Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

SureDI.exe

PE32 executable (GUI) Intel 80386, for MS Windows

initial sample

C:\Program Files\Rigaku\SureDI\Rigaku.EresSystem.MonitorService.v1.0.exe

PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Rigaku.EresSystem.MonitorService.v1.0.exe.config

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (707), with CRLF line terminators

dropped

C:\Config.Msi\4d26bd.rbs

data

dropped

C:\Program Files\Rigaku\SureDI\CreateSQLServerDatabase.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\DBBackupFiles\RigakuDB_Logging.bak

Windows NTbackup archive NT, with file catalog, soft size 8*512, software (0x1200): Microsoft SQL Server

dropped

C:\Program Files\Rigaku\SureDI\DBBackupFiles\RigakuDB_Project.bak

Windows NTbackup archive NT, with file catalog, soft size 8*512, software (0x1200): Microsoft SQL Server

dropped

C:\Program Files\Rigaku\SureDI\DBBackupFiles\RigakuDB_System.bak

Windows NTbackup archive NT, with file catalog, soft size 8*512, software (0x1200): Microsoft SQL Server

dropped

C:\Program Files\Rigaku\SureDI\DBBackupFiles\database_backup.xml

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

dropped

C:\Program Files\Rigaku\SureDI\DevExpress.Charts.v19.2.Core.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\DevExpress.CodeParser.v19.2.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\DevExpress.Data.v19.2.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\DevExpress.DataAccess.v19.2.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\DevExpress.Docs.v19.2.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\DevExpress.Images.v19.2.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\DevExpress.Mvvm.v19.2.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\DevExpress.Office.v19.2.Core.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\DevExpress.Pdf.v19.2.Core.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\DevExpress.Pdf.v19.2.Drawing.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\DevExpress.Printing.v19.2.Core.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\DevExpress.RichEdit.v19.2.Core.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\DevExpress.Snap.v19.2.Core.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\DevExpress.Sparkline.v19.2.Core.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\DevExpress.Spreadsheet.v19.2.Core.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\DevExpress.Utils.v19.2.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\DevExpress.Xpf.Charts.v19.2.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\DevExpress.Xpf.CodeView.v19.2.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\DevExpress.Xpf.Controls.v19.2.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\DevExpress.Xpf.Core.v19.2.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\DevExpress.Xpf.Docking.v19.2.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\DevExpress.Xpf.DocumentViewer.v19.2.Core.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\DevExpress.Xpf.Gauges.v19.2.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\DevExpress.Xpf.Grid.v19.2.Core.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\DevExpress.Xpf.Grid.v19.2.Extensions.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\DevExpress.Xpf.Grid.v19.2.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\DevExpress.Xpf.Layout.v19.2.Core.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\DevExpress.Xpf.LayoutControl.v19.2.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\DevExpress.Xpf.NavBar.v19.2.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\DevExpress.Xpf.PdfViewer.v19.2.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\DevExpress.Xpf.Printing.v19.2.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\DevExpress.Xpf.Ribbon.v19.2.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\DevExpress.Xpf.RichEdit.v19.2.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\DevExpress.Xpf.Spreadsheet.v19.2.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\DevExpress.Xpf.Themes.Office2016White.v19.2.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\DevExpress.Xpf.Themes.SmartBlue.v19.2.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\DevExpress.Xpo.v19.2.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\DevExpress.XtraCharts.v19.2.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\DevExpress.XtraEditors.v19.2.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\EntLibContrib.Logging.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Help\SureDI_BasicPart_UserManual_EN.pdf

PDF document, version 1.7 (zip deflate encoded)

dropped

C:\Program Files\Rigaku\SureDI\Help\SureDI_BasicPart_UserManual_JA.pdf

PDF document, version 1.7 (zip deflate encoded)

dropped

C:\Program Files\Rigaku\SureDI\Help\SureDI_SystemAdministrator_UserManual_EN.pdf

PDF document, version 1.7 (zip deflate encoded)

dropped

C:\Program Files\Rigaku\SureDI\Help\SureDI_SystemAdministrator_UserManual_JA.pdf

PDF document, version 1.7 (zip deflate encoded)

dropped

C:\Program Files\Rigaku\SureDI\Ionic.Zip.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\License\JP\License.rtf

Rich Text Format data, version 1, ANSI, code page 932, default middle east language ID 1025

dropped

C:\Program Files\Rigaku\SureDI\License\ThirdParty\ThirdPartyPrograms.txt

ASCII text

dropped

C:\Program Files\Rigaku\SureDI\License\US\License.rtf

Rich Text Format data, version 1, ANSI, code page 932, default middle east language ID 1025

dropped

C:\Program Files\Rigaku\SureDI\LocalSQLserverSettings.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\MathNet.Numerics.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Microsoft.Practices.EnterpriseLibrary.Common.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Microsoft.Practices.EnterpriseLibrary.Logging.Database.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Microsoft.Practices.EnterpriseLibrary.Logging.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Microsoft.Practices.Prism.Interactivity.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Microsoft.Practices.Prism.MefExtensions.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Microsoft.Practices.Prism.UnityExtensions.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Microsoft.Practices.Prism.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Microsoft.Practices.ServiceLocation.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Microsoft.Practices.Unity.Interception.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Microsoft.Practices.Unity.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\MonitoredUndo.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Newtonsoft.Json.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\PdfSharp-WPF.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\PdfSharp.Xps.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\PluginsCatalog.xaml

XML 1.0 document, ASCII text, with CRLF line terminators

dropped

C:\Program Files\Rigaku\SureDI\Rigaku.APF.Materials.v2.0.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Rigaku.APF.MathA.v2.0.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Rigaku.APF.Sample.v2.0.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Rigaku.APF.StressMath.v1.0.dll

PE32+ executable (DLL) (GUI) x86-64 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Rigaku.APF.StressModule.v1.0.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Rigaku.APF.SystemExtensions.v2.0.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Rigaku.APF.TextureMath.v1.0.dll

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Rigaku.APF.TextureModule.v1.1.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Rigaku.APF.XrayPhysics.v2.0.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Rigaku.ApplicationShell.Shell.Infrastructure.Interface.v4.0.dll

PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Rigaku.ApplicationShell.Shell.Infrastructure.v4.0.dll

PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Rigaku.Chart.Editors.v2.0.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Rigaku.Chart.Interface.v2.0.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Rigaku.Chart.Layers.v2.0.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Rigaku.Chart.Other.v2.0.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Rigaku.Chart.Utils.v2.0.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Rigaku.Chart.v2.0.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Rigaku.CustomDataDialog.v1.0.dll

PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Rigaku.DBKeeperLogic.v4.0.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Rigaku.DBMaintenance.exe

PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Rigaku.DBUPR.DI.v1.0.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Rigaku.DSCViewerControlLib.v1.0.dll

PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Rigaku.DataBrowserDialog.v1.0.dll

PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Rigaku.EresSystem.DBBrowser.v1.0.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Rigaku.EresSystem.Interface.v1.0.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Rigaku.EresSystem.Logging.v1.0.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Rigaku.EresSystem.Logic.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Rigaku.EresSystem.Monitor.v1.0.exe

PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Rigaku.EresSystem.Monitor.v1.0.exe.config

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (711), with CRLF line terminators

dropped

C:\Program Files\Rigaku\SureDI\Rigaku.EresSystem.Signature.v1.0.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Rigaku.EresSystem.UICommon.v1.0.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Rigaku.EresSystem.v1.0.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Rigaku.ImageViewerControlLib.v1.0.dll

PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Rigaku.Infrastructure.IO.v1.0.dll

PE32+ executable (DLL) (GUI) x86-64 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Rigaku.Infrastructure.ImageLib.v1.0.dll

PE32+ executable (DLL) (GUI) x86-64 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Rigaku.Infrastructure.RasxLib.v1.0.dll

PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Rigaku.InstrumentFramework.Communication.v1.0.dll

PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Rigaku.InstrumentFramework.DataStruct.v1.0.dll

PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Rigaku.MRInfrastructure.v3.0.dll

PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Rigaku.PhysicalFramework.Basic.v1.0.dll

PE32+ executable (DLL) (GUI) x86-64 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Rigaku.PhysicalFramework.Film.v1.0.dll

PE32+ executable (DLL) (GUI) x86-64 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Rigaku.PhysicalFramework.Powder.v1.0.dll

PE32+ executable (DLL) (GUI) x86-64 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Rigaku.PhysicalFramework.xPDF.v1.0.dll

PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Rigaku.Plugins.DBManager.v4.0.dll

PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Rigaku.Plugins.Launcher.v1.0.dll

PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Rigaku.Plugins.Logging.v4.0.dll

PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Rigaku.Plugins.TreeBasePlugin.Interface.v4.0.dll

PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Rigaku.Plugins.UserManager.v4.0.dll

PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Rigaku.RLPS.DI.v1.0.dll

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Rigaku.RigakuCommonTools.v1.0.dll

PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Rigaku.Services.DBDataService.v4.0.dll

PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Rigaku.Services.MaterialsService.Interface.v4.0.dll

PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Rigaku.Services.ReportingService.Interface.v4.0.dll

PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Rigaku.Services.ReportingService.v4.0.dll

PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Rigaku.Services.UndoRedoService.Interface.v4.0.dll

PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\Rigaku.SignatureLib.v1.0.dll

PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\SQLQuery\RigakuDB\AddDataFileResultFilesInfoConstraint.sql

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

dropped

C:\Program Files\Rigaku\SureDI\SQLQuery\RigakuDB\CreateDataFileResultFilesInfo.sql

