb8}_is1
NoModify
1
2064
suda.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3a3003ed-2fb1-4546-8b04-5603fe2e0eb8}_is1
NoRepair
1
2064
suda.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3a3003ed-2fb1-4546-8b04-5603fe2e0eb8}_is1
InstallDate
20181108
2112
EasyPrint.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION
EasyPrint.exe
0
2112
EasyPrint.exe
write
HKEY_CURRENT_USER\Software\FoonSu\EcsClient\Language
ChooseLanguage
TW
2112
EasyPrint.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\EasyPrint_RASAPI32
EnableFileTracing
0
2112
EasyPrint.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\EasyPrint_RASAPI32
EnableConsoleTracing
0
2112
EasyPrint.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\EasyPrint_RASAPI32
FileTracingMask
4294901760
2112
EasyPrint.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\EasyPrint_RASAPI32
ConsoleTracingMask
4294901760
2112
EasyPrint.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\EasyPrint_RASAPI32
MaxFileSize
1048576
2112
EasyPrint.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\EasyPrint_RASAPI32
FileDirectory
%windir%\tracing
2112
EasyPrint.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\EasyPrint_RASMANCS
EnableFileTracing
0
2112
EasyPrint.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\EasyPrint_RASMANCS
EnableConsoleTracing
0
2112
EasyPrint.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\EasyPrint_RASMANCS
FileTracingMask
4294901760
2112
EasyPrint.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\EasyPrint_RASMANCS
ConsoleTracingMask
4294901760
2112
EasyPrint.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\EasyPrint_RASMANCS
MaxFileSize
1048576
2112
EasyPrint.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\EasyPrint_RASMANCS
FileDirectory
%windir%\tracing
2112
EasyPrint.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2112
EasyPrint.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2112
EasyPrint.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2112
EasyPrint.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1

Files activity

Executable files
7
Suspicious files
20
Text files
95
Unknown types
4

Dropped files

PID
Process
Filename
Type
2276
SDClient-Setup.exe
C:\Users\admin\AppData\Local\Temp\sf_setupmain.exe
executable
MD5: 68874e1ca5eb029985adcfc57073bc3d
SHA256: f8f4992c44dd0274b930593290ed8de7acb74eca2d67a8d3fb2d61e4bce949d6
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\unins000.exe
executable
MD5: e1b06da9c8f056cc96c0227ce051a977
SHA256: b53d157c506095c5b5b0bdd1ba11b4989232dc7a9c15d07b5835a80b2fc16f02
2064
suda.tmp
C:\Users\admin\AppData\Local\Temp\is-6QR11.tmp\_isetup\_shfoldr.dll
executable
MD5: 92dc6ef532fbb4a5c3201469a5b5eb63
SHA256: 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
2064
suda.tmp
C:\Users\admin\AppData\Local\Temp\is-6QR11.tmp\_isetup\_RegDLL.tmp
executable
MD5: 4248fa25d2f50ebe23ead46140933013
SHA256: 5200596d2349cd7feb4dbd4c78eb7d67fe334838460a3c290575a4b3e4cc6633
3000
suda.exe
C:\Users\admin\AppData\Local\Temp\is-P82LJ.tmp\suda.tmp
executable
MD5: c23f3f69452698b49f33d023e59ff5ad
SHA256: 556c901684368176a8ed8bb383c5bfac2389c84edc16b5e8885a00940a7a0157
2276
SDClient-Setup.exe
C:\Users\admin\AppData\Local\Temp\Suda.exe
executable
MD5: 02deddd017b16ba20b77a84d02922669
SHA256: 44dd607c2609d322d5e63b45d0823c4bf07bb2012a46449b81ad5b41317bcd6b
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\EasyPrint.exe
executable
MD5: f5f867e6bb0a34075be2dacbc0bfe302
SHA256: c91eb9d0e28b6f5c8fd5a3b31ca742c842e75f00f6c8955b79923bfa56d9bf85
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Template\is-GDS15.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Template\Shipper_ContactsCN.xls
document
MD5: ced2755387b36136cd9e68a2faceb026
SHA256: 935bb114110f109be93f4a66aeb2dd2bbb230bb53a043b1267d20f8a05a8aeae
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Template\Shipper_Contacts.xls
document
MD5: 86a55d2fc986c1778ea2cb8f55779aca
SHA256: a5f75ab0ed9bbbcd6539f8b95a878c3b75380526c7f7157e80d6a23b520d711d
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Template\Receive_ContactsTW.xls
document
MD5: 8432abd3fa96ac551b454865a2524bdc
SHA256: 9d75c1030054b21326c1857ff94c13313f107646e43865dc36f07132d2989d57
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Template\Receive_ContactsCN.xls
document
MD5: 56345dc7b5ee7f1d65ed53e0f0f2f11a
SHA256: f689db3bc8557de3e91656224b14fb3a8c8c2622d2352b6ad5987e995fc8eabe
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Template\Shipper_ContactsTW.xls
document
MD5: c914368d24e3ee24f53721c5b25e21f6
SHA256: 0b7ba83467b698d4b3f04ae9fc0d9d16239d7a66556b53c7ef1ad8e182d3fc79
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Template\Receive_Contacts.xls
document
MD5: 248af4969224e58b692f32efe5a19b24
SHA256: 914887e217732a85ad3ba281c6b12da6b860e2f9ae7870ad616e8082f183315c
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Template\is-2A2M5.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Template\is-7RM6J.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Template\is-2DJ5U.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Template\is-2PGS2.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Template\is-27SHN.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Template\is-I0K6A.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Template\mobileCN.xls
document
MD5: 70b8ebdad824925d7076af160ec3a9c1
SHA256: 9b168aec2d1e89c07eb9a3acb3931e47df59d1417decd45d75cfa17fba573bd0
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Template\ExportExcelData.xls
document
MD5: 0db9587b5ea4e2289c75138afc4b6266
SHA256: 1e5f04b4aba7a5413557976b80d1205e0d3eb73370f283e5ddd55e8b3ac62bcb
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Template\mobileTW.xls
document
MD5: e021efd1553f90064b2d360e182d3cee
SHA256: 2a30b5a1f405fb1800a554bab44ce4efdccf1000fea54890179d1ea48e506e68
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Template\CommonTemplate_easyprint_senderTW.xls
document
MD5: 61c113374e5752aec9fb1a2601fa0cf9
SHA256: a7bc3fd6d878ffdabdabb33b3c9e66dc1e74005ccbb8be2382eb8d4c74498e19
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Template\order_template_custom_error.xls
document
MD5: 13b3cf369a3a7f7cc81aee68fb55f885
SHA256: 2d12ee3dac6cc1537281abb6360158bfc4b784c5a26cc8a7aaffa62c9a56031e
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Template\KjgoodsTW.xls
document
MD5: f1cfc8513930eca8060bb1449be06e3d
SHA256: d70f7118896ff0ffca7178faa088ba851fc76a50b8022a234477872df28cf1a5
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Template\KjgoodsCN.xls
document
MD5: de867ac42d86459bb26c0abe1aaa65b0
SHA256: ff1a3d878aa9dfd2c2466d463d21332c4d098039254e8b1ed55332b9504fc0e2
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Template\is-D8VDM.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Template\is-69J9D.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Template\is-1AMK6.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Template\is-10BAJ.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Template\is-J2MVU.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Template\is-VGT2E.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Template\is-SM7LQ.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Template\CommonTemplate_easyprintTW.xls
document
MD5: fab372d4c357959c35c803750ab3f8cf
SHA256: 94a34cae0c15005ae7c36bed812afc23bce4c7bd30a45275c896d9cde908c2e0
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Template\CommonTemplate_easyprint_sender.xls
document
MD5: d720391e3a61952359a06e2b024aedf0
SHA256: a4e8782873a9ac18dfbacc211d358be68fb4d6b50b8437696898ac7f9602579d
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Template\CommonTemplate_easyprintCN.xls
document
MD5: dd758df008abf89e3ef35291c5067bce
SHA256: 266002aae46bff93af8ee2b18a0c33cd85b07015ba7c3c47366ef27efb2fee22
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Template\CommonTemplate_easyprint_senderCN.xls
document
MD5: e39327e6d2897caa2b51cee136363e99
SHA256: 5e7e77ad81e54c3589c056d3a1e553a7f49956aabb1ea355745afd296f4449db
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Template\CommonTemplate_easyprint.xls
document
MD5: 63832af61359314f74bc296fa6191388
SHA256: 1a5096c1cc3407404a2db6bb8a6b5721fe3410d93f849a7670543581b6003081
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Template\is-VJFIQ.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Template\is-D0P1U.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Template\is-OU4UN.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Template\is-70LKF.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Template\is-N66UV.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Template\cityTW.data
text
MD5: 93ce025efb4702ff26b620fb15579819
SHA256: 40da4576458e94c49762a1d6a2c0459d23a6ee382126ebd2f51c6dd5c6bbcd00
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Template\city.data
text
MD5: bfb99c3137a79d6fcb4b485f8eac6dad
SHA256: 55d02322a026df1a8ed5d889f5ae63bd2b14d59d7486f0f03e84c962ad38a0c3
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Template\is-KBIH0.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\ZTO_CN.FR3
xml
MD5: e12e3732a5f0bab362c04144acb21c67
SHA256: 8457efd58045f7baf9beb2d804c15d8c60615a5cf2d253dbe66059bdc250a261
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Template\is-ARS0L.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\is-G7PBE.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\ZT.FR3
xml
MD5: 41255f9dfac96d019bda36d06634e370
SHA256: 323683c5922bc1cd3166072e5f04ef190f237563c93cb70bf91cc4a23e16cb4e
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\YUNDA_CN.FR3
xml
MD5: 52e9e6d678603897d9ae0cc88c07b956
SHA256: 7395a86c9d4ba9b6607b086e1dc16272502d7e47b1bc899ffc96b8bd478aa74a
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\is-3A87E.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\is-0950A.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\YTO_CN.FR3
xml
MD5: 349ec8e73f3b4766c87a529b2bc5d3b5
SHA256: 2f0d4ef0c4bff2f593220a2cfca58c9b6fabcc75b94bf3bb0529186637a8c39e
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\YT.FR3
xml
MD5: 0c24e02b88fd95f484b87ff101ba65c1
SHA256: 02b0c9a3180d60d0b5e4d660248a331b71abbcba73619e8c4ca6b80d728263b3
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\is-Q7GSA.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\is-B4T3V.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\UC.FR3
xml
MD5: 62133a512d0f8a9ed4830f3b3ad5d1ed
SHA256: 36334a3ca712c122450be2838d83439abaab5208957d26c9f8491048fd34bc45
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\YD210.FR3
xml
MD5: dfb0347c5e318cc1d699b5c10df0b85a
SHA256: 4d23640550f2f26feff8cddea367effd0da8b50269016a859f184e47467917af
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\YD180.FR3
xml
MD5: e91e79b8ec303a07f313dee9d553ec2f
SHA256: 50ee0079175b0aed3261246a9515d0fe06edfcdd43f8e94b9c23b93da41d8c63
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\YDTD.FR3
xml
MD5: f1ee8a00a96f568cf1986dfec6d3183b
SHA256: 4b33203befbb5bab647369cf9ce53201d8d93ea5daccaa7838ba6374769de20a
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\YD.FR3
xml
MD5: 0b19c6926945dc7d8fc57c599f187c03
SHA256: d97da910844dec156187023620df4e46f43d9bc58820f95a453536ff9d129317
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\is-EKLMI.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\is-D63R4.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\is-T80GM.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\is-541AG.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\is-E224L.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\STOTD.FR3
xml
MD5: c5f9ada70dcb6aa46d4cbf723b57d3a6
SHA256: f4e41368fecb0e0f0010b5c58cc815bdaaa5df015bf164a47b66f198fbe9b3f6
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\STO_CN.FR3
xml
MD5: c298bb2d9486594b6478b56beaea35a9
SHA256: d6f39f28d58bb73ed724f7c0a6e43d18745fe31ccab9b7be6c0133dd8cdbc9e4
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\TTKDEX.FR3
xml
MD5: 7eb5163e49dd858e9986abbea7302b9e
SHA256: 8da5c717b2eeb326bc838400cc6122656a965e05a9da65fa2439e6e22eac33bd
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\is-3RCR0.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\is-TU0JN.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\is-QE0PN.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\ST210.FR3
xml
MD5: 6fadcdbb55430dc42b1cc2299ca65479
SHA256: b68a7b3990789e18a5c27b26eb5b95743f788da82f8d0d4c18954208cc6dc6ef
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\ST.FR3
xml
MD5: aa606b324776c323a93a9f713fc10c92
SHA256: 4744efe689397459fd6860dd611af38a36cdd96695caeb9998c0189c7826ecd4
