070460c8124939b1756262d215ec61f69b3b83cc5329c0376b5079be390a876b

Analysis

max time kernel
151s
max time network
133s
platform
windows7_x64
resource
win7-20220715-en
resource tags

arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system
submitted
05-08-2022 01:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

03061448_4.exe
Size

26.4MB
MD5

07a394784eab50e67d2c92a98991f9c9
SHA1

311cc1843681a9b05b941a760b0c2c3dac27adb7
SHA256

070460c8124939b1756262d215ec61f69b3b83cc5329c0376b5079be390a876b
SHA512

4f9f9a87fcfc31d1163b444bac10d56a27b3507f1ad780a6b7433632b527221ba27b9472069e5fe1e415e0ba865fc6177b19479d5ded5dc7db38b722171b91c9

Score

8^/10

bootkit discovery persistence vmprotect

Malware Config

Signatures

Executes dropped EXE 4 IoCs

Processes:

MiniTPFw.exeMiniThunderPlatform.exeThunderFW.exeupdate.exe

pid process

1500 MiniTPFw.exe
1672 MiniThunderPlatform.exe
1996 ThunderFW.exe
780 update.exe

pid	process
1500	MiniTPFw.exe
1672	MiniThunderPlatform.exe
1996	ThunderFW.exe
780	update.exe

VMProtect packed file 8 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
\Users\Admin\Documents\XiaoXiong\Work\Dependency\InsNet.dll	vmprotect
behavioral1/memory/2020-63-0x00000000744B0000-0x00000000746DE000-memory.dmp	vmprotect
\Users\Admin\Documents\XiaoXiong\Work\Dependency\DDUtility.dll	vmprotect
behavioral1/memory/2020-111-0x0000000072570000-0x00000000729DE000-memory.dmp	vmprotect
C:\Users\Admin\Documents\XiaoXiong\Work\Dependency\InsNet.dll	vmprotect
\Users\Admin\Documents\XiaoXiong\Work\Dependency\InsNet.dll	vmprotect
behavioral1/memory/780-127-0x00000000744B0000-0x00000000746DE000-memory.dmp	vmprotect
behavioral1/memory/2020-132-0x0000000072570000-0x00000000729DE000-memory.dmp	vmprotect

Loads dropped DLL 36 IoCs

Processes:

03061448_4.exeMiniTPFw.exeMiniThunderPlatform.exeupdate.exe

pid	process
2020	03061448_4.exe
2020	03061448_4.exe
2020	03061448_4.exe
2020	03061448_4.exe
2020	03061448_4.exe
2020	03061448_4.exe
2020	03061448_4.exe
2020	03061448_4.exe
2020	03061448_4.exe
2020	03061448_4.exe
2020	03061448_4.exe
2020	03061448_4.exe
2020	03061448_4.exe
2020	03061448_4.exe
2020	03061448_4.exe
2020	03061448_4.exe
2020	03061448_4.exe
1500	MiniTPFw.exe
1672	MiniThunderPlatform.exe
1672	MiniThunderPlatform.exe
1672	MiniThunderPlatform.exe
1672	MiniThunderPlatform.exe
1672	MiniThunderPlatform.exe
1672	MiniThunderPlatform.exe
1672	MiniThunderPlatform.exe
2020	03061448_4.exe
2020	03061448_4.exe
2020	03061448_4.exe
1672	MiniThunderPlatform.exe
2020	03061448_4.exe
2020	03061448_4.exe
2020	03061448_4.exe
2020	03061448_4.exe
2020	03061448_4.exe
780	update.exe
780	update.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

03061448_4.exe

description	ioc	process
File opened (read-only)	\??\P:	03061448_4.exe
File opened (read-only)	\??\S:	03061448_4.exe
File opened (read-only)	\??\W:	03061448_4.exe
File opened (read-only)	\??\M:	03061448_4.exe
File opened (read-only)	\??\O:	03061448_4.exe
File opened (read-only)	\??\H:	03061448_4.exe
File opened (read-only)	\??\I:	03061448_4.exe
File opened (read-only)	\??\N:	03061448_4.exe
File opened (read-only)	\??\V:	03061448_4.exe
File opened (read-only)	\??\E:	03061448_4.exe
File opened (read-only)	\??\G:	03061448_4.exe
File opened (read-only)	\??\L:	03061448_4.exe
File opened (read-only)	\??\T:	03061448_4.exe
File opened (read-only)	\??\U:	03061448_4.exe
File opened (read-only)	\??\B:	03061448_4.exe
File opened (read-only)	\??\F:	03061448_4.exe
File opened (read-only)	\??\K:	03061448_4.exe
File opened (read-only)	\??\Q:	03061448_4.exe
File opened (read-only)	\??\R:	03061448_4.exe
File opened (read-only)	\??\X:	03061448_4.exe
File opened (read-only)	\??\Y:	03061448_4.exe
File opened (read-only)	\??\Z:	03061448_4.exe
File opened (read-only)	\??\A:	03061448_4.exe
File opened (read-only)	\??\J:	03061448_4.exe

Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

Processes:

MiniThunderPlatform.exe03061448_4.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	MiniThunderPlatform.exe
File opened for modification	\??\PhysicalDrive0	03061448_4.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Suspicious behavior: EnumeratesProcesses 3 IoCs

Processes:

03061448_4.exe

pid process

2020 03061448_4.exe
2020 03061448_4.exe
2020 03061448_4.exe

Suspicious use of AdjustPrivilegeToken 30 IoCs

Processes:

03061448_4.exeupdate.exe

description	pid	process
Token: SeDebugPrivilege	2020	03061448_4.exe
Token: SeRestorePrivilege	2020	03061448_4.exe
Token: 35	2020	03061448_4.exe
Token: SeSecurityPrivilege	2020	03061448_4.exe
Token: SeSecurityPrivilege	2020	03061448_4.exe
Token: SeRestorePrivilege	2020	03061448_4.exe
Token: 35	2020	03061448_4.exe
Token: SeSecurityPrivilege	2020	03061448_4.exe
Token: SeSecurityPrivilege	2020	03061448_4.exe
Token: SeRestorePrivilege	2020	03061448_4.exe
Token: 35	2020	03061448_4.exe
Token: SeSecurityPrivilege	2020	03061448_4.exe
Token: SeSecurityPrivilege	2020	03061448_4.exe
Token: SeRestorePrivilege	2020	03061448_4.exe
Token: 35	2020	03061448_4.exe
Token: SeSecurityPrivilege	2020	03061448_4.exe
Token: SeSecurityPrivilege	2020	03061448_4.exe
Token: SeRestorePrivilege	2020	03061448_4.exe
Token: 35	2020	03061448_4.exe
Token: SeSecurityPrivilege	2020	03061448_4.exe
Token: SeSecurityPrivilege	2020	03061448_4.exe
Token: SeRestorePrivilege	2020	03061448_4.exe
Token: 35	2020	03061448_4.exe
Token: SeSecurityPrivilege	2020	03061448_4.exe
Token: SeSecurityPrivilege	2020	03061448_4.exe
Token: SeBackupPrivilege	2020	03061448_4.exe
Token: SeRestorePrivilege	2020	03061448_4.exe
Token: SeDebugPrivilege	780	update.exe
Token: SeBackupPrivilege	780	update.exe
Token: SeRestorePrivilege	780	update.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

03061448_4.exe

pid process

2020 03061448_4.exe
2020 03061448_4.exe

Suspicious use of WriteProcessMemory 19 IoCs

Processes:

03061448_4.exeMiniTPFw.exe

description	pid	process	target process
PID 2020 wrote to memory of 1500	2020	03061448_4.exe	MiniTPFw.exe
PID 2020 wrote to memory of 1500	2020	03061448_4.exe	MiniTPFw.exe
PID 2020 wrote to memory of 1500	2020	03061448_4.exe	MiniTPFw.exe
PID 2020 wrote to memory of 1500	2020	03061448_4.exe	MiniTPFw.exe
PID 2020 wrote to memory of 1672	2020	03061448_4.exe	MiniThunderPlatform.exe
PID 2020 wrote to memory of 1672	2020	03061448_4.exe	MiniThunderPlatform.exe
PID 2020 wrote to memory of 1672	2020	03061448_4.exe	MiniThunderPlatform.exe
PID 2020 wrote to memory of 1672	2020	03061448_4.exe	MiniThunderPlatform.exe
PID 1500 wrote to memory of 1996	1500	MiniTPFw.exe	ThunderFW.exe
PID 1500 wrote to memory of 1996	1500	MiniTPFw.exe	ThunderFW.exe
PID 1500 wrote to memory of 1996	1500	MiniTPFw.exe	ThunderFW.exe
PID 1500 wrote to memory of 1996	1500	MiniTPFw.exe	ThunderFW.exe
PID 2020 wrote to memory of 780	2020	03061448_4.exe	update.exe
PID 2020 wrote to memory of 780	2020	03061448_4.exe	update.exe
PID 2020 wrote to memory of 780	2020	03061448_4.exe	update.exe
PID 2020 wrote to memory of 780	2020	03061448_4.exe	update.exe
PID 2020 wrote to memory of 780	2020	03061448_4.exe	update.exe
PID 2020 wrote to memory of 780	2020	03061448_4.exe	update.exe
PID 2020 wrote to memory of 780	2020	03061448_4.exe	update.exe

C:\Users\Admin\AppData\Local\Temp\03061448_4.exe
"C:\Users\Admin\AppData\Local\Temp\03061448_4.exe"
1⤵
- Loads dropped DLL
- Enumerates connected drives
- Writes to the Master Boot Record (MBR)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2020

C:\Users\Admin\Documents\XiaoXiong\Work\Tools\download\download\MiniTPFw.exe
"C:\Users\Admin\Documents\XiaoXiong\Work\Tools\download\download\MiniTPFw.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1500

C:\Users\Admin\Documents\XiaoXiong\Work\Tools\download\download\ThunderFW.exe
"C:\Users\Admin\Documents\XiaoXiong\Work\Tools\download\download\ThunderFW.exe" MiniThunderPlatform2022-08-0503:41:39 "C:\Users\Admin\Documents\XiaoXiong\Work\Tools\download\download\MiniThunderPlatform.exe"
3⤵
- Executes dropped EXE
PID:1996

C:\Users\Admin\Documents\XiaoXiong\Work\Tools\download\download\MiniThunderPlatform.exe
"C:\Users\Admin\Documents\XiaoXiong\Work\Tools\download\download\MiniThunderPlatform.exe" -StartTP
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
PID:1672

C:\Users\Admin\Documents\XiaoXiong\update.exe
"C:\Users\Admin\Documents\XiaoXiong\update.exe" 1BA2DCE465C8CC34802D8CA493C76FC92511A15467A076BB1ABDC7ADDC109B12EC6ED82ADC338EA4796C9FB803F30D96160AE17777E2A4243E2A29A1C4A8727EC3800172D8FE4B4E38B6C00C240931CE3C2044325D6B4E1BC577CEF9F51F4B234A372909976386201CD0D90C1AEDE95DE276B13647288B05B4F874C02520E184AFA84D4691EED32F20FE4A7E339A09F48B30157C8B3A3434CD7F19FCFF7B139F553A1AA700CBD74E49F38E43465EF55D3D612EAE0C7314E5FA3D1A907B2E31714547EAC940FE1A5672FEF6BA4E476EC8F5E8E084EE2193622D3480C9B3EEB26C26E83ED0EF584BCE
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:780

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Documents\XiaoXiong\Work\Dependency\InsNet.dll
Filesize
952KB

MD5
7466bc8839e947761fb89ef1ea36df19

SHA1
d1ccfbea7c658eeca00b8f992c5e49c54c0f958f

SHA256
b6b90de7a22a4d5b276314e89a3461d632d601a767ecc0f0f40adc1df67f469c

SHA512
62f9e3c67e7f63e9f9385376779eed7b10b9e7428fb1aa188b6347b43295f62296ca736ad8183980bbac48dd0926e9edc720e71665b22909a700a489b7a32978

Download Submit
C:\Users\Admin\Documents\XiaoXiong\Work\Tools\curl\libcurl.dll
Filesize
3.6MB

MD5
65b616f9f9fe97a1f1945371b2413b5a

SHA1
227bd5cfd96587e162af44e92961eb544810a457

SHA256
56ed6c2a9184a285c9cef2afdeb053734274e6766ebf6493f4172596cf73441a

SHA512
b16636798abd37d776c5bbc59faccfd897902c9036ccee19872e412324556f185b6d4534a8c238362b1d1c6a259ef34aabef6b0bb8dd02d89a952a72864555c8

Download Submit
C:\Users\Admin\Documents\XiaoXiong\Work\Tools\download\download\ATL71.DLL
Filesize
87KB

MD5
79cb6457c81ada9eb7f2087ce799aaa7

SHA1
322ddde439d9254182f5945be8d97e9d897561ae

SHA256
a68e1297fae2bcf854b47ffa444f490353028de1fa2ca713b6cf6cc5aa22b88a

SHA512
eca4b91109d105b2ce8c40710b8e3309c4cc944194843b7930e06daf3d1df6ae85c1b7063036c7e5cd10276e5e5535b33e49930adbad88166228316283d011b8

Download Submit
C:\Users\Admin\Documents\XiaoXiong\Work\Tools\download\download\MSVCP71.dll
Filesize
492KB

MD5
a94dc60a90efd7a35c36d971e3ee7470

SHA1
f936f612bc779e4ba067f77514b68c329180a380

SHA256
6c483cbe349863c7dcf6f8cb7334e7d28c299e7d5aa063297ea2f62352f6bdd9

SHA512
ff6c41d56337cac074582002d60cbc57263a31480c67ee8999bc02fc473b331eefed93ee938718d297877cf48471c7512741b4aebc0636afc78991cdf6eddfab

Download Submit
C:\Users\Admin\Documents\XiaoXiong\Work\Tools\download\download\MSVCR71.dll
Filesize
340KB

MD5
ca2f560921b7b8be1cf555a5a18d54c3

SHA1
432dbcf54b6f1142058b413a9d52668a2bde011d

SHA256
c4d4339df314a27ff75a38967b7569d9962337b8d4cd4b0db3aba5ff72b2bfbb

SHA512
23e0bdd9458a5a8e0f9bbcb7f6ce4f87fcc9e47c1ee15f964c17ff9fe8d0f82dd3a0f90263daaf1ee87fad4a238aa0ee92a16b3e2c67f47c84d575768edba43e

Download Submit
C:\Users\Admin\Documents\XiaoXiong\Work\Tools\download\download\MiniTPFw.exe
Filesize
58KB

MD5
58bb62e88687791ad2ea5d8d6e3fe18b

SHA1
0ffb029064741d10c9cf3f629202aa97167883de

SHA256
f02fa7ddab2593492b9b68e3f485e59eb755380a9235f6269705f6d219dff100

SHA512
cd36b28f87be9cf718f0c44bf7c500d53186edc08889bcfa5222041ff31c5cbee509b186004480efbd99c36b2233182ae0969447f4051510e1771a73ed209da5

Download Submit
C:\Users\Admin\Documents\XiaoXiong\Work\Tools\download\download\MiniThunderPlatform.exe
Filesize
262KB

MD5
0c8f2b0ee5bf990c6541025e94985c9f

SHA1
be942f5fef752b0070ba97998bfe763b96529aa2

SHA256
12d6cc86fdc69e1aa8d94d38715bbe271994c0f86f85283fa2190da7c322f4c8

SHA512
7b0e81149fafa88050a125155732057190d8f93e8d62cb05a68da9cf24e30228f14d0ffd888c0362bffd5872e970200098e75572b2819abeea10022ab1a264f6

Download Submit
C:\Users\Admin\Documents\XiaoXiong\Work\Tools\download\download\ThunderFW.exe
Filesize
71KB

MD5
f0372ff8a6148498b19e04203dbb9e69

SHA1
27fe4b5f8cb9464ab5ddc63e69c3c180b77dbde8

SHA256
298d334b630c77b70e66cf5e9c1924c7f0d498b02c2397e92e2d9efdff2e1bdf

SHA512
65d84817cdddb808b6e0ab964a4b41e96f7ce129e3cc8c253a31642efe73a9b7070638c22c659033e1479322aceea49d1afdceff54f8ed044b1513bffd33f865

Download Submit
C:\Users\Admin\Documents\XiaoXiong\Work\Tools\download\download\ThunderFW.exe
Filesize
71KB

MD5
f0372ff8a6148498b19e04203dbb9e69

SHA1
27fe4b5f8cb9464ab5ddc63e69c3c180b77dbde8

SHA256
298d334b630c77b70e66cf5e9c1924c7f0d498b02c2397e92e2d9efdff2e1bdf

SHA512
65d84817cdddb808b6e0ab964a4b41e96f7ce129e3cc8c253a31642efe73a9b7070638c22c659033e1479322aceea49d1afdceff54f8ed044b1513bffd33f865

Download Submit
C:\Users\Admin\Documents\XiaoXiong\Work\Tools\download\download\XLBugHandler.dll
Filesize
98KB

MD5
92154e720998acb6fa0f7bad63309470

SHA1
385817793b9f894ca3dd3bac20b269652df6cbc6

SHA256
1845df41da539bca264f59365bf7453b686b9098cc94cd0e2b9a20c74a561096

SHA512
37ba81f338af7de7ef2ac6bcf67b3aec96f9b748830ee3c0b152029871f7701e917b94a6b51acd7be6f8f02aea2b25f3b14ced1a218bf4868af04f5207bb5fff

Download Submit
C:\Users\Admin\Documents\XiaoXiong\Work\Tools\download\download\XLBugReport.exe
Filesize
242KB

MD5
67c767470d0893c4a2e46be84c9afcbb

SHA1
00291089b13a93f82ee49a11156521f13ea605cd

SHA256
64f8d68cc1cfc5b9cc182df3becf704af93d0f1cc93ee59dbf682c75b6d4ffc0

SHA512
d5d3a96dec616b0ab0cd0586fa0cc5a10ba662e0d5e4de4d849ac62ca5d60ec133f54d109d1d130b5f99ae73e7abfb284ec7d5ba55dca1a4f354c6af73c00e35

Download Submit
C:\Users\Admin\Documents\XiaoXiong\Work\Tools\download\download\dl_peer_id.dll
Filesize
89KB

MD5
dba9a19752b52943a0850a7e19ac600a

SHA1
3485ac30cd7340eccb0457bca37cf4a6dfda583d

SHA256
69a5e2a51094dc8f30788d63243b12a0eb2759a3f3c3a159b85fd422fc00ac26

SHA512
a42c1ec5594c6f6cae10524cdad1f9da2bdc407f46e685e56107de781b9bce8210a8cd1a53edacd61365d37a1c7ceba3b0891343cf2c31d258681e3bf85049d3

Download Submit
C:\Users\Admin\Documents\XiaoXiong\Work\Tools\download\download\download_engine.dll
Filesize
3.4MB

MD5
1a87ff238df9ea26e76b56f34e18402c

SHA1
2df48c31f3b3adb118f6472b5a2dc3081b302d7c

SHA256
abaeb5121548256577ddd8b0fc30c9ff3790649ad6a0704e4e30d62e70a72964

SHA512
b2e63aba8c081d3d38bd9633a1313f97b586b69ae0301d3b32b889690327a575b55097f19cc87c6e6ed345f1b4439d28f981fdb094e6a095018a10921dae80d9

Download Submit
C:\Users\Admin\Documents\XiaoXiong\Work\Tools\download\download\id.dat
Filesize
40B

MD5
0be78c38021ed1585770f4709c75958b

SHA1
e9e3096e7cecdeadd5e69d714f0bb8ff2191521e

SHA256
d8c1f72b74bf08838080118c897b8fd50046edf036a045813bb9cc082dbf4a5d

SHA512
38da85702b15cb2020129c2dd88db8ffd6ec46d7c5d8c3a35717a9f186a83de71e90827e5c943972f211b0cd2a4b6366260d3c525591150f1237d979578c4d19

Download Submit
C:\Users\Admin\Documents\XiaoXiong\Work\Tools\download\download\zlib1.dll
Filesize
58KB

MD5
89f6488524eaa3e5a66c5f34f3b92405

SHA1
330f9f6da03ae96dfa77dd92aae9a294ead9c7f7

SHA256
bd29d2b1f930e4b660adf71606d1b9634188b7160a704a8d140cadafb46e1e56

SHA512
cfe72872c89c055d59d4de07a3a14cd84a7e0a12f166e018748b9674045b694793b6a08863e791be4f9095a34471fd6abe76828dc8c653be8c66923a5802b31e

Download Submit
C:\Users\Admin\Documents\XiaoXiong\update.exe
Filesize
660KB

MD5
532ffed0d851133b802eae3ecc3af19e

SHA1
3300bdbf4ae3a18c8f0ce2558d7141b8f6aa2c1b

SHA256
76c7f84fd681ec085dc344baf5af34de21890d558e03fd2ff44efd6403b52e75

SHA512
f47417028cf2c3378fc293bbf1f7561f759bd51c702cab7c1078c6111fe49b9b535413f4f2698bee1b1fda50d91e7bc847acdb76b67e586b8fdf54bca8670387

Download Submit
\Users\Admin\Documents\XiaoXiong\Work\ConfigRes.dll
Filesize
20.0MB

MD5
d97458a1546f7351f489d2c9cc532d5d

SHA1
f51ae3ca4a6ba8c4fd4aa2ce2b9346f1a7f44d68

SHA256
15efcab650880e8ce753680bf3d48d258329eca2d5accd62df07c2fda5981777

SHA512
38f0ba69f1d07fb1a813d6a5d091037526a184028b773fd81623ba0e23dcb87765816fc30c593336c80d13a13ce8ea5d5ce396b4a2bb45c7361e1acc05feea8e

Download Submit
\Users\Admin\Documents\XiaoXiong\Work\Dependency\DDUtility.dll
Filesize
2.1MB

MD5
369766ba654c9568e100299c5f77ffe9

SHA1
6e03f5bcdb9fde06bd02da20a348bca605c8f6cb

SHA256
26ad20724d0e46debcaeb007d387e6308bafe28ab1f4472536a80c8068e7d421

SHA512
5005590df0f776b646758589dd84b0ed44e7db8363563eddf0d09181d8892e3f671b69c2db1fc84b7bcb7f900bd848fc04bd3e1739593246083d5c099f01b674

Download Submit
\Users\Admin\Documents\XiaoXiong\Work\Dependency\DMMUtility.dll
Filesize
276KB

MD5
bc3aacb46a45e68c3cb467e039b1ed1e

SHA1
cb58f12eeb4db05577f1c284fb542b43c3ef58f7

SHA256
efde91b231143f7c5171a94a3f91456fc8aea94173f292518be0fbc3c1287a66

SHA512
8234beff6b8af46d39224351e9437308ea62bf05a64b25a773a5dec08ba0dd5999c9e58b741a0310762455ac035ef9205949f58eefe9eb59f849c2f01c6c885d

Download Submit
\Users\Admin\Documents\XiaoXiong\Work\Dependency\InsNet.dll
Filesize
952KB

MD5
7466bc8839e947761fb89ef1ea36df19

SHA1
d1ccfbea7c658eeca00b8f992c5e49c54c0f958f

SHA256
b6b90de7a22a4d5b276314e89a3461d632d601a767ecc0f0f40adc1df67f469c

SHA512
62f9e3c67e7f63e9f9385376779eed7b10b9e7428fb1aa188b6347b43295f62296ca736ad8183980bbac48dd0926e9edc720e71665b22909a700a489b7a32978

Download Submit
\Users\Admin\Documents\XiaoXiong\Work\Dependency\InsNet.dll
Filesize
952KB

MD5
7466bc8839e947761fb89ef1ea36df19

SHA1
d1ccfbea7c658eeca00b8f992c5e49c54c0f958f

SHA256
b6b90de7a22a4d5b276314e89a3461d632d601a767ecc0f0f40adc1df67f469c

SHA512
62f9e3c67e7f63e9f9385376779eed7b10b9e7428fb1aa188b6347b43295f62296ca736ad8183980bbac48dd0926e9edc720e71665b22909a700a489b7a32978

Download Submit
\Users\Admin\Documents\XiaoXiong\Work\Dependency\Propsys.dll
Filesize
716KB

MD5
96bc076d1ba9fee72709fc72dc025270

SHA1
2e15ef43377d909e3647d0046a60a7ee496ae704

SHA256
1d0f9da87725c7ef2b73dab5f774f638507cba9f27db9c6f8e2540a1346ca940

SHA512
35dbf2ad4816cac9ac1c4c10193e2a5c93efb62cdb88e68024f03f7d21498a3d9f2d5901ffe18494eb6df4a93f01517fc73f2fc4d39fd09e2bd6d4fc08ab7bd1

Download Submit
\Users\Admin\Documents\XiaoXiong\Work\Dependency\SoftInfoMgr.dll
Filesize
1.9MB

MD5
be3ab97656abebed090ee2cc0ccc1527

SHA1
53cba8a6d5743408439f1ab060edfc0bf58a4ee6

SHA256
ac07e2c34ad3a8c12c2c2d19102fac94019340e258b34d7214f6ab3ed5cc01ef

SHA512
1cc837a87981eb9ee5b47f814c3fc08d45787eb2fab7eee6b6fbb805f84ab4e1adea83f2218f3354acc65cbcf14362f6df738a2ca4cdddc7aa00016c8bf56cbe

Download Submit
\Users\Admin\Documents\XiaoXiong\Work\Dependency\Zlib.dll
Filesize
1.5MB

MD5
95e516f62a90dc204b41a8cfd3c68f4c

SHA1
6fd69efb8302d5323e9a3bac10b95d92dae05f6f

SHA256
0a6fcb2b46fb128c6efc62bbbf49bd45bbf6fd2a186ae850f6d0ad932ba5b5d8

SHA512
ff8092e2cad6d4761254b95dd621872cbe2d50ea0b92a1e7a119c70579bd1be23a781a9979470b247135471bb1e58447942f03c20cc30e44f3c8aa224303e3e1

Download Submit
\Users\Admin\Documents\XiaoXiong\Work\Dependency\Zlib.dll
Filesize
1.5MB

MD5
95e516f62a90dc204b41a8cfd3c68f4c

SHA1
6fd69efb8302d5323e9a3bac10b95d92dae05f6f

SHA256
0a6fcb2b46fb128c6efc62bbbf49bd45bbf6fd2a186ae850f6d0ad932ba5b5d8

SHA512
ff8092e2cad6d4761254b95dd621872cbe2d50ea0b92a1e7a119c70579bd1be23a781a9979470b247135471bb1e58447942f03c20cc30e44f3c8aa224303e3e1

Download Submit
\Users\Admin\Documents\XiaoXiong\Work\Dependency\Zlib.dll
Filesize
1.5MB

MD5
95e516f62a90dc204b41a8cfd3c68f4c

SHA1
6fd69efb8302d5323e9a3bac10b95d92dae05f6f

SHA256
0a6fcb2b46fb128c6efc62bbbf49bd45bbf6fd2a186ae850f6d0ad932ba5b5d8

SHA512
ff8092e2cad6d4761254b95dd621872cbe2d50ea0b92a1e7a119c70579bd1be23a781a9979470b247135471bb1e58447942f03c20cc30e44f3c8aa224303e3e1

Download Submit
\Users\Admin\Documents\XiaoXiong\Work\Dependency\Zlib.dll
Filesize
1.5MB

MD5
95e516f62a90dc204b41a8cfd3c68f4c

SHA1
6fd69efb8302d5323e9a3bac10b95d92dae05f6f

SHA256
0a6fcb2b46fb128c6efc62bbbf49bd45bbf6fd2a186ae850f6d0ad932ba5b5d8

SHA512
ff8092e2cad6d4761254b95dd621872cbe2d50ea0b92a1e7a119c70579bd1be23a781a9979470b247135471bb1e58447942f03c20cc30e44f3c8aa224303e3e1

Download Submit
\Users\Admin\Documents\XiaoXiong\Work\Dependency\Zlib.dll
Filesize
1.5MB

MD5
95e516f62a90dc204b41a8cfd3c68f4c

SHA1
6fd69efb8302d5323e9a3bac10b95d92dae05f6f

SHA256
0a6fcb2b46fb128c6efc62bbbf49bd45bbf6fd2a186ae850f6d0ad932ba5b5d8

SHA512
ff8092e2cad6d4761254b95dd621872cbe2d50ea0b92a1e7a119c70579bd1be23a781a9979470b247135471bb1e58447942f03c20cc30e44f3c8aa224303e3e1

Download Submit
\Users\Admin\Documents\XiaoXiong\Work\Dependency\Zlib.dll
Filesize
1.5MB

MD5
95e516f62a90dc204b41a8cfd3c68f4c

SHA1
6fd69efb8302d5323e9a3bac10b95d92dae05f6f

SHA256
0a6fcb2b46fb128c6efc62bbbf49bd45bbf6fd2a186ae850f6d0ad932ba5b5d8

SHA512
ff8092e2cad6d4761254b95dd621872cbe2d50ea0b92a1e7a119c70579bd1be23a781a9979470b247135471bb1e58447942f03c20cc30e44f3c8aa224303e3e1

Download Submit
\Users\Admin\Documents\XiaoXiong\Work\Tools\curl\libcurl.dll
Filesize
3.6MB

MD5
65b616f9f9fe97a1f1945371b2413b5a

SHA1
227bd5cfd96587e162af44e92961eb544810a457

SHA256
56ed6c2a9184a285c9cef2afdeb053734274e6766ebf6493f4172596cf73441a

SHA512
b16636798abd37d776c5bbc59faccfd897902c9036ccee19872e412324556f185b6d4534a8c238362b1d1c6a259ef34aabef6b0bb8dd02d89a952a72864555c8

Download Submit
\Users\Admin\Documents\XiaoXiong\Work\Tools\download\download\MiniTPFw.exe
Filesize
58KB

MD5
58bb62e88687791ad2ea5d8d6e3fe18b

SHA1
0ffb029064741d10c9cf3f629202aa97167883de

SHA256
f02fa7ddab2593492b9b68e3f485e59eb755380a9235f6269705f6d219dff100

SHA512
cd36b28f87be9cf718f0c44bf7c500d53186edc08889bcfa5222041ff31c5cbee509b186004480efbd99c36b2233182ae0969447f4051510e1771a73ed209da5

Download Submit
\Users\Admin\Documents\XiaoXiong\Work\Tools\download\download\MiniTPFw.exe
Filesize
58KB

MD5
58bb62e88687791ad2ea5d8d6e3fe18b

SHA1
0ffb029064741d10c9cf3f629202aa97167883de

SHA256
f02fa7ddab2593492b9b68e3f485e59eb755380a9235f6269705f6d219dff100

SHA512
cd36b28f87be9cf718f0c44bf7c500d53186edc08889bcfa5222041ff31c5cbee509b186004480efbd99c36b2233182ae0969447f4051510e1771a73ed209da5

Download Submit
\Users\Admin\Documents\XiaoXiong\Work\Tools\download\download\MiniTPFw.exe
Filesize
58KB

MD5
58bb62e88687791ad2ea5d8d6e3fe18b

SHA1
0ffb029064741d10c9cf3f629202aa97167883de

SHA256
f02fa7ddab2593492b9b68e3f485e59eb755380a9235f6269705f6d219dff100

SHA512
cd36b28f87be9cf718f0c44bf7c500d53186edc08889bcfa5222041ff31c5cbee509b186004480efbd99c36b2233182ae0969447f4051510e1771a73ed209da5

Download Submit
\Users\Admin\Documents\XiaoXiong\Work\Tools\download\download\MiniTPFw.exe
Filesize
58KB

MD5
58bb62e88687791ad2ea5d8d6e3fe18b

SHA1
0ffb029064741d10c9cf3f629202aa97167883de

SHA256
f02fa7ddab2593492b9b68e3f485e59eb755380a9235f6269705f6d219dff100

SHA512
cd36b28f87be9cf718f0c44bf7c500d53186edc08889bcfa5222041ff31c5cbee509b186004480efbd99c36b2233182ae0969447f4051510e1771a73ed209da5

Download Submit
\Users\Admin\Documents\XiaoXiong\Work\Tools\download\download\MiniThunderPlatform.exe
Filesize
262KB

MD5
0c8f2b0ee5bf990c6541025e94985c9f

SHA1
be942f5fef752b0070ba97998bfe763b96529aa2

SHA256
12d6cc86fdc69e1aa8d94d38715bbe271994c0f86f85283fa2190da7c322f4c8

SHA512
7b0e81149fafa88050a125155732057190d8f93e8d62cb05a68da9cf24e30228f14d0ffd888c0362bffd5872e970200098e75572b2819abeea10022ab1a264f6

Download Submit
\Users\Admin\Documents\XiaoXiong\Work\Tools\download\download\MiniThunderPlatform.exe
Filesize
262KB

MD5
0c8f2b0ee5bf990c6541025e94985c9f

SHA1
be942f5fef752b0070ba97998bfe763b96529aa2

SHA256
12d6cc86fdc69e1aa8d94d38715bbe271994c0f86f85283fa2190da7c322f4c8

SHA512
7b0e81149fafa88050a125155732057190d8f93e8d62cb05a68da9cf24e30228f14d0ffd888c0362bffd5872e970200098e75572b2819abeea10022ab1a264f6

Download Submit
\Users\Admin\Documents\XiaoXiong\Work\Tools\download\download\MiniThunderPlatform.exe
Filesize
262KB

MD5
0c8f2b0ee5bf990c6541025e94985c9f

SHA1
be942f5fef752b0070ba97998bfe763b96529aa2

SHA256
12d6cc86fdc69e1aa8d94d38715bbe271994c0f86f85283fa2190da7c322f4c8

SHA512
7b0e81149fafa88050a125155732057190d8f93e8d62cb05a68da9cf24e30228f14d0ffd888c0362bffd5872e970200098e75572b2819abeea10022ab1a264f6

Download Submit
\Users\Admin\Documents\XiaoXiong\Work\Tools\download\download\MiniThunderPlatform.exe
Filesize
262KB

MD5
0c8f2b0ee5bf990c6541025e94985c9f

SHA1
be942f5fef752b0070ba97998bfe763b96529aa2

SHA256
12d6cc86fdc69e1aa8d94d38715bbe271994c0f86f85283fa2190da7c322f4c8

SHA512
7b0e81149fafa88050a125155732057190d8f93e8d62cb05a68da9cf24e30228f14d0ffd888c0362bffd5872e970200098e75572b2819abeea10022ab1a264f6

Download Submit
\Users\Admin\Documents\XiaoXiong\Work\Tools\download\download\ThunderFW.exe
Filesize
71KB

MD5
f0372ff8a6148498b19e04203dbb9e69

SHA1
27fe4b5f8cb9464ab5ddc63e69c3c180b77dbde8

SHA256
298d334b630c77b70e66cf5e9c1924c7f0d498b02c2397e92e2d9efdff2e1bdf

SHA512
65d84817cdddb808b6e0ab964a4b41e96f7ce129e3cc8c253a31642efe73a9b7070638c22c659033e1479322aceea49d1afdceff54f8ed044b1513bffd33f865

Download Submit
\Users\Admin\Documents\XiaoXiong\Work\Tools\download\download\XLBugHandler.dll
Filesize
98KB

MD5
92154e720998acb6fa0f7bad63309470

SHA1
385817793b9f894ca3dd3bac20b269652df6cbc6

SHA256
1845df41da539bca264f59365bf7453b686b9098cc94cd0e2b9a20c74a561096

SHA512
37ba81f338af7de7ef2ac6bcf67b3aec96f9b748830ee3c0b152029871f7701e917b94a6b51acd7be6f8f02aea2b25f3b14ced1a218bf4868af04f5207bb5fff

Download Submit
\Users\Admin\Documents\XiaoXiong\Work\Tools\download\download\atl71.dll
Filesize
87KB

MD5
79cb6457c81ada9eb7f2087ce799aaa7

SHA1
322ddde439d9254182f5945be8d97e9d897561ae

SHA256
a68e1297fae2bcf854b47ffa444f490353028de1fa2ca713b6cf6cc5aa22b88a

SHA512
eca4b91109d105b2ce8c40710b8e3309c4cc944194843b7930e06daf3d1df6ae85c1b7063036c7e5cd10276e5e5535b33e49930adbad88166228316283d011b8

Download Submit
\Users\Admin\Documents\XiaoXiong\Work\Tools\download\download\dl_peer_id.dll
Filesize
89KB

MD5
dba9a19752b52943a0850a7e19ac600a

SHA1
3485ac30cd7340eccb0457bca37cf4a6dfda583d

SHA256
69a5e2a51094dc8f30788d63243b12a0eb2759a3f3c3a159b85fd422fc00ac26

SHA512
a42c1ec5594c6f6cae10524cdad1f9da2bdc407f46e685e56107de781b9bce8210a8cd1a53edacd61365d37a1c7ceba3b0891343cf2c31d258681e3bf85049d3

Download Submit
\Users\Admin\Documents\XiaoXiong\Work\Tools\download\download\dl_peer_id.dll
Filesize
89KB

MD5
dba9a19752b52943a0850a7e19ac600a

SHA1
3485ac30cd7340eccb0457bca37cf4a6dfda583d

SHA256
69a5e2a51094dc8f30788d63243b12a0eb2759a3f3c3a159b85fd422fc00ac26

SHA512
a42c1ec5594c6f6cae10524cdad1f9da2bdc407f46e685e56107de781b9bce8210a8cd1a53edacd61365d37a1c7ceba3b0891343cf2c31d258681e3bf85049d3

Download Submit
\Users\Admin\Documents\XiaoXiong\Work\Tools\download\download\download_engine.dll
Filesize
3.4MB

MD5
1a87ff238df9ea26e76b56f34e18402c

SHA1
2df48c31f3b3adb118f6472b5a2dc3081b302d7c

SHA256
abaeb5121548256577ddd8b0fc30c9ff3790649ad6a0704e4e30d62e70a72964

SHA512
b2e63aba8c081d3d38bd9633a1313f97b586b69ae0301d3b32b889690327a575b55097f19cc87c6e6ed345f1b4439d28f981fdb094e6a095018a10921dae80d9

Download Submit
\Users\Admin\Documents\XiaoXiong\Work\Tools\download\download\msvcp71.dll
Filesize
492KB

MD5
a94dc60a90efd7a35c36d971e3ee7470

SHA1
f936f612bc779e4ba067f77514b68c329180a380

SHA256
6c483cbe349863c7dcf6f8cb7334e7d28c299e7d5aa063297ea2f62352f6bdd9

SHA512
ff6c41d56337cac074582002d60cbc57263a31480c67ee8999bc02fc473b331eefed93ee938718d297877cf48471c7512741b4aebc0636afc78991cdf6eddfab

Download Submit
\Users\Admin\Documents\XiaoXiong\Work\Tools\download\download\msvcr71.dll
Filesize
340KB

MD5
ca2f560921b7b8be1cf555a5a18d54c3

SHA1
432dbcf54b6f1142058b413a9d52668a2bde011d

SHA256
c4d4339df314a27ff75a38967b7569d9962337b8d4cd4b0db3aba5ff72b2bfbb

SHA512
23e0bdd9458a5a8e0f9bbcb7f6ce4f87fcc9e47c1ee15f964c17ff9fe8d0f82dd3a0f90263daaf1ee87fad4a238aa0ee92a16b3e2c67f47c84d575768edba43e

Download Submit
\Users\Admin\Documents\XiaoXiong\Work\Tools\download\download\zlib1.dll
Filesize
58KB

MD5
89f6488524eaa3e5a66c5f34f3b92405

SHA1
330f9f6da03ae96dfa77dd92aae9a294ead9c7f7

SHA256
bd29d2b1f930e4b660adf71606d1b9634188b7160a704a8d140cadafb46e1e56

SHA512
cfe72872c89c055d59d4de07a3a14cd84a7e0a12f166e018748b9674045b694793b6a08863e791be4f9095a34471fd6abe76828dc8c653be8c66923a5802b31e

Download Submit
\Users\Admin\Documents\XiaoXiong\Work\Tools\download\xldl.dll
Filesize
286KB

MD5
40e8d381da7c2badc4b6f0cdb4b5378f

SHA1
3646338c6a20f17bf4383a8d053ce37681df8ead

SHA256
cb0b0c42dae0a1e946f97f6bda522eb5ad943cb632ba3d19f597ecb3e1f5eb94

SHA512
68dc5128d2e90885ca0e69dced80254e87ab765faefaf152b3cf452b37fb730ec146d4930342ced3f227bd7622a93592526d73567155346de14cd76e5180e7b3

Download Submit
\Users\Admin\Documents\XiaoXiong\update.exe
Filesize
660KB

MD5
532ffed0d851133b802eae3ecc3af19e

SHA1
3300bdbf4ae3a18c8f0ce2558d7141b8f6aa2c1b

SHA256
76c7f84fd681ec085dc344baf5af34de21890d558e03fd2ff44efd6403b52e75

SHA512
f47417028cf2c3378fc293bbf1f7561f759bd51c702cab7c1078c6111fe49b9b535413f4f2698bee1b1fda50d91e7bc847acdb76b67e586b8fdf54bca8670387

Download Submit
\Users\Admin\Documents\XiaoXiong\update.exe
Filesize
660KB

MD5
532ffed0d851133b802eae3ecc3af19e

SHA1
3300bdbf4ae3a18c8f0ce2558d7141b8f6aa2c1b

SHA256
76c7f84fd681ec085dc344baf5af34de21890d558e03fd2ff44efd6403b52e75

SHA512
f47417028cf2c3378fc293bbf1f7561f759bd51c702cab7c1078c6111fe49b9b535413f4f2698bee1b1fda50d91e7bc847acdb76b67e586b8fdf54bca8670387

Download Submit
\Users\Admin\Documents\XiaoXiong\update.exe
Filesize
660KB

MD5
532ffed0d851133b802eae3ecc3af19e

SHA1
3300bdbf4ae3a18c8f0ce2558d7141b8f6aa2c1b

SHA256
76c7f84fd681ec085dc344baf5af34de21890d558e03fd2ff44efd6403b52e75

SHA512
f47417028cf2c3378fc293bbf1f7561f759bd51c702cab7c1078c6111fe49b9b535413f4f2698bee1b1fda50d91e7bc847acdb76b67e586b8fdf54bca8670387

Download Submit
\Users\Admin\Documents\XiaoXiong\update.exe
Filesize
660KB

MD5
532ffed0d851133b802eae3ecc3af19e

SHA1
3300bdbf4ae3a18c8f0ce2558d7141b8f6aa2c1b

SHA256
76c7f84fd681ec085dc344baf5af34de21890d558e03fd2ff44efd6403b52e75

SHA512
f47417028cf2c3378fc293bbf1f7561f759bd51c702cab7c1078c6111fe49b9b535413f4f2698bee1b1fda50d91e7bc847acdb76b67e586b8fdf54bca8670387

Download Submit
memory/780-120-0x0000000000000000-mapping.dmp

Download
memory/780-127-0x00000000744B0000-0x00000000746DE000-memory.dmp

Filesize
2.2MB

Download
memory/1500-70-0x0000000000000000-mapping.dmp

Download
memory/1672-109-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1672-97-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/1672-78-0x0000000000000000-mapping.dmp

Download
memory/1672-100-0x0000000002720000-0x0000000002A80000-memory.dmp

Filesize
3.4MB

Download
memory/1996-84-0x0000000000000000-mapping.dmp

Download
memory/2020-54-0x0000000076771000-0x0000000076773000-memory.dmp

Filesize
8KB

Download
memory/2020-79-0x00000000057F0000-0x0000000005846000-memory.dmp

Filesize
344KB

Download
memory/2020-85-0x00000000057F0000-0x0000000005846000-memory.dmp

Filesize
344KB

Download
memory/2020-81-0x00000000057F0000-0x0000000005846000-memory.dmp

Filesize
344KB

Download
memory/2020-63-0x00000000744B0000-0x00000000746DE000-memory.dmp

Filesize
2.2MB

Download
memory/2020-111-0x0000000072570000-0x00000000729DE000-memory.dmp

Filesize
4.4MB

Download
memory/2020-130-0x00000000057F0000-0x0000000005846000-memory.dmp

Filesize
344KB

Download
memory/2020-131-0x00000000057F0000-0x0000000005846000-memory.dmp

Filesize
344KB

Download
memory/2020-132-0x0000000072570000-0x00000000729DE000-memory.dmp

Filesize
4.4MB

Download