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

dropped

C:\Program Files\Rigaku\SureDI\SQLQuery\RigakuDB\CreateTablesMng.sql

ASCII text, with CRLF line terminators

dropped

C:\Program Files\Rigaku\SureDI\SQLserverConnectionSettings.exe

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\SlimDX.dll

PE32+ executable (DLL) (GUI) x86-64 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\SureDI.v1.0.exe

PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\SureDI.v1.0.exe.config

XML 1.0 document, Unicode text, UTF-8 text, with very long lines (745), with CRLF line terminators

dropped

C:\Program Files\Rigaku\SureDI\System.ComponentModel.Composition.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\System.Windows.Interactivity.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\TouchKeyboardNotifier.dll

PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\UpdateSQL.exe

PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\WupiEngine64.dll

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\WupiEngineNet.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\backup_SQLRigaku.cmd

ASCII text, with CRLF line terminators

dropped

C:\Program Files\Rigaku\SureDI\ja\DevExpress.Data.v19.2.resources.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\ja\DevExpress.DataAccess.v19.2.resources.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\ja\DevExpress.Office.v19.2.Core.resources.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\ja\DevExpress.Pdf.v19.2.Core.resources.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\ja\DevExpress.Printing.v19.2.Core.resources.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\ja\DevExpress.RichEdit.v19.2.Core.resources.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\ja\DevExpress.Snap.v19.2.Core.resources.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\ja\DevExpress.Sparkline.v19.2.Core.resources.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\ja\DevExpress.Spreadsheet.v19.2.Core.resources.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\ja\DevExpress.Xpf.Charts.v19.2.resources.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\ja\DevExpress.Xpf.Controls.v19.2.resources.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\ja\DevExpress.Xpf.Core.v19.2.resources.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\ja\DevExpress.Xpf.Docking.v19.2.resources.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\ja\DevExpress.Xpf.DocumentViewer.v19.2.Core.resources.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\ja\DevExpress.Xpf.Grid.v19.2.Core.resources.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\ja\DevExpress.Xpf.LayoutControl.v19.2.resources.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\ja\DevExpress.Xpf.NavBar.v19.2.resources.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\ja\DevExpress.Xpf.PdfViewer.v19.2.resources.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\ja\DevExpress.Xpf.Printing.v19.2.resources.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\ja\DevExpress.Xpf.Ribbon.v19.2.resources.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\ja\DevExpress.Xpf.Spreadsheet.v19.2.resources.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\ja\DevExpress.Xpo.v19.2.resources.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\ja\DevExpress.XtraCharts.v19.2.resources.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\ja\Rigaku.APF.Materials.v2.0.resources.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\ja\Rigaku.APF.MathA.v2.0.resources.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\ja\Rigaku.APF.Sample.v2.0.resources.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\ja\Rigaku.APF.StressModule.v1.0.resources.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\ja\Rigaku.APF.SystemExtensions.v2.0.resources.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\ja\Rigaku.APF.TextureModule.v1.1.resources.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\ja\Rigaku.APF.XrayPhysics.v2.0.resources.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\ja\Rigaku.ApplicationShell.Shell.Infrastructure.v4.0.resources.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\ja\Rigaku.Chart.Editors.v2.0.resources.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\ja\Rigaku.Chart.Interface.v2.0.resources.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\ja\Rigaku.Chart.Layers.v2.0.resources.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\ja\Rigaku.Chart.Other.v2.0.resources.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\ja\Rigaku.Chart.Utils.v2.0.resources.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\ja\Rigaku.Chart.v2.0.resources.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\ja\Rigaku.CustomDataDialog.v1.0.resources.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\ja\Rigaku.DBKeeperLogic.v4.0.resources.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\ja\Rigaku.DSCViewerControlLib.v1.0.resources.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\ja\Rigaku.DataBrowserDialog.v1.0.resources.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\ja\Rigaku.EresSystem.DBBrowser.v1.0.resources.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\ja\Rigaku.EresSystem.UICommon.v1.0.resources.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\ja\Rigaku.EresSystem.v1.0.resources.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\ja\Rigaku.ImageViewerControlLib.v1.0.resources.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\ja\Rigaku.MRInfrastructure.v3.0.resources.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\ja\Rigaku.Plugins.DBManager.v4.0.resources.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\ja\Rigaku.Plugins.Launcher.v1.0.resources.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\ja\Rigaku.Plugins.Logging.v4.0.resources.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\ja\Rigaku.Plugins.TreeBasePlugin.Interface.v4.0.resources.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\ja\Rigaku.Plugins.UserManager.v4.0.resources.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\ja\Rigaku.RigakuCommonTools.v1.0.resources.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\ja\Rigaku.Services.DBDataService.v4.0.resources.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\ja\Rigaku.Services.ReportingService.Interface.v4.0.resources.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\ja\Rigaku.Services.ReportingService.v4.0.resources.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\ja\Rigaku.SignatureLib.v1.0.resources.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\ja\SureDI.v1.0.resources.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\tbb.dll

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\wupi.net.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\Program Files\Rigaku\SureDI\zlib.net.dll

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows

dropped

C:\ProgramData\Microsoft\Network\Downloader\edb.log

data

dropped

C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

Extensible storage engine DataBase, version 0x620, checksum 0xeef88e3a, page size 16384, DirtyShutdown, Windows version 10.0

dropped

C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

data

dropped

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rigaku\SureDI\SureDI.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Sep 20 13:58:04 2023, mtime=Tue Oct 1 09:19:57 2024, atime=Wed Sep 20 13:58:04 2023, length=503296, window=hide

dropped

C:\ProgramData\Rigaku\SureDI\MonitorServiceLogsv1.0\Service.log

ASCII text, with CRLF line terminators

dropped

C:\Users\Public\Desktop\SureDI.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Sep 20 13:58:04 2023, mtime=Tue Oct 1 09:19:48 2024, atime=Wed Sep 20 13:58:04 2023, length=503296, window=hide

dropped

C:\Users\Public\Desktop\SureDI.lnk~RF4d85e2.TMP (copy)

dropped

C:\Users\Public\Desktop\~ureDI.tmp

dropped

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\MsiExec.exe.log

CSV text

modified

C:\Users\user\AppData\Local\Temp\66808c52-1f80-4752-941f-ce1c7f2e7b0e\AddRule_SLSII.ps1

ASCII text

dropped

C:\Users\user\AppData\Local\Temp\MSIFDE6.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5auynpys.tfe.psm1

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jo5bvn4g.h5s.ps1

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rwrcodpi.d0n.psm1

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wi11rsnj.hig.ps1

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\wac36A9.tmp

PE32+ executable (GUI) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\{ACB5ABDE-1955-466A-9C3A-B1FFF8BB5CFB}\0x0409.ini

Unicode text, UTF-16, little-endian text, with very long lines (308), with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\{ACB5ABDE-1955-466A-9C3A-B1FFF8BB5CFB}\0x0411.ini

Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\{ACB5ABDE-1955-466A-9C3A-B1FFF8BB5CFB}\1033.MST

Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Title: Installation Database, Subject: Rigaku SureDI, Author: Rigaku corporation, Keywords: Installer,MSI,Database, Comments: Contact: Your local administrator, Create Time/Date: Wed Sep 20 12:13:16 2023, Name of Creating Application: InstallShield 2015 - Premier Edition with Virtualization Pack 22, Security: 1, Template: x64;0,1033,1041, Last Saved By: x64;0, Revision Number: {12226574-52CC-483F-8DB0-E617C91F04D0}1.0.21.0;{12226574-52CC-483F-8DB0-E617C91F04D0}1.0.21.0;{D06C1535-3E12-40B3-B596-393FDCAC1194}, Number of Pages: 500, Number of Characters: 1

dropped

C:\Users\user\AppData\Local\Temp\{ACB5ABDE-1955-466A-9C3A-B1FFF8BB5CFB}\Rigaku SureDI.msi

Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Number of Characters: 0, Last Saved By: InstallShield, Number of Words: 0, Title: Installation Database, Comments: Contact: Your local administrator, Keywords: Installer,MSI,Database, Subject: Rigaku SureDI, Author: Rigaku corporation, Security: 1, Number of Pages: 500, Name of Creating Application: InstallShield 2015 - Premier Edition with Virtualization Pack 22, Last Saved Time/Date: Wed Sep 20 12:13:16 2023, Create Time/Date: Wed Sep 20 12:13:16 2023, Last Printed: Wed Sep 20 12:13:16 2023, Revision Number: {51A2CE23-9920-4B37-A131-F84FF84F0C0E}, Code page: 0, Template: x64;0,1033,1041

dropped

C:\Users\user\AppData\Local\Temp\{ACB5ABDE-1955-466A-9C3A-B1FFF8BB5CFB}\Setup.INI

Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\{ACB5ABDE-1955-466A-9C3A-B1FFF8BB5CFB}\SureDI.exe

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\{ACB5ABDE-1955-466A-9C3A-B1FFF8BB5CFB}\SureDI.exe:Zone.Identifier

ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\{ACB5ABDE-1955-466A-9C3A-B1FFF8BB5CFB}\_ISMSIDEL.INI

Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\~E424.tmp

Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\~E425.tmp

Unicode text, UTF-16, little-endian text, with CRLF line terminators

modified

C:\Users\user\AppData\Local\Temp\~E676.tmp

Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\~E677.tmp

Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\Windows\Installer\4d26bb.msi

dropped

C:\Windows\Installer\4d26bc.mst

dropped

C:\Windows\Installer\4d26be.msi

dropped

C:\Windows\Installer\MSI360D.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Windows\Installer\MSI36C9.tmp

data

dropped

C:\Windows\Installer\MSI6BC5.tmp

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

dropped

C:\Windows\Installer\MSI8CAC.tmp

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows

dropped

C:\Windows\Installer\SourceHash{12226574-52CC-483F-8DB0-E617C91F04D0}

Composite Document File V2 Document, Cannot read section info

dropped

C:\Windows\Installer\inprogressinstallinfo.ipi

Composite Document File V2 Document, Cannot read section info

dropped

C:\Windows\Installer\{12226574-52CC-483F-8DB0-E617C91F04D0}\1033.MST

dropped

C:\Windows\Installer\{12226574-52CC-483F-8DB0-E617C91F04D0}\ARPPRODUCTICON.exe

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

dropped

C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

JSON data

dropped

C:\Windows\System32\msvcr100.dll

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

dropped

C:\Windows\Temp\~DF10337A41B8C17FFD.TMP

Composite Document File V2 Document, Cannot read section info

dropped

C:\Windows\Temp\~DF428011A10C3E6C64.TMP

data

dropped

C:\Windows\Temp\~DF4CA4E2ECA3E38801.TMP

data

dropped

C:\Windows\Temp\~DF5198E800E8414A05.TMP

data

dropped

C:\Windows\Temp\~DF5EEC8B883E22FC3C.TMP

data

dropped

C:\Windows\Temp\~DF87DE8252F28F03ED.TMP

data

modified

C:\Windows\Temp\~DF8E6C0E6E84FC55EE.TMP

data

dropped

C:\Windows\Temp\~DFB735F06FEC317F86.TMP

Composite Document File V2 Document, Cannot read section info

dropped

C:\Windows\Temp\~DFBC11E6F989F90E51.TMP

Composite Document File V2 Document, Cannot read section info

dropped

C:\Windows\Temp\~DFCB01ED48CFB74692.TMP

data

dropped

C:\Windows\Temp\~DFD5A66525C5DA0E80.TMP

Composite Document File V2 Document, Cannot read section info

dropped

C:\Windows\Temp\~DFED10223112448B4E.TMP

Composite Document File V2 Document, Cannot read section info

dropped

There are 250 hidden files, click here to show them.

Processes

Path

Cmdline

Malicious

C:\Windows\System32\msiexec.exe

"C:\Windows\system32\MSIEXEC.EXE" /i "C:\Users\user\AppData\Local\Temp\{ACB5ABDE-1955-466A-9C3A-B1FFF8BB5CFB}\Rigaku SureDI.msi" TRANSFORMS="C:\Users\user\AppData\Local\Temp\{ACB5ABDE-1955-466A-9C3A-B1FFF8BB5CFB}\1033.MST" SETUPEXEDIR="C:\Users\user\Desktop" SETUPEXENAME="SureDI.exe"

C:\Windows\System32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\System32\msiexec.exe

C:\Windows\System32\MsiExec.exe -Embedding 61343986035DDA98571FD63CB9C8F73D E Global\MSI0000

C:\Program Files\Rigaku\SureDI\Rigaku.EresSystem.MonitorService.v1.0.exe

"C:\Program Files\Rigaku\SureDI\Rigaku.EresSystem.MonitorService.v1.0.exe"

C:\Users\user\Desktop\SureDI.exe

"C:\Users\user\Desktop\SureDI.exe"

C:\Users\user\AppData\Local\Temp\{ACB5ABDE-1955-466A-9C3A-B1FFF8BB5CFB}\SureDI.exe

C:\Users\user\AppData\Local\Temp\{ACB5ABDE-1955-466A-9C3A-B1FFF8BB5CFB}\SureDI.exe /q"C:\Users\user\Desktop\SureDI.exe" /tempdisk1folder"C:\Users\user\AppData\Local\Temp\{ACB5ABDE-1955-466A-9C3A-B1FFF8BB5CFB}" /IS_temp

C:\Windows\SysWOW64\msiexec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding CDB15B2CE92E28F3B8622149A9799E65 C

C:\Windows\SysWOW64\msiexec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 72C84AB51E330DD7B93C0FC1C98E56AC

C:\Windows\SysWOW64\msiexec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 60E1AB94C32A1ADB74E0CFD4F89B3AA8 E Global\MSI0000

C:\Program Files\Rigaku\SureDI\Rigaku.EresSystem.Monitor.v1.0.exe

True

C:\Windows\SysWOW64\explorer.exe

explorer.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS

There are 2 hidden processes, click here to show them.

URLs

Name

Malicious

http://www.fontbureau.com/designersG

unknown

http://www.fontbureau.com/designers/?

unknown

http://www.founder.com.cn/cn/bThe

unknown

http://www.fontbureau.com/designers?

unknown

http://www.tiro.com

unknown

https://g.live.com/odclientsettings/ProdV2.C:

unknown

https://www.newtonsoft.com/json

unknown

http://www.fontbureau.com/designers

unknown

http://www.installshield.com/isetup/ProErrorCentral.asp?ErrorCode=%d

unknown

http://www.goodfont.co.kr

unknown

http://schemas.rigaku.com/slsii/infra/dscviewerctrl

unknown

http://www.sajatypeworks.com

unknown

http://www.typography.netD

unknown

https://g.live.com/odclientsettings/Prod.C:

unknown

http://www.founder.com.cn/cn/cThe

unknown

http://www.galapagosdesign.com/staff/dennis.htm

unknown

https://g.live.com/odclientsettings/ProdV2

unknown

http://foo/mainwindow.xaml

unknown

http://www.rigaku.com

unknown

http://www.galapagosdesign.com/DPlease

unknown

http://www.fonts.com

unknown

http://www.sandoll.co.kr

unknown

http://www.urwpp.deDPlease

unknown

http://www.zhongyicts.com.cn

unknown

http://www.sakkal.com

unknown

https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6

unknown

http://www.apache.org/licenses/LICENSE-2.0

unknown

http://www.fontbureau.com

unknown

http://www.aiim.org/pdfa/ns/id/

unknown

http://crl.ver)

unknown

http://schemas.rigaku.com/slsii/infra/imgviewerctrl

unknown

http://james.newtonking.com/projects/json

unknown

http://schemas.rigaku.com/slsii/infra/customfiledialog

unknown

http://creativecommons.org/ns#

unknown

http://schemas.rigaku.com/slsii/plugins/dbmanager

unknown

http://www.carterandcone.coml

unknown

http://www.fontbureau.com/designers/cabarga.htmlN

unknown

http://foo/bar/mainwindow.baml

unknown

http://www.founder.com.cn/cn

unknown

http://www.fontbureau.com/designers/frere-user.html

unknown

https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96

unknown

https://www.thawte.com/cps0/

unknown

http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd

unknown

http://schemas.rigaku.com/eressystem/uicommon

unknown

https://www.thawte.com/repository0W

unknown

http://www.jiyu-kobo.co.jp/

unknown

https://www.newtonsoft.com/jsonschema

unknown

http://defaultcontainer/Rigaku.EresSystem.Monitor.v1.0;component/mainwindow.xaml

unknown

https://www.nuget.org/packages/Mono.Cecil/)

unknown

http://www.fontbureau.com/designers8

unknown

https://www.nuget.org/packages/Newtonsoft.Json.Bson

unknown

http://www.inkscape.org/namespaces/inkscape

unknown

There are 42 hidden URLs, click here to show them.

IPs

Domain

Country

Malicious

127.0.0.1

unknown

Registry

Path

Value

Malicious

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager

PendingFileRenameOperations

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer

GlobalAssocChangedCounter

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

Owner

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

SessionHash

HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000

Sequence

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders

C:\Config.Msi\

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts

C:\Config.Msi\4d26bd.rbs

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts

C:\Config.Msi\4d26bd.rbsLow

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7042DDB7B3B5E1A47B3DD077AE410FED

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFB3AE5F7A486F44E91CA61EB7415485

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0383AA7290F237344AAD4B159DB6AF92

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CD97DDE649FE4D242889F349F56AE809

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2CA3CB14C72788543B8F2E7E30FB6115

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F125B1B4F38A13943894A74D491C17BE

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1728B9AFD71A6CA4FB53208E5F422928

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\608237CC5CA154E419AE3E047DC04823

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7A586EF105FA7BE47B1E20B011379A35

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0C6458266ADFA834B9D27DE10FFC0CCA

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE80452855287BD4FB2B6F6C6EFED570

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\10781A0C77CCCC84798722A069CFA7EB

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2C23FF6CE71286541B69573EDDC34CEA

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\21FBA66DDAB935046913C2D8D41740B4

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6DE6B43D80183D4C8ECF6328D229FE7

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B604F015DEA28714783024E5F9D0D9D9

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F4C9882BCC690FC4BBA1B5464AE4DFC7

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D09FF8A7D54F39489167AFBF3D9B5B4

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7C07D0A6A3D2D584895A4A49FECE16F7

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\646C955FB055D6146982CA3FD9CA6548

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0D79453476A4CBF409DB17F92257A0A7

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D254F8BE1EADD70BB4A22221F8F15D81

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\083C439EEC00476D8F04F6568D281067

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02AE29A83F9079BD5E125CF4D9B58B64

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F580037B1EDF8EC65F0435A7EE18B26F

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\01ECA9A14160ED73391BF6E30D8AECFC

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\129948FF17D12D70C9A0198E38D00662

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7A5BF9176F970692D6FCC236C00BF9E8

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AFA3AF5CB1DAF357DC1402009DD41105

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\094DDF9F53905035FB5A350768C8D64C

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42666B0189C4832C290ECCE1944C5F36

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\21AE9A5FD3B28FB4ABD29FB106C14D1D

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D9F48703350DA35980206C6CAE30CDDB

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A95AEB834D10784F17ECA14FF9CE383

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E25E721CD4CE6CBD68AD445AE39578A9

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\996C545A30D990EE376B730319C9B05E

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E15379AD13EE95B2A6CD6BDB33DEBA49

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F3C308B5C5DFD5E4E545556E297D52B4

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C60D7809424CBE63C2F726AD0C13C015

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C27B5A713D0C9F64F5B69DA55D2A44BC

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37D9091022E3D947707CE8EF9DA6B644

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9658E52E09B98F0ED35753EF720FFAFA

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2C5460BC3822E897F80D857139CCD755

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD7AA5A8796BA32194860EB0047F930F

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1D8E6E946FC11225220E3A59F60316B0

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\13E80B8DA0314C4B20F5EC7437CB7178

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A829152E0A8AC5006D56E8A1D3F9D011

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2D51EBBFA58211BE1657AAFA0DDCC619

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\96EDE54D5099A4DE7A78B0552E42B570

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EA70CAA40F4E54F06BA8E39EEB6B54A0

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DF12DB8DF8ED887952F431FD41D7676B

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0C63EEBE42A0900EE67243E4A8A61DB9

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\01547CFAE7F0AD1D9FE8DC1DC1006778

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4F709FF2DF342C20A65B485B0FC01F2A

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94596428C8694EF19F46031A49B5A1BB

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CA7C42B96134E0F3061EEB36ED54FBE

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CAF068C958EC223F5A5611F9A13A4F13

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8270890FBAC88D7CA4C4BA9B239474C4

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCDFC7EF06FC5B903FD53BC281C9F519

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5B99E56C3CD55D20B20DFD29520264A4

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F833BF88653FFB57A708B8A1E0862C5E

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\834CEF5861785DB7039EF22A9E5BAF62

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\65BC1C89E7D6E0AD88D41485AC5EFB43

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\368D1B5982530AA86BBB2F7F23D863C0

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1666144D56A18AB84B4D3616748DD114

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61E24D7D0DF66D7357DD2B3F25253A6E

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\56EF5D3B86757F0617598CA406E4155D

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8EA44F19F058FD13A3803B4107D7D228

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1FDFE3F174BC367CECC5D831632CC33

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BDFC9F053F7BDA7B66EAAD9BB099881E

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\44B0284B8E14A9714572BC59C80FEB45

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\442884CCBCB4F07E78F3CC717C12E75C

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0747997D2FE010E4838F8202CB9E17EF

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29DAE0C972E24A0D65DF5BFB66D667FE

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F27D8BBE5B9F58B42AB2BD23722CB65E

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\39CD289E44F34B4689BDC812C02E9053

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0B52937D34B05F4B3460865BE25D5E17

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2ADD6267CDA250DB1E18E84BF0EC9A32

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F683863D9C4F4A72E9AAE4AC65529DF1

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8461E8D67E383576BE6BA86ABCC4F5A8

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0D7BB19DAA80D111C917840CC899E1B5

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A0D2C6051263A34124D4CF62005B0AB

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs

C:\Windows\system32\msvcr100.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\620139E0B929C2837B208B4B3039995E

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs

C:\Windows\system32\msvcp100.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03EA91DAF1821523AAA0556E73E73D5F

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F1B496B301445D115AA4000972A8B18B

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders

C:\ProgramData\Rigaku\

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders

C:\Program Files\Rigaku\SureDI\

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders

C:\Program Files\Rigaku\

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders

C:\ProgramData\Rigaku\SureDI\

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders

C:\Program Files\Rigaku\SureDI\DBBackupFiles\

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders

C:\Program Files\Rigaku\SureDI\Help\

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders

C:\Program Files\Rigaku\SureDI\ja\

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders

C:\Program Files\Rigaku\SureDI\License\JP\

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders

C:\Program Files\Rigaku\SureDI\License\

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders

C:\Program Files\Rigaku\SureDI\License\ThirdParty\

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders

C:\Program Files\Rigaku\SureDI\License\US\

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders

C:\Program Files\Rigaku\SureDI\SQLQuery\RigakuDB\

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders

C:\Program Files\Rigaku\SureDI\SQLQuery\

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03EA91DAF1821523AAA0556E73E73D5F\47562221CC25F384D80B6E719CF1400D

PatchGUID

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03EA91DAF1821523AAA0556E73E73D5F\47562221CC25F384D80B6E719CF1400D

MediaCabinet

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03EA91DAF1821523AAA0556E73E73D5F\47562221CC25F384D80B6E719CF1400D

File

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03EA91DAF1821523AAA0556E73E73D5F\47562221CC25F384D80B6E719CF1400D

ComponentVersion

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03EA91DAF1821523AAA0556E73E73D5F\47562221CC25F384D80B6E719CF1400D

ProductVersion

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03EA91DAF1821523AAA0556E73E73D5F\47562221CC25F384D80B6E719CF1400D

PatchSize

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03EA91DAF1821523AAA0556E73E73D5F\47562221CC25F384D80B6E719CF1400D

PatchAttributes

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03EA91DAF1821523AAA0556E73E73D5F\47562221CC25F384D80B6E719CF1400D

PatchSequence

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03EA91DAF1821523AAA0556E73E73D5F\47562221CC25F384D80B6E719CF1400D

SharedComponent

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03EA91DAF1821523AAA0556E73E73D5F\47562221CC25F384D80B6E719CF1400D

IsFullFile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders

C:\Windows\Installer\{12226574-52CC-483F-8DB0-E617C91F04D0}\

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rigaku\SureDI\

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rigaku\

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00415345-CD82-3274-9474-B45703A02713}\1.0.0.0

Class

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00415345-CD82-3274-9474-B45703A02713}\1.0.0.0

Assembly

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00415345-CD82-3274-9474-B45703A02713}\1.0.0.0

RuntimeVersion

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{00415345-CD82-3274-9474-B45703A02713}\1.0.0.0

CodeBase

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Rigaku.EresSystem.Logic.DBFilePathAndSampleInfoWrapper

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Rigaku.EresSystem.Logic.DBFilePathAndSampleInfoWrapper\CLSID

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF1A796C-35E8-3687-80D4-7A65BD43DCC9}

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF1A796C-35E8-3687-80D4-7A65BD43DCC9}\InprocServer32

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF1A796C-35E8-3687-80D4-7A65BD43DCC9}\InprocServer32

ThreadingModel

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF1A796C-35E8-3687-80D4-7A65BD43DCC9}\InprocServer32

Class

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Rigaku.EresSystem.Logic.SampleInformationWrapper

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Rigaku.EresSystem.Logic.SampleInformationWrapper\CLSID

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3B22131A-E7E4-3353-9F7B-F2333B4F98FB}\InprocServer32

Class

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Rigaku.EresSystem.Logic.SDKCommonAPIs

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Rigaku.EresSystem.Logic.SDKCommonAPIs\CLSID

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6DC7B981-BCB4-3BD7-AC06-B11D4FDB3304}\InprocServer32

Class

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Rigaku.EresSystem.Logic.DBFileInformation

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Rigaku.EresSystem.Logic.DBFileInformation\CLSID

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{71F8A06B-94D3-3CC1-9979-E36188444C1D}\InprocServer32

Class

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Rigaku.EresSystem.Logic.DBDataManager

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Rigaku.EresSystem.Logic.DBDataManager\CLSID

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C5D27ADC-A75D-3ED7-B87A-B4EA8C0E17CA}\InprocServer32

Class

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Rigaku.EresSystem.Logic.AuditTrailItem

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Rigaku.EresSystem.Logic.AuditTrailItem\CLSID

NULL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5D2BD1DF-1D3F-343A-B780-11B86694CF1E}\InprocServer32

Class

HKEY_LOCAL_MACHINE\SOFTWARE\Rigaku\EresSystem

Install Directory

HKEY_LOCAL_MACHINE\SOFTWARE\Rigaku\EresSystem

EXE Path

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\47562221CC25F384D80B6E719CF1400D\InstallProperties

RegOwner

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\47562221CC25F384D80B6E719CF1400D\InstallProperties

RegCompany

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\47562221CC25F384D80B6E719CF1400D\InstallProperties

ProductID

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\47562221CC25F384D80B6E719CF1400D\InstallProperties

LocalPackage

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\47562221CC25F384D80B6E719CF1400D\InstallProperties

AuthorizedCDFPrefix

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\47562221CC25F384D80B6E719CF1400D\InstallProperties

Comments

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\47562221CC25F384D80B6E719CF1400D\InstallProperties

Contact

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\47562221CC25F384D80B6E719CF1400D\InstallProperties

DisplayVersion

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\47562221CC25F384D80B6E719CF1400D\InstallProperties

HelpLink

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\47562221CC25F384D80B6E719CF1400D\InstallProperties

HelpTelephone

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\47562221CC25F384D80B6E719CF1400D\InstallProperties

InstallDate

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\47562221CC25F384D80B6E719CF1400D\InstallProperties

InstallLocation

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\47562221CC25F384D80B6E719CF1400D\InstallProperties

InstallSource

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\47562221CC25F384D80B6E719CF1400D\InstallProperties

ModifyPath

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\47562221CC25F384D80B6E719CF1400D\InstallProperties

NoModify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\47562221CC25F384D80B6E719CF1400D\InstallProperties

NoRepair

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\47562221CC25F384D80B6E719CF1400D\InstallProperties

Publisher

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\47562221CC25F384D80B6E719CF1400D\InstallProperties

Readme

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\47562221CC25F384D80B6E719CF1400D\InstallProperties

Size

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\47562221CC25F384D80B6E719CF1400D\InstallProperties

EstimatedSize

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\47562221CC25F384D80B6E719CF1400D\InstallProperties

UninstallString

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\47562221CC25F384D80B6E719CF1400D\InstallProperties

URLInfoAbout

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\47562221CC25F384D80B6E719CF1400D\InstallProperties

URLUpdateInfo

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\47562221CC25F384D80B6E719CF1400D\InstallProperties

VersionMajor

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\47562221CC25F384D80B6E719CF1400D\InstallProperties

VersionMinor

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\47562221CC25F384D80B6E719CF1400D\InstallProperties

WindowsInstaller

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\47562221CC25F384D80B6E719CF1400D\InstallProperties

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\47562221CC25F384D80B6E719CF1400D\InstallProperties

Language

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12226574-52CC-483F-8DB0-E617C91F04D0}

AuthorizedCDFPrefix

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12226574-52CC-483F-8DB0-E617C91F04D0}

Comments

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12226574-52CC-483F-8DB0-E617C91F04D0}

Contact

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12226574-52CC-483F-8DB0-E617C91F04D0}

DisplayVersion

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12226574-52CC-483F-8DB0-E617C91F04D0}

HelpLink

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12226574-52CC-483F-8DB0-E617C91F04D0}

HelpTelephone

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12226574-52CC-483F-8DB0-E617C91F04D0}

InstallDate

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12226574-52CC-483F-8DB0-E617C91F04D0}

InstallLocation

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12226574-52CC-483F-8DB0-E617C91F04D0}

InstallSource

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12226574-52CC-483F-8DB0-E617C91F04D0}

ModifyPath

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12226574-52CC-483F-8DB0-E617C91F04D0}

NoModify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12226574-52CC-483F-8DB0-E617C91F04D0}

NoRepair

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12226574-52CC-483F-8DB0-E617C91F04D0}

Publisher

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12226574-52CC-483F-8DB0-E617C91F04D0}

Readme

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12226574-52CC-483F-8DB0-E617C91F04D0}

Size

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12226574-52CC-483F-8DB0-E617C91F04D0}

EstimatedSize

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12226574-52CC-483F-8DB0-E617C91F04D0}

UninstallString

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12226574-52CC-483F-8DB0-E617C91F04D0}

URLInfoAbout

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12226574-52CC-483F-8DB0-E617C91F04D0}

URLUpdateInfo

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12226574-52CC-483F-8DB0-E617C91F04D0}

VersionMajor

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12226574-52CC-483F-8DB0-E617C91F04D0}

VersionMinor

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12226574-52CC-483F-8DB0-E617C91F04D0}

WindowsInstaller

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12226574-52CC-483F-8DB0-E617C91F04D0}

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12226574-52CC-483F-8DB0-E617C91F04D0}

Language

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5351C60D21E33B045B6993F3CDCA1149

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\47562221CC25F384D80B6E719CF1400D\InstallProperties

DisplayName

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12226574-52CC-483F-8DB0-E617C91F04D0}

DisplayName

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|Rigaku|SureDI|SureDI.v1.0.exe

SureDI.v1.0,Version="1.0.21.0",Culture="neutral",FileVersion="1.0.21.0",ProcessorArchitecture="Amd64"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|Rigaku|SureDI|Rigaku.EresSystem.Logic.dll

Rigaku.EresSystem.Logic,Version="1.0.0.0",Culture="neutral",FileVersion="1.0.0.0",ProcessorArchitecture="MSIL"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Program Files|Rigaku|SureDI|Rigaku.EresSystem.MonitorService.v1.0.exe

Rigaku.EresSystem.MonitorService.v1.0,Version="1.0.0.0",Culture="neutral",FileVersion="1.0.0.0",ProcessorArchitecture="Amd64"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\47562221CC25F384D80B6E719CF1400D

SLSII

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\47562221CC25F384D80B6E719CF1400D\Features

SLSII

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\47562221CC25F384D80B6E719CF1400D

CommomPlugin

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\47562221CC25F384D80B6E719CF1400D\Features

CommomPlugin

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\47562221CC25F384D80B6E719CF1400D

Services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\47562221CC25F384D80B6E719CF1400D\Features

Services

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\47562221CC25F384D80B6E719CF1400D

DBData

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\47562221CC25F384D80B6E719CF1400D\Features

DBData

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\47562221CC25F384D80B6E719CF1400D

DBManager

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\47562221CC25F384D80B6E719CF1400D\Features

DBManager

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\47562221CC25F384D80B6E719CF1400D

Launcher

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\47562221CC25F384D80B6E719CF1400D\Features

Launcher

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\47562221CC25F384D80B6E719CF1400D

Logging

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\47562221CC25F384D80B6E719CF1400D\Features

Logging

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\47562221CC25F384D80B6E719CF1400D

Materials

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\47562221CC25F384D80B6E719CF1400D\Features

Materials

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\47562221CC25F384D80B6E719CF1400D

Reporting

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\47562221CC25F384D80B6E719CF1400D\Features

Reporting

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\47562221CC25F384D80B6E719CF1400D

Shell_EresSystem

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\47562221CC25F384D80B6E719CF1400D\Features

Shell_EresSystem

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\47562221CC25F384D80B6E719CF1400D

UndoRedo

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\47562221CC25F384D80B6E719CF1400D\Features

UndoRedo

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\47562221CC25F384D80B6E719CF1400D

UserManager

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\47562221CC25F384D80B6E719CF1400D\Features

UserManager

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\47562221CC25F384D80B6E719CF1400D\Patches

AllPatches

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\47562221CC25F384D80B6E719CF1400D

ProductName

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\47562221CC25F384D80B6E719CF1400D

PackageCode

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\47562221CC25F384D80B6E719CF1400D

Language

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\47562221CC25F384D80B6E719CF1400D

Version

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\47562221CC25F384D80B6E719CF1400D

Transforms

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\47562221CC25F384D80B6E719CF1400D

Assignment

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\47562221CC25F384D80B6E719CF1400D

AdvertiseFlags

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\47562221CC25F384D80B6E719CF1400D

ProductIcon

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\47562221CC25F384D80B6E719CF1400D

InstanceType

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\47562221CC25F384D80B6E719CF1400D

AuthorizedLUAApp

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\47562221CC25F384D80B6E719CF1400D

DeploymentFlags

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\5351C60D21E33B045B6993F3CDCA1149

47562221CC25F384D80B6E719CF1400D

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\47562221CC25F384D80B6E719CF1400D\SourceList

PackageName

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\47562221CC25F384D80B6E719CF1400D\SourceList\Net

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\47562221CC25F384D80B6E719CF1400D\SourceList\Media

DiskPrompt

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\47562221CC25F384D80B6E719CF1400D\SourceList\Media

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\47562221CC25F384D80B6E719CF1400D

Clients

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\47562221CC25F384D80B6E719CF1400D\SourceList

LastUsedSource

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\TempPackages

C:\Windows\Installer\4d26bc.mst

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs

C:\Windows\system32\msvcp100.dll

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings

StringCacheGeneration

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application

AutoBackupLogFiles

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\Rigaku.EresSystem.MonitorService.v1.0

EventMessageFile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS

PerfMMFileName

There are 245 hidden registries, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

640000

heap

page read and write

216FF5C4000

heap

page read and write

698000

heap

page read and write

6BF000

heap

page read and write

216FCF5F000

heap

page read and write

21681000000

trusted library allocation

page read and write

6C2000

heap

page read and write

6A6000

heap

page read and write

90BB7F9000

stack

page read and write

6BF000

heap

page read and write

6D6000

heap

page read and write

6E8000

heap

page read and write

6E8000

heap

page read and write

401000

unkown

page execute read

216FF77B000

heap

page read and write

216E2AB0000

heap

page read and write

249FA98F000

trusted library allocation

page read and write

216E2D15000

heap

page read and write

90BB3EF000

stack

page read and write

7FFD9B750000

trusted library allocation

page read and write

6D6000

heap

page read and write

6BF000

heap

page read and write

401000

unkown

page execute read

216FCF4F000

heap

page read and write

6BF000

heap

page read and write

6BF000

heap

page read and write

CE6817B000

stack

page read and write

216FF4C6000

heap

page read and write

249FA933000

trusted library allocation

page read and write

6C8000

heap

page read and write

CE68E7E000

stack

page read and write

6B1000

heap

page read and write

6C4000

heap

page read and write

6CD000

heap

page read and write

2C4F000

heap

page read and write

6BF000

heap

page read and write

6B8000

heap

page read and write

4F6000

unkown

page readonly

216E2AE0000

heap

page read and write

249F5D1A000

heap

page read and write

7A999FB000

stack

page read and write

1C239C10000

trusted library allocation

page read and write

6A6000

heap

page read and write

7FFD9B53D000

trusted library allocation

page execute and read and write

90BBFFE000

stack

page read and write

249F54A0000

heap

page read and write

249FA898000

trusted library allocation

page read and write

696000

heap

page read and write

6BF000

heap

page read and write

66B000

heap

page read and write

CE67C7E000

unkown

page readonly

90BBBFF000

stack

page read and write

6DF000

heap

page read and write

6B8000

heap

page read and write

6CD000

heap

page read and write

216E46A0000

trusted library allocation

page read and write

2BE1000

heap

page read and write

1C239BF0000

trusted library allocation

page read and write

216E2CF0000

trusted library allocation

page read and write

698000

heap

page read and write

6BF000

heap

page read and write

7FFD9B513000

trusted library allocation

page execute and read and write

696000

heap

page read and write

1C239AAF000

heap

page read and write

216FCF97000

heap

page read and write

699000

heap

page read and write

216FF6C5000

heap

page read and write

7FFD9B520000

trusted library allocation

page read and write

249F6140000

trusted library allocation

page read and write

6B9000

heap

page read and write

400000

unkown

page readonly

72F000

heap

page read and write

6D6000

heap

page read and write

6B9000

heap

page read and write

1C252C90000

heap

page read and write

6D6000

heap

page read and write

CE6897E000

unkown

page readonly

4ED000

unkown

page read and write

7FFD9B512000

trusted library allocation

page read and write

249FA94A000

trusted library allocation

page read and write

9B000

stack

page read and write

CE686FE000

stack

page read and write

7FFD9B710000

trusted library allocation

page read and write

216FF740000

heap

page read and write

1C252A22000

unkown

page readonly

89F000

stack

page read and write

7FFD9B51D000

trusted library allocation

page execute and read and write

249F5471000

heap

page read and write

216E2E50000

heap

page read and write

6B1000

heap

page read and write

216FCF49000

heap

page read and write

6D6000

heap

page read and write

6DC000

heap

page read and write

67F000

heap

page read and write

1C23A6DE000

trusted library allocation

page read and write

CE6777E000

unkown

page readonly

6CD000

heap

page read and write

249F5BD1000

trusted library allocation

page read and write

216FCF92000

heap

page read and write

6B1000

heap

page read and write

7A975F4000

stack

page read and write

6DD000

heap

page read and write

A30000

heap

page read and write

7A96EAE000

stack

page read and write

9DF000

stack

page read and write

698000

heap

page read and write

1C239C20000

heap

page read and write

6B0000

heap

page read and write

249F5C02000

heap

page read and write

7FFD9B6D0000

trusted library allocation

page read and write

249F5D02000

heap

page read and write

6A9000

heap

page read and write

7FFD9B530000

trusted library allocation

page read and write

7A981FF000

stack

page read and write

6B1000

heap

page read and write

560000

heap

page read and write

216E2BAA000

heap

page read and write

7A9B1FD000

stack

page read and write

400000

unkown

page readonly

580000

heap

page read and write

216FCEC0000

heap

page read and write

216E2DE0000

heap

page read and write

249FA9AA000

trusted library allocation

page read and write

249FA8C0000

trusted library allocation

page read and write

7FFD9B5F6000

trusted library allocation

page execute and read and write

6FE000

heap

page read and write

249FA984000

trusted library allocation

page read and write

7FFD9B7C0000

trusted library allocation

page execute and read and write

249F5D13000

heap

page read and write

249FA8B0000

trusted library allocation

page read and write

7A96EEF000

stack

page read and write

CE68A7B000

stack

page read and write

6C0000

heap

page read and write

19A000

stack

page read and write

249FAAE7000

heap

page read and write

698000

heap

page read and write

216F4701000

trusted library allocation

page read and write

CE6709C000

stack

page read and write

216E2C70000

trusted library allocation

page read and write

723000

heap

page read and write

216FF780000

heap

page read and write

249FA997000

trusted library allocation

page read and write

6D6000

heap

page read and write

6A6000

heap

page read and write

216FF5AA000

heap

page read and write

69A000

heap

page read and write

CE67677000

stack

page read and write

70A000

heap

page read and write

6BD000

heap

page read and write

7FFD9B534000

trusted library allocation

page read and write

7FFD9B780000

trusted library allocation

page read and write

1C239B90000

heap

page read and write

6A7000

heap

page read and write

7FFD9B706000

trusted library allocation

page read and write

6B7000

heap

page read and write

1C239A99000

heap

page read and write

216E4BFC000

trusted library allocation

page read and write

216E48FF000

trusted library allocation

page read and write

1C239D25000

heap

page read and write

699000

heap

page read and write

69C000

heap

page read and write

1C23A2E6000

trusted library allocation

page read and write

216E29D0000

heap

page read and write

216FCF8F000

heap

page read and write

698000

heap

page read and write

216FCFB0000

heap

page read and write

6A0000

heap

page read and write

7FFD9B527000

trusted library allocation

page read and write

90BC7FA000

stack

page read and write

CE694FE000

stack

page read and write

6F6000

heap

page read and write

CE6957E000

unkown

page readonly

7FFD9B5D0000

trusted library allocation

page execute and read and write

400000

unkown

page readonly

216FCFA6000

heap

page read and write

CE67A7E000

unkown

page readonly

6BE000

heap

page read and write

CE688FE000

stack

page read and write

6B9000

heap

page read and write

6F2000

heap

page read and write

4ED000

unkown

page write copy

CE67D7C000

stack

page read and write

249FAC30000

remote allocation

page read and write

6C1000

heap

page read and write

90B9BFE000

stack

page read and write

6BB000

heap

page read and write

6DF000

heap

page read and write

6DF000

heap

page read and write

7A995FB000

stack

page read and write

249F5D00000

heap

page read and write

249FA930000

trusted library allocation

page read and write

216FF566000

heap

page read and write

6BB000

heap

page read and write

216E48FA000

trusted library allocation

page read and write

6D6000

heap

page read and write

6B3000

heap

page read and write

699000

heap

page read and write

6C7000

heap

page read and write

89E000

stack

page read and write

7FFD9B530000

trusted library allocation

page read and write

4B6000

unkown

page readonly

6BF000

heap

page read and write

249FA8A8000

trusted library allocation

page read and write

CE6877E000

unkown

page readonly

6BF000

heap

page read and write

6BF000

heap

page read and write

6BC000

heap

page read and write

216FF5CA000

heap

page read and write

6CD000

heap

page read and write

536000

unkown

page readonly

6D6000

heap

page read and write

6BF000

heap

page read and write

249FAC30000

remote allocation

page read and write

CE683FE000

stack

page read and write

216FD265000

heap

page read and write

216E4610000

trusted library allocation

page read and write

249F5C00000

heap

page read and write

69B000

heap

page read and write

249FAA21000

heap

page read and write

6C7000

heap

page read and write

704000

heap

page read and write

6CC000

heap

page read and write

216E2C60000

trusted library allocation

page read and write

7FFD9B6FE000

trusted library allocation

page read and write

CE6847E000

unkown

page readonly

299F000

stack

page read and write

6A6000

heap

page read and write

216FCFB7000

heap

page read and write

6CC000

heap

page read and write

6DD000

heap

page read and write

6D2000

heap

page read and write

1C23A2D0000

heap

page execute and read and write

6D3000

heap

page read and write

6F1000

heap

page read and write

6E8000

heap

page read and write

724000

heap

page read and write

6F0000

heap

page read and write

216FF5DB000

heap

page read and write

6EB000

heap

page read and write

7FFD9B5CC000

trusted library allocation

page execute and read and write

6CD000

heap

page read and write

1C2529A2000

unkown

page readonly

536000

unkown

page readonly

7FF464E31000

trusted library allocation

page execute read

698000

heap

page read and write

69B000

heap

page read and write

249F63E0000

trusted library allocation

page read and write

713000

heap

page read and write

6CD000

heap

page read and write

6E9000

heap

page read and write

2290000

heap

page read and write

7FFD9B56C000

trusted library allocation

page execute and read and write

6A5000

heap

page read and write

216FF774000

heap

page read and write

1C252B9A000

heap

page read and write

1C239A7C000

heap

page read and write

6C8000

heap

page read and write

7A9BDFC000

stack

page read and write

4F6000

unkown

page readonly

7FFD9B7A0000

trusted library allocation

page read and write

6DA000

heap

page read and write

249FAA4F000

heap

page read and write

6CE000

heap

page read and write

249F5502000

heap

page read and write

70B000

heap

page read and write

249FAB00000

heap

page read and write

249FA960000

trusted library allocation

page read and write

216E478C000

trusted library allocation

page read and write

8DE000

stack

page read and write

21681022000

trusted library allocation

page read and write

6CE000

heap

page read and write

1C2398F0000

unkown

page readonly

CE6887E000

unkown

page readonly

7FFD9B5C6000

trusted library allocation

page read and write

249FA810000

trusted library allocation

page read and write

216E2910000

unkown

page readonly

72F000

heap

page read and write

249F53B0000

heap

page read and write

7A985FD000

stack

page read and write

6CC000

heap

page read and write

738000

heap

page read and write

249F62C0000

trusted library section

page readonly

6BB000

heap

page read and write

700000

heap

page read and write

1C239B70000

heap

page read and write

249F548E000

heap

page read and write

249F5E01000

trusted library allocation

page read and write

6D6000

heap

page read and write

249FA902000

trusted library allocation

page read and write

249FA8C0000

trusted library allocation

page read and write

216FFE10000

heap

page read and write

6E8000

heap

page read and write

6C4000

heap

page read and write

6C5000

heap

page read and write

249FAAC2000

heap

page read and write

4ED000

unkown

page read and write

1C239AB5000

heap

page read and write

1C2529F0000

heap

page execute and read and write

249F62B0000

trusted library section

page readonly

7FFD9B6C0000

trusted library allocation

page read and write

1C239A76000

heap

page read and write

CE6797E000

stack

page read and write

7FF464E35000

trusted library allocation

page execute read

249F54AE000

heap

page read and write

216FD213000

heap

page read and write

249F5473000

heap

page read and write

249FA975000

trusted library allocation

page read and write

735000

heap

page read and write

90B97F4000

stack

page read and write

1C23A6FB000

trusted library allocation

page read and write

1C23A0C2000

unkown

page readonly

7A9A5F8000

stack

page read and write

731000

heap

page read and write

6E8000

heap

page read and write

7FFD9B700000

trusted library allocation

page read and write

69F000

heap

page read and write

7FFD9B630000

trusted library allocation

page execute and read and write

4F1000

unkown

page read and write

249FA981000

trusted library allocation

page read and write

216FF7A1000

heap

page read and write

7FFD9B510000

trusted library allocation

page read and write

249FA8D0000

trusted library allocation

page read and write

1C239A70000

heap

page read and write

7A9B5FC000

stack

page read and write

6DB000

heap

page read and write

216FF6C0000

heap

page read and write

7FFD9B534000

trusted library allocation

page read and write

216E4620000

trusted library allocation

page read and write

6E8000

heap

page read and write

6E8000

heap

page read and write

1C239980000

heap

page read and write

7FFD9B6B0000

trusted library allocation

page read and write

B40000

heap

page read and write

6BF000

heap

page read and write

196000

stack

page read and write

69A000

heap

page read and write

69C000

heap

page read and write

249FA9D0000

trusted library allocation

page read and write

6DB000

heap

page read and write

6EB000

heap

page read and write

249FA9F0000

trusted library allocation

page read and write

6AB000

heap

page read and write

79E000

stack

page read and write

526000

unkown

page readonly

249F53E0000

trusted library allocation

page read and write

289E000

stack

page read and write

6D2000

heap

page read and write

715000

heap

page read and write

7FFD9B6B0000

trusted library allocation

page read and write

216E2BE0000

heap

page read and write

7FFD9B6B5000

trusted library allocation

page read and write

249FA890000

trusted library allocation

page read and write

249FA800000

trusted library allocation

page read and write

4F6000

unkown

page readonly

1C239C25000

heap

page read and write

6C0000

heap

page read and write

7FFD9B6F0000

trusted library allocation

page execute and read and write

216F470C000

trusted library allocation

page read and write

7FFD9B6C0000

trusted library allocation

page read and write

216E46F1000

trusted library allocation

page read and write

2C04000

heap

page read and write

6D2000

heap

page read and write

699000

heap

page read and write

CE67B79000

stack

page read and write

1C239D20000

heap

page read and write

6D6000

heap

page read and write

249FA8DD000

trusted library allocation

page read and write

7FF464E36000

trusted library allocation

page readonly

216FF3F1000

heap

page read and write

6AB000

heap

page read and write

7FFD9B6D0000

trusted library allocation

page execute and read and write

CE6867E000

unkown

page readonly

6A6000

heap

page read and write

216E2B42000

heap

page read and write

8DE000

stack

page read and write

6D9000

heap

page read and write

7FFD9B6C2000

trusted library allocation

page read and write

1C239AF8000

heap

page read and write

1C252AA0000

unkown

page readonly

216E2B68000

heap

page read and write

6D9000

heap

page read and write

6A5000

heap

page read and write

249F5C15000

heap

page read and write

6B2000

heap

page read and write

6E8000

heap

page read and write

6B6000

heap

page read and write

6C0000

heap

page read and write

249F547B000

heap

page read and write

216E46E0000

heap

page execute and read and write

6CE000

heap

page read and write

216E47E3000

trusted library allocation

page read and write

7FFD9B720000

trusted library allocation

page read and write

6CE000

heap

page read and write

249FA8F4000

trusted library allocation

page read and write

7A9A9FA000

stack

page read and write

1C252B40000

heap

page read and write

706000

heap

page read and write

4ED000

unkown

page write copy

6A5000

heap

page read and write

1C2398F2000

unkown

page readonly

6A7000

heap

page read and write

216E4C09000

trusted library allocation

page read and write

CE6807E000

unkown

page readonly

1C239AFA000

heap

page read and write

216FF56B000

heap

page read and write

7FFD9B510000

trusted library allocation

page read and write

216E46C0000

heap

page read and write

699000

heap

page read and write

249F5D5A000

heap

page read and write

6BF000

heap

page read and write

7FFD9B6B3000

trusted library allocation

page read and write

695000

heap

page read and write

69E000

stack

page read and write

7FFD9B512000

trusted library allocation

page read and write

6BC000

heap

page read and write

7FFD9B5F6000

trusted library allocation

page execute and read and write

6CD000

heap

page read and write

680000

heap

page read and write

4B6000

unkown

page readonly

6B9000

heap

page read and write

695000

heap

page read and write

6C5000

heap

page read and write

CE687FE000

stack

page read and write

7FFD9B513000

trusted library allocation

page execute and read and write

6D9000

heap

page read and write

6B1000

heap

page read and write

6D6000

heap

page read and write

1C23A0C4000

unkown

page readonly

6CD000

heap

page read and write

7FFD9B53B000

trusted library allocation

page execute and read and write

6F4000

heap

page read and write

711000

heap

page read and write

526000

unkown

page readonly

249FA8FF000

trusted library allocation

page read and write

249FAA54000

heap

page read and write

6C7000

heap

page read and write

6A4000

heap

page read and write

216E4BF0000

trusted library allocation

page read and write

90B913F000

stack

page read and write

249FAA61000

heap

page read and write

249F6800000

trusted library allocation

page read and write

696000

heap

page read and write

6B1000

heap

page read and write

216FCFAC000

heap

page read and write

249FAA00000

heap

page read and write

6A7000

heap

page read and write

7FFD9B790000

trusted library allocation

page read and write

249FAAF3000

heap

page read and write

6B6000

heap

page read and write

6A5000

heap

page read and write

6D6000

heap

page read and write

249FA952000

trusted library allocation

page read and write

A00000

heap

page read and write

6BF000

heap

page read and write

249FA9E0000

trusted library allocation

page read and write

7FF464E34000

trusted library allocation

page readonly

249F53F0000

trusted library section

page read and write

6A8000

heap

page read and write

6CD000

heap

page read and write

1C23A0E0000

unkown

page readonly

6CC000

heap

page read and write

216E2E55000

heap

page read and write

CE6837E000

unkown

page readonly

1C239BB0000

heap

page read and write

249F542A000

heap

page read and write

69A000

heap

page read and write

6D6000

heap

page read and write

560000

heap

page read and write

1C252B33000

heap

page execute and read and write

1C24A2F1000

trusted library allocation

page read and write

7FFD9B520000

trusted library allocation

page read and write

6D6000

heap

page read and write

6BC000

heap

page read and write

6B1000

heap

page read and write

249FA9C0000

trusted library allocation

page read and write

249FA89E000

trusted library allocation

page read and write

22AC000

heap

page read and write

6C3000

heap

page read and write

68D000

heap

page read and write

6C0000

heap

page read and write

6D7000

heap

page read and write

6BF000

heap

page read and write

249FA8E6000

trusted library allocation

page read and write

690000

heap

page read and write

249FAB13000

heap

page read and write

216FCF68000

heap

page read and write

1C252AA2000

unkown

page readonly

216FCF84000

heap

page read and write

7FFD9B51D000

trusted library allocation

page execute and read and write

249FA960000

trusted library allocation

page read and write

249F62D0000

trusted library section

page readonly

2BE0000

heap

page read and write

216FCF13000

heap

page read and write

6B3000

heap

page read and write

6D9000

heap

page read and write

698000

heap

page read and write

6A4000

heap

page read and write

CE67F7C000

stack

page read and write

7FFD9B522000

trusted library allocation

page read and write

585000

heap

page read and write

249FAAE3000

heap

page read and write

1D6000

heap

page read and write

21681400000

heap

page read and write

69B000

heap

page read and write

1C239AB9000

heap

page read and write

6EC000

heap

page read and write

216E2B0B000

heap

page read and write

249F5478000

heap

page read and write

A70000

heap

page read and write

6C4000

heap

page read and write

6A5000

heap

page read and write

1C252B30000

heap

page execute and read and write

4B6000

unkown

page readonly

401000

unkown

page execute read

6D7000

heap

page read and write

1C24A2E1000

trusted library allocation

page read and write

216FD1D0000

heap

page execute and read and write

6DE000

heap

page read and write

216E4690000

trusted library allocation

page read and write

6D3000

heap

page read and write

7A9B9FC000

stack

page read and write

6CB000

heap

page read and write

249FAB02000

heap

page read and write

249F5495000

heap

page read and write

216E46B0000

trusted library section

page readonly

6C5000

heap

page read and write

CE68F7E000

unkown

page readonly

6D4000

heap

page read and write

6EF000

heap

page read and write

1C23A6CB000

trusted library allocation

page read and write

216E2B20000

heap

page read and write

6EB000

heap

page read and write

216FCF06000

heap

page read and write

216FCF40000

heap

page read and write

7FFD9B6E0000

trusted library allocation

page read and write

6B7000

heap

page read and write

216F46F1000

trusted library allocation

page read and write

697000

heap

page read and write

1C252A20000

unkown

page readonly

216FD1F0000

heap

page read and write

7FFD9B6F0000

trusted library allocation

page read and write

1C252BBC000

heap

page read and write

1C2529D0000

unkown

page readonly

703000

heap

page read and write

1C252B66000

heap

page read and write

550000

heap

page read and write

6D3000

heap

page read and write

1C23A2E1000

trusted library allocation

page read and write

1C239D03000

trusted library allocation

page read and write

249FA9E0000

trusted library allocation

page read and write

6D6000

heap

page read and write

249F52D0000

heap

page read and write

6D9000

heap

page read and write

249FA970000

trusted library allocation

page read and write

249FAB0B000

heap

page read and write

660000

heap

page read and write

216E2912000

unkown

page readonly

216FF435000

heap

page read and write

275E000

stack

page read and write

216E2CB0000

heap

page read and write

6BF000

heap

page read and write

6B3000

heap

page read and write

A73000

heap

page read and write

7FFD9B5C0000

trusted library allocation

page read and write

CE6827E000

unkown

page readonly

7FF464E33000

trusted library allocation

page execute read

6F9000

heap

page read and write

249FA8A5000

trusted library allocation

page read and write

216E2C73000

trusted library allocation

page read and write

249FA8D4000

trusted library allocation

page read and write

216FF529000

heap

page read and write

7A991FE000

stack

page read and write

6D6000

heap

page read and write

6D9000

heap

page read and write

7FFD9B770000

trusted library allocation

page read and write

6DF000

heap

page read and write

1C23A120000

heap

page read and write

6C6000

heap

page read and write

216E4C13000

trusted library allocation

page read and write

6E8000

heap

page read and write

90BAFFF000

stack

page read and write

6C2000

heap

page read and write

7FFD9B70F000

trusted library allocation

page read and write

285F000

stack

page read and write

683000

heap

page read and write

6BF000

heap

page read and write

1C239ABD000

heap

page read and write

249FAA2E000

heap

page read and write

6B9000

heap

page read and write

249FA8FC000

trusted library allocation

page read and write

249FA98C000

trusted library allocation

page read and write

CE68D7E000

unkown

page readonly

1C252BC8000

heap

page read and write

6DD000

heap

page read and write

CE6857E000

unkown

page readonly

1C23A4A0000

trusted library allocation

page read and write

1C2529D2000

unkown

page readonly

400000

unkown

page readonly

6B5000

heap

page read and write

1C239AD1000

heap

page read and write

7FFD9B56C000

trusted library allocation

page execute and read and write

6B1000

heap

page read and write

7FF464E39000

trusted library allocation

page execute read

6CD000

heap

page read and write

249FAAEC000

heap

page read and write

698000

heap

page read and write

6DB000

heap

page read and write

7FFD9B5D0000

trusted library allocation

page execute and read and write

7FFD9B522000

trusted library allocation

page read and write

728000

heap

page read and write

249FA978000

trusted library allocation

page read and write

683000

heap

page read and write

7A98DFE000

stack

page read and write

216E2B6A000

heap

page read and write

6D3000

heap

page read and write

6D9000

heap

page read and write

7FF464E38000

trusted library allocation

page readonly

6CD000

heap

page read and write

6B9000

heap

page read and write

249F5440000

heap

page read and write

216E4944000

trusted library allocation

page read and write

6B4000

heap

page read and write

90BA7FE000

stack

page read and write

695000

heap

page read and write

6E8000

heap

page read and write

6B7000

heap

page read and write

6C1000

heap

page read and write

7FFD9B5C0000

trusted library allocation

page read and write

69F000

heap

page read and write

6D6000

heap

page read and write

1C239D00000

trusted library allocation

page read and write

216E2CD0000

heap

page execute and read and write

216E2C00000

heap

page read and write

6F7000

heap

page read and write

2440000

heap

page read and write

6D6000

heap

page read and write

216FF40D000

heap

page read and write

1C23A622000

trusted library allocation

page read and write

1C252AF0000

unkown

page readonly

1C23A0E2000

unkown

page readonly

721000

heap

page read and write

6C0000

heap

page read and write

7FFD9B514000

trusted library allocation

page read and write

216E2D10000

heap

page read and write

6D9000

heap

page read and write

6D6000

heap

page read and write

216FF799000

heap

page read and write

6C7000

heap

page read and write

6B4000

heap

page read and write

90BABFD000

stack

page read and write

6CD000

heap

page read and write

7FF45E5B0000

trusted library allocation

page execute and read and write

249FAC30000

remote allocation

page read and write

7FFD9B6C2000

trusted library allocation

page read and write

249FAB07000

heap

page read and write

6D6000

heap

page read and write

216FF4DE000

heap

page read and write

6C6000

heap

page read and write

6D6000

heap

page read and write

7FFD9B5CC000

trusted library allocation

page execute and read and write

9A000

stack

page read and write

249FA91E000

trusted library allocation

page read and write

7FFD9B740000

trusted library allocation

page read and write

249FAA65000

heap

page read and write

6C1000

heap

page read and write

249FAAF0000

heap

page read and write

6B9000

heap

page read and write

7FFD9B6E0000

trusted library allocation

page read and write

216E2AEC000

heap

page read and write

6D6000

heap

page read and write

216E4BE4000

trusted library allocation

page read and write

6A9000

heap

page read and write

216FF789000

heap

page read and write

216FF495000

heap

page read and write

216FF575000

heap

page read and write

249FA880000

trusted library allocation

page read and write

249FB000000

heap

page read and write

6BF000

heap

page read and write

6CE000

heap

page read and write

6BB000

heap

page read and write

693000

heap

page read and write

6DF000

heap

page read and write

6D6000

heap

page read and write

6BC000

heap

page read and write

526000

unkown

page readonly

6B9000

heap

page read and write

536000

unkown

page readonly

CE684FE000

stack

page read and write

6D6000

heap

page read and write

6C2000

heap

page read and write

216FCF17000

heap

page read and write

CE682FE000

stack

page read and write

1D0000

heap

page read and write

7FFD9B53B000

trusted library allocation

page execute and read and write

216FD020000

heap

page read and write

249FA891000

trusted library allocation

page read and write

A70000

heap

page read and write

68C000

heap

page read and write

216E4C07000

trusted library allocation

page read and write

216FF3E0000

heap

page read and write

216E2C40000

trusted library allocation

page read and write

90B917E000

stack

page read and write

216FCF8D000

heap

page read and write

7FF464E32000

trusted library allocation

page readonly

7A99DF4000

stack

page read and write

7A9ADFF000

stack

page read and write

249F5D1A000

heap

page read and write

7FFD9B730000

trusted library allocation

page execute and read and write

249F545B000

heap

page read and write

6CC000

heap

page read and write

249F5413000

heap

page read and write

1C239B2B000

heap

page read and write

4F3000

unkown

page read and write

249F5400000

heap

page read and write

216FD1E0000

heap

page read and write

216E4BAC000

trusted library allocation

page read and write

536000

unkown

page readonly

216FD023000

heap

page read and write

7FFD9B52A000

trusted library allocation

page read and write

6BC000

heap

page read and write

90BC3FE000

stack

page read and write

526000

unkown

page readonly

6EB000

heap

page read and write

249FA921000

trusted library allocation

page read and write

7FFD9B52D000

trusted library allocation

page execute and read and write

6C8000

heap

page read and write

1C23A6C8000

trusted library allocation

page read and write

249FAA42000

heap

page read and write

249F62F0000

trusted library section

page readonly

216FF450000

heap

page read and write

249F52B0000

heap

page read and write

7FFD9B6ED000

trusted library allocation

page read and write

9DF000

stack

page read and write

7FFD9B5C6000

trusted library allocation

page read and write

7FFD9B514000

trusted library allocation

page read and write

249F5513000

heap

page read and write

CE685FE000

stack

page read and write

1C2529A0000

unkown

page readonly

249FA870000

trusted library allocation

page read and write

249FAACF000

heap

page read and write

6DB000

heap

page read and write

69B000

heap

page read and write

249F548B000

heap

page read and write

72F000

heap

page read and write

249F62E0000

trusted library section

page readonly

249F5421000

heap

page read and write

6BF000

heap

page read and write

6A9000

heap

page read and write

7A989FE000

stack

page read and write

7FFD9B630000

trusted library allocation

page execute and read and write

249FA890000

trusted library allocation

page read and write

6D2000

heap

page read and write

6C5000

heap

page read and write

6CD000

heap

page read and write

7FFD9B52D000

trusted library allocation

page execute and read and write

6BF000

heap

page read and write

216FD1D3000

heap

page execute and read and write

216E4C36000

trusted library allocation

page read and write

249F5490000

heap

page read and write

6A5000

heap

page read and write

216F46F7000

trusted library allocation

page read and write

216E4C1D000

trusted library allocation

page read and write

6B1000

heap

page read and write

216FCFA1000

heap

page read and write

726000

heap

page read and write

401000

unkown

page execute read

B45000

heap

page read and write

7FFD9B7B0000

trusted library allocation

page execute and read and write

6BD000

heap

page read and write

6CE000

heap

page read and write

4B6000

unkown

page readonly

6B3000

heap

page read and write

6C6000

heap

page read and write

249F62A0000

trusted library section

page readonly

695000

heap

page read and write

CE67E7E000

unkown

page readonly

A50000

heap

page read and write

CE68B7E000

unkown

page readonly

216FF56E000

heap

page read and write

6B9000

heap

page read and write

192000

stack

page read and write

4F6000

unkown

page readonly

249F54FD000

heap

page read and write

216FF42B000

heap

page read and write

7FF464E37000

trusted library allocation

page execute read

216FF78C000

heap

page read and write

216FF421000

heap

page read and write

1C23A0C0000

unkown

page readonly

CE68C7B000

stack

page read and write

733000

heap

page read and write

6E8000

heap

page read and write

4F1000

unkown

page read and write

6C1000

heap

page read and write

1C23A2C0000

trusted library allocation

page read and write

216E2AE6000

heap

page read and write

216F4770000

trusted library allocation

page read and write

6E1000

heap

page read and write

6BF000

heap

page read and write

724000

heap

page read and write

1C23A6F4000

trusted library allocation

page read and write

7FFD9B760000

trusted library allocation

page read and write

6B1000

heap

page read and write

701000

heap

page read and write

6A5000

heap

page read and write

A10000

heap

page read and write

There are 795 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
SureDI.exe

Files

Processes

URLs

IPs

Registry

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportSureDI.exe

Files

Processes

URLs

IPs

Registry

Memdumps

IOC Report
SureDI.exe