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\is-1T1IG.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\is-95B0A.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\SFKJ210.FR3
xml
MD5: 299adf5b7b680aa90027334e09564420
SHA256: 86babbd3d89779e1cfb32affb106f52b1b1e5580a3a3da46f6fa759ae6efde61
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\SFGJ.FR3
xml
MD5: c71f38f7db5e05e5c9d5373d4e2a525d
SHA256: 5f2b82814868398b44045eedbc35e937d9378544c38cfda7c003a89e6676261c
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\SFKJA4.FR3
xml
MD5: dbefc3c2abc7236cde06faeb4ea0a711
SHA256: 346e41dc5242a108c02441c9be1d4a25845c5c770e70b62057a3acc405a9de76
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\SFKJ150.FR3
xml
MD5: fbcaf342462e9a2424e992a791cfcc99
SHA256: 37d8f3107889d35cfc56eea2af3bef889394b5beeed6446129cd176154521b9a
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\is-U0NCH.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\is-0A4JD.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\is-8GTHR.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\is-FV2R6.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\QFKD.FR3
xml
MD5: d127ab738147b5ebbaeddb1339c798cc
SHA256: 6e04b7d6b36dade416b04db22dd5bf943a8ac0a6fcecce6e46540371a8fe02ae
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\is-NSBAG.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\GTO.FR3
xml
MD5: 838a7bcffd87ac3ae62af19e8ac8d6ab
SHA256: eafd2b633cd73f5e077c22a6f69cfdd11b54a76b8d70650431dd41c0f0b40def
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\HTKY_CN.FR3
xml
MD5: 043d137a03d8faee5d3cf50f11d54756
SHA256: d280feefa0a7248c91c0b1e946e8e7468aa7926b95f04348a7fe6d76d4a9704d
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\is-9UE60.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\FMA4.FR3
xml
MD5: 5da6a86a03b7b38721a6346533ee2903
SHA256: 18f896fc65238d226758b821e4f116303b53d71aa30cc7778ecaaaa483764369
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\is-8E6VO.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\is-KJA2I.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\FMA4-2.FR3
xml
MD5: dc46a3bb94f560c7e131cb115fde8147
SHA256: 3d4420707f53407532aca9af83eccb70a3ab3e787528de4f846e05bb40de227e
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\FM210.FR3
xml
MD5: 66a97337a18e9d3655f2a9627b14101a
SHA256: 19a9736d7eb73a3f7a3ae4a4eef0fe77e2d1fd4d28cd42fb973684444de8bd16
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\is-S97E6.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\is-8ML9O.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\FM2.FR3
xml
MD5: 8ee8fe6e222787470b1f6d75dd25a226
SHA256: 3587d993a0093d0eb3387e26d25024b64967ce974fe2bf754427973c1aa1de32
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\FM180.FR3
xml
MD5: d3f133746254f80494923825ccbca0e9
SHA256: 8fee504a6297a9cc55e2dfcc0a37267deb2242bbe3a9d5478dfe85320ecbb299
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\is-76K7G.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\is-5MMON.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\FM150.FR3
xml
MD5: d83ab7bc1f11fbe13d61ba5ab7aca328
SHA256: d709594d7c26a828f7f9fba8d85033222993cafe01d95682625d4ed523079e13
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\is-8784Q.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\FM1.FR3
xml
MD5: 65a2fe3b48da6c7fdc48c122df9e0856
SHA256: 75bea279e37fb30f8a89b644cb6508e1c34f0f63e8dd9f90eff79956e60e5f2b
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\is-BOAQS.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\FAST.FR3
xml
MD5: 786bd47a99f1fac9c67ebf25036e8b51
SHA256: 68edc400ad5014839a70b0eb0600253cb2751dbd6277c27e2fc5ce2cf674fc59
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\EMSZL.FR3
xml
MD5: d6beebdcc87c4bd6ae524cf6a02acc19
SHA256: ee0797c5c9709b41411d4f141df8a0797c906a07fe86ac43be5c2b31fa478913
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\FAST_CN.FR3
xml
MD5: 0de49f80bb097d2f55c520b27d355410
SHA256: f45436ac6b5abc3ca6e76b48e7b12381fdc4b96e84b3fd4f9aa3ccbf0222aee6
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\EMS.FR3
xml
MD5: 9f6181f10098e901dc6eadebe681d977
SHA256: e17db8b4cc9b330503369fda7f2d86ba2a9bad32ae83bf31dc5b45caee4c28f3
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\is-VPQ8B.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\is-QJ53S.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\is-1MHFK.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\is-H1QPK.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\A4_TW.FR3
xml
MD5: cad2464307d6f3dcff07dafca7a73cad
SHA256: deb20fc89857ed57ea3ef0c2f621488f6258d29109b37ca2f5f94a4d0fa017f7
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\A4.FR3
xml
MD5: 416b9a6041de972252c8ed0a6687560b
SHA256: 22f59f710416a24e80fd79c3dc56972e9fb1de0e6b7b0f724872439364bb0f17
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\AN.FR3
xml
MD5: b0b7e806b8cb94e2c50408e715193452
SHA256: 379ed38b5ce4c1dc1b989fbf2b2021f2b901f59575e17fd235f56363c94616ca
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\BSHT.FR3
xml
MD5: 79c776f107cafbef92fa51a24a60ad56
SHA256: f44fc2e1ff4429ed55df20ce8d9320035a1c0bf8fb16db9f6a71627a3f2c3c30
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\is-DL6LG.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\is-519EA.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\is-CFP3U.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\is-92EAA.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\A4-2_TW.FR3
xml
MD5: a7afde872dcca2fc5e2385527dd4d956
SHA256: ab0bd38f3187bb43ab1da9e38af3ef6963bc06b42620263b39cd7598c3d306e6
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\A4-2.FR3
xml
MD5: 2d8b2492d4b295d93683cabbfda54ef0
SHA256: 3c766893d95a32ba7560f20e7953ceffa5a84561072e8a3bf5851ded0dafa5e2
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\is-1OPM7.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\is-53268.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\210_TW.FR3
xml
MD5: c6728a14a4f2769bffbdb7d2fde574d0
SHA256: dbc62da6624a9489185ff3bf08a7338b81c7d1b0cf5611e69256a6b4d6ad2488
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\210.FR3
xml
MD5: 66a97337a18e9d3655f2a9627b14101a
SHA256: 19a9736d7eb73a3f7a3ae4a4eef0fe77e2d1fd4d28cd42fb973684444de8bd16
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\is-V9GAT.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\is-DRDL3.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\2016TD.FR3
xml
MD5: ef4ab4ddfe02654aaa39cc14dad5e164
SHA256: 11a3241b6de571d64ae54c598b460a50bd2c5958c9fb1b727306032beeadacac
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\is-8H05P.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\2015TD.FR3
xml
MD5: 3a09aba406bb32b880204c72037b6bfd
SHA256: 7cafb5be5289eb01dc4055544032436816894de1872048e830c185fa81d99205
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\is-JF9TV.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\180.FR3
xml
MD5: d3f133746254f80494923825ccbca0e9
SHA256: 8fee504a6297a9cc55e2dfcc0a37267deb2242bbe3a9d5478dfe85320ecbb299
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\is-3QE1R.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\150_TW.FR3
xml
MD5: 801ce390f6d46735fcbb1ff94226f5ba
SHA256: f8e755772a0cc7c096bca76a5191cbde28a88ff2532ec81be569c44eecdbdfba
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\1501.FR3
xml
MD5: f6de6119873304efb86d53301e8c5fe1
SHA256: 21d72030b1b9ebd135e40f20f715d6db560e5c796e9949907bb385bb4b13a4c9
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\is-LQ269.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\is-ELDJD.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\150.FR3
xml
MD5: d83ab7bc1f11fbe13d61ba5ab7aca328
SHA256: d709594d7c26a828f7f9fba8d85033222993cafe01d95682625d4ed523079e13
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Report\is-UU9BM.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Language\TW.lan
text
MD5: d7addc1ff627e0e88e2fc4e8c7b6aaac
SHA256: 52aae9b2a64c11fd5a4d3f8ca6449aa5e05d2cf96549d88b58ff32fbf5687be3
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Language\CN.lan
text
MD5: d06b4e44b4c85ef498fb72f01856d146
SHA256: 25b0a81d4c4badb785aff8ad70c3718e72643ed7250204448aee6dc70eb89644
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Language\is-K8OQ0.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Language\is-IQOE4.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\ZT.jpg
image
MD5: 34e1c36328875d524522934bf5762e60
SHA256: b1d14b1f57ef1d67ae4fad5176d6d6fabf9c6239a07f22684fd7d1400f359723
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\ZTO_CN.jpg
image
MD5: 8764f2cfbe957cefb9debf4200316793
SHA256: 547274843792f378ea481d45e8cb7a6dac29f6b513233729c6859fbc75f30cbc
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\is-1799M.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\is-RSM2C.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\YUNDA_CN.jpg
image
MD5: fa6889612a17c6b7042db74b2bad95a4
SHA256: a189b49d260d99b89a243d5431e5d21ec31dd101e81db439f9b5c99d63ffa758
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\is-GMGOJ.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\YDTD.jpg
image
MD5: b5ae39b0928f5a8828b5c9a98e1f04fc
SHA256: 4f3ddc61ec301c5256873d27176533ced1c0c0cdfb8bf68c2afb17d60bb808de
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\YT.jpg
image
MD5: 295f4110815ebb60f7caa4e26af7a2c1
SHA256: 28a9311bb6fd63614775dffa52892ee77fabd25f6a94fd2937659c2d7e21b8a9
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\YD210.jpg
image
MD5: b067c2a3d26e8c85f2f9706f130314f1
SHA256: 665cac70455fb880b8c283912740d4fb1628f461c4cbe017e0f948f5c3afc2f9
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\YTO_CN.jpg
image
MD5: 33b24d70f315a59aaf1c69da045532fa
SHA256: 1c70541f479ead9555ed20e0e0b144f0904d005d09327c3ca58a260f3e926342
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\is-EQPMT.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\is-1L89U.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\is-NV4M6.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\is-M520R.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\YD180.jpg
image
MD5: 9b815cce7fda664c711067defa145b02
SHA256: 15777b0e047f042587ad7cdad245e0bbe43bee2d8a240d686caee48b6d11fec7
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\UC.jpg
image
MD5: 6e62f179263e7d02498e86a02936eb50
SHA256: 1cf338798bbba2bac2fa28bad5415ed97e5f0211c8129418e917415653935902
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\YD.jpg
image
MD5: b15a22143b4735bd1822a774ff8cc72d
SHA256: 7c233ac8dbc8c92bf8d91c6d0908de5783f89fec8705d0d8cdaad8e16c9498a4
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\TTKDEX.jpg
image
MD5: 827fdf5252068f991f95fc0b192c1238
SHA256: 904128f7cd210955c01a93a0b4fa16152ce911c78bede72dd7112692600ab290
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\is-PGNMM.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\is-4J7LA.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\is-M7QJF.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\is-EO525.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\STO_CN.jpg
image
MD5: 996784c23bcfab93560c6a44c76124de
SHA256: 7d3d733470306b1aab30f5cd70457f08e3a0d3408281a4127db588def5ad32e4
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\STOTD.jpg
image
MD5: 44c5e0bcecb12800897741a7a991acc4
SHA256: 196362936ef0b2254f2d6837a11d4331275195a8a42a67ea4a171ae7b3320f5c
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\is-F363O.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\is-M3RBU.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\SFKJA4.jpg
image
MD5: 9ce4f1003bd541306fd00519fbd407c3
SHA256: 0c9e1efc95046f4a1c28b279e42ebb261ebfdd1a5af92b37b1714fe2b9401a3e
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\SFKJ210.jpg
image
MD5: a593b1b57b627abe7ba7663acc4343fa
SHA256: 0d192bd33987676f799fa9bd4c8010e0fe78f5eecca055b4b58a950354056d6d
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\ST210.jpg
image
MD5: 6a6be2b93522119d6e6cfded626aa36e
SHA256: 9eb31dcaf4a3932f0f93575918e217d4e5d12d5e348e566db352ffeb4012c7ea
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\ST.jpg
image
MD5: 6a6be2b93522119d6e6cfded626aa36e
SHA256: 9eb31dcaf4a3932f0f93575918e217d4e5d12d5e348e566db352ffeb4012c7ea
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\is-B107O.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\is-3HU8H.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\is-6VRRK.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\is-PPQ0R.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\SFGJ.jpg
image
MD5: d77ac20faeb0228df599a27c007cb535
SHA256: 53617c9454627dedc8dd320d201cc353402704dd50a5213d57128794f93845c9
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\QFKD.jpg
image
MD5: d139852ce2d74a73b440fd3e00a1d8cd
SHA256: c39d6dc513eb0cdc92f62a4223c1aa6ebe4bfe8f72d1b1aa51642bdc5cec7937
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\SFKJ150.jpg
image
MD5: 51118e74a736894f59e5a194c2ec1f40
SHA256: d5c283a114cf1711a48061dcc123a2ceaca905be1e93b6bdc3e810c3429d9604
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\is-19ITA.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\is-J3DPK.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\is-2I8OH.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\Login.jpg
image
MD5: b1a1c153318098731f2978f6f414110b
SHA256: a3fb4ba7ff76612c4b1044270fe981d1728ad16c91c7459d88afe83867292cee
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\HTKY_CN.jpg
image
MD5: 718617642395f77632e08449ec4456a8
SHA256: a9c681fb412eb230243b6f6dea607961aa2c0ab597206bbcd8d7c888a233fb94
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\GTO.jpg
image
MD5: a9e2003853e378e6f744a95a36f730ae
SHA256: 48070682fbebd090b8cc44d7b687fbb5f5c11ba33ef915b9ec88979750105520
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\NewTemplate.jpg
image
MD5: 37b8026f2f65fd9c739cdb26f21df315
SHA256: e389c665ec115e895b05a80f4c9191359b18c80e79090fe6d61d4f18289c9f40
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\is-62A2C.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\is-JC224.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\is-KFVUH.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\is-CPDAS.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\FMA4-2.jpg
image
MD5: faa5bca6b522fd09af8548e9659c5bd0
SHA256: c972442c4982e9d2dce8ad599d5d3d7de14e36d6fd45f8924a17dd4e0691163c
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\FM2.jpg
image
MD5: 860b16cda6dbeae7231309c7dce5ac9c
SHA256: 2be5abc41e70d63661a2a933794c42ed2a303388d1b5055fa656ba44fc997945
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\FMA4.jpg
image
MD5: aefb4ec15080c0c50edd35eb767ac2ee
SHA256: 99bd1d5a6a7b54bc1be45c861416ec01994234a6e2347b4443d7902539f87727
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\FM210.jpg
image
MD5: 98a666e7a5fedf478f59a7fcc2b098b4
SHA256: d314851dd2b72d50bec5ffea68b1a8ebef97ad4cb2d7af75ab56cef06f5789de
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\is-NFARR.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\is-91997.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\is-J2D62.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\is-3GJLN.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\FM180.jpg
image
MD5: 98a666e7a5fedf478f59a7fcc2b098b4
SHA256: d314851dd2b72d50bec5ffea68b1a8ebef97ad4cb2d7af75ab56cef06f5789de
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\FM1.jpg
image
MD5: 18612a5d11e10b079d2121a44f47005c
SHA256: a6bcc900079c75cdb15f08562734d774252ab02ab797cb653b2c54d0ade4a7bd
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\FAST_CN.jpg
image
MD5: 353d1eea7a5a1104d670708eabffdd6e
SHA256: 93d0dade7fc1ed7a21dc9bbbc0a6f4f19ab6262911919f30e718569e24160164
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\FM150.jpg
image
MD5: a20d0f1a241353ffba6491d544ad3765
SHA256: 465eb371e1b17c7d4b980719444450ef88f3ece66006d7a97b23e044a419c9e3
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\is-K6I83.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\is-4BE9B.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\is-O194F.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\is-FSS1Q.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\FAST.jpg
image
MD5: 5c9c1d269cd3695597276397d509d3ff
SHA256: 1561fdac0fb0bf15e4e3f4fc24272958d5164314e3ef83ad32fc58de155489a0
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\EMS.jpg
image
MD5: 2fd36af9119ed7841e61ebf7db8159db
SHA256: 88a0844bf9a9a934ecdcf0876861ec0f6d910ce801fa9ebd9fb0952d47a38f58
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\BSHT.jpg
image
MD5: 3108322970e003f9966d9bb8201e572f
SHA256: d618f8f3cef139e1666da7bae7fc29b61262db3b424f7f421729a5e4ca4956e9
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\EMSZL.jpg
image
MD5: 2fd36af9119ed7841e61ebf7db8159db
SHA256: 88a0844bf9a9a934ecdcf0876861ec0f6d910ce801fa9ebd9fb0952d47a38f58
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\is-64HNU.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\is-V1MP6.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\is-VHNJM.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\is-83M4L.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\A4-2.jpg
image
MD5: 0eadaaf95ca47ecee0ffbf416bc4943a
SHA256: aad207cdcfd854df9e9d660712735df85f2f4c9af208d0d23e66cd4cb2861a05
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\AN.jpg
image
MD5: 58d877a5260555b126ede00e36362487
SHA256: 7976df828a24cde214cc0c67f924a880f175fb34222b6552c3acc0aa3dd8ace9
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\A4.jpg
image
MD5: 1c8e655c09b99f933142e3e16fe67af9
SHA256: 0be06ab233500233bd30abc5b76fe71602268d0ebd109ae54ba53cbc3650c57a
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\210.jpg
image
MD5: 958bb7e68eebe6cb391c667e2c6001d5
SHA256: aa09fba8ddc9585b03209958451d066ba32778c22c15668ac7902df739efb047
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\is-6BISK.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\is-9OAQR.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\is-FG393.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\is-F97SK.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\180.jpg
image
MD5: d0b53b2546389366dbe018da7e27b15c
SHA256: 2f8275f0754078dea3ea527b86109d9f539fdf607f27ad2e587d2bb93a948b9e
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\2015TD.jpg
image
MD5: 56cf34e067d8bc376ea83bf4f55e0157
SHA256: 8c1b47b03e899b0297f18cee90571897cc65eb4a33407d1726ed68a0994182a8
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\2016TD.jpg
image
MD5: 06d176f24184d2e6a45db5e03dd8625f
SHA256: 2b0d6832e9666c47c1ecdef61824b2bfeaa87ecc155f04a05e29e6099768bf6c
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\150.jpg
image
MD5: 1a38034c4694748fd252d239689d6f2d
SHA256: ac1ac4346efee399c9a512807ee56def422379bd056051ad22cd038c59c87a2a
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\is-HOJ83.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\is-KTMF7.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\is-P10CG.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Images\is-3V560.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\unins000.dat
dat
MD5: 9392a79654aafe56fb911ce6a1dc408f
SHA256: 6d6e1da7ec175caf5123006e89b6a6e213b5b3c5ae82c012843d3ad7c2895c91
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\is-UBGK5.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\is-IB7SL.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ËÙ´òÏßÏÂÓû§×¨Óðæ\жÔØ ËÙ´òÏßÏ¿ͻ§¶Ë.lnk
lnk
MD5: 653af508b53463b43622614d39103e47
SHA256: 10dfed28002334f7a19374b05b30e470d117bd40b3e24999cde48851066ec702
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\is-CFF4J.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ËÙ´òÏßÏÂÓû§×¨Óðæ\ËÙ´òÏßÏÂÓû§×¨Óðæ.lnk
lnk
MD5: 99577d8c4d860d644ecf39b538444706
SHA256: de7d84e978bc15ec473dbf049573fb44a9c2659a170cee67289f12087421732c
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Template\Sub_accountTW.xls
document
MD5: 8f2be0c2bb1450b691c6e80550ad4332
SHA256: b9bc3e98a43f28fc8d5dc3e68fd4a03bd5a5b1ecdbf90919f2756fc3024f1601
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Template\Sub_accountCN.xls
document
MD5: ffe31495a3c797d2f8d3b391ea7164bf
SHA256: f3c3b8d4b87242f5e1f175984a87f6f4b5c1aee4162862205f2925bb1effc378
2064
suda.tmp
C:\Program Files\ËÙ´òÏßÏÂÓû§×¨Óðæ\Template\is-KH9AF.tmp
––
MD5:  ––
SHA256:  ––
2064
suda.tmp
C:\Users\Public\Desktop\ËÙ´òÏßÏÂÓû§×¨Óðæ.lnk
lnk
MD5: 61e9c4da6b1de708b4a75a147fd150c8
SHA256: a8811d2f159aa945881caaaafba4e7ed0adf0a6cfc27fa98acb419891a5b8857

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
1
TCP/UDP connections
2
DNS requests
2
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2112 EasyPrint.exe GET –– 120.55.144.90:80 http://sd.1dadan.com/clienthtml/sd/index.html?Tag=43 CN
––
––
unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2112 EasyPrint.exe 103.235.46.39:80 Beijing Baidu Netcom Science and Technology Co., Ltd. HK suspicious
2112 EasyPrint.exe 120.55.144.90:80 Hangzhou Alibaba Advertising Co.,Ltd. CN unknown

DNS requests

Domain IP Reputation
www.baidu.com 103.235.46.39
whitelisted
sd.1dadan.com 120.55.144.90
unknown

Threats

No threats detected.

Debug output strings

No debug info.