xred | d128937db49232e9c249d0bda249fe19f6b421081afddd76d4a96a4cd2f4ebde

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
29-11-2024 18:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Size

16.2MB
MD5

2af0b11517e28a1f1c46aa005771eed0
SHA1

71cbc6c3dbb9004543f0dc3e6d033d173e186d44
SHA256

d128937db49232e9c249d0bda249fe19f6b421081afddd76d4a96a4cd2f4ebde
SHA512

a5aea38fa8701859c36934e2de9df316d12e6adb4363548bcf6f1970b95ed68ce1939ad06d40f520ba93cff248db0b6350265024d9f76c0aa40abaf2d6f2d62b
SSDEEP

393216:pVHoIKb7Kbc0QLxOq1E4KP0KS/vQukGD+rH9RFvyFwK:Hov89C4+KP0KSn9kVrHY9

Score

10^/10

xred backdoor discovery persistence

Malware Config

Extracted

Family

xred

xred.mooo.com

Attributes

email
[email protected]
payload_url
http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download

https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1

http://xred.site50.net/syn/SUpdate.ini

https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download

https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1

http://xred.site50.net/syn/Synaptics.rar

https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download

https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1

http://xred.site50.net/syn/SSLLibrary.dll

Signatures

Xred
Xred is backdoor written in Delphi.
backdoor xred
Xred family
xred

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exeSynaptics.exe

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation	2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation	Synaptics.exe

Executes dropped EXE 13 IoCs

Processes:

._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exeSynaptics.exeISBEW64.exeISBEW64.exeISBEW64.exeISBEW64.exeISBEW64.exeISBEW64.exeISBEW64.exeISBEW64.exeISBEW64.exeISBEW64.exe._cache_Synaptics.exe

pid	Process
544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
3148	Synaptics.exe
3424	ISBEW64.exe
3396	ISBEW64.exe
2028	ISBEW64.exe
5052	ISBEW64.exe
2272	ISBEW64.exe
752	ISBEW64.exe
3968	ISBEW64.exe
4956	ISBEW64.exe
4296	ISBEW64.exe
2980	ISBEW64.exe
2540	._cache_Synaptics.exe

Loads dropped DLL 7 IoCs

Processes:

._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exeMsiExec.exe

pid	Process
544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
2560	MsiExec.exe
2560	MsiExec.exe
544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe"	2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

msiexec.exe._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe

description	ioc	Process
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\G:	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
File opened (read-only)	\??\K:	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
File opened (read-only)	\??\P:	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
File opened (read-only)	\??\S:	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\Q:	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
File opened (read-only)	\??\R:	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
File opened (read-only)	\??\U:	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
File opened (read-only)	\??\Z:	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\I:	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
File opened (read-only)	\??\Y:	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\L:	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
File opened (read-only)	\??\M:	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
File opened (read-only)	\??\N:	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
File opened (read-only)	\??\O:	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
File opened (read-only)	\??\A:	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
File opened (read-only)	\??\T:	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
File opened (read-only)	\??\X:	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\H:	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
File opened (read-only)	\??\J:	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
File opened (read-only)	\??\W:	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\B:	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
File opened (read-only)	\??\E:	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
File opened (read-only)	\??\V:	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
File opened (read-only)	\??\G:	msiexec.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

Processes:

2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exeSynaptics.exe

pid	Process
4464	2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
3148	Synaptics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exeSynaptics.exeMsiExec.exe._cache_Synaptics.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Synaptics.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	._cache_Synaptics.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

EXCEL.EXE

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

EXCEL.EXE

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE

Modifies registry class 2 IoCs

Processes:

2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exeSynaptics.exe

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	Synaptics.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

EXCEL.EXE

pid	Process
2432	EXCEL.EXE

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exeSynaptics.exe

pid	Process
4464	2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
4464	2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
3148	Synaptics.exe
3148	Synaptics.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

msiexec.exe._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe

description	pid	Process
Token: SeSecurityPrivilege	1072	msiexec.exe
Token: SeCreateTokenPrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeAssignPrimaryTokenPrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeLockMemoryPrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeIncreaseQuotaPrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeMachineAccountPrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeTcbPrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeSecurityPrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeTakeOwnershipPrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeLoadDriverPrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeSystemProfilePrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeSystemtimePrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeProfSingleProcessPrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeIncBasePriorityPrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeCreatePagefilePrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeCreatePermanentPrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeBackupPrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeRestorePrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeShutdownPrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeDebugPrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeAuditPrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeSystemEnvironmentPrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeChangeNotifyPrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeRemoteShutdownPrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeUndockPrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeSyncAgentPrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeEnableDelegationPrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeManageVolumePrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeImpersonatePrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeCreateGlobalPrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeCreateTokenPrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeAssignPrimaryTokenPrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeLockMemoryPrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeIncreaseQuotaPrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeMachineAccountPrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeTcbPrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeSecurityPrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeTakeOwnershipPrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeLoadDriverPrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeSystemProfilePrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeSystemtimePrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeProfSingleProcessPrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeIncBasePriorityPrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeCreatePagefilePrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeCreatePermanentPrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeBackupPrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeRestorePrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeShutdownPrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeDebugPrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeAuditPrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeSystemEnvironmentPrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeChangeNotifyPrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeRemoteShutdownPrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeUndockPrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeSyncAgentPrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeEnableDelegationPrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeManageVolumePrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeImpersonatePrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeCreateGlobalPrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeCreateTokenPrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeAssignPrimaryTokenPrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeLockMemoryPrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeIncreaseQuotaPrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
Token: SeMachineAccountPrivilege	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe

Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

EXCEL.EXE

pid	Process
2432	EXCEL.EXE
2432	EXCEL.EXE
2432	EXCEL.EXE
2432	EXCEL.EXE
2432	EXCEL.EXE
2432	EXCEL.EXE

Suspicious use of WriteProcessMemory 32 IoCs

Processes:

2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exemsiexec.exe._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exeSynaptics.exe

description	pid	Process	procid_target
PID 4464 wrote to memory of 544	4464	2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe	83
PID 4464 wrote to memory of 544	4464	2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe	83
PID 4464 wrote to memory of 544	4464	2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe	83
PID 4464 wrote to memory of 3148	4464	2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe	84
PID 4464 wrote to memory of 3148	4464	2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe	84
PID 4464 wrote to memory of 3148	4464	2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe	84
PID 1072 wrote to memory of 2560	1072	msiexec.exe	87
PID 1072 wrote to memory of 2560	1072	msiexec.exe	87
PID 1072 wrote to memory of 2560	1072	msiexec.exe	87
PID 544 wrote to memory of 3424	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe	88
PID 544 wrote to memory of 3424	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe	88
PID 544 wrote to memory of 3396	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe	89
PID 544 wrote to memory of 3396	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe	89
PID 544 wrote to memory of 2028	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe	90
PID 544 wrote to memory of 2028	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe	90
PID 544 wrote to memory of 5052	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe	91
PID 544 wrote to memory of 5052	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe	91
PID 544 wrote to memory of 2272	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe	92
PID 544 wrote to memory of 2272	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe	92
PID 544 wrote to memory of 752	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe	93
PID 544 wrote to memory of 752	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe	93
PID 544 wrote to memory of 3968	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe	94
PID 544 wrote to memory of 3968	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe	94
PID 544 wrote to memory of 4956	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe	95
PID 544 wrote to memory of 4956	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe	95
PID 544 wrote to memory of 4296	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe	96
PID 544 wrote to memory of 4296	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe	96
PID 544 wrote to memory of 2980	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe	97
PID 544 wrote to memory of 2980	544	._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe	97
PID 3148 wrote to memory of 2540	3148	Synaptics.exe	98
PID 3148 wrote to memory of 2540	3148	Synaptics.exe	98
PID 3148 wrote to memory of 2540	3148	Synaptics.exe	98

C:\Users\Admin\AppData\Local\Temp\2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4464
- C:\Users\Admin\AppData\Local\Temp\._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe
  "C:\Users\Admin\AppData\Local\Temp\._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Enumerates connected drives
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:544
- - C:\Users\Admin\AppData\Local\Temp\{E3D77AAD-DDF9-4937-A652-79A37C2311A8}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{E3D77AAD-DDF9-4937-A652-79A37C2311A8}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{222D690A-46A0-4E83-A969-BC984B3DAAE5}
    3⤵
    - Executes dropped EXE
    PID:3424
- - C:\Users\Admin\AppData\Local\Temp\{E3D77AAD-DDF9-4937-A652-79A37C2311A8}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{E3D77AAD-DDF9-4937-A652-79A37C2311A8}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C3E1C76B-3B64-4E23-9BFE-A2ADAC6D6E7D}
    3⤵
    - Executes dropped EXE
    PID:3396
- - C:\Users\Admin\AppData\Local\Temp\{E3D77AAD-DDF9-4937-A652-79A37C2311A8}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{E3D77AAD-DDF9-4937-A652-79A37C2311A8}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E0119480-51CD-4FA4-A09E-417294AA7604}
    3⤵
    - Executes dropped EXE
    PID:2028
- - C:\Users\Admin\AppData\Local\Temp\{E3D77AAD-DDF9-4937-A652-79A37C2311A8}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{E3D77AAD-DDF9-4937-A652-79A37C2311A8}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6C0EFEDE-9C52-498A-AF9E-A913C7FFD35B}
    3⤵
    - Executes dropped EXE
    PID:5052
- - C:\Users\Admin\AppData\Local\Temp\{E3D77AAD-DDF9-4937-A652-79A37C2311A8}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{E3D77AAD-DDF9-4937-A652-79A37C2311A8}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{800416F6-3869-4B2F-8F70-976827026A91}
    3⤵
    - Executes dropped EXE
    PID:2272
- - C:\Users\Admin\AppData\Local\Temp\{E3D77AAD-DDF9-4937-A652-79A37C2311A8}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{E3D77AAD-DDF9-4937-A652-79A37C2311A8}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F7B7B025-1D24-4E8A-91C5-4247CE8DF506}
    3⤵
    - Executes dropped EXE
    PID:752
- - C:\Users\Admin\AppData\Local\Temp\{E3D77AAD-DDF9-4937-A652-79A37C2311A8}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{E3D77AAD-DDF9-4937-A652-79A37C2311A8}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F4EDA7D8-90DD-40AC-BFF7-F156268A76A9}
    3⤵
    - Executes dropped EXE
    PID:3968
- - C:\Users\Admin\AppData\Local\Temp\{E3D77AAD-DDF9-4937-A652-79A37C2311A8}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{E3D77AAD-DDF9-4937-A652-79A37C2311A8}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{DBCF86F5-8281-4099-AA42-0E0527B42AFC}
    3⤵
    - Executes dropped EXE
    PID:4956
- - C:\Users\Admin\AppData\Local\Temp\{E3D77AAD-DDF9-4937-A652-79A37C2311A8}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{E3D77AAD-DDF9-4937-A652-79A37C2311A8}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{DD8BE687-C148-4A88-99EC-0B41ECE3347B}
    3⤵
    - Executes dropped EXE
    PID:4296
- - C:\Users\Admin\AppData\Local\Temp\{E3D77AAD-DDF9-4937-A652-79A37C2311A8}\ISBEW64.exe
    C:\Users\Admin\AppData\Local\Temp\{E3D77AAD-DDF9-4937-A652-79A37C2311A8}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3216AE95-6DB0-4146-82B8-6968ECA17347}
    3⤵
    - Executes dropped EXE
    PID:2980
- C:\ProgramData\Synaptics\Synaptics.exe
  "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3148
- - C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
    "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:2540

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1072
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 9CCFA262B62421C1DDB74F98F60637DB C
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2560

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Synaptics\Synaptics.exe

Filesize
16.2MB

MD5
2af0b11517e28a1f1c46aa005771eed0

SHA1
71cbc6c3dbb9004543f0dc3e6d033d173e186d44

SHA256
d128937db49232e9c249d0bda249fe19f6b421081afddd76d4a96a4cd2f4ebde

SHA512
a5aea38fa8701859c36934e2de9df316d12e6adb4363548bcf6f1970b95ed68ce1939ad06d40f520ba93cff248db0b6350265024d9f76c0aa40abaf2d6f2d62b

Download Submit
C:\Users\Admin\AppData\Local\Temp\._cache_2024-11-29_2af0b11517e28a1f1c46aa005771eed0_magniber.exe

Filesize
11.5MB

MD5
061e6313eef152e5c13d4d95c2c17000

SHA1
4b55b8a01c02ef71e4d427daff8b74ff2d586610

SHA256
7caaa83dd59376777f4c25b34deba5d2c6d0e58fb49c5b89442e42dcda8c4d1a

SHA512
14d0719724040bc060bac4b2c482a51b29fec175ddc4c1a96106d2f45e4dd24ab3c0c68e5b84169071e306ade5ebe578f7d4ec96de1c5879970886ba7bd0b825

Download Submit
C:\Users\Admin\AppData\Local\Temp\91A75E00

Filesize
24KB

MD5
1a9f23c813cec0dfaeaa24f42eb1c391

SHA1
16a043662dc0e5f0e900e68f0a4aaa9b02827aa5

SHA256
4ab3d7a5e60fe002a3af7bc44a7926dafab1d0e75177d2b7c8eeb882d8169699

SHA512
bff1da4d54c11f919436213170dccb420aca554c409f41bef03cc19844652c6c508bea29b07fd7090e1faec03bc5f6737e77692beff344261c404b575629c9ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI8A02.tmp

Filesize
170KB

MD5
acd6ebc04f64992a1ad538f6ed029ed0

SHA1
8263edcff06aea33b92eb5815a56c488e2cb60d4

SHA256
15252dad21c5e3a68974caee681e25e7cfcd3d61cb30d07d665092cef64a07b4

SHA512
ea26ae1a13d9b154fe8755894a2d268429b0a8b010a8fff652d30e9b01efd261585abdfbb723f0438c6cf2ecb09e6da2aa8b5956e637f43846b7056fbb2365c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\SYTktXpx.xlsm

Filesize
17KB

MD5
e566fc53051035e1e6fd0ed1823de0f9

SHA1
00bc96c48b98676ecd67e81a6f1d7754e4156044

SHA256
8e574b4ae6502230c0829e2319a6c146aebd51b7008bf5bbfb731424d7952c15

SHA512
a12f56ff30ea35381c2b8f8af2446cf1daa21ee872e98cad4b863db060acd4c33c5760918c277dadb7a490cb4ca2f925d59c70dc5171e16601a11bc4a6542b04

Download Submit
C:\Users\Admin\AppData\Local\Temp\{8759BCEE-8FF1-4664-A364-06F0EEA2A64A}\0x0402.ini

Filesize
23KB

MD5
6f82f2efc4a5da513e0222f47fb5fc2d

SHA1
45a039c338ec4a5bb75848f840a2435d16aa3167

SHA256
bbe199de9bb5156c543bc466de606719389c93bcbff2815d9fae01659a415bd0

SHA512
b82c08974eb48c997e73263c0716eee7cee490375a4bc44e94bc24cbc59ced94bb4735aa2ffd8b1d5f8903f24c7d94b1feb5be224614de3e93e0d51a30b54623

Download Submit
C:\Users\Admin\AppData\Local\Temp\{8759BCEE-8FF1-4664-A364-06F0EEA2A64A}\0x0403.ini

Filesize
24KB

MD5
04b3d8be6e6f17f13a3be3f24e3ac1b0

SHA1
c4fb1611dfabb4d618c783e7bb6272eb95e9d3eb

SHA256
bad754f1f64bc40d1aa6d037179c4dedb41e9237d3b5e05bfff4f92ecf623e02

SHA512
aab661d9de4eaba0976754ae9ca1a90b3128b0ed0440c3dae371ba5ee22bb539fc838168a5c5c57db17007bb72a132f7e7c724e4cd325e8dde45e20ae454a85f

Download Submit
C:\Users\Admin\AppData\Local\Temp\{8759BCEE-8FF1-4664-A364-06F0EEA2A64A}\0x0404.ini

Filesize
10KB

MD5
ec1f8f71fa21c49bc96a17c81ad51598

SHA1
5750f674b4de76d708dd1178265e280d515d8774

SHA256
60f176f3014342f48468ff7ea67280fa3a671c4721ebefe7b4ee789ff65c87df

SHA512
ac939507581988b4a4816bfd27fee8bc4794743d7251138b08da3f76268ec5b8f869fc7e2b52c6dd8bdb777bb07a95d3ad4375a38208e1cbd9eb4338aa194562

Download Submit
C:\Users\Admin\AppData\Local\Temp\{8759BCEE-8FF1-4664-A364-06F0EEA2A64A}\0x0405.ini

Filesize
22KB

MD5
9fb56981dd06830b30cd9cadf54270d6

SHA1
314a35f80259531ef558bad6ca0d5c320f30d0ae

SHA256
9302a3e694de8cc84947b41350a7f8ae0880e5d2f3fdbd67cd56444bf0bc3a43

SHA512
23c68295d638b9b0d01f1340566073864606f469a78eb5e5294ffee7616f97642ce6900c040fcda72ad78d5f04b337afe3305f936f6e38c8638b370d6a636e31

Download Submit
C:\Users\Admin\AppData\Local\Temp\{8759BCEE-8FF1-4664-A364-06F0EEA2A64A}\0x0406.ini

Filesize
23KB

MD5
7c6ad5705b8c076697c1ca0eb6229f6f

SHA1
2e65200833dafba72f6455afa86e6a28eb0468a8

SHA256
fad1187df234b8b2b27c3f866b218036e377469871e0816fa6cc38c391d5ad93

SHA512
1dd912b65ff65348ab69b26b5812078baa96acbaecfabba361622d9053e6b301c8e12ed45a729b007d286b5d906974cfdc233dd9feb5254421a2ba2be97fd50c

Download Submit
C:\Users\Admin\AppData\Local\Temp\{8759BCEE-8FF1-4664-A364-06F0EEA2A64A}\0x0407.ini

Filesize
25KB

MD5
9a62da6c523506355c1bf1b30db73edd

SHA1
ee83114a7d4b995dd4ad7d1781ed66c4727cc121

SHA256
8b5d7bc395d0d6980299702d0573c6019fefea92eb98701d1894a5623b2691a0

SHA512
be026517cea5613d834337d83324c383f40b449dd92f338d612048c424ab8bd88c17f766c7d1629a2205a8a068f6dcba1ce3536438018562490ebd7001efbee5

Download Submit
C:\Users\Admin\AppData\Local\Temp\{8759BCEE-8FF1-4664-A364-06F0EEA2A64A}\0x0408.ini

Filesize
26KB

MD5
c7a740c71fb3779c8ae2626729a44389

SHA1
1622381c204607ec09f1592fa93d1f14ffb21031

SHA256
d9610bf29ee0e73843595f246a58699abe499b340ad9982831d068067161c120

SHA512
85f946cbb08ddfe69e84d0226717ef5c000eeb9170391658eb78ae06233f021b0f71e74c9240385145664530529bd96825325ba010094d4177876e38e3fc08b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\{8759BCEE-8FF1-4664-A364-06F0EEA2A64A}\0x0409.ini

Filesize
21KB

MD5
be345d0260ae12c5f2f337b17e07c217

SHA1
0976ba0982fe34f1c35a0974f6178e15c238ed7b

SHA256
e994689a13b9448c074f9b471edeec9b524890a0d82925e98ab90b658016d8f3

SHA512
77040dbee29be6b136a83b9e444d8b4f71ff739f7157e451778fb4fccb939a67ff881a70483de16bcb6ae1fea64a89e00711a33ec26f4d3eea8e16c9e9553eff

Download Submit
C:\Users\Admin\AppData\Local\Temp\{8759BCEE-8FF1-4664-A364-06F0EEA2A64A}\0x040a.ini

Filesize
24KB

MD5
e872c54c58eef055bc791d3eead093c3

SHA1
fc7ba9cef237686c06dd63fd2ccbfe037518e378

SHA256
1739d42ed181f36ab4f524c01b57a4102c2f7510661d973a1077a4e88ac34b97

SHA512
e8512974d4851b7fb504292f3330d318f72c2646ec3db2c54ed7938eb73249ec1ce867916d15c6a36b3feb39f0fe98dd1781e5ec938bb2427059b4ee2dc00e1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\{8759BCEE-8FF1-4664-A364-06F0EEA2A64A}\0x040b.ini

Filesize
22KB

MD5
48dd00b7d72fb37f937db5714bf8a725

SHA1
66f2f1696d45071bc8fc1e88c510d2f7b5e20c64

SHA256
aa0097e47caa4933793155e45fc91eef6b035daaf22f9ea32eb509cc4811dd5c

SHA512
569be6b6f850dcbd2125fa6cb449524b6089946742742bc56e033b07306ecb9b697768b0351dae6939fd0b6c985ed416f4a370343bc773ed3faee0f72ea5162f

Download Submit
C:\Users\Admin\AppData\Local\Temp\{8759BCEE-8FF1-4664-A364-06F0EEA2A64A}\0x040c.ini

Filesize
25KB

MD5
35989450c8121207917f04d1ebe4ca2a

SHA1
0037ec09f27d222cad447288bd2462d63aba2520

SHA256
b14d9d7afc505868407c425cb5a78c891baa8a6ac8eb35cfb3d71c71f5bee1fa

SHA512
1cf2a0130679ab238c5e41bb1de21f6f915595af7cc9b90ecfce2d05075cf3ba92ccab464a7291efd1ee4cdba54a01d61beb75b919ad687fba178a95486b26f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\{8759BCEE-8FF1-4664-A364-06F0EEA2A64A}\0x040e.ini

Filesize
22KB

MD5
a143f6d5ac3832b025c9d04855a790fd

SHA1
871ec06fa8fc43d6432655d3bfe206e28cabe342

SHA256
6a0f69c2918a51e38907a2501da4169da506d461031576a39f3d6d33c53f976c

SHA512
640660bbbf264492481fb413ec529e434e16085d2b56401618cd63607240ed0a1cd2757716d2952473069e35bef08eb691b1c270084f7002a97e80f30234e197

Download Submit
C:\Users\Admin\AppData\Local\Temp\{8759BCEE-8FF1-4664-A364-06F0EEA2A64A}\0x0410.ini

Filesize
24KB

MD5
f89fc24fce7b72a6c9a6e1f9e7b22d8a

SHA1
cd13c5dbd8c58ddc1f1727d45362358afac7fcf2

SHA256
2970bb63e5bc3de4c693de313d715c0c5f93bd35e18cdaec56954034cc7653a6

SHA512
a55209b9419b9fef4d6107956131e6bda36bd281c94416c39788aa8e926a7a44dae19544a46c84cd2337678a3a4af753fad73e024bae19da4d536186a061013a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{8759BCEE-8FF1-4664-A364-06F0EEA2A64A}\0x0411.ini

Filesize
14KB

MD5
6ebbb5d67423d8d85f1688b561bf5304

SHA1
ad0e2d717f750af47f81e0bc1200f5245266d505

SHA256
e3b87e8b94ad50bbe21795b3408943f9a6d6f33813e96802962cb74b889edfe7

SHA512
13cdba0e0ea410bed289492c7c04d5cb9ffbd931b6006547aa5ff05587fbb9cf32e6626d016dd29892a80514ea642d60490f16e6b9402256c257b7ce276924df

Download Submit
C:\Users\Admin\AppData\Local\Temp\{8759BCEE-8FF1-4664-A364-06F0EEA2A64A}\0x0412.ini

Filesize
13KB

MD5
73e70a6b9354e80237c8e2b3170830a0

SHA1
b4c8777ce9c2d2fff4c0c914825cbe698feaadaf

SHA256
316577cf74d3545d632b0de55513a3511d654849655157cb84821b871ec081e9

SHA512
f15e736e7c0b55437b39869a0bbce15d5365f04c70be23fc373d83ce0e99e0a806244c1c44cd298dc4970d20af6cb1198a9d84749f5d5ac02162c261b1460ed7

Download Submit
C:\Users\Admin\AppData\Local\Temp\{8759BCEE-8FF1-4664-A364-06F0EEA2A64A}\0x0413.ini

Filