Automated Malware Analysis Management Report for plotdemo.exe

Overview

General Information

Sample name:	plotdemo.exe
Analysis ID:	1531073
MD5:	fbce37d191eb18a9b005539336aea939
SHA1:	37588e9f8796a0480638a4ff00d305dbdb472146
SHA256:	60f39e5220113596f51c5eabca7d6f81c603487971d58b7df9b8dbc093edbfae
Infos:

Detection

Score:	36
Range:	0 - 100
Whitelisted:	false
Confidence:	20%

Signatures

Drops HTML or HTM files to system directories

Sets file extension default program settings to executables

Checks for available system drives (often done to infect USB drives)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to dynamically determine API calls

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to shutdown / reboot the system

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a DirectInput object (often for capturing keystrokes)

Creates files inside the system directory

Deletes files inside the Windows folder

Detected potential crypto function

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Drops files with a non-matching file extension (content does not match file extension)

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

Potential key logger detected (key state polling based)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Stores files to the Windows start menu directory

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Signatures

Uses 32bit PE files

Source: plotdemo.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\readme.rtf	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PSI\PSIPLOT\README.TXT	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PSI\PSIPLOT\README.rtf	Jump to behavior

Source:	Binary string: pscript5.pdb source: PSCRIPT5.DLL.7.dr, PSCRIPT5.DLL0.2.dr
Source:	Binary string: f:\InstPost\Release\InstPost.pdb source: InstPost.exe, 00000007.00000002.1968290163.0000000000428000.00000002.00000001.01000000.00000006.sdmp, InstPost.exe, 00000007.00000000.1956464551.0000000000428000.00000002.00000001.01000000.00000006.sdmp
Source:	Binary string: pscript5.pdbH source: PSCRIPT5.DLL.7.dr
Source:	Binary string: MicrosoftWindowsGdiPlus-10100-gdiplus.pdb source: GdiPlus.dll.2.dr

Checks for available system drives (often done to infect USB drives)

Source: C:\Windows\System32\msiexec.exe	File opened: z:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: x:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: v:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: t:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: r:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: p:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: n:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: l:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: j:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: h:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: f:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: b:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: y:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: w:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: u:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: s:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: q:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: o:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: m:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: k:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: i:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: g:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: e:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: c:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: a:	Jump to behavior

Source: C:\Users\user\Desktop\plotdemo.exe

Code function: 0_2_0041744C CreateEventA,GetProcAddress,SearchPathA,GetModuleFileNameA,FindFirstFileA,VirtualProtect,VirtualQuery,VirtualProtect,VirtualProtect,FindClose,FindClose,

0_2_0041744C

Source: C:\Users\user\Desktop\plotdemo.exe	File opened: C:\Users\user\AppData\Local\Temp\_is8C78\0x0409.ini	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	File opened: C:\Users\user\AppData\Local\Temp\_is8C78\	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	File opened: C:\Users\user\AppData\Local\Temp\	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	File opened: C:\Users\user\	Jump to behavior

Source: ALIGN.PS.2.dr, WRFONT.PS.2.dr, FONT2PCL.PS.2.dr, GS_RES.PS.2.dr, PDF_FONT.PS.2.dr, GS_EPSF.PS.2.dr, WFTOPFA.PS.2.dr, GS_DPS.PS.2.dr, GS_LGO_E.PS.2.dr, GS_CCFNT.PS.2.dr, MARKHINT.PS.2.dr, GS_KANJI.PS.2.dr, GS_LL3.PS.2.dr, UNPROT.PS.2.dr, GS_WL5_E.PS.2.dr, GS_FRSD.PS.2.dr, GS_ICC.PS.2.dr, GS_DPNXT.PS.2.dr, MARKPATH.PS.2.dr, PPHS.PS.2.dr, PDF_BASE.PS.2.dr	String found in binary or memory: http://www.artifex.com/licensing/
Source: ALIGN.PS.2.dr, WRFONT.PS.2.dr, FONT2PCL.PS.2.dr, GS_RES.PS.2.dr, PDF_FONT.PS.2.dr, GS_EPSF.PS.2.dr, WFTOPFA.PS.2.dr, GS_DPS.PS.2.dr, GS_LGO_E.PS.2.dr, GS_CCFNT.PS.2.dr, MARKHINT.PS.2.dr, GS_KANJI.PS.2.dr, GS_LL3.PS.2.dr, UNPROT.PS.2.dr, GS_WL5_E.PS.2.dr, GS_FRSD.PS.2.dr, GS_ICC.PS.2.dr, GS_DPNXT.PS.2.dr, MARKPATH.PS.2.dr, PPHS.PS.2.dr, PDF_BASE.PS.2.dr	String found in binary or memory: http://www.ghostscript.com/licensing/.
Source: PDF_SEC.PS.2.dr	String found in binary or memory: http://www.ozemail.com.au/%7Egeoffk/pdfencrypt/

Creates a DirectInput object (often for capturing keystrokes)

Source: GdiPlus.dll.2.dr

Binary or memory string: DirectDrawCreateEx

memstr_52bd2abf-e

Potential key logger detected (key state polling based)

Source: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe

Code function: 7_2_0040D4FC GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageA,

7_2_0040D4FC

Contains functionality to shutdown / reboot the system

Source: C:\Users\user\Desktop\plotdemo.exe

Code function: 0_2_00416579 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,

0_2_00416579

Creates files inside the system directory

Source: C:\Users\user\Desktop\plotdemo.exe	File created: C:\Windows\Downloaded Installations	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	File created: C:\Windows\Downloaded Installations\{96644CA9-8EA3-446B-8568-6E1624759883}	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	File created: C:\Windows\Downloaded Installations\{96644CA9-8EA3-446B-8568-6E1624759883}\PSI-Plot Ver 10.5 Working Demo.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\5ee891.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\SourceHash{CF7D8275-38F3-42CF-AF3D-29B1BF918926}	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIED35.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\PSIPLOT.INI	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\{CF7D8275-38F3-42CF-AF3D-29B1BF918926}	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\{CF7D8275-38F3-42CF-AF3D-29B1BF918926}\ARPPRODUCTICON.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\{CF7D8275-38F3-42CF-AF3D-29B1BF918926}\NewShortcut1_E57AF06D4375496697A2B3227B8F52A3.EXE	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\{CF7D8275-38F3-42CF-AF3D-29B1BF918926}\NewShortcut3_B94EC0BE542B4F308679E8D52BAD769F.htm	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\{CF7D8275-38F3-42CF-AF3D-29B1BF918926}\NewShortcut6_B94EC0BE542B4F308679E8D52BAD769F.exe	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\{CF7D8275-38F3-42CF-AF3D-29B1BF918926}\NewShortcut7_B94EC0BE542B4F308679E8D52BAD769F.PDF	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\5ee893.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\5ee893.msi	Jump to behavior
Source: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe	File created: C:\Windows\system32\spool\drivers\x64\3\PSIPSCRP.PPD	Jump to behavior
Source: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe	File created: C:\Windows\system32\spool\DRIVERS\x64\PSIPSCRP.PPD	Jump to behavior
Source: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe	File created: C:\Windows\system32\spool\DRIVERS\x64\PS5UI.DLL	Jump to behavior
Source: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe	File created: C:\Windows\system32\spool\DRIVERS\x64\PSCRIPT5.DLL	Jump to behavior
Source: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe	File created: C:\Windows\system32\spool\DRIVERS\x64\PSCRIPT.HLP	Jump to behavior
Source: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe	File created: C:\Windows\system32\spool\DRIVERS\x64\PSCRIPT.NTF	Jump to behavior

Deletes files inside the Windows folder

Source: C:\Windows\System32\msiexec.exe

File deleted: C:\Windows\Installer\5ee893.msi

Jump to behavior

Detected potential crypto function

Source: C:\Users\user\Desktop\plotdemo.exe	Code function: 0_2_00421150	0_2_00421150
Source: C:\Users\user\Desktop\plotdemo.exe	Code function: 0_2_004263C6	0_2_004263C6
Source: C:\Users\user\Desktop\plotdemo.exe	Code function: 0_2_00407797	0_2_00407797
Source: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe	Code function: 7_2_0040ECDE	7_2_0040ECDE
Source: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe	Code function: 7_2_00426021	7_2_00426021
Source: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe	Code function: 7_2_004250A0	7_2_004250A0
Source: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe	Code function: 7_2_00416960	7_2_00416960
Source: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe	Code function: 7_2_004249E0	7_2_004249E0
Source: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe	Code function: 7_2_00416AF6	7_2_00416AF6
Source: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe	Code function: 7_2_00421332	7_2_00421332
Source: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe	Code function: 7_2_00417BC9	7_2_00417BC9
Source: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe	Code function: 7_2_0041739D	7_2_0041739D
Source: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe	Code function: 7_2_0042449E	7_2_0042449E
Source: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe	Code function: 7_2_00419F47	7_2_00419F47
Source: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe	Code function: 7_2_00423F5C	7_2_00423F5C
Source: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe	Code function: 7_2_00416FC9	7_2_00416FC9
Source: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe	Code function: 7_2_0041DFFE	7_2_0041DFFE
Source: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe	Code function: 7_2_004177A9	7_2_004177A9

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\plotdemo.exe	Code function: String function: 0041C340 appears 129 times
Source: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe	Code function: String function: 00415DFE appears 68 times
Source: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe	Code function: String function: 00416904 appears 47 times

PE file contains executable resources (Code or Archives)

Source: PSCRIPT5.DLL.2.dr	Static PE information: Resource name: RT_RCDATA type: DOS executable (COM, 0x8C-variant)
Source: PS5UI.DLL.2.dr	Static PE information: Resource name: RT_RCDATA type: DOS executable (COM, 0x8C-variant)
Source: PS5UI.DLL.2.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: PSCRIPT5.DLL0.2.dr	Static PE information: Resource name: RT_RCDATA type: DOS executable (COM, 0x8C-variant)
Source: PSCRIPT5.DLL0.2.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: PS5UI.DLL0.2.dr	Static PE information: Resource name: RT_RCDATA type: DOS executable (COM, 0x8C-variant)
Source: PS5UI.DLL.7.dr	Static PE information: Resource name: RT_RCDATA type: DOS executable (COM, 0x8C-variant)
Source: PSCRIPT5.DLL.7.dr	Static PE information: Resource name: RT_RCDATA type: DOS executable (COM, 0x8C-variant)

Sample file is different than original file name gathered from version info

Source: plotdemo.exe, 00000000.00000000.1667542232.0000000000438000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamesetup.exe vs plotdemo.exe
Source: plotdemo.exe	Binary or memory string: OriginalFilenamesetup.exe vs plotdemo.exe

Uses 32bit PE files

Source: plotdemo.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: classification engine

Classification label: sus36.winEXE@8/327@0/0

Source: C:\Users\user\Desktop\plotdemo.exe

Code function: 0_2_00416579 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,

0_2_00416579

Source: C:\Users\user\Desktop\plotdemo.exe

Code function: 0_2_00415C4F LoadLibraryA,GetProcAddress,lstrcpyA,GetDiskFreeSpaceExA,GetDiskFreeSpaceA,FreeLibrary,

0_2_00415C4F

Source: C:\Users\user\Desktop\plotdemo.exe

Code function: 0_2_00408489 CoCreateInstance,wsprintfA,StringFromCLSID,SysAllocString,CoTaskMemFree,lstrlenW,lstrlenW,wsprintfA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,CoCreateGuid,lstrcatA,StringFromCLSID,SysAllocString,CoTaskMemFree,lstrlenW,lstrcatA,CreateProcessA,SysFreeString,lstrlenW,wsprintfA,WaitForInputIdle,CloseHandle,CloseHandle,CloseHandle,Sleep,CreateItemMoniker,GetRunningObjectTable,SysFreeString,RegCloseKey,RegCloseKey,RegCloseKey,SysFreeString,

0_2_00408489

Source: C:\Users\user\Desktop\plotdemo.exe

Code function: 0_2_00408223 FindResourceA,SizeofResource,LoadResource,LockResource,

0_2_00408223

Source: C:\Windows\System32\msiexec.exe

File created: C:\Program Files (x86)\PSI

Jump to behavior

Source: C:\Windows\System32\msiexec.exe

File created: C:\Users\Public\Desktop\PSI-Plot Working Demo.lnk

Jump to behavior

Source: C:\Users\user\Desktop\plotdemo.exe

File created: C:\Users\user\AppData\Local\Temp\~8C68.tmp

Jump to behavior

Source: plotdemo.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\plotdemo.exe

File read: C:\Users\user\AppData\Local\Temp\_is8C78\Setup.INI

Jump to behavior

Source: C:\Users\user\Desktop\plotdemo.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\plotdemo.exe

File read: C:\Users\user\Desktop\plotdemo.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\plotdemo.exe "C:\Users\user\Desktop\plotdemo.exe"
Source: C:\Users\user\Desktop\plotdemo.exe	Process created: C:\Windows\SysWOW64\msiexec.exe MSIEXEC.EXE /i "C:\Windows\Downloaded Installations\{96644CA9-8EA3-446B-8568-6E1624759883}\PSI-Plot Ver 10.5 Working Demo.msi" SETUPEXEDIR="C:\Users\user\Desktop"
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 8C8A1754951F47B4EB3715E07FE2E622 C
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe "C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe"
Source: C:\Users\user\Desktop\plotdemo.exe	Process created: C:\Windows\SysWOW64\msiexec.exe MSIEXEC.EXE /i "C:\Windows\Downloaded Installations\{96644CA9-8EA3-446B-8568-6E1624759883}\PSI-Plot Ver 10.5 Working Demo.msi" SETUPEXEDIR="C:\Users\user\Desktop"	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 8C8A1754951F47B4EB3715E07FE2E622 C	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe "C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe"	Jump to behavior

Source: C:\Users\user\Desktop\plotdemo.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Section loaded: acgenral.dll	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: srpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msihnd.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: srclient.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: spp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vsstrace.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe	Section loaded: textshaping.dll	Jump to behavior

Source: psiplot.lnk.2.dr	LNK file: ..\..\..\..\..\..\Program Files (x86)\PSI\PSIPLOT\PSIPLOT.EXE
Source: Readme.lnk.2.dr	LNK file: ..\..\..\..\..\..\Program Files (x86)\PSI\PSIPLOT\readme.htm
Source: TUTORIAL.lnk.2.dr	LNK file: ..\..\..\..\..\..\Program Files (x86)\PSI\PSIPLOT\TUTORIAL.PDF
Source: PSI-Plot Working Demo.lnk.2.dr	LNK file: ..\..\..\Program Files (x86)\PSI\PSIPLOT\PSIPLOT.EXE

Source: C:\Users\user\Desktop\plotdemo.exe

File written: C:\Users\user\AppData\Local\Temp\_is8C78\Setup.INI

Jump to behavior

Source: C:\Windows\SysWOW64\msiexec.exe	Automated click: Next >
Source: C:\Windows\SysWOW64\msiexec.exe	Automated click: Next >
Source: C:\Windows\SysWOW64\msiexec.exe	Automated click: Next >
Source: C:\Windows\SysWOW64\msiexec.exe	Automated click: Next >
Source: C:\Windows\SysWOW64\msiexec.exe	Automated click: Install

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: plotdemo.exe

Static file information: File size 21190666 > 1048576

Source:	Binary string: pscript5.pdb source: PSCRIPT5.DLL.7.dr, PSCRIPT5.DLL0.2.dr
Source:	Binary string: f:\InstPost\Release\InstPost.pdb source: InstPost.exe, 00000007.00000002.1968290163.0000000000428000.00000002.00000001.01000000.00000006.sdmp, InstPost.exe, 00000007.00000000.1956464551.0000000000428000.00000002.00000001.01000000.00000006.sdmp
Source:	Binary string: pscript5.pdbH source: PSCRIPT5.DLL.7.dr
Source:	Binary string: MicrosoftWindowsGdiPlus-10100-gdiplus.pdb source: GdiPlus.dll.2.dr

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\plotdemo.exe

Code function: 0_2_0040E3D8 __EH_prolog,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,

0_2_0040E3D8

PE file contains sections with non-standard names

Source: gdiplus.dll.2.dr	Static PE information: section name: Shared
Source: GdiPlus.dll.2.dr	Static PE information: section name: Shared

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\plotdemo.exe	Code function: 0_2_0041C340 push eax; ret	0_2_0041C35E
Source: C:\Users\user\Desktop\plotdemo.exe	Code function: 0_2_0041C310 push eax; ret	0_2_0041C33E
Source: C:\Users\user\Desktop\plotdemo.exe	Code function: 0_2_0041CA5C push 880041CAh; retf 0041h	0_2_0041CA61
Source: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe	Code function: 7_2_00416949 push ecx; ret	7_2_0041695C
Source: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe	Code function: 7_2_00415E9D push ecx; ret	7_2_00415EB0

Source: gdiplus.dll.2.dr	Static PE information: section name: .text entropy: 6.8196811563189135
Source: GdiPlus.dll.2.dr	Static PE information: section name: .text entropy: 6.825071221107194

Persistence and Installation Behavior

Drops HTML or HTM files to system directories

Source: C:\Windows\System32\msiexec.exe

File created: C:\Windows\Installer\{CF7D8275-38F3-42CF-AF3D-29B1BF918926}\NewShortcut3_B94EC0BE542B4F308679E8D52BAD769F.htm

Jump to behavior

Drops PE files

Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PSI\PSIPLOT\POSTSCRP\PSCRIPT5.DLL	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PSI\PSIPLOT\POSTSCRP\PSCRIPT.DRV	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GSDLL32.DLL	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PSI\PSIPLOT\POSTSCRP\WinEx\PS5UI.DLL	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe	Jump to dropped file
Source: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe	File created: C:\Windows\System32\spool\drivers\x64\PS5UI.DLL	Jump to dropped file
Source: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe	File created: C:\Windows\System32\spool\drivers\x64\PSCRIPT5.DLL	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PSI\PSIPLOT\POSTSCRP\ICONLIB.DLL	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PSI\PSIPLOT\POSTSCRP\PSMON.DLL	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PSI\PSIPLOT\PSIPLOT.EXE	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\{CF7D8275-38F3-42CF-AF3D-29B1BF918926}\NewShortcut3_B94EC0BE542B4F308679E8D52BAD769F.htm	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PSI\PSIPLOT\POSTSCRP\PS5UI.DLL	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\gdiplus.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PSI\PSIPLOT\POSTSCRP\WinEx\PSCRIPT5.DLL	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	File created: C:\Users\user\AppData\Local\Temp\MSIA4B2.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\{CF7D8275-38F3-42CF-AF3D-29B1BF918926}\NewShortcut7_B94EC0BE542B4F308679E8D52BAD769F.PDF	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PSI\PSIPLOT\GdiPlus.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GSWIN32C.EXE	Jump to dropped file

Drops PE files to the windows directory (C:\Windows)

Source: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe	File created: C:\Windows\System32\spool\drivers\x64\PS5UI.DLL	Jump to dropped file
Source: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe	File created: C:\Windows\System32\spool\drivers\x64\PSCRIPT5.DLL	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\{CF7D8275-38F3-42CF-AF3D-29B1BF918926}\NewShortcut3_B94EC0BE542B4F308679E8D52BAD769F.htm	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\{CF7D8275-38F3-42CF-AF3D-29B1BF918926}\NewShortcut7_B94EC0BE542B4F308679E8D52BAD769F.PDF	Jump to dropped file

Drops files with a non-matching file extension (content does not match file extension)

Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PSI\PSIPLOT\POSTSCRP\PSCRIPT.DRV	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\{CF7D8275-38F3-42CF-AF3D-29B1BF918926}\NewShortcut3_B94EC0BE542B4F308679E8D52BAD769F.htm	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\{CF7D8275-38F3-42CF-AF3D-29B1BF918926}\NewShortcut7_B94EC0BE542B4F308679E8D52BAD769F.PDF	Jump to dropped file

Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\readme.rtf	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PSI\PSIPLOT\README.TXT	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\PSI\PSIPLOT\README.rtf	Jump to behavior

Boot Survival

Sets file extension default program settings to executables

Source: C:\Windows\System32\msiexec.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PSIData\shell\open\command C:\Program Files (x86)\PSI\PSIPLOT\psiplot.exe %1	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PSIGraph.PSIPlot.8\shell\open\command C:\Program Files (x86)\PSI\PSIPLOT\PSIPLOT.EXE %1	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PSIReport\shell\open\command C:\Program Files (x86)\PSI\PSIPLOT\psiplot.exe %1	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PSIProject\shell\open\command C:\Program Files (x86)\PSI\PSIPLOT\psiplot.exe %1	Jump to behavior

Stores files to the Windows start menu directory

Source: C:\Windows\System32\msiexec.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSI-Plot	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSI-Plot\psiplot.lnk	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSI-Plot\Readme.lnk	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSI-Plot\TUTORIAL.lnk	Jump to behavior

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Source: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe	Code function: 7_2_004011E0 IsIconic,SendMessageA,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetClientRect,DrawIcon,PostMessageA,		7_2_004011E0
Source: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe	Code function: 7_2_0040ADDE MonitorFromWindow,IsIconic,GetWindowPlacement,GetWindowRect,		7_2_0040ADDE

Extensive use of GetProcAddress (often used to hide API calls)

Source: C:\Users\user\Desktop\plotdemo.exe

Code function: 0_2_00417252 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_00417252

Source: C:\Users\user\Desktop\plotdemo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Found dropped PE file which has not been started or loaded

Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PSI\PSIPLOT\POSTSCRP\PSCRIPT5.DLL	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PSI\PSIPLOT\POSTSCRP\PSCRIPT.DRV	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GSDLL32.DLL	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PSI\PSIPLOT\POSTSCRP\WinEx\PS5UI.DLL	Jump to dropped file
Source: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe	Dropped PE file which has not been started: C:\Windows\System32\spool\drivers\x64\PS5UI.DLL	Jump to dropped file
Source: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe	Dropped PE file which has not been started: C:\Windows\System32\spool\drivers\x64\PSCRIPT5.DLL	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PSI\PSIPLOT\POSTSCRP\ICONLIB.DLL	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PSI\PSIPLOT\POSTSCRP\PSMON.DLL	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PSI\PSIPLOT\PSIPLOT.EXE	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\{CF7D8275-38F3-42CF-AF3D-29B1BF918926}\NewShortcut3_B94EC0BE542B4F308679E8D52BAD769F.htm	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PSI\PSIPLOT\POSTSCRP\PS5UI.DLL	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\gdiplus.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PSI\PSIPLOT\POSTSCRP\WinEx\PSCRIPT5.DLL	Jump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIA4B2.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\{CF7D8275-38F3-42CF-AF3D-29B1BF918926}\NewShortcut7_B94EC0BE542B4F308679E8D52BAD769F.PDF	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GSWIN32C.EXE	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\PSI\PSIPLOT\GdiPlus.dll	Jump to dropped file

Source: C:\Users\user\Desktop\plotdemo.exe	File Volume queried: C:\Users\user\AppData\Local\Temp FullSizeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior

Source: C:\Users\user\Desktop\plotdemo.exe

Code function: 0_2_0041744C CreateEventA,GetProcAddress,SearchPathA,GetModuleFileNameA,FindFirstFileA,VirtualProtect,VirtualQuery,VirtualProtect,VirtualProtect,FindClose,FindClose,

0_2_0041744C

Source: C:\Users\user\Desktop\plotdemo.exe

Code function: 0_2_00411E38 GetVersionExA,GetSystemInfo,

0_2_00411E38

Source: C:\Users\user\Desktop\plotdemo.exe	File opened: C:\Users\user\AppData\Local\Temp\_is8C78\0x0409.ini	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	File opened: C:\Users\user\AppData\Local\Temp\_is8C78\	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	File opened: C:\Users\user\AppData\Local\Temp\	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Users\user\Desktop\plotdemo.exe	File opened: C:\Users\user\	Jump to behavior

Source: GS_RES.PS.2.dr	Binary or memory string: (END CATEGORY) VMDEBUG
Source: GS_RES.PS.2.dr	Binary or memory string: (END MISC) VMDEBUG
Source: GS_RES.PS.2.dr	Binary or memory string: (END GENERIC) VMDEBUG
Source: GS_RES.PS.2.dr	Binary or memory string: (END FIXED) VMDEBUG
Source: GS_RES.PS.2.dr	Binary or memory string: (BEGIN RESOURCES) VMDEBUG
Source: GS_RES.PS.2.dr	Binary or memory string: (END ENCODING) VMDEBUG

Source: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe	API call chain: ExitProcess graph end node
Source: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe	API call chain: ExitProcess graph end node

Source: C:\Windows\System32\msiexec.exe

Process information queried: ProcessInformation

Jump to behavior

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe

Code function: 7_2_004195B5 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

7_2_004195B5

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\plotdemo.exe

Code function: 0_2_0040E3D8 __EH_prolog,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,

0_2_0040E3D8

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\Desktop\plotdemo.exe

Code function: 0_2_00402C48 GetFileSize,GetProcessHeap,GetProcessHeap,RtlAllocateHeap,ReadFile,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,

0_2_00402C48

Source: C:\Users\user\Desktop\plotdemo.exe	Code function: 0_2_00421C4C SetUnhandledExceptionFilter,	0_2_00421C4C
Source: C:\Users\user\Desktop\plotdemo.exe	Code function: 0_2_00421C3A SetUnhandledExceptionFilter,	0_2_00421C3A
Source: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe	Code function: 7_2_0041F842 _raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	7_2_0041F842
Source: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe	Code function: 7_2_0041AABB SetUnhandledExceptionFilter,	7_2_0041AABB
Source: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe	Code function: 7_2_004195B5 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	7_2_004195B5
Source: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe	Code function: 7_2_00414E70 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	7_2_00414E70

Source: C:\Users\user\Desktop\plotdemo.exe

Code function: 0_2_0041664E GetCurrentThread,OpenThreadToken,GetLastError,GetLastError,GetCurrentProcess,OpenProcessToken,GetLastError,GetTokenInformation,GetTokenInformation,GetLastError,GetTokenInformation,AllocateAndInitializeSid,EqualSid,FreeSid,

0_2_0041664E

Source: plotdemo.exe	Binary or memory string: Shell_TrayWnd
Source: plotdemo.exe	Binary or memory string: %s SetupLogFileNameSoftware\InstallShield\ISWI\7.0\SetupExeLogShell_TrayWndArialCancel%x,ALLCANCELDescriptionMSlovenianBasquedefault%#04xTitle.iniNoSuppressRebootKeyDotNetOptionalInstallIfSilentDotNetOptionalSETUPEXEDIRCertKeyISScript.MsiCacheFolderCacheRootLocationTypeScriptVerSuppressWrongOSSuppressReboot dotnetredistSp2.exelangpack.exeMicrosoft(R) .NET FrameworkJ#CmdLine/jscmd:\"""/q:a /C:\"J#Version/jsharpver:DotNetLangPacks /langs: /coreui:DotNetLangPackCmd /langcmd:"/c:\"\" /q:a" DotNetFxCmd" /c:" /ver: /q:a /l%d /q:a /c:"install /q"vjredist.exeDotNetCoreSetupUILang1033dotnetredist.exedotnetfx.exeInstallerLocationSoftware\Microsoft\Windows\CurrentVersion\Installer1.01.1J#OptionalJ#InstallOptionIfSilentISSCHEDULEREBOOT=1 ISSCHEDULEREBOOT=1ISScript10.Msiinstmsi30.exeRunAsLaunchingUser]

Contains functionality to query CPU information (cpuid)

Source: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe

Code function: 7_2_00421F05 cpuid

7_2_00421F05

Contains functionality to query locales information (e.g. system language)

Source: C:\Users\user\Desktop\plotdemo.exe	Code function: GetLocaleInfoA,	0_2_004167D1
Source: C:\Users\user\Desktop\plotdemo.exe	Code function: GetLocaleInfoA,TranslateCharsetInfo,	0_2_00416774
Source: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe	Code function: _strcpy_s,GetLocaleInfoA,__snprintf_s,LoadLibraryA,	7_2_00407DFE
Source: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe	Code function: GetThreadLocale,GetLocaleInfoA,GetACP,	7_2_0042641C
Source: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe	Code function: GetLocaleInfoA,	7_2_00423D63

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\SysWOW64\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Source: C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe

Code function: 7_2_0041B36D GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

7_2_0041B36D

Source: C:\Users\user\Desktop\plotdemo.exe

Code function: 0_2_0041DB0C EntryPoint,GetVersion,GetCommandLineA,GetStartupInfoA,GetModuleHandleA,

0_2_0041DB0C

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

Name	Type	MD5	SHA1	SHA256
C:\Config.Msi\5ee892.rbs	data	646EEC09315EEA73C66E6722F6203A42	4D909790C3CD23B7A6A95A85BF08FC89D5AF2188	75AFBA54B74D6AFC535C051E974B093062B8A6BC622ADD0626D0A62F5C4ADB78
C:\Program Files (x86)\PSI\PSIPLOT\$LASTTSM.TSM	ASCII text, with CRLF line terminators	F0F6107B2F5CF96E75518FC3AA3EDCA8	A25EE660CE84BE74B4130F82E08FCE8E7C8254B8	281D523C374D935B8D63AFEA6CAB79D5DBA5BBD8C0152F4A147B64BF137E1CA5
C:\Program Files (x86)\PSI\PSIPLOT\$PSFIT.EQN	ASCII text, with CRLF line terminators	6C16CD34FE54EE62DC82220CCAD2E769	EAFA9266C70A00E46C83D683F59FA3947B983D2E	85D09253113F8F7FE9920357E26D1B97A198BE804EC115C49163517F146E476D
C:\Program Files (x86)\PSI\PSIPLOT\BLUE.CLR	Generic INItialization configuration [LINE_COLOR_RGB]	B4EEE8FFE5BFA6842D360156D9C6E584	B745A8FC02C0E26F006570FDAF581C623323449E	11166646F05BBF7B19523A81D038858EF7D8097DEFAC2BAA0B1474E7D7B3A431
C:\Program Files (x86)\PSI\PSIPLOT\BLUE_INV.CLR	Generic INItialization configuration [LINE_COLOR_RGB]	8D131F7E3D69BA7AE7B07040F941C3B6	6C1F4A04F1CC4528E21956B898B385A316212841	6A9182AC03CDC279EFC53B2ED903C3089D554D9911F3A2E979C54953357BB685
C:\Program Files (x86)\PSI\PSIPLOT\CHEMSTIF.ODE	ASCII text, with CRLF line terminators	4526AB013F56DC93B69CC822A811443B	A5271C89CC76DA359DC4B598A23182F6D9292EEF	95D38D7D24BE4185A13C4B12D92FE97A037F0F69F66DB3F785CF474A0D8A72C1
C:\Program Files (x86)\PSI\PSIPLOT\DEFAULT.CLR	Generic INItialization configuration [LINE_COLOR_RGB]	8E9B26C7BD8899F41F6BA451440B45A4	52BA4249D04932C9008FE08B66F875193302932C	D2D1625AD66748843CEDC2A87B7187CEF60B675DB4BCCE153151A55BC4738917
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\A010013L.PFB	PostScript Type 1 font program data (URWGothicL-Book 1.05)	37495C1E231421084D87820806D42CDC	BCAB93E05FB8B75F426C53DE982281F695A2F2F3	443B90AEDD8CB6EE4166437B24D51C7B46A6CE60564910F00664C5C7A9F405E8
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\A010015L.PFB	PostScript Type 1 font program data (URWGothicL-Demi 1.05)	F20BEE7D266AC21E410927874882A384	B8A5CEF1DCCA5E974F8F64E373A20652A6946023	9A93E4EFECE0BD91AAB95F553F30FFB6D5A72E364566E6BC05D6C2FE634C471A
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\A010033L.PFB	PostScript Type 1 font program data (URWGothicL-BookObli 1.05)	6BE160BB20A31B7567BB4E0A57B376F1	3894176A336C9E3D5E026F8A377536C38C07C84A	9D42FB992D17449E10812D12CDBDA225186170BA6AEE791D71BF17DF5B1E3138
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\A010035L.PFB	PostScript Type 1 font program data (URWGothicL-DemiObli 1.05)	596CC9C168C3050C9C2005C6220625CE	756FBF56CEC9B93F032753C43CD76E0C791A801B	AAA813E40638F164D0BC39DF608247A62AC0433EE01702286911EC3D87E7A491
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\ACCTEST.PS	PostScript document text	8FED6C0DA44A275A2C8CA8518558D5B0	906595CE045508EB6CAD0E52B47D57B691FFD65F	1805C90E1D3BEA603DA01431459EAAD8265BCE50F923FF19968BD5D7A883DA3A
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\ADDXCHAR.PS	ASCII text, with CRLF line terminators	39F595A328C4BAF269E541F91FF0BD86	E0D1174AB4024EE6C35DFE24FFD6B1DA87586EFC	95791D5F9D9FD72E8D10B580A72727E8BE71E4DC0AC0172D86B7DD8A72B58200
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\ALIGN.PS	ASCII text, with CRLF line terminators	B0525EFB4B7DCE7B2C472B8FB3E565E0	E4BC6293066BCBF75327CA2A2A6A50970D0D9168	028C00F7EEDE3DD1AF79D0BDF4A817EF710D154A425D35E90059A5E49E82AB4E
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\Agrement.rtf	Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033	B8AEF13B43DF936E040839E635288558	F8DF69D81F482BE9F140549405385A989F798019	DE43F8310756C2E96EF36C41CEB16A22CC4850AF2D7911AF7510480CF0DB62EE
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\B018012L.PFB	PostScript Type 1 font program data (URWBookmanL-Ligh 1.05)	6B22CEA7B9558C69BAC00CBDC55A9953	BCD9D42F3BDC9F63C1B378E773D7612920589B51	77898454FCF5A5226107CAA4F032C98144C6F95E544F7D568207F0F683E9DEF5
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\B018015L.PFB	PostScript Type 1 font program data (URWBookmanL-DemiBold 1.05)	F7F73D132286E7860B4A7010DE7F597C	AD720FFBA556F298FCBA8F7F86ECF7F7838A967D	4B743E4FDE6068212099F2E66045C9584C0C969F891252D14A61B06FBA831DBA
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\B018032L.PFB	PostScript Type 1 font program data (URWBookmanL-LighItal 1.05)	E6F462FE4E2C0D41F03E92355604B703	6D6E59FB96279FEB1EECEF68631499563280C7B8	3D2632C5D818E01817030B1D8D52CCADB5F1B1241DFC50099BC4B4179C08737F
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\B018035L.PFB	PostScript Type 1 font program data (URWBookmanL-DemiBoldItal 1.05)	29EE82A2C9F6E409ECA46F5AA0177C43	072D3DCECBACFF3A7E574D72D3FB175B2ADB34E0	2FDB17B2C73ECC2B7A2228EA3E6605E0BCA561DA0528B97733FDB0639869F487
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\BDFTOPS.PS	ASCII text, with CRLF line terminators	DF04A87E51664C96EA8A663FAED078F7	363C5CF56BD339EA72F1BC88833CB96F56534535	0A6D5C64D12E48893AC37BE750E3C1F6756222D51197CDA75C62ACF9CB67018B
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\C059013L.PFB	PostScript Type 1 font program data (CenturySchL-Roma 1.05)	624E2AFDF1987AF1003E0FA8F7D5D313	D7EEB0FFE9FF6A1F231B92F91FC3F7A45AA7EB51	B28FB9A7DF64C496ED834F38AB5EF7B4741F8DC6977B06B9F97721841EB3EC43
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\C059016L.PFB	PostScript Type 1 font program data (CenturySchL-Bold 1.05)	96901A485F69890F3D64B5F7B7218EB3	288D5E34251DD4A0B5382EAD7B34221185D6255B	02C98BE2C553F9FA46A584F30C182BE0D56FC5A6A2A3F70B0A06DDAC6B50F624
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\C059033L.PFB	PostScript Type 1 font program data (CenturySchL-Ital 1.05)	E347AAF9B53B931665EC33B7DDE3A94C	353C187162B28D1883B7D53DC6E102EA83A1486C	B57348E25CB8C86416E77CF455539EF94479B638400E60EF89C5CB7656B9F2C3
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\C059036L.PFB	PostScript Type 1 font program data (CenturySchL-BoldItal 1.05)	475A89D73CB41D055C51F6904E5C8480	16917A1FFAF53B2455A0465787C318A377DD401C	C02EBD9626A3DE7A216A6B4227F34787C11E9BC7ED951A55FE37B3EB3A959206
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\CAPTION.PS	PostScript document text	30C8715E29EAC93784C8202A0DC6F105	D401DFD5CCAFF76291E7DA304F845C82D7739A28	AE9AC3168C8B632A3AEF7E4A25AE58CA1D2B212A7CCDFC777216899E9BB18BD1
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\CID2CODE.PS	ASCII text, with CRLF line terminators	0B71169D613D81277951CE14F19C3719	071F4E348140C6188420E5A0613DA03A25526010	2893EF8B6D10BCB4453AAEA63E63E8C499B16494B3D0D165725A433099C987AE
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\COPYING	ASCII text, with CRLF line terminators	46AAF69A91703493B666F212A04F2D8D	B9E28040DE9D8773C5B0CC8108869E8F3F287798	DA0ECA0FB517AC939D167924C9D4B3F8750A6B7191932EF2CB145ACFA624AC7E
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\D050000L.PFB	PostScript Type 1 font program data (Dingbats 001.005)	6DFCB282CF470CEB18D57D017B7898D6	C0A5A91281F38149B0ABE84E578FA48F4EF2D4D9	1ED716566691399AAEE420B07FB18CE0AFFBD883091862C68184997A8D6F1A7A
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\DECRYPT.PS	ASCII text, with CRLF line terminators	44C04AE5562FC25FE44358E94C5F69D8	2CA2F2F0F3BE964732E379C23BD9DEECCB4B59B5	9E853B7BB2AD959C75DCFCB6B21B0DAE5CC02CAAC4E3A0A483E8DDEE4D9AA12B
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\DOCIE.PS	ASCII text, with CRLF line terminators	5563BC03639500829BC75BD42A48B248	2BED51FA6246DF8704A297F1437FE72D5A9C8625	23919773D62D8EFB29F273DAAFD783FDB1661F910952541813A1B21AB92905DA
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\ERRPAGE.PS	PostScript document text	F1723E84BE1CC68389769074C70C0476	B00DCE9F805EE71E5FA5FA5F7BBCBAA40A763D89	A84B8968D2D269382A000C7F335EF925FB4CA0C7C02FC4C4E9D54FC34EAB3DB5
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\FONT2C.PS	ASCII text, with CRLF line terminators	3D916AD7127AC660FED04747661FC8C1	60B9870BDD96AD61BB0E1D5FBAA0C2E86690B0E7	DADC709704F30427D591C9362EDE0AA04E9C7159AEDB445DB00289E8871D8A3A
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\FONT2PCL.PS	ASCII text, with CRLF line terminators	77E64092CDA129F47AAA4296C0CDC410	5B7F511E9C10C06CCE98625257535E642CEF2BD7	C85CB5F24D5460E82849B6FD35A21AE67878330169BCB71A4ACF871E7E2435C5
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\Fontmap	PostScript document text	3C0EA1D0E7EAB2295940CAE73F8826FB	9C204F8B730DB4407652B24F5BAC2C1ADAE382B4	2DA65C8ACC7C21BBA085EC91994DC20CBA7755D39ADEB890529B751B4FAC083D
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\Fontmap.GS	ASCII text, with CRLF line terminators	E9B9A5BBA746ADE946A12EC0850E5586	8CB5A06B3635F564386EC914EE29A36CB33C0DC7	9A20047CF6F1938E223ECA9B7D78B327993AD4121C2A857FDAAFB39DC51A1F82
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GSDLL32.DLL	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	5DC008B8D2082D1846D0AF80B26F06C1	1B2891392C87579791135642B5C6FF45572DFA66	02F35C8DF735E28D31645D789A4BF5D3131F18AE9D8E90A6239646053A03D59C
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GSLP.PS	ASCII text, with CRLF line terminators	827185965C85951B68E6A4272A262124	9C5290EA74FAE8DF934D43FAF0D8FF243AE09341	4F8A1643AF738B38B1DE0E237A4318B7795E79C3291900272792812381BA2417
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GSNUP.PS	PostScript document text	5F3CA54F417DD02299B8DCFDD1BF231E	E91D71E39962E5E3B6A450092228759FDA977433	2F5AC268D5B0E2A0B075F0980AFB27BA215D50AC228AB45F21671C87247121EA
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GSWIN32C.EXE	PE32 executable (console) Intel 80386, for MS Windows	CCA6B52049582CDC9F57BAC1D3337454	D126C8731C9DD94C14133FBF54C1A9F514B4094D	4B9421448B243C86ED96F72DAC50D5E48C58FD02B91F19DAB2F8B1D27BDDA8B1
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GS_AGL.PS	ASCII text, with CRLF line terminators	60F39522A1D42CCB20B005ED81A779BE	2131D1C6B8FF2991A83CC920B2B7CBB4EA8E8248	F297D294B755AF3A224E4F776A3AC133FDBAD47734187CE77F05A9E43FBC7969
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GS_BTOKN.PS	ASCII text, with CRLF line terminators	D06B2E8C400608D4574936AC3DC867BC	1EDFB533D4C38CE107DC6A56950300E12A477111	8F6ED675FF20A0FDE2FAC9896D73C4221F9793CE4FDC756709AC031012B4CBA2
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GS_CCFNT.PS	ASCII text, with CRLF line terminators	C8807EA573DF0421AF5593277BDC19EF	74DCB97285C4733334DCC816440A2561A2316EEE	27F60F3618AEE87B5EF4749DEE3E2925660CDC5E8F74A2A201C221A4CB74597D
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GS_CE_E.PS	ASCII text, with CRLF line terminators	8FC79B129D06BC0FBBBB6C5AE4E1B236	B28E08140C6D4DF8DB64E20F749F5475B26348D6	4F64AB97250536A09492692D6198DC677E751FF8E0CF91A80F97FF32C7DB48D3
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GS_CFF.PS	ASCII text, with CRLF line terminators	39EE2681D108309082582EEFD40C999C	257CA0ED664B739A4C2F65CB5951C234DDE0D86D	E938BEB2F74AD88DA99C4ABA65E056DCACE7047639A5A31D5A2DB2051B845E49
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GS_CIDCM.PS	ASCII text, with CRLF line terminators	E41DDB3BE65E36DC5388BB0672C91F00	121D05CDB988A35BF78249ED0CB2A7E5D6E9E482	0255DCF902969D5AA82F9857B4C0A1232E4AA7D2E2E9D1BC12C51FF4CF22565C
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GS_CIDFN.PS	ASCII text, with CRLF line terminators	0FE39F82639ABF7A107D09CD3F0EF6B5	DC534903A7ABBC9456CEED73C6AF73563D7A4A3C	E6D1BCF862E6404EF72C8AA86E32C3B5CAB8D85A815F08F098D1042B76DB1523
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GS_CMAP.PS	ASCII text, with CRLF line terminators	52087AEEB62CD61B5BC8F238FDDCFAED	34687D7908C91717848FB3B694E8E5FC77D361B6	B4E2997EDC53D8F7CDB403D9DC24D8E161088855D5A9965DC6E25891882BEB42
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GS_CMDL.PS	ASCII text, with CRLF line terminators	B75FB6C3E35EFCD1A82F341DFF940C11	6DA338B627C4D016AD93DD70AA202063AA949EA0	E57051428A14DEA7C83B8FBE8AFBD61AE77EF59B0E3FD87CBF2D336E20B28AEB
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GS_CSS_E.PS	ASCII text, with CRLF line terminators	39BCF1CFF315A5301AE0F1B8EC086CCB	80AC780EEBED1B6A9D936322E8903CFB5992EF43	CA9B5AB379B4B9A6CD5AFA5D7126FBE3386912CD69120A7AFB566E479E01FE98
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GS_DBT_E.PS	ASCII text, with CRLF line terminators	C58D507B14CA5166DA2A22571F13E12C	2D6A3DD47847C96A30439F764DEE4B2095A24645	BBCD949B115C607526DFC9B0C1A408439B7DC8C04B4EC3B0218E9963C59C392E
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GS_DISKF.PS	ASCII text, with CRLF line terminators	0BCA381FD316A49D1D89C4937A26C83F	51BC825547C8BEAAB89FBBFED8A2431D8F2722EA	5D0E3ED36DF8F90A9FBC0FCB0D74BE95914339E7E693F5BA40276DDCC5C621FE
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GS_DPNXT.PS	ASCII text, with CRLF line terminators	22B0438C71E152F8FFE4C2B441035B16	F5E13F5727E0335C5460F6487FB1BB10096D33B0	60B0311A8984DD7607E0BF02BD85930507CE430E8112612BCB1BA071C4EDAA73
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GS_DPS.PS	ASCII text, with CRLF line terminators	A0ED280BAFB8AF1AACDE5384A1147781	7374539221A00744FA8ED8CB7820BBC4285591F4	E2A157BBE2081DA42370D731285CBBCC1E8FF61F322B73AA12B6FCFE3C454D20
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GS_DPS1.PS	ASCII text, with CRLF line terminators	ECD5D5259C34039EBCCD24FB5B1AFC70	75B5ABEB032C0EEEEF9C08491A7FBF6F3B854A4D	86C84C64F61EDA97D091FF33FD120205C6F7127920782FED7089F67EB096594F
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GS_DPS2.PS	ASCII text, with CRLF line terminators	71ACFD7BC491A8CDA464EA798057D81A	3D49D7D949A0F83A46A0394A87A342E926CF50D6	F890CE27E01AC8848520E985A30E67355A925CED39FA0E1785912E2917E77BF0
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GS_DSCP.PS	ASCII text, with CRLF line terminators	D7C87C98D8EE91FBBB27AB0F3CBD9FBD	CB8861603F5DDFEDA99204FE18B845631CE78123	50B703F45D3DC7A3344CA838D7843AC2E5E7498B36F2312FDDF24EF51CC84F31
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GS_EPSF.PS	ASCII text, with CRLF line terminators	CD363FAC8FAAE5212B63F2400F5368D4	941A701B34617D9DCC2FAFB135F371F62168BAB4	B4475641A03EEE7BBB7D1C83D91A92853E8ECA546DBEB21BC0ABEF3CF810F63A
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GS_FFORM.PS	ASCII text, with CRLF line terminators	3D948A3867F8E0CA108EFE8EB97C5E36	B218261C2DC1B69AB90FD5B67CB2CCD228BF648E	240FD95A02CC65449C651B410232A810F6B87593574483AAAE1DB8595954D97A
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GS_FONTS.PS	assembler source, ASCII text, with CRLF line terminators	EF93417B6F43CE383807C6028773FE5F	DC2BB634D36CA5547E827E0D1AA46BB1902E4148	B2807B33BB91110D9E18ECB1AB0B77CEA6AC23FC121C9BC794750FAE44068156
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GS_FRSD.PS	ASCII text, with CRLF line terminators	68E806B3143D1007EC1AF900D9E3B29A	5FD8DE811092A1A2B1E7752B823F302C951E3B02	C3C01A1CDFCA1BDFC3A1097632511AF150A870B2884879E1BD30FCAEFE3527AD
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GS_ICC.PS	ASCII text, with CRLF line terminators	91DBA0CBED49EF9AAC6E5AA7060DE7B6	74D838B6A3628D62EC4AD5ECAAEA3E73E0F78DE2	2CECE0AC98232B509451B2A3D32D4493D66D33E68D48B9F5FA5A8F6291B63CA4
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GS_IL1_E.PS	ASCII text, with CRLF line terminators	56723C7B243741A2CD912578FB2EFDDC	747A67192179D8288C443798F940CA6BC351A313	1683FA4C1ADECA4A70177825764DB747ADE77F5CF6B381E0516F52C25D8B47A4
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GS_IL2_E.PS	ASCII text, with CRLF line terminators	8A16EA2F107E1A7887F8260BE89029AE	C29FD95C04248D8923A4C8A9D805E7F1A83095E8	11E16F13D38A435664AE7FCE01495D6D7301711343584518E064A4916E2E9CC3
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GS_INIT.PS	ASCII text, with CRLF line terminators	D4EBA9FC1659FDB5974D18EC504C7B8C	AAED62241FB077486F2DFC20A258CD3A998586BD	2CF039BA6F9F924F19D220137A4434BCE77152479D804F672D47696B3AD00993
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GS_KANJI.PS	ASCII text, with CRLF line terminators	5E4BD8E7D14890B0E01893B4603C7810	9FBB0DA3084D202142349DEC039476BF604BB479	9EBE55288AC012C5201D32F20B53AC4DAF0DC5EEE7FF11173BBA9252884B5983
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GS_KSB_E.PS	ASCII text, with CRLF line terminators	25988684C5E18D110739CF668D77629D	E8D029D97DB73B43E7FB65F501629DE503D32FA4	41A141E11E8A5FDCC219205C3712F72166415A2079698B724DA176A8A2F601C7
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GS_L2IMG.PS	ASCII text, with CRLF line terminators	CEFB7654985F929B1E53004224375B2C	7D5DE78987BAE633A717B7D450DA55BA6C77785C	C3DC096444980950DFCD6AFDC8D24D2C990D2B01C8F1A6B9AB772EA8FDF15466
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GS_LEV2.PS	ASCII text, with CRLF line terminators	1383F8D072D4D1A6ABBF92967CFB8657	64B2948BA754ED6270BC8EDD338AE870B8A3F196	A494FC34D787FF3F79F6A59CC7307D33FBD90E7C5B9724B93E6C7FFD819B0E79
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GS_LGO_E.PS	ASCII text, with CRLF line terminators	2914FDAF3AA6D1C0DB50B8977652509A	2A4BB012AA34474FC0F64233A850043C17E27175	A865E403706EEC827BD0B62BCD08618737C51210B25EA6A5B70B0A5FAF50C4A3
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GS_LGX_E.PS	ASCII text, with CRLF line terminators	05F6408939413221AD0ABC235B7A6E40	D0515F2076806F6B9CF3C6974B161D8F779FC397	529FD1C73A55033B1CBBAB020B9089BFA8C4C51F7CF13860D280A2B5A1ED643C
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GS_LL3.PS	ASCII text, with CRLF line terminators	300B794C57702C479C93B2D240F61204	CC94E85DEB8F0589B60044714D2849D8BDCB45BD	EAC4B82F4C6E729FDCFE28DD8AEB7F301ABEC995B039C55AD1016F3E29DD0074
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GS_MEX_E.PS	ASCII text, with CRLF line terminators	AF70B8807E6F25B9A12FE85752DEBF04	334B38B64D55C331C02958CEB71220A9BF8F7519	3CF8D6E8E8A0B9534FEF254ADB59F1803E83A10A03E13B0BF1136215FF16FEC7
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GS_MGL_E.PS	ASCII text, with CRLF line terminators	05ECAF2BA23D77AC2C3ED9C49318F264	F9F9B9F06AEE7DBA1A3C86E641D8C5168F3A2BFA	293F9227ED92DA52E9536D0B9501B7FFE933341173A97CA294C50E360CA98C12
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GS_MRO_E.PS	ASCII text, with CRLF line terminators	48CE14B59B43C43F0CA6DFC18E295DEF	A51288588F4A78AB7F3F9303E1D1DF1FA3DF7967	B7D16E130EEC6D6FF2036974F213E90C911580BC627F31CCFCDC46A76D4D667F
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GS_PDF_E.PS	ASCII text, with CRLF line terminators	6AF5F9467AE5BB007E50880524831BA4	0D6310D14729BF5EC7AA7F538A58E999332BCD3B	CCBAD15115D1BFE29061A2BC4F6EFA06778C491C85627CC3E04004147B670FF3
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GS_PFILE.PS	ASCII text, with CRLF line terminators	4D98C149985DF6C3994AFD5330F13F3D	6072F0401428B835B329820ACC1682856C853573	6E69FB6BBFDA550CC3EBA1EB2D49B3D0B70A3FBEA2BD8314CFC8871EA1B8C745
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GS_RDLIN.PS	ASCII text, with CRLF line terminators	AA56231A2DA1B18C0899EF5EB22B3AB6	FFA4E484C2080BAE2A4B0C842130FCAFA72F9338	69FDE1916C810DA51BDDDFDBC97972707171DEC3B4DA0CF953DFC05688FE446A
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GS_RES.PS	ASCII text, with CRLF line terminators	498BAF57FEE806645BD6EAC073F393D8	27E74F6C01C048845D8BACBB219E62DBC81A3A6E	84FF68FF0DB9C74B0FA78A959B35C8A5C1977234808E4BCC292D2C88C0A78A6C
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GS_SETPD.PS	ASCII text, with CRLF line terminators	88440097233791ACE031E92333125B3E	B1B8162AED9D5E6DBDCB81F219B980AA028EC31B	2094781FFC5D17E062D57D296E3C7788CA0A985918461CBBE3028C7C89C302E1
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GS_STATD.PS	ASCII text, with CRLF line terminators	32BCEFB6BE91979CF81FDB0591D8D90C	FD508A417A7C52DD21BC77D39A600357D6BFEA07	1FA01585BEDDE03A4312494BA047A8E45FA57ADAA7C36F1A2133F3B85FA2A255
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GS_STD_E.PS	ASCII text, with CRLF line terminators	E079B6BB3944ED323D9F468EF0FD7FA0	52E7CFEDD4C099C51A9218BD62D64D929005C0EC	B69CD62EFA763D615A1DABEECF6039812AAAE216FA586C94CC0CA62B2CF10033
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GS_SYM_E.PS	ASCII text, with CRLF line terminators	2B15B931932DAF952CFEEAA7C4853443	F029E7A5EB8CC683CE841C6DCBB6E156379594F7	5DBD15EA944B318E57E75EC652AEB842CEAF5459774818D63C5BD3022D8665F5
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GS_TRAP.PS	ASCII text, with CRLF line terminators	12A6DCA67A07F8D08D5F592E895BC359	495CD78F2AD4B5B7938D693294429997729E6907	798BD2AFEA78BDE44C1A3CD84647AFB3EC7337A43316441F8BD3624440F9091B
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GS_TTF.PS	ASCII text, with CRLF line terminators	FC984EF2DB13A3AECCDFAD0D576640F9	A9A85B2A44748DFA6BD8280C2AD6578CB5EF7743	5468FABEF2F60AE8736748D43E032E8E01CC6C516B8DA9EBFB1DB3215E1EA4A3
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GS_TYP32.PS	ASCII text, with CRLF line terminators	8B120CA2C3445DC323730BB953174706	F336CFD114B949ABAE1A39BBADB27CB348EEB2DF	A4C013209DEDB09F5EB5DD5F5E5D68657ED286095F6A58CD7A930E32AB59FB50
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GS_TYP42.PS	ASCII text, with CRLF line terminators	265C930147E688DFD3D851A2AB054849	058F0C88F9700995604F4208AF8DCFEF125A5FAC	AEEBB937877BD285BEEC3808ABE60C9A3BB1104D6D051F1A00EC5F9224A76B37
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GS_TYPE1.PS	ASCII text, with CRLF line terminators	7833C296F9F7BE49A12A73123CBEA1E4	4E6F724164D3716F3247C04FB0EE10963F3244E8	45C3E70401CE3C6A8B3236D5B6A7BF4C38A09371E2B4A038DA6DAB32044AC1BE
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GS_WAN_E.PS	ASCII text, with CRLF line terminators	741E48B77570DC89093A1AD601644945	9D35BDBC8A1AB2C3B204F96EC0F30EFB6D7DB3AC	A99316161290E18CA7E03D172D84E43CCCB4A01CF966F5D9F12AB183D914B61E
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GS_WL1_E.PS	ASCII text, with CRLF line terminators	4CDD6EB27A3999A37BC3C7D910411E32	8FE1A1D836FC17015C14F652C781DF00D4FB5945	CCB2C2DA5AF3A436FD76303FDD755E59D13AF820C53F9FCB4C5D741185BC664B
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GS_WL2_E.PS	ASCII text, with CRLF line terminators	B4E89CCFC9025AD76F98E0748F289F69	0B5E789B281C84FFE1ADACFF12DE62E9D438D3CA	AB54D0D14BB46887A50F65A4CF35FD066DA58C1063463BFDDB24B57DF2103248
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\GS_WL5_E.PS	ASCII text, with CRLF line terminators	EC6B23E70504A23D73A1316A299A0AB5	BB8C58023F10B2C875F44C3752F6A069E81C15B6	A0BB5F05236AF8747EF3A3B3EEAED60A9D92A3C32B7DE5FB9ACA24E7D471A1CD
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\Gs_pdfwr.ps	ASCII text, with CRLF line terminators	5A0900A651F8C2F1193E954DA2B31206	6E7E5FAFA113E5E8801963CF310355FA7EA40468	40F8ED533A7909BFE96794E4AC85B014F2FC9892DA3BA6339214EC8C9C9408A8
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\HT_CCSTO.PS	PostScript document text	2CA39E10F82EEC47FEC33E15ED998356	7E7A03662FCCAE2AF9588FE5D12E253540AE2828	0FCA7F8186A539816E08B0408F4CFC65BDDDAB6E39820F201BB8087577546AC5
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\IMAGE-QA.PS	PostScript document text	7EF5473AE611E317967AFE336CCBCD49	CA99AAF4B44CBBE732F086E2783C5B31028C0569	7A57E8121D43F06F1BCC332A4DD10FAFA38504A9F9AEBED8FD60F36B6248E90C
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\IMPATH.PS	ASCII text, with CRLF line terminators	31830F5477AAB5DC1F48F1C73611149C	C26990407AF0A3641BD520481D66B07BBE69EEF6	4A053072001B166C4CD538F01D235F77664757B6413007270E86E627FC516E7F
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\JISPAPER.PS	ASCII text, with CRLF line terminators	1B92B5A4A8C8A85F653C5997D4812F9F	AE189C2B28D60389EDADD8DB12576D2C0EEC5F08	30E86A86CFC6539188031751C84BCA6FD5B5FD50CA151D2A2B10788F4BF5930E
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\LANDSCAP.PS	PostScript document text	5FB86FBF44844076889E2B11EB49E9B6	D2FE2D979B65C2422FFD9CA0D3689353A11DA97E	3A8518A6D22811059ECE49311E2ECA1798F808BE2CCB0CE5E1463D2522F96959
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\LEVEL1.PS	PostScript document text	EA5BD52F5607CC737F147C052EC679B5	B5AA98F4CAC46641C889D047D9BD93D6BC382A58	B6BB7EEEC860578721DA85B812A062DF318499689AC621E1C3259BDBCB19A7A4
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\LINES.PS	PostScript document text	0AEF22CF9577962E4E9FE2CAFA7DB487	545F84CB9E435A9915470ECA34155E90B8C6A5A1	DBDF60D17C4F27A8AD16C39E50888DEBD091007D786AEF26C275D6E56A08C712
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\MARKHINT.PS	ASCII text, with CRLF line terminators	1467348BEB6149CC0E51112097461176	3F50B4D276C809B3533B1ACC3A63D690DC8AC6A2	BBD674E43106EE28F87CB54F624A823F90ACA6EC11CB15E50828127C73EE366C
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\MARKPATH.PS	ASCII text, with CRLF line terminators	59F07140010E336CB0B9F7B24FEE3C83	E4AE5180FC647264F5AFA1A28DFF43231D2B6AFE	596B41755ADCE0A00ED30E179362B5A4C919BB207F53A25E20C9942FE3683EDF
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\N019003L.PFB	PostScript Type 1 font program data (NimbusSanL-Regu 1.05)	1C3092ED18554C09919B386FFA7EAB85	B9967F8348C302BED0BDED2AEDC64A6F265D6BB4	D89A0769709568F00EC6B4ED380D006D78CA20378AD1D8A7CFE7065C17C7FD12
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\N019004L.PFB	PostScript Type 1 font program data (NimbusSanL-Bold 1.05)	F27169CC74234D5BD5E4CCA5ABAFAABB	ACB56E3A4F2842EB6CA12D128013CEB2FB94C818	A7A8CF4B173B410FFF6D8F006ACE207322BC52183BF219D2CE996CAB8A14000C
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\N019023L.PFB	PostScript Type 1 font program data (NimbusSanL-ReguItal 1.05)	E2C3D78AE784576039D060EA3DD69F53	142992AF29B4B1E8A92FD2953350A64F444D0595	9B73948CD5E431033F7E74D470B027D55B12E39F5089DBAB3EB7226B5ED2E46B
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\N019024L.PFB	PostScript Type 1 font program data (NimbusSanL-BoldItal 1.05)	B244066151B1E3E718F9B8E88A5FF23B	5C05F8702439B8B74F085BC5FB6948A7CB56F15C	E58B4C3D3ED978534C3D34A30677C25680F5AD931FB0C3D4F53726AABFE5C956
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\N019043L.PFB	PostScript Type 1 font program data (NimbusSanL-ReguCond 1.05)	F4EA732593D153340AAE1867E8E9191C	C61F24007D849B68B1CFEA1C7C6E03E484895515	B4FBA13909A937B7EAB7309EB5C11CFE4F85622B8EF58C286985AACF7AC1664C
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\N019044L.PFB	PostScript Type 1 font program data (NimbusSanL-BoldCond 1.05)	028AD04A0B0A32799D94FAF5AB58D017	95DF2A6029BFF545D2029F2C44FC0F3F570B8D74	3E94DD14A6E795E54D9CFEEF14D5E134513AD075E068381ED53856BC45CBE186
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\N019063L.PFB	PostScript Type 1 font program data (NimbusSanL-ReguCondItal 1.05)	475CF037458FA01B9599286E6150664C	E115CBAE7363F1F9353DE3E197D216AD22D5C8B6	4EB87A23CFFE7E16F1FFB3A6888F60648485501C463C6B8E5EDE4064FF512E6B
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\N019064L.PFB	PostScript Type 1 font program data (NimbusSanL-BoldCondItal 1.05)	B43A4631CB368EF10F010BAAA14C2BAB	718B6DABF10AA4483910569DF47ED3C433D8764F	884DC72A4B7EE8FD7045DA42C694E4028740DEEB3FB9BEF432B9463492E528A8
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\N021003L.PFB	PostScript Type 1 font program data (NimbusRomNo9L-Regu 1.05)	6DAB18B61C907687B520C72847215A68	9CA8A1BE180C6A054B6335302466633BF9022CD2	2EF9D47303D25F3C9553A43255DAE8C39160E130AD5ED34444E39DEE03D796A1
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\N021004L.PFB	PostScript Type 1 font program data (NimbusRomNo9L-Medi 1.05)	811D6C62865936705A31C797A1D5DADA	783231EBD8E9667E9BABAAE80C2FCE59C0671241	7F3F19F61452892A29D06AF2836331CA78AED29390914D294F7A440D35927142
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\N021023L.PFB	PostScript Type 1 font program data (NimbusRomNo9L-ReguItal 1.05)	A3FABA884469519614CA56BA5F6B1DE1	52B319F7E1663DD4D87310D2DA18B81B83DACC90	F9A0C528B42D2DED2884E31CF1D225B81739CA9B17A0E7CB362FAD404CE0AEDF
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\N021024L.PFB	PostScript Type 1 font program data (NimbusRomNo9L-MediItal 1.05)	0CBCA70E0534538582128F6B54593CCA	510E1EA497AE74CBF3F5D1B2A090AE88FE5A44C4	21D029FDA4757908BE702F42811199EAC11CE5886C0ACFDDD574DF4545B1E7A9
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\N022003L.PFB	PostScript Type 1 font program data (NimbusMonL-Regu 1.05)	19968A0990191524E34E1994D4A31CB6	B16FD6A3BBC63417571CC5DFB900871D798262C9	8816758F882B18A97A2FCDD4E496B881CD7726B8612648CBFB1C9DE2D9853029
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\N022004L.PFB	PostScript Type 1 font program data (NimbusMonL-Bold 1.05)	4ED1F7E9EBA8F1F3E1EC25195460190D	CDEA656D1BD06F38A795B61223A81C4F4F4CFB87	115A5A2363A24F7AFD4F2021763F62FDF0C034C133EC36D2B13B983F6E1E68DF
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\N022023L.PFB	PostScript Type 1 font program data (NimbusMonL-ReguObli 1.05)	EA3D9C0311883914133975DD62A9185C	63AECCB375BC5961E5AB03D11E34821958D1196F	5FFE8060BB3E9E3456835076C46D29DFD4F233B7CA753BBB71F512DF741CB118
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\N022024L.PFB	PostScript Type 1 font program data (NimbusMonL-BoldObli 1.05)	8B8414FB335C1BA9C7CA364C3E691B70	85AEA2B76E24431EB107F5FC67410766511ECECC	4F3A93F5DB9BC1EFF72E3AE198FD34F3C19C7F44E44CD107D4DA5F9433E394BA
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\P052003L.PFB	PostScript Type 1 font program data (URWPalladioL-Roma 1.05)	661B1E6B26EDB5F50DD491F8A701CB57	1F69901535A61EB266F8E0346CE1376832B2BDB7	1FA269C3D9F9CCE83A3D032DC58122A7D514A79E6027C86858D8F1761D47D1F4
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\P052004L.PFB	PostScript Type 1 font program data (URWPalladioL-Bold 1.05)	DAD2F72863A03727D5F536C64A69C452	BF2A20250B5B608332FA6652901FE0B19D0E1170	763886DE629C882C76E3B5F26702664984CA4219067A6EDD60B1D098C53D01F3
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\P052023L.PFB	PostScript Type 1 font program data (URWPalladioL-Ital 1.05)	90249CBA7E3E4E9845F80328D6F9BD13	B9B74DC5C192080ECA9BDAAE8AD7211489A28B88	47495953F98B3C05F123D4DFDD331E2DB6884E61DF76B05A5E085AC3910951CB
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\P052024L.PFB	PostScript Type 1 font program data (URWPalladioL-BoldItal 1.05)	96E6AC8305D3A03D04D7EE3879E2710E	33BD15B05904ED13584E6C9AF1C7BCC2BECE5225	0D67A25494D47B5454FE20632980FF8B8952670A31C1AE97EC9E9092BCBE697D
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\PACKFILE.PS	ASCII text, with CRLF line terminators	368EE93082AD75DCF63AEF5AACCEE2E3	66E0E461BC33D3F08AB78B94742B5175B242B096	EF29D80CC636B0AD9A747B24E6948275979BEF9E3BFF80ACC1593F2D9BA3E9A5
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\PCHARSTR.PS	ASCII text, with CRLF line terminators	53D0F76168E9246AD236EAD13A9D47B2	CAE9D9495209002DE3FF33586E801C29C7989720	482778E2087E406DCEF50E93E31FBE99EDA5D87CA3E470566993B0F6712E9F1E
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\PDF2DSC.PS	ASCII text, with CRLF line terminators	C875C6BC717D6B5C220E888F884CC236	18CA010C1D44FB9D7A1BE805F290FFF6B5E43D8D	D627A274DAC367D5010C06A6830A7FE1F87191F87E02E0BEF029EA4703DD5A88
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\PDFOPT.PS	ASCII text, with CRLF line terminators	6255D3359C55AAEAA6E87B1D28C8DFB0	6695B4DDCBA5C42AA7EEA99B2C1CC80537F3C79F	E75836D9DBBA3D6F781D21DC0AA51A5F6B60D0B174B89D56C3A508D287515ABB
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\PDFWRITE.PS	ASCII text, with CRLF line terminators	0C245D4DA2C2F8D9863AF857BF471AC3	91D8C343DD4FAD1D488A53008777AF6D3BC39A98	5C81F884E5639F309609FF8C9DB7A75BAAC26F9C89CAFD6F05895C8CE2866ACB
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\PDF_BASE.PS	ASCII text, with CRLF line terminators	7695B1CD229BCD6917E4B33F8E9D55F8	792F206C632BD9633B52E1BC36E42E3CE92C2D74	61F3DCA588EBE603F40798E08EE1EF24E9B395C00B8AB5F38189D5EE4D0EB856
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\PDF_DRAW.PS	ASCII text, with CRLF line terminators	2027843302104C2796927AF7534DDE0F	12E3E8A53686A8AA5ED7ECE68C177BAD41D2A4EF	47767346E9DBDD0D0E0E8F74DF03CAB5BE3482B1081E1AB0B3F37C751B5F2C76
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\PDF_FONT.PS	ASCII text, with CRLF line terminators	399A6548C25A93AF9CE9C468D012356D	58E983F9C3155837846111000820DFEF0B29991A	602039223CBD4A85AA4D9A4E6DC2CC7EEAE11C10DC255A80AEBB0B41498F7F90
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\PDF_MAIN.PS	ASCII text, with CRLF line terminators	FE849309FE00B5B78D3583A1F6CB2310	CCB1EA1C31AFEEC3D08FBEBB16CCC0FD63421E26	393DFBA588FFB3BE7D1E8046E4CF296A7645B3D55DB243A3A43017A8D181E18C
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\PDF_OPS.PS	ASCII text, with CRLF line terminators	5C2B9E00D9D2A57FC826EA9BB8954F60	0263186EE1F151045A7DEDFE81BCA389B2069D96	1C725661BD332CDF5C4D87B7CD798B1E11CBA817BADAD2948B9F6BDF04F98D14
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\PDF_SEC.PS	ASCII text, with CRLF line terminators	7944CF5F89DE4FFFE2959E793A87C76D	3989B0C35A49B5ED97E3C023581B45E1B903DA8A	9470772B2FEC6B4377BE12C7D1BB7DA3B3E02DAA3BB451F7B4F8A0C2F5405AC8
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\PF2AFM.PS	PostScript document text	2127D72ED4E542C9668C78540C91385F	4B9127909D746BD83A79A86CA1BF30C70773262E	D2787635A71B0F4AE537D81EE19376E9FDEA05E334D8A0AFC95156BDCCC2467A
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\PFBTOPFA.PS	ASCII text, with CRLF line terminators	87ABA0846094B60E8840D83B7A894230	ADB7DC4F0FA9A5466CE9BB9ACF4F141B209F4333	7AD91A3E6BFFF538AD1A99135EFB18DF0DC4DF7B59CD43EC6ED48F73A34037FB
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\PPATH.PS	ASCII text, with CRLF line terminators	559569E61345D07BE69B9A1F5CB41A8E	F1565DE75E64FEA469B4876DB2EA4BF8A4E1F25D	FDBD3E3E56DC3926B721E7008679C4D9D8741C9241CB0BC463B4E22A555108FE
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\PPHS.PS	ASCII text, with CRLF line terminators	FECF683F1199D15D3164AF97D6BEF175	7F9A5C68D45AFDAFFC296F82965784343B214B7F	07AC1A98FC5F890F37568E202993779EB30BBD0C9E347B37B75B7AE61B3EFA30
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\PRFONT.PS	PostScript document text	4E9431F81A4355B40382E60A50306836	1CA6504C43AE91F7DF1CF036D281976D01151E3D	165D1866179E71D1131C3EB3FB1C61DEEB202E6AB8EE8AB12A66DDDF5A046E33
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\PRINTAFM.PS	PostScript document text	9686BF12B76788B082C315A88DFBD0D4	5FD93DAD2C396436190EDA025094A65858E1B9EA	694CC729B5834BBAEC79046D8E02C4659462DCBFF1E13774E121C48F12A89561
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\QUIT.PS	ASCII text, with CRLF line terminators	1A5427AD7FD8B2BC47791F113F6EC9D8	92B01D72316FDE624E36442ADFE6B02C2867DEA9	EAA9EB2410FFB871A6971AE3C3D0A41236BC4FE35547B320FCF031CD8D24706E
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\ROLLCONV.PS	PostScript document text	A70A59C6E3ADBA3B3900171525B786B6	07F926999C1DAD7101C1DD5998F2AEF4DA1E4A1D	A173045D9CAF716B8F42E764EBDA44A59618CDA5CFEA26CFBEEC57F506F783EE
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\S050000L.PFB	PostScript Type 1 font program data (StandardSymL 001.005)	B09D2E140B7E807D3A97058263AB6693	6D14EAF0CC924D680D4B711995173E420A47B52F	2038021A7B6330936FEA8562232B48796968FC913C1FD952D29E23BB1FDC891E
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\SHOWCHAR.PS	ASCII text, with CRLF line terminators	4B2D137E9BA6982C11CA9DCBC09AF82A	6DBB1EE34DA55D858D0A5C54AA9A12C19724BC03	79432CAF518A1E710EC1ED5B0AF5D5719F710A5B145B4C9E4CF5F522252EB74C
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\SHOWPAGE.PS	ASCII text, with CRLF line terminators	94260D40F25C108E7515036CFF35792C	FCFB5638C0BD4FBEC23D2D4C983C762D448D4749	6E7C884D9F4A88C351E64CE194E0D607AC74A6C4D2AB6C80C8C767C0E7435998
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\STCINFO.PS	ASCII text, with CRLF line terminators	B553D13D80B8643EE61A78F68A7C9ADA	8FE2E594B9FB711BA078CB89995A63228BDAC999	B75680EFFAA8AD2E697EC2AE3E49870F09392E2FD76B1A647BF62AC45A1AF7BF
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\STCOLOR.PS	ASCII text, with CRLF line terminators	7E066FD802162EA3B56547249C13EF0B	8A3B083F13114C2BBA19304F026470903DD6FCA5	756F491FDF446C7F1946428ED37BE119A939F4523D76CC3A491C1BADBACF4FB7
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\STOCHT.PS	ASCII text, with CRLF line terminators	065ED7B9ADC6E7682577048E2E2BA812	A1A3DF21FE5B4D01F9CAFF580A589583C97D69C1	BD4B54D60EC8C413311C163A8567050E25C9E30E5517ADABDF259CDA3A59BD29
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\TRACEIMG.PS	ASCII text, with CRLF line terminators	A453D5AC8BCC8BD4FD2179FDC083054D	76A84EBFD001DAE2FAFAF071341D9E74FB90D152	2F39BF9FB1ACB15F83E97E487C8592BEA3F21E273517D3EEC8C161884EDB0709
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\TRACEOP.PS	ASCII text, with CRLF line terminators	D190B747914A022E0823FB0F947CC505	BBA7982D09338787CA223418119F6C8DA4BF662C	0E36AE33FA1889EEA20FF835DB45EE15974554412DE430187382CA5AD05C6B39
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\TYPE1ENC.PS	ASCII text, with CRLF line terminators	892AC9900D1C4C4477F3CE56F592C371	14F35590F986D159D2C195557AAEE578FA45738D	C1E8641B157CB11F029FEE536BEC17F22C0262F9BCBB2BF3C9186645AEE8ED28
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\TYPE1OPS.PS	ASCII text, with CRLF line terminators	EC9B16180C9E8D8C1511634CFF49CE00	26B9FF02FB9CC5B01DFE526CEE0DF7D236B51DED	49968B8CFDABA7C6B6B705FB34C0AFBC956A37AA4193CF02E6BF029C0D831E60
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\UNINFO.PS	PostScript document text	52D440D46AD26AF8F5612874C113FF48	5839F20214C48D5CEDE454DF6481DA04D7AD36BF	17A6FF2C630BFD8841B982E46AB1C7D1F5F681DDB6C335DD02BE9491521E6A20
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\UNPROT.PS	ASCII text, with CRLF line terminators	FF0CC9F70A35CC3AE3EBC9951BBBE23E	4EFE04FDB92B1B694BBD13C6AB671F4F70A7D6E7	38A65512EB13351D01FE6554DBA04B3BA26E5CF70344AF0A076DE6A606ACF4F6
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\VIEWCMYK.PS	ASCII text, with CRLF line terminators	04DB2BED89F0B8723F59D9B4DBD07495	D0BDD28CCD87B1A91F3ED057BA0155E32A7BE4FA	A91A48EA5ADD946EA21D58B93B1299519A80DA78551A1EB813875672F2950C67
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\VIEWGIF.PS	ASCII text, with CRLF line terminators	B2B018622CAE013F6A17F8C3090200A0	EE967B7330B13F6836070D30A5E7814635D1673A	B86D6AE234E39A0C3306E7FB169CE32FE3DD0EC4582EDD1AB53FEA356F713B70
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\VIEWJPEG.PS	PostScript document text	FA4DE113409A5C60C645FD26C53D3AF3	1F4B211A4C22700F4DD0B86080F393980FABA857	7439F6646CC66960E97BAADEE5B57B730CB26B2AE1BD41362E0D108A48379149
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\VIEWMIFF.PS	ASCII text, with CRLF line terminators	D0940215243ED539FCDC421975C88B5C	CCFF001C18EDE9A4A86A4B9B53D7307855F1A343	9379C3EE109FAC73A5832169DFEF8E3DE994798F103EB3A978F0C087A7CCE9DC
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\VIEWPBM.PS	ASCII text, with CRLF line terminators	574F44F0C5FE5593910C91465DB369D4	1B404807E70A2985FDD138DDE534162306968FE2	B0571DAC25135E9240DB8586F355BE5B834584E99CB1C705455938FE43DBA0D1
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\VIEWPCX.PS	ASCII text, with CRLF line terminators	089BF70CCF8B7E01E1461D83A6143E73	F272AE3C361A9D7E9962F8A40EBE10D7B7759F92	1F4806415DDA4C1158E7D57A868489020291FB8AE5CF12053A4AD56DB1221052
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\VIEWPS2A.PS	ASCII text, with CRLF line terminators	570A57CDDD4B7575A61498963BD09738	8C7265BE826114E3FD90149EC882CAFF38E2FDAE	8E6CEB3917D5FE11715277A08AA93A223F5AEA0ADA44BAFA35302C359D82B646
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\WFTOPFA.PS	ASCII text, with CRLF line terminators	E3E973E717DF2B173FC0413AB35910CF	900E00A46E52A52FBEEA39574CC35DFF1A92908A	FAD162A31B2078FB780A489925EFF8643B6A7C9EA82B3BA7D1690388615690E7
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\WINMAPS.PS	ASCII text, with CRLF line terminators	25A80232AE3554221232AED5570955F7	F176AA726920B9F85C015442B546A71E2C53B825	94CDAD0783509A60C1D9D1637F81318F078B16EC6BAF7E28D1153686E7A79B7B
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\WRFONT.PS	assembler source, ASCII text, with CRLF line terminators	C1D5733B2D1313DDA96F7C2A7DD5E67B	6F82131C463242377DAD6AE3B38F06681311224C	D5327F0FA97823C747D40C2F69FC42223136537D1D593C94BB7C2274EA37F2E5
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\Z003034L.PFB	PostScript Type 1 font program data (URWChanceryL-MediItal 1.05)	ED75F97B75BE34140E9D251DD8E641AF	CEEEBBFD73AA771BC4E52117E7D5B1D23E470552	12A874C6C20887D5A64C569EBD58F02907A63C36906485EC376DC6223F859F01
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\ZEROLINE.PS	PostScript document text	0897239837DAD9ED6CE5FB31AD35585B	E10D65492912BAEA14150E8BCAE7728245A807DE	B56E9973FE817F0F8936627C09C5349C3E95D56D2B59926E2E9D3169BAB641FD
C:\Program Files (x86)\PSI\PSIPLOT\GPLGS\readme.rtf	Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033	EE340E080FF70680B56B07FF3A429C81	D2CE7ECA73FC9B3D6188226B2225EE84707C8ABB	40920FA32DF47A30D23B333850DA7FBA0B4CE15A31761E1280837C182F4AF785
C:\Program Files (x86)\PSI\PSIPLOT\GRAY.CLR	Generic INItialization configuration [LINE_COLOR_RGB]	0A40F76BEB0D125D959C1D4816CF5E39	EDE60F89789CADE677D5397B46465BEFBC0183AB	649756A5BE342D2B8902257F3A09BA612203E91D2FB8FB36E416F5B8B07035FA
C:\Program Files (x86)\PSI\PSIPLOT\GRAY_INV.CLR	Generic INItialization configuration [LINE_COLOR_RGB]	0513C0D313AB1A217F40F22444E1FD63	AEFA079DA965635E9ED4F47CCA21DF253C0BD473	E1D3F957627FDD5E7DAD9D5B4BCFD6BE3839034A86F35BB84F8917975AA29231
C:\Program Files (x86)\PSI\PSIPLOT\GdiPlus.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	84637D0DDEF17005967A8E0856E99A75	A23252D7D7393DAD00587862A83D9C35467E2B3E	9E99A5763796015D46914D279EB823F318D94E0EBD1BB5515A8133C703A8979D
C:\Program Files (x86)\PSI\PSIPLOT\HALFSPCT.CLR	Generic INItialization configuration [LINE_COLOR_RGB]	3516A761563EAEB5AE36576C629DC64D	15ADEE42A6AEE8562014B8EE44F6EBAECF858B01	E99F35CDE1A6F83FECF4F11FF4E3F47EA3DEC0B1B110F82B2397BFB248F35235
C:\Program Files (x86)\PSI\PSIPLOT\HALF_INV.CLR	Generic INItialization configuration [LINE_COLOR_RGB]	F828AE52B60C7A38229151DA8BD8FAD1	6B0DEC42155A99A8C75BF898DCFBC7876B1FB337	080E6E21C12BD125AEE0CCAAF162943F2AE63F7AD30BFB10D0404E8E09840247
C:\Program Files (x86)\PSI\PSIPLOT\InstPost.exe	PE32 executable (GUI) Intel 80386, for MS Windows	AEE180154B6C0A64DB80E8824B9DED9A	D5FD84D2188899098BF41B4548F208DCABDC68C8	FFBF949FA6D9A6DBA4025C325659D904827E47D4F4024D329A142010BEBD5DF6
C:\Program Files (x86)\PSI\PSIPLOT\LESSN10A.EQN	data	C5AA52E0624020FFD3FC2A6896E3BA8F	532A15AA2A9193FCF164DF25CEF377795A33188A	DFD9BBDCED3D4027958A35492815CCE25171C3A5EFA8DB4822931257C16B57B8
C:\Program Files (x86)\PSI\PSIPLOT\LESSN10A.PDW	data	81E576516790869CC211B287D36586B5	AA32002F43CFB0B4FA0A154BE6546D7F680199D7	D64D08ADFCD2D90D6C91DFD501BA02853F99A4ADE7B42B58DFE92F568F65FE5D
C:\Program Files (x86)\PSI\PSIPLOT\LESSN10B.EQN	data	57DD74FFABE8D132FB4A1B51B451CBC9	45D8B2D9186C7431F747497CE0A507FA2B9018CF	88B6802E96535654CF9630D8CD3A21FED9BA1C4E1B3F4A4090F396BFB2E085B0
C:\Program Files (x86)\PSI\PSIPLOT\LESSN10B.PDW	data	ADA9AB246650D1396A682719DF4A3572	8A451CCDD4EBB97EEA3E5371CDB681A6128ADF9B	A611C47FBB97F58C6B76B2325B9F463618D436829FAEF0D9CC955F477F28B1D5
C:\Program Files (x86)\PSI\PSIPLOT\LESSN10C.EQN	data	5AC99ACC27306917131EF87BE7055C66	97B039EC74E977BDBDF7F145AEBDD3F18AEBE232	C38A96DDF5621536FC4CFF3524174137436DEF6AE6DA60B91A10D1D177B564DD
C:\Program Files (x86)\PSI\PSIPLOT\LESSN10D.EQN	data	2AF6E6AB57085FB71AC1AF3513CB2E6F	2E8F91B6D479F3C94E8645A2D05D504D33C3B01E	70EB1B9F993EBD47C9A0A54E74425A3898E7E8C6A29433DA426E730D1C1FED79
C:\Program Files (x86)\PSI\PSIPLOT\LESSN14A.PDW	data	5B95B0B1EDC512E5F336693AF44FF582	BC35DE40C58FBB5AA2F5EFAC076ABD0E4AE5F9B0	2E9992CB4F503FF8E3A35DF3AFC3EBA7D1B7908F2194F274CEDFFEEAEED27862
C:\Program Files (x86)\PSI\PSIPLOT\LESSON1.PDW	data	537503A9DE6F3699930BDB62601A0373	7A0E892C93495DF0F8878A9AC588176E14F7CCE6	5672CECDE42B495227A64CD29A4939CAEC1EFA427EA0CBB19A61C2FCAEFF0EFD
C:\Program Files (x86)\PSI\PSIPLOT\LESSON10.EQN	data	83C2F9307D183AB8DA70740CEFF58062	9B9AFC204DB29881021FA780F68CCB65B2F7CD0C	AD6ADDFAC1839A452EE9794072ACCCD2CBFFC8C5D31514C3DC84EAD45FDB0FD5
C:\Program Files (x86)\PSI\PSIPLOT\LESSON10.PDW	data	BD3E370EA837D2C488DBA45C4C42AC37	44E905924DAFCE85ECF167E642605220B5906260	45A27A378A3D8445DBA1D4E0E05636F1A10C4D50618D4FE57E96995BCE58DED4
C:\Program Files (x86)\PSI\PSIPLOT\LESSON14.PDW	data	8EBCF4EDAAC3C80CFDA31D8F2DD4696C	F1750A93704D728C60FC05C0B613ED4950AD01B4	A0D610702615C301C5016D5BE5539CB3DFE1750A15CCEEF42B5997A8C89BD9DD
C:\Program Files (x86)\PSI\PSIPLOT\LESSON2.PDW	data	588C8D5EA1950A30FF87760A48787C67	E3612AEF6BC90AB03AC017A6D5019B31B858E5E6	809D721E7681476C29E0E18C4FF564272F9CC40FDC5A2E7EFF648A7BF09B090D
C:\Program Files (x86)\PSI\PSIPLOT\LESSON3.PDW	data	A9E859714D29CA1A36D601517A79FF37	5AF8A67F2A7B375E724FA416D81562A46EEA0D19	82CE993665D6BFB9D5861C2C7CB060B46D7C5AF5CD77074719A280A48726F772
C:\Program Files (x86)\PSI\PSIPLOT\LESSON4.PDW	data	CA2CBC2FECD7A5F0CC19EC572D5A8BAA	5B4806CF508D679C12F171E6ABFEB283CDBB43ED	C03BCFE24FF260920C17AF084E6092E960987C4A7E0BA0A04410A6D7D3736B31
C:\Program Files (x86)\PSI\PSIPLOT\LESSON6.XLS	data	A63BD8407647AEF38EED9CF61B8871DE	44F6D2560F5DCB531DD57BC9E9EBB2769100BB15	1C918A9EE938AB48EB618BC1701BA76786F313174364EAEE5AD6586ABB2D74CC
C:\Program Files (x86)\PSI\PSIPLOT\LESSON7.PDW	data	AE5F94C69073BABBF52410632C5DB775	8F81A8464206D1B484663E9814A001CE754D74E9	BE7224D4D50E86B0BA9BC0FA4B10B49D398B3066A5705101608C49512831EADE
C:\Program Files (x86)\PSI\PSIPLOT\LESSON7B.PDW	data	2E968C36ED959E80EA36045335DE1AC3	19B3312DAB3A7622AED933088F463FBAE67AB67A	1460E09274F05EF204A74E99126E1969D7E80822C2B585954F4782BC09306709
C:\Program Files (x86)\PSI\PSIPLOT\LESSON8.PDW	data	1C8BE32B699F49F439495F07F1DEA9E9	A1C4E7E69CC863DCD1224F07651A37FEE72720C3	B3585D3015A755507B20DB1B571DAA7132C1146D90CE0607B666BBA10F37448B
C:\Program Files (x86)\PSI\PSIPLOT\LESSON9.PDW	data	5D2D6DE42629282E02E140127FA81A8C	DCC5469E2A060C8B078B61E1CA3950ABD8982A51	DEBBBFF0EE713D1830DC3CDF6990CD38BCEC53917F4CFD04D4287F309867C800
C:\Program Files (x86)\PSI\PSIPLOT\LNSPEC.CLR	Generic INItialization configuration [LINE_COLOR_RGB]	ABB0416E94505BF7E93149987EDCF935	F08D79763F9C7553FF650AE739D53F2C07422430	467F5F869D5B3E02B2DD1A56663190D2DC7715C0A97C4EACD41988E3B410F5CA
C:\Program Files (x86)\PSI\PSIPLOT\LNSPEC1.CLR	Generic INItialization configuration [LINE_COLOR_RGB]	84B387C633D635B0C246C99A01C506DC	B50B46C91D15CB3C458A63AAC006D2A347A9F423	32CF8B555B81FF4FE94DF2E84B0327CC4971A0D75FE4BF620D0A67ECA5ED2DBB
C:\Program Files (x86)\PSI\PSIPLOT\LORENZ.ODE	ASCII text, with CRLF line terminators	626AD864917B6505EB5ADA2E46B5588F	3CCC8231E3CA0C1C925C28F6CFCCD50858E43F34	6313583F6F5B9D0CC0832BF8ADDB77A012D58E6458809D7C8A673A06F6B85C34
C:\Program Files (x86)\PSI\PSIPLOT\Macro\lesson18.pmw	data	644FABC7B63DC0F82F863DC411F56F37	FBC4C50275CED99B9891A5F0903910DB360F67F5	BFA821A5C0B224C6721FE1F9AE015892A4C0A75002F01CC30D1180BFDF4A78F2
C:\Program Files (x86)\PSI\PSIPLOT\PLT8HKEY.DAT	ASCII text, with CRLF line terminators	D34D0926ED040164993E0348F60EC6FB	A0AC58BAE129D2FF7D5686458409F45E9B1A938E	6365382D492DFCC9A54B14586A570B293C052F2694C31F434BCFEDF04BC60EB8
C:\Program Files (x86)\PSI\PSIPLOT\POSTSCRP\ICONLIB.DLL	MS-DOS executable, NE for MS Windows 3.x (DLL or font)	DFA53C3ABCCD572909881DEF787744FC	F1D61D10E1FB57C13DBD3BD16CCCE656CABD76EE	24FB275FF084BD32AB940378E9C6DC9BEA88211E8CFBE0BC0470AEC7DFE0E9A8
C:\Program Files (x86)\PSI\PSIPLOT\POSTSCRP\PS5UI.DLL	PE32 executable (DLL) (console) Intel 80386, for MS Windows	2C2DDDE2985D95B9140EDACED7A201D3	82AF9018EE85E5FD93AE776C61857A849D437044	3D1AE968DA77854038A1006EA477AB0C3F6CC6D958E5E5288C5F2BB973870ABB
C:\Program Files (x86)\PSI\PSIPLOT\POSTSCRP\PSCRIPT.DRV	MS-DOS executable, NE for MS Windows 3.x (DLL or font)	B8B5F288BC3D836E928C7C169AD24009	D65C435CFE54A04EBA827F4DF1C7E682F59CA2AD	2CADE57BAF74C2A0CE126272249A0E638C33BCC1EE2866AA1CD60A5203CB4A91
C:\Program Files (x86)\PSI\PSIPLOT\POSTSCRP\PSCRIPT.HLP	MS Windows 3.1 help, Tue Apr 17 13:11:49 2001, 26038 bytes	02C3F8C32018F3AAF66E7421400F1781	A04F2E40287AF78867161FA3F1606045088DA212	6FAEF4C998E810FFF139958F28722C79879EC2FD66C97C7E3E2C5040FD5550D9
C:\Program Files (x86)\PSI\PSIPLOT\POSTSCRP\PSCRIPT.NTF	data	ACD06CCD864E483846B624642A0114B3	0453FED86FB7BBDEC1399F762941D3B77F50E903	C19D4922DF0298D693F08D67557D48C1DE14EBFABA6BAD2CD69B1B4DDD5F0B82
C:\Program Files (x86)\PSI\PSIPLOT\POSTSCRP\PSCRIPT.SPD	PPD file, version "4.3"	789C07DE2E4570BC9AEB042FC3CA51A4	DBBD6CD819CEC3EB44E953910AB2E2EAF3DDCB03	5332BB97AC7B5A363F216CCE0AA785006E48986039B3B9E64EA1C403B2263DA6
C:\Program Files (x86)\PSI\PSIPLOT\POSTSCRP\PSCRIPT1.SPD	PPD file, version "4.0"	F4FE28CD09F6A6B9DB8A1572D5650EF7	226F283F66594A42199FEA10F00F0E324E752316	4B9940A7093F7483D6942F3E80509765649A62AA7717DE4D8E7734091DE4B28E
C:\Program Files (x86)\PSI\PSIPLOT\POSTSCRP\PSCRIPT5.DLL	PE32 executable (DLL) (console) Intel 80386, for MS Windows	1024591F141A018B3DC309BB26302217	B00B8407D309D7773FF32D80B08939EB5A05145C	098F52D66394B2FF8AFB76F023D5F73AF95EE0A6B48A540718EFA0979EE46AB1
C:\Program Files (x86)\PSI\PSIPLOT\POSTSCRP\PSIPSCRP.PPD	PPD file, version "4.3"	28C493B44925221AA69F020E6AF6176B	45D04D3E144CA3A9BA7A038CE50B5960E5903AE7	9258203F212D58C04C81A2CCE6511D6FA53D65F569C14DCF35CEA19AF815CDBB
C:\Program Files (x86)\PSI\PSIPLOT\POSTSCRP\PSMON.DLL	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	78EF6802BEFCEB7AF4431F5E58B099E3	A48957BBE28D1497F3A88D193439861C94CAEEE8	980DE80F16D9D296D1580BDA8A3284675D6D8B2F724DDC220B146675E943341E
C:\Program Files (x86)\PSI\PSIPLOT\POSTSCRP\TMFONTS.MFM	data	0429BC080C0571EB67C958DF9B46932D	EA05FA033B5EA5FBF4385ABAB49CA39503E796F8	4E8FA2D66ECA983F0E14C9338E6F81A06998A490C865D96ABE6616F12FE68296
C:\Program Files (x86)\PSI\PSIPLOT\POSTSCRP\WIN95HLP.HLP	MS Windows 3.1 help, Fri Nov 7 22:55:00 1997, 21066 bytes	C0A16032BE127705A764B0DDA172A416	6E6041A1DBD3277558F1825A40453EF25C6FA5F8	F04D02D6BFFD8EFAE631672829278C857B9AB00A6984FDC261D2FE3B13D4B912
C:\Program Files (x86)\PSI\PSIPLOT\POSTSCRP\WinEx\PS5UI.DLL	PE32+ executable (DLL) (console) x86-64, for MS Windows	2A5755B795E19A833BE731E306C2B393	FD63627AE3E0B6B8D51C3052ABD772BB7388BAE7	CCDEB169EAFDFDD96588DF803543B4A912A3096B2FE24767E8D8C129667EF448
C:\Program Files (x86)\PSI\PSIPLOT\POSTSCRP\WinEx\PSCRIPT.HLP	MS Windows 3.1 help, Tue Apr 17 13:11:49 2001, 26038 bytes	02C3F8C32018F3AAF66E7421400F1781	A04F2E40287AF78867161FA3F1606045088DA212	6FAEF4C998E810FFF139958F28722C79879EC2FD66C97C7E3E2C5040FD5550D9
C:\Program Files (x86)\PSI\PSIPLOT\POSTSCRP\WinEx\PSCRIPT.NTF	data	C18E8DA3F5C91760E00DFAE8B6364BED	566D28948DAE855C8E5F560EAD7E0D8CC73DC1D5	F49C950531E485BBC4B35161CF049ADF8363D0BD222CFED2EEDE2A13FE418187
C:\Program Files (x86)\PSI\PSIPLOT\POSTSCRP\WinEx\PSCRIPT5.DLL	PE32+ executable (DLL) (console) x86-64, for MS Windows	BAD12C605CA489C061E636E840720056	D4006D6CA409289012F4506897B2CEC10B527DF0	A3A71C558C96FEDA11CFF875C90779B90B3540EBCF52ACEB465C69B01DD0B1D4
C:\Program Files (x86)\PSI\PSIPLOT\POSTSCRP\WinEx\PSIPSCRP.PPD	PPD file, version "4.3"	28C493B44925221AA69F020E6AF6176B	45D04D3E144CA3A9BA7A038CE50B5960E5903AE7	9258203F212D58C04C81A2CCE6511D6FA53D65F569C14DCF35CEA19AF815CDBB
C:\Program Files (x86)\PSI\PSIPLOT\PSIGRAPH.ICO	data	68C2626531F8473F4765C89470A1C831	D184C3D9E6CD8D65B6487164D018786BD4CBECB4	93E9D51FAE9272AAD63410711EC2C0632DB5CE88ADDCD84E2EA523D9A86A25F8
C:\Program Files (x86)\PSI\PSIPLOT\PSIPLOT.CHM	MS Windows HtmlHelp Data	46ABC527DB502BB525CB5786B3A3E894	CB7D651FC7D0D1BEE966F001CA6EE13AC05B25FF	9A7A98B72C0AC451658FAEEC5E010191811480246884ED9BF316E9DA234A69DB
C:\Program Files (x86)\PSI\PSIPLOT\PSIPLOT.EXE	PE32 executable (GUI) Intel 80386, for MS Windows	2A1254635AE44869FE026EE2FA6B33D5	0D90E326AAF62F29A24A3FBFFC4BD6DA26CA8FD2	BBB253CD560369F1F6B33104506831FF70E1FBE09A394269043C0C95166166F9
C:\Program Files (x86)\PSI\PSIPLOT\PSIPLOT.INI	Generic INItialization configuration [CreateColumn]	3BECDA5DB32179456566FA78FD8011EC	AD4021E1F448DC77DE13B4419FCFBDA08D71790F	425AE9D7540E753E3A617FE769A1EC91CE87E6BD072660839B807974BD6FA7B5
C:\Program Files (x86)\PSI\PSIPLOT\PSIProject.ico	MS Windows icon resource - 5 icons, 32x32, 8 bits/pixel, 48x48, 8 bits/pixel	FED3834C6EB922D0A055324AAD3C1ED3	0A4BC2C4FB3D23F4DC63EF5195173B1A9975FEDD	6090802558E24F174754659B67E0E3721B3DA0AC22305371DFB729C795F54D5B
C:\Program Files (x86)\PSI\PSIPLOT\PSIREPORT.ICO	MS Windows icon resource - 2 icons, 32x32, 48x48	9D8BC5A3DE0208455AE2DF324E60E1DF	4CD6F1BF68E131D99D32BC201DF65C7DBC8588AE	1145E4617792F278D9BC3574010FD0FF3BC283AE2C79C8108FB4630DFB36803B
C:\Program Files (x86)\PSI\PSIPLOT\PSISHEET.ICO	MS Windows icon resource - 1 icon, 32x32, 16 colors	512C96F34EBDA3AE7ED37EB233275867	FD903DA1452BFC23BD5441D361AA357D22B5D576	6D37108E29E292D2D52A88913F0272A2A56DC003F474B31A7542812035CEB2CC
C:\Program Files (x86)\PSI\PSIPLOT\README.TXT	Non-ISO extended-ASCII text, with CRLF line terminators	8E089694990F1108B85C712AE073B19D	E853B5F4C9B85C33C3B52EDFAF01009C0A06D4DA	158487E3A50E97BA97D8D93B3652D556C3EE603B52E3C21BA760A8DDAB029F9F
C:\Program Files (x86)\PSI\PSIPLOT\README.rtf	Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033	C0359489E55EC6307AB6FD260B88D8A0	150456DAC1DE95440F3B16320A3DC9DE8C8BD9A9	FB55EE6AAEB7E1BD44BFB5C139B792DEEEB3DF7D07BC4E6795E40F8E89A7F38B
C:\Program Files (x86)\PSI\PSIPLOT\RED.CLR	Generic INItialization configuration [LINE_COLOR_RGB]	76B21702A2E091BFB1B32B49F900B438	F2FE0F260E69A31C52C594C6B2325EBE56C2DE8B	C163D56A0B04A4243B3E325406418EE02B5F90CE88F20AE29E8F87FAA5C26B59
C:\Program Files (x86)\PSI\PSIPLOT\RED1.CLR	Generic INItialization configuration [LINE_COLOR_RGB]	1D9F4E2951A0451E41B2B1B1E9A02CAE	9D2BD437F360F980EB07212F608C6515C9124D96	1E131F2E2A6D4E8D85C05520634950533A1D72D9BB2D533FEB097B1A697C44B9
C:\Program Files (x86)\PSI\PSIPLOT\RED2.CLR	Generic INItialization configuration [LINE_COLOR_RGB]	D120F25894EE1B52A489288B82A9AD02	AAD3804C60640D97D9EF58B4BB452865F0C353D8	00A67DE2C2222F9DD0EFE778224F11E27E552A5A25600E7BDA2BF6CCD399260A
C:\Program Files (x86)\PSI\PSIPLOT\RED_INV.CLR	Generic INItialization configuration [LINE_COLOR_RGB]	2929CE69D6CC4CDBB5682C64F5D7D7CB	5784A44573874A8F65DC763FDE986F02D2B7DB08	9082A9851D5D2E9AE5089961E299DFFFB448AF06293AF1B1742EA58D28F94103
C:\Program Files (x86)\PSI\PSIPLOT\RED_LITE.CLR	Generic INItialization configuration [LINE_COLOR_RGB]	73174E1DC3355BBDBCA93B0E8FD2A5A8	DA0FF3751A361EC33ED879BC7C9364737417FFEC	20CAAC9E5D737DD5C335D33C5B6DB3B5FE57DCAE2B9A130F1C628F3B45E8420E
C:\Program Files (x86)\PSI\PSIPLOT\ROSSLER.ODE	ASCII text, with CRLF line terminators	E94F1D720D4C391849F0B29B579B6E2B	4026BBBAEEF8268452AB7C5C8935F9DCF1F29262	120DC26BD972C43D7281A653D3D019B6C3C26302A3F6E683147CF79C43033314
C:\Program Files (x86)\PSI\PSIPLOT\SPECTRUM.CLR	Generic INItialization configuration [LINE_COLOR_RGB]	D9BB17D2AFC3B08F6E9E39009F96D594	30B74FBF731A2AF906AD3B8A36D5591237CD29A5	20D0AA7E9F9E893B50307F59D01D998E36E7B752B2433E616A7275D947565BED
C:\Program Files (x86)\PSI\PSIPLOT\SPEC_INV.CLR	Generic INItialization configuration [LINE_COLOR_RGB]	A4012F8D21D3310F7E22AFD00E881DDA	8018119C244F1C18BDAB239B2C4DCF8F0AAA766D	4A3E32C6F5CF5CE9720224154E33C114ADDEE7B308115E1EC093CAF69C0A5D76
C:\Program Files (x86)\PSI\PSIPLOT\STIFF.ODE	ASCII text, with CRLF line terminators	6575BA83D5CC8AC8C46A1617797B0223	4FB2B85EC13A7A8BBF5B0F8601888F8E591A0BA8	AED611E96AEB2469BEF43FB480FC840C5C0035FD7D2019A7B8A6AC4F8FC2E699
C:\Program Files (x86)\PSI\PSIPLOT\SampleData\GLMBinomial.pdw	data	6216428E942130B5D0009BD55CAEA18F	F51A84C725555697B77FBE55AE3962C5E07056BC	8CDEE1BD54A28C2A8D8B39AFBE113F6DC5276566071E06A18887AAFC92D1EB21
C:\Program Files (x86)\PSI\PSIPLOT\SampleData\GLMNormal.pdw	data	95E0181097B19872F8C0722509576584	0DDFFE11BD1D4F63A873F201F268CCA2E58BCB95	EDE940201A4892E34530D0A4C929A9C5743A2736D8C6AE77FAEDC8788E75B0E1
C:\Program Files (x86)\PSI\PSIPLOT\SampleData\GMLPoisson.pdw	data	777457D270DAC3408950928CC715D311	BBFD0C4E304C4D20E3A0F29C011C6D0977DBCE46	1ECE5F4F44E97A7739454FDF9B38E96864F8430A1AC708FFBF462CF9B13409B6
C:\Program Files (x86)\PSI\PSIPLOT\SampleData\MLINEAR.PDW	data	32EC41F5FA76A005F91412769FA1EF88	C537B08F6EA10596B25259FC6E23DD1BAEE5B6DB	B337D534D1AAC4B932E5203174C5876A09298585928371B9FF96D575AC0B7F46
C:\Program Files (x86)\PSI\PSIPLOT\SampleData\cdlstick.PDW	data	0E9EE18E5AC856FDB14CB5FD8B9F957B	F5D27B838D7187ECAA0D472E3D630962EFF1239A	B33C9CD907CD8279DEDC33E68D58E6AB93B08138521A55863CF02A317452ECE3
C:\Program Files (x86)\PSI\PSIPLOT\SampleData\comp2lns.PDW	data	3A8964429A99273D5FFD274D983AED8E	8E7C9C7C30B07B3EABDB5443B059B38DCD82E204	C31F6DD7FA595A638E598B3B0B09E9541735FD7B140100CB60A862154692EEEB
C:\Program Files (x86)\PSI\PSIPLOT\SampleData\ec50.PDW	data	3F9598D2C580098C8D1F706BD253772D	044E9C02F7BA36000233A54FCB237E69018FC6B5	74DED6F18EEF6E3D4C3D904BB5E66A3B8E13FA0045B2499293B0048B2222CBC9
C:\Program Files (x86)\PSI\PSIPLOT\SampleData\floatcolumn.pdw	data	A46DB5C5B17F3A42BA7446F2D68ACA5A	6FB5BDE50A2AE258864214F29FDAE347E25745C8	B0CFF778D82625E1B10933EEB4578AAC416151EBA9E8BFAD8EEFC01513548BAC
C:\Program Files (x86)\PSI\PSIPLOT\SampleData\kaplan_meier.pdw	data	26CFA7B7FF1198AD752653079C4C3985	513062E4B557FFBEF12A88C9E292E0526B18FA27	1FAA9076AFCBB73030F317742E4BE2F0F0FE5C110E9C7413D2BDD33E674E4B50
C:\Program Files (x86)\PSI\PSIPLOT\SampleData\ld50.pdw	data	9470ECFB8D2D110726800FFCF4E15F62	F3500C2D338DE31443FACD5BF6D6143ECE671BA7	B28FD9FA5AD1017893F25485DF7FFCE82BBF86CEFA0217E827F477B3E4F2B701
C:\Program Files (x86)\PSI\PSIPLOT\SampleData\logistic.PDW	data	975D3B3918DADD5D0E13EC38E3EDB8DA	DD7DA97E2AAA443EDE15FC9FCD2B62CF2D7607B2	54D524353E1877808192DC7E3A3788E31F2FEBB2B7763A2A495C6C24FA21566D
C:\Program Files (x86)\PSI\PSIPLOT\SampleData\nichols.pdw	data	A0DDDB3A7E0E37F8C4BCE5C29AC56494	74154AE3BC26F2F0F4FC4062CE2040E807CBC96E	ED9EFD47645C993CDC1FFC474C1BD2A8DB0E985E772EA56589B55C229355EC25
C:\Program Files (x86)\PSI\PSIPLOT\SampleData\ssa.pdw	data	674A0DDBD4B8D1FC72FAE26B57C303C3	F1423EC237D41D925F5AC89AADD1857F824B941C	404CD8C59487147A5BBD88AD2C65CB8D6DF8BCCDEC618C26A922595AEF681384
C:\Program Files (x86)\PSI\PSIPLOT\SampleData\weibull.pdw	data	F36E5B65552F21A990AB7E8F5390FABD	0754B07ED917B0AE6C898C3BAEB2E93C6AC43588	FEDA2B712677603566BF0924802712D36BA7BBB2506BD29B8BDE5E8927C6E1CD
C:\Program Files (x86)\PSI\PSIPLOT\SamplePlot\GrafPaper\ber.pgw	Composite Document File V2 Document, Cannot read section info	1E787BD38EC4BEEA3ACD1997A517D333	B527EA55BDCC2558AFD1D019DEDF9F1B6698E39A	01BA02FAB3D63F663E710BE06CE5697D1AFAEAB937A840D849EE095A3A624C90
C:\Program Files (x86)\PSI\PSIPLOT\SamplePlot\GrafPaper\decibel.pgw	Composite Document File V2 Document, Cannot read section info	13D8FEF9C8934053E9F5A79D2404EA7B	A7BED3B584ADF25BFE97E47E4B7459C3C9533E2C	2D2DC27E0D1318B80B05957B5A9323BF80FE02E7671841E68ECFFE030377D40E
C:\Program Files (x86)\PSI\PSIPLOT\SamplePlot\GrafPaper\logit.pgw	Composite Document File V2 Document, Cannot read section info	71B64936169C48111AE8D8331E60E580	75C27B9701396F2B166A5681F457F8F122C9D669	E9BFDBB18F4D00F1DA208D5921B07C44F9960C6CAFE76E4DA506F63602A44614
C:\Program Files (x86)\PSI\PSIPLOT\SamplePlot\GrafPaper\loglog.pgw	Composite Document File V2 Document, Cannot read section info	F40478A2101423C40F3A8F55715186CE	FA549C66D82C13586E941A33EE4EC289D0057EEF	F6C9151CCE025F240A9229BEE0006EBBA8189BD68DF120A6E3EFF6CB948AD43E
C:\Program Files (x86)\PSI\PSIPLOT\SamplePlot\GrafPaper\probability.pgw	Composite Document File V2 Document, Cannot read section info	F171709DB4965365959ADDD138E2B80B	2FD7AA3D2028A77238D41308F5387AB0605E4C9D	E6118215581BD72B46487BCCA6E76B4454951FD1830926AFE27F71AC3DED1FC0
C:\Program Files (x86)\PSI\PSIPLOT\SamplePlot\GrafPaper\reciprocal.pgw	Composite Document File V2 Document, Cannot read section info	5B185D985CD4B87C467E076DF0AC954B	0F2269E44C05BD4EE0CFC97BDDBE887DB834BB70	833043B44C5EE15214A957A9AE4BE1AFDE06D6118DDC1278BCAA224FAF590061
C:\Program Files (x86)\PSI\PSIPLOT\SamplePlot\GrafPaper\regular.pgw	Composite Document File V2 Document, Cannot read section info	EF6E705DBD7FB5D709E2BB5D298C5221	8E364EBE2EBAB83D8B64989027F8DD385C86088C	07E635597578772BFD53CE8BD5F699CB2ACC0CE890B3E79EA96D7C67234B5F4A
C:\Program Files (x86)\PSI\PSIPLOT\SamplePlot\GrafPaper\semilog.pgw	Composite Document File V2 Document, Cannot read section info	B95DD163FCF451401BF92336EFC5FEA4	9468FA207E7A89C20C92D81BB0345F36D88835F7	585EA614A0E69675AA0A2E858BE93A42CEB32E78BC7664BCC581F57540B20655
C:\Program Files (x86)\PSI\PSIPLOT\SamplePlot\area.PGW	Composite Document File V2 Document, Cannot read section info	595EBE449FDCE23E2129177FE409B6AD	859ACF2CF6DC66E6F7BCC863D7781326C09F140F	934DE347121C3F15AF57DA60D9D6221E6FC9BA1DFDCF25AA8C21A0D16881D12E
C:\Program Files (x86)\PSI\PSIPLOT\SamplePlot\axis_sample.PGW	Composite Document File V2 Document, Cannot read section info	FB3FBF77DFEA8F77114267019AD2218F	959FC608F3CD92E677D9AE60D140CF121B7A0AFF	55663936A013DD514C439A3F28433A52DBEB9D69D323C30735073CC237DE33A8
C:\Program Files (x86)\PSI\PSIPLOT\SamplePlot\axisattr.PGW	Composite Document File V2 Document, Cannot read section info	C17DEC551E5C97493F83C838B0E65A1A	25D9B176AA7184FC5D53BE39E7D65E96087BF91A	07644485BD223AB603D8D81B9DCCD8AD9A443CCCE971F40566C72C03145C1E25
C:\Program Files (x86)\PSI\PSIPLOT\SamplePlot\axismode.PGW	Composite Document File V2 Document, Cannot read section info	24C8FC993A3FB1AA85DBDCC25DB90149	84B539F3267CB458EBB73834FF202381B8371F41	5369A507313EB85D088576E673FD4EB861032D590A84F80F42804EFFC565CF18
C:\Program Files (x86)\PSI\PSIPLOT\SamplePlot\boxplot.PGW	Composite Document File V2 Document, Cannot read section info	06A1619A17FDD571311F3546E6704D7F	BFAB5F2C146B95C39C765D8B369280A0D7837628	DD4B4F9358557785DC34518F563E378D1B079EB451A3C7C151D811F7D1A279B2
C:\Program Files (x86)\PSI\PSIPLOT\SamplePlot\butterworth.PGW	Composite Document File V2 Document, Cannot read section info	2E7CCC47B655DB1AD2DFF1EBE999DC47	33D17865AC01051F43F10A497F19F92D35DB32DC	ED48BD6B1ADED26138BAEC72B8086FD2BA7F5F577D3A7CDC627E431170188D2D
C:\Program Files (x86)\PSI\PSIPLOT\SamplePlot\cluster_area.PGW	Composite Document File V2 Document, Cannot read section info	BE89B2F1D80EE13B528577A0C836E925	67EAAE2F2DE23F4A1466F86A4E0361F7283EB28B	E4F350B8BD0AE8E94152586340964048DB227C4996FD8DADCFE58DF73D0922AB
C:\Program Files (x86)\PSI\PSIPLOT\SamplePlot\cylindricsurface.PGW	Composite Document File V2 Document, Cannot read section info	9D73B73E0EAFD19522F9DB76FCB2821C	7C5766425D62C58DC58DB11202FD80A7209DC9D1	B84BD9A90A5E0C279B67146742709C697BCDA13C88A69C0322A327651BECEDEF
C:\Program Files (x86)\PSI\PSIPLOT\SamplePlot\errbar.PGW	Composite Document File V2 Document, Cannot read section info	F5BB340978ACBE17E83930F3E47D27AE	86E9E9365E3B3F653C252B5ED2672299EBB03151	CA5826DA40FEF36A18B119F73A96107BD690670F8AD2525AA05E1AD66A0FAC3D
C:\Program Files (x86)\PSI\PSIPLOT\SamplePlot\maze.PGW	Composite Document File V2 Document, Cannot read section info	8879F01480B3571115D04102DEBB06C0	46BEDF4BBC2868FD13524CBA72E1CE65B8FD4541	C5729D06E1EB7511518977D294C24D9BEF33FD4160A6113DACDF86F1595392ED
C:\Program Files (x86)\PSI\PSIPLOT\SamplePlot\qcchart.PGW	Composite Document File V2 Document, Cannot read section info	D9281B649E4CB5E77875B66725DE2719	B9D508405A63BD5CF88B42E45449DE5CCD72194C	1AB418003F9E5650B2A7A7032F1B61ABCDEBA40219B4EA6667958805ADB29B5E
C:\Program Files (x86)\PSI\PSIPLOT\SamplePlot\reciprocal.pgw	Composite Document File V2 Document, Cannot read section info	5B185D985CD4B87C467E076DF0AC954B	0F2269E44C05BD4EE0CFC97BDDBE887DB834BB70	833043B44C5EE15214A957A9AE4BE1AFDE06D6118DDC1278BCAA224FAF590061
C:\Program Files (x86)\PSI\PSIPLOT\SamplePlot\stock.pgw	Composite Document File V2 Document, Cannot read section info	C19278FDC5E4EF4BCB34458D34FED755	38F33C2345827C9E77265B88D916762962691769	DC8B092ED15E5D9C2EC0DBE1FEE9ACDFB2FB826AB3283AC2B182399C3511F0E8
C:\Program Files (x86)\PSI\PSIPLOT\SamplePlot\surface.PGW	Composite Document File V2 Document, Cannot read section info	327A7B770F015FFBD52904333A0F44E2	A72F33D7475F119AE13767143842DD5F2CB806EA	3EA286EE0465F0A2E2D43038D609C89AD1689A670696FD4A6202015E4013C4F5
C:\Program Files (x86)\PSI\PSIPLOT\SamplePlot\symbolID.PGW	Composite Document File V2 Document, Cannot read section info	AD89B2DE61FFEF6473C5F109AD0F515B	33CAE5C56BF391F1D48527EFD6B6505D1A20D1B3	E515B3E101F785ECDACC38A52CB8B789A1F8D8AA6E3464117B75CF4E4CBD39EB
C:\Program Files (x86)\PSI\PSIPLOT\SamplePlot\text.PGW	Composite Document File V2 Document, Cannot read section info	694AF3E3DBB7F92E201D61507E9A3029	56BEE9558EA323E00DC9F5A8263820C9D533F782	2F97E9ECA6DA5129DCEAAEE4F85FB0FE999939C213539DFDF4BBA14C5F6D2FC5
C:\Program Files (x86)\PSI\PSIPLOT\SamplePlot\userdef.PGW	Composite Document File V2 Document, Cannot read section info	C1E3D6D086771C7C30A5B98EE49DA910	73B59F0FB860EE47068519D64703BC58EBE946F6	DF812DE528A075F00A9CB542C181EC2831B03CB93D4CABB999AB25930C1F1630
C:\Program Files (x86)\PSI\PSIPLOT\SamplePlot\vector.PGW	Composite Document File V2 Document, Cannot read section info	948E6BDD727609EF19CEB61A2B6A9485	EA287D1EB54F7AEBFEDEE30EE7359039864F427D	0B598524E000BB7DD7DC07D18042CA1EB89D6A5A823167A0853758ED611F764F
C:\Program Files (x86)\PSI\PSIPLOT\TEMPLET.ODE	ASCII text, with CRLF line terminators	C110F6229F124A314ADF8E95C29D5A7E	7EC147AECEC58AE905E767865CB3DC09A4FE39F0	5D3BAB2DFE6959B64FB3AE7E6E4063BB5D3435FF6B5B973EFC1CC3930D3E5861
C:\Program Files (x86)\PSI\PSIPLOT\TEMPLET.TSM	ASCII text, with CRLF line terminators	26BA9374C70A05BE744669B78AA2B180	F3B6095479A157F69745897B99E00F8C340F70F7	B33263A7280F1A795F4CCD0C47364297FC1F266A975AC8ED0E492993EEE0D278
C:\Program Files (x86)\PSI\PSIPLOT\TUTORIAL.PDF	PDF document, version 1.1	B4D00402A14C653CBAA1B42E4B114BA7	FB534E1826CD669FEA6980B65E690B67A3362CE4	DA089E83D821CE79DBD48635B05E2D68C53EE2C1D67EE76AD0B71BE994057B0A
C:\Program Files (x86)\PSI\PSIPLOT\control2.gif	GIF image data, version 89a, 760 x 560	1AA6A61BAE5109EADDB65B31CEDF8A1C	E91B098FAB6F34C90BFB8F77D3B9026C6B2CA35D	FE5D51470843F82B74B24EF02319C4190BC555FE8CC1BA97979CE03DA3B073BF
C:\Program Files (x86)\PSI\PSIPLOT\lessn10c.PDW	data	BD3E370EA837D2C488DBA45C4C42AC37	44E905924DAFCE85ECF167E642605220B5906260	45A27A378A3D8445DBA1D4E0E05636F1A10C4D50618D4FE57E96995BCE58DED4
C:\Program Files (x86)\PSI\PSIPLOT\lessn16a.pdw	data	C0956C761FB0DD70704F3B5D277AFEB3	0D8E99C8AAA8F3A546FF1815112AE96696B9BA99	40AA6B10FA8A6DDF07DD0054ECE59429F6A7AD2C8C2B9E5665E4293957B4D88F
C:\Program Files (x86)\PSI\PSIPLOT\lessn16b.pdw	data	3DA8503B2BE5D52D5244B6D9A81A9CD2	4272883EFE226E413D4260A019EB0B50EA48327E	35D4F5BEB4DDE1593D0581537982FDE0D5DBBA7ED6EE1AC8CFF43859055D96E1
C:\Program Files (x86)\PSI\PSIPLOT\lessn18.pdw	data	0A9F59EDB65BA72000A9FB8CC77DFE8A	97E2AA9A71624B37C2825E3908E50AE11BCD0A50	A643D9310BDA2129D72CA24577EF0B2AB7D5895590086AFA6710ECC5DD6E7382
C:\Program Files (x86)\PSI\PSIPLOT\lessn18a.pdw	data	7B748CD2049622113C4D0C404BB236C8	DAB98C3995798227C4E464CC088FCBE08C7E98AC	8165A8B59A8338CED97EBF99AAB1E16E205C801482CB205A41A5086C9E41E4B7
C:\Program Files (x86)\PSI\PSIPLOT\lesson16.pdw	data	56151AE3D0E14FC1404D1A2D59BDCBD1	60F7B2B35560E65C64FF18CBB6E4E82E177723BF	AD6E1418098300459C4AD2945B593A2BA9EB3783366C9161E62FF52337D56051
C:\Program Files (x86)\PSI\PSIPLOT\lesson17.txt	ASCII text, with CRLF line terminators	58E3490534A85EB48D3AF510A0AFFFC6	E891D2C9ABB97D61AFC364FC7DC32503AD960869	BDB3C751E40CCA592988E19E6C087200B00EAB70D33ED7702347A122F3E58C9E
C:\Program Files (x86)\PSI\PSIPLOT\readme.htm	HTML document, ASCII text, with CRLF line terminators	D203890440A646787ADB391811966471	33549D2730D8061069CFCD4BD74625E742069F30	EAB118741B6C22A67D6E6898FF9F2669CE012ACC1ED6EA3144E5CB95E731BF69
C:\Program Files (x86)\PSI\PSIPLOT\templet.FPL	ASCII text, with CRLF line terminators	53ABEDE688B99BF32FA3D1B794B664A8	80006704F289B0E205CD918905BC382A66750EB6	B481B330B954C6A1D2BD400F48302F05E65F8DD9E1935F9F5F14535911C3BAA2
C:\Program Files (x86)\PSI\PSIPLOT\templet1.FPL	ASCII text, with CRLF line terminators	53ABEDE688B99BF32FA3D1B794B664A8	80006704F289B0E205CD918905BC382A66750EB6	B481B330B954C6A1D2BD400F48302F05E65F8DD9E1935F9F5F14535911C3BAA2
C:\Program Files (x86)\PSI\PSIPLOT\templet2.FPL	ASCII text, with CRLF line terminators	11B816EEEE3F295490B2E5C161B09284	BC014042C084A3FBED08B6AC8811B1A45720ACB4	EE93960E96C2F805FD24237346A9AE0EF5C4A1CAA3B04A60EA09BB860ECABC8A
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSI-Plot\Readme.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Thu May 3 18:20:52 2012, mtime=Thu Oct 10 17:18:30 2024, atime=Thu May 3 18:20:52 2012, length=3951, window=hide	206E16AEA74689ED7809B6C70A02FA5E	575FF60B58679CB125AF56ADFA6A7FC72BDA8B13	26DE0EEBDC027243B3C224BF04B38D1B9FFCBC9FD8BF389D07C8063A3EFA3858
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSI-Plot\TUTORIAL.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Sun Apr 15 14:44:10 2012, mtime=Thu Oct 10 17:18:27 2024, atime=Sun Apr 15 14:44:10 2012, length=2103361, window=hide	E2806395A4986BA4228674DA9C67F581	C822FDB42BE18182DFDEA41571504E69AF21D71E	52E18AA7E2570E608A5AFCBC65817DC940A081B08B4F79B8BDD73C5DA88F1C59
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSI-Plot\psiplot.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Thu May 3 17:52:22 2012, mtime=Thu Oct 10 17:18:27 2024, atime=Thu May 3 17:52:22 2012, length=9342976, window=hide	139B0E1DB439C1EC7F3DBC379C59A1F8	8C4DA7F2CCAF4C8AAB6E637C73D0C2F06C626F7C	9478CB6AA846A321899C01002900C1229E640C8BB2DD66DF3A5B9AC79E718D6D
C:\Users\Public\Desktop\PSI-Plot Working Demo.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Thu May 3 17:52:22 2012, mtime=Thu Oct 10 17:18:32 2024, atime=Thu May 3 17:52:22 2012, length=9342976, window=hide	305295FDA89E66E3B9BBD2426C2D8B01	8B8A4EAB3A9E7A6048E194E532F11E8B5B1AD5C0	A7DACA7B59F2895001F9E47D46F2EDC9632D2C0D3731E1C8A02A7CC720485B8E
C:\Users\user\AppData\Local\Temp\MSIA4B2.tmp	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	3CAAC7A39064C06FBA555647FB91C3BB	6DE48C7B28807637412A277926FF8C2770EC9A87	58245186A18A1A79BEB9A025046B49EC541B5AE44191A851623FD2FBD1A77347
C:\Users\user\AppData\Local\Temp\_is8C78\0x0409.ini	Generic INItialization configuration [Languages]	6C87581375D4E4789761B9833C2A1B4D	310395FDE36429B08B615831152399DB7E4267A2	43160E278E4302E378E754149C6394BC51D1969A7941687CFCC6C00B25151282
C:\Users\user\AppData\Local\Temp\_is8C78\PSI-Plot Ver 10.5 Working Demo.msi	Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.1, MSI Installer, Last Saved By: InstallShield , Number of Characters: 0, Security: 1, Number of Words: 0, Title: Installation Database, Comments: Contact: Your local administrator, Keywords: Installer,MSI,Database, Subject: Welcome to PSI-Plot Version 10.5 Working Demo, Author: InstallShield Software Corporation, Number of Pages: 200, Name of Creating Application: InstallShield X - Express Edition 10.0, Last Saved Time/Date: Thu May 3 16:22:06 2012, Create Time/Date: Thu May 3 16:22:06 2012, Last Printed: Thu May 3 16:22:06 2012, Revision Number: {96644CA9-8EA3-446B-8568-6E1624759883}, Code page: 1252, Template: Intel;1033	340535553893D92D33A6EB94A592717B	BDDE2F5D3D356BF841C55B0BC3B8008CD1AAF0EA	74ADA3893F257184A5D0F13A4D41718DB3A7D6783302CAB54BEDF6C55F312A3C
C:\Users\user\AppData\Local\Temp\_is8C78\Setup.INI	Generic INItialization configuration [Startup]	10C078E324860D1EDF6C73658CEDB59D	CF114BB7E1B9C6AF6C5CF4892CE548B57E71D74F	C4C77EBCBB1B594088BB8A240B8505855B7FCA89B5CCA977165944316FE0B13A
C:\Users\user\AppData\Local\Temp\_is8C78\_ISMSIDEL.INI	ASCII text, with CRLF line terminators	3FDD2635AA94921522AF8186F3C3D736	0FE63553E9F993C0CB2CB36B8CDCFBA4F4A2650D	17AD78845C9C6A8E97A5BD14BE56700A51EE85867C979ED6CF538E1FED82CF7C
C:\Users\user\AppData\Local\Temp\~8C68.tmp	Generic INItialization configuration [Startup]	10C078E324860D1EDF6C73658CEDB59D	CF114BB7E1B9C6AF6C5CF4892CE548B57E71D74F	C4C77EBCBB1B594088BB8A240B8505855B7FCA89B5CCA977165944316FE0B13A
C:\Windows\Downloaded Installations\{96644CA9-8EA3-446B-8568-6E1624759883}\PSI-Plot Ver 10.5 Working Demo.msi	Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.1, MSI Installer, Last Saved By: InstallShield , Number of Characters: 0, Security: 1, Number of Words: 0, Title: Installation Database, Comments: Contact: Your local administrator, Keywords: Installer,MSI,Database, Subject: Welcome to PSI-Plot Version 10.5 Working Demo, Author: InstallShield Software Corporation, Number of Pages: 200, Name of Creating Application: InstallShield X - Express Edition 10.0, Last Saved Time/Date: Thu May 3 16:22:06 2012, Create Time/Date: Thu May 3 16:22:06 2012, Last Printed: Thu May 3 16:22:06 2012, Revision Number: {96644CA9-8EA3-446B-8568-6E1624759883}, Code page: 1252, Template: Intel;1033	340535553893D92D33A6EB94A592717B	BDDE2F5D3D356BF841C55B0BC3B8008CD1AAF0EA	74ADA3893F257184A5D0F13A4D41718DB3A7D6783302CAB54BEDF6C55F312A3C
C:\Windows\Installer\5ee891.msi	Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.1, MSI Installer, Last Saved By: InstallShield , Number of Characters: 0, Security: 1, Number of Words: 0, Title: Installation Database, Comments: Contact: Your local administrator, Keywords: Installer,MSI,Database, Subject: Welcome to PSI-Plot Version 10.5 Working Demo, Author: InstallShield Software Corporation, Number of Pages: 200, Name of Creating Application: InstallShield X - Express Edition 10.0, Last Saved Time/Date: Thu May 3 16:22:06 2012, Create Time/Date: Thu May 3 16:22:06 2012, Last Printed: Thu May 3 16:22:06 2012, Revision Number: {96644CA9-8EA3-446B-8568-6E1624759883}, Code page: 1252, Template: Intel;1033	340535553893D92D33A6EB94A592717B	BDDE2F5D3D356BF841C55B0BC3B8008CD1AAF0EA	74ADA3893F257184A5D0F13A4D41718DB3A7D6783302CAB54BEDF6C55F312A3C
C:\Windows\Installer\5ee893.msi	Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.1, MSI Installer, Last Saved By: InstallShield , Number of Characters: 0, Security: 1, Number of Words: 0, Title: Installation Database, Comments: Contact: Your local administrator, Keywords: Installer,MSI,Database, Subject: Welcome to PSI-Plot Version 10.5 Working Demo, Author: InstallShield Software Corporation, Number of Pages: 200, Name of Creating Application: InstallShield X - Express Edition 10.0, Last Saved Time/Date: Thu May 3 16:22:06 2012, Create Time/Date: Thu May 3 16:22:06 2012, Last Printed: Thu May 3 16:22:06 2012, Revision Number: {96644CA9-8EA3-446B-8568-6E1624759883}, Code page: 1252, Template: Intel;1033	340535553893D92D33A6EB94A592717B	BDDE2F5D3D356BF841C55B0BC3B8008CD1AAF0EA	74ADA3893F257184A5D0F13A4D41718DB3A7D6783302CAB54BEDF6C55F312A3C
C:\Windows\Installer\MSIED35.tmp	data	85B6C9E4B959ACAFA6C35A39AEE8BAB8	3527981F549121011AF89C3B980DD8B82FED0482	085AC0CB64FB1CDCA47403ED0032CF71B998B344F6A82B467D21402896310E24
C:\Windows\Installer\SourceHash{CF7D8275-38F3-42CF-AF3D-29B1BF918926}	Composite Document File V2 Document, Cannot read section info	4A82174B477006F7D86CEFE06FEB79A3	3750407EE3436A9473C90FBDBE4C089B53460B00	CB8CF9D8592F4280A1A916B96AC5E773CF3132DA3B9274C54B262EA38C1B2C91
C:\Windows\Installer\inprogressinstallinfo.ipi	Composite Document File V2 Document, Cannot read section info	EE2C12A9292AC9AFB1025F455DF08BA6	D5D4E2DE03E01F05AEF9217779CCFD5EAA0E01A6	850380B07F3EB3C54B144935DA4A17A8C78321D993E88F37CECF9157CB7EAC6D
C:\Windows\Installer\{CF7D8275-38F3-42CF-AF3D-29B1BF918926}\ARPPRODUCTICON.exe	MS Windows icon resource - 5 icons, 32x32, 8 bits/pixel, 48x48, 8 bits/pixel	BE9562971CE7DBF11E23794B8A9E5EA9	F28DE23C8AAB0D70B2D952995F607CDE7511038A	1E78F455B86224319E4A555E64FC0030BB4C927190BE3363FC3D447FAE882C8D
C:\Windows\Installer\{CF7D8275-38F3-42CF-AF3D-29B1BF918926}\NewShortcut1_E57AF06D4375496697A2B3227B8F52A3.EXE	MS Windows icon resource - 5 icons, 32x32, 8 bits/pixel, 48x48, 8 bits/pixel	BE9562971CE7DBF11E23794B8A9E5EA9	F28DE23C8AAB0D70B2D952995F607CDE7511038A	1E78F455B86224319E4A555E64FC0030BB4C927190BE3363FC3D447FAE882C8D
C:\Windows\Installer\{CF7D8275-38F3-42CF-AF3D-29B1BF918926}\NewShortcut3_B94EC0BE542B4F308679E8D52BAD769F.htm	PE32 executable (GUI) Intel 80386, for MS Windows	A0790CA5995B2E56B65C89A61E57D1CD	B715DE24F510D75C33E350272DBBE337B8235281	D41633D4EF288D72E1B5A06AFB5F752E2287133095B136EAFB13C88DB9CE59C5
C:\Windows\Installer\{CF7D8275-38F3-42CF-AF3D-29B1BF918926}\NewShortcut6_B94EC0BE542B4F308679E8D52BAD769F.exe	MS Windows icon resource - 5 icons, 32x32, 8 bits/pixel, 48x48, 8 bits/pixel	BE9562971CE7DBF11E23794B8A9E5EA9	F28DE23C8AAB0D70B2D952995F607CDE7511038A	1E78F455B86224319E4A555E64FC0030BB4C927190BE3363FC3D447FAE882C8D
C:\Windows\Installer\{CF7D8275-38F3-42CF-AF3D-29B1BF918926}\NewShortcut7_B94EC0BE542B4F308679E8D52BAD769F.PDF	PE32 executable (GUI) Intel 80386, for MS Windows	F1E0A51D6010825B4C1FA5430E9D031B	B596698FDD89432AEC6DE5B3D725D7B2E4ABD6CF	DD5D854A850F1E59F92C80002F43F805E5C774427DD2444E50699E4D92A26860
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	D637C7CDDD42AB3C1A36803DFF9E7665	6C41A9298B74388CB8400D214A7299EB9EAAB025	DF38B7DC1DA68A97EB77E32026B2E2A507C18664DE66EE39186ACC89BB1E5971
C:\Windows\PSIPLOT.INI	Generic INItialization configuration [CreateColumn]	3BECDA5DB32179456566FA78FD8011EC	AD4021E1F448DC77DE13B4419FCFBDA08D71790F	425AE9D7540E753E3A617FE769A1EC91CE87E6BD072660839B807974BD6FA7B5
C:\Windows\System32\spool\drivers\x64\3\PSIPSCRP.PPD	PPD file, version "4.3"	28C493B44925221AA69F020E6AF6176B	45D04D3E144CA3A9BA7A038CE50B5960E5903AE7	9258203F212D58C04C81A2CCE6511D6FA53D65F569C14DCF35CEA19AF815CDBB
C:\Windows\System32\spool\drivers\x64\PS5UI.DLL	PE32+ executable (DLL) (console) x86-64, for MS Windows	2A5755B795E19A833BE731E306C2B393	FD63627AE3E0B6B8D51C3052ABD772BB7388BAE7	CCDEB169EAFDFDD96588DF803543B4A912A3096B2FE24767E8D8C129667EF448
C:\Windows\System32\spool\drivers\x64\PSCRIPT.HLP	MS Windows 3.1 help, Tue Apr 17 13:11:49 2001, 26038 bytes	02C3F8C32018F3AAF66E7421400F1781	A04F2E40287AF78867161FA3F1606045088DA212	6FAEF4C998E810FFF139958F28722C79879EC2FD66C97C7E3E2C5040FD5550D9
C:\Windows\System32\spool\drivers\x64\PSCRIPT.NTF	data	C18E8DA3F5C91760E00DFAE8B6364BED	566D28948DAE855C8E5F560EAD7E0D8CC73DC1D5	F49C950531E485BBC4B35161CF049ADF8363D0BD222CFED2EEDE2A13FE418187
C:\Windows\System32\spool\drivers\x64\PSCRIPT5.DLL	PE32+ executable (DLL) (console) x86-64, for MS Windows	BAD12C605CA489C061E636E840720056	D4006D6CA409289012F4506897B2CEC10B527DF0	A3A71C558C96FEDA11CFF875C90779B90B3540EBCF52ACEB465C69B01DD0B1D4
C:\Windows\System32\spool\drivers\x64\PSIPSCRP.PPD	PPD file, version "4.3"	28C493B44925221AA69F020E6AF6176B	45D04D3E144CA3A9BA7A038CE50B5960E5903AE7	9258203F212D58C04C81A2CCE6511D6FA53D65F569C14DCF35CEA19AF815CDBB
C:\Windows\Temp\~DF236A664A65A73CE7.TMP	data	BF619EAC0CDF3F68D496EA9344137E8B	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
C:\Windows\Temp\~DF2475FED551644849.TMP	data	BF619EAC0CDF3F68D496EA9344137E8B	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
C:\Windows\Temp\~DF26CD9645139C62E1.TMP	Composite Document File V2 Document, Cannot read section info	EE2C12A9292AC9AFB1025F455DF08BA6	D5D4E2DE03E01F05AEF9217779CCFD5EAA0E01A6	850380B07F3EB3C54B144935DA4A17A8C78321D993E88F37CECF9157CB7EAC6D
C:\Windows\Temp\~DF2931FAC31C296BB1.TMP	data	BF619EAC0CDF3F68D496EA9344137E8B	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
C:\Windows\Temp\~DF2A6266BC8FED5E8A.TMP	data	709B492FC7C81CC85B671A015E4618D5	4845C712FE8F6047D478F0DEB372CF05A16DF548	CD55A869633B132F28CF28660D5B12ECA0AD2EAEA0C16A39E8BEFAD160672B91
C:\Windows\Temp\~DF2BB1FF67CCB2BA08.TMP	Composite Document File V2 Document, Cannot read section info	EE2C12A9292AC9AFB1025F455DF08BA6	D5D4E2DE03E01F05AEF9217779CCFD5EAA0E01A6	850380B07F3EB3C54B144935DA4A17A8C78321D993E88F37CECF9157CB7EAC6D
C:\Windows\Temp\~DF733BBCDF67162C3E.TMP	Composite Document File V2 Document, Cannot read section info	48EBB802BBA18F9E2B96883EA0B4478C	B4FF37EE73BE61589B1AAAA586B8E45006C6863F	23176B2DBB8C6897778DCEA09993BEAA221EECCB7E9550A5C44F7A7CE8566FA5
C:\Windows\Temp\~DF8FDFF2A96AE69220.TMP	data	BF619EAC0CDF3F68D496EA9344137E8B	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
C:\Windows\Temp\~DFA870BB9D712FD90A.TMP	Composite Document File V2 Document, Cannot read section info	48EBB802BBA18F9E2B96883EA0B4478C	B4FF37EE73BE61589B1AAAA586B8E45006C6863F	23176B2DBB8C6897778DCEA09993BEAA221EECCB7E9550A5C44F7A7CE8566FA5
C:\Windows\Temp\~DFBCCBE9E0F6F29FA5.TMP	data	BF619EAC0CDF3F68D496EA9344137E8B	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
C:\Windows\Temp\~DFC634E747B8F69118.TMP	data	8407B98A4EBAA05F83B3F8F37084407E	9D70A8683BE211B8509497CC79445F2CF61FE673	FC63C182190B46127AB6077BE06BF436D1E34D4385FA75E45F373CA5C958EDDE
C:\Windows\Temp\~DFCD410FC2588C4F64.TMP	Composite Document File V2 Document, Cannot read section info	48EBB802BBA18F9E2B96883EA0B4478C	B4FF37EE73BE61589B1AAAA586B8E45006C6863F	23176B2DBB8C6897778DCEA09993BEAA221EECCB7E9550A5C44F7A7CE8566FA5
C:\gdiplus.dll	PE32 executable (DLL) (console) Intel 80386, for MS Windows	D0AAAE16BA162DD89D646887F1539855	0A222F319B7712B861EF6ADF0C38CC2C5A2790FA	D84E7EB505ADEE8EA660F48C89705977F5EB33B7299D0BD981624E3ECE320223

ID:	1531073
Product:	CloudBasic
Start time:	20:17:11
Start date:	10.10.2024
Sample:	plotdemo.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	fbce37d191eb18a9b005539336aea939
SHA1:	37588e9f8796a0480638a4ff00d305dbdb472146
SHA256:	60f39e5220113596f51c5eabca7d6f81c603487971d58b7df9b8dbc093edbfae
Filetype:	Win32 Executable (generic) a (10002005/4) 99.53%

Windows Analysis Report
plotdemo.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Windows Analysis Report plotdemo.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
plotdemo.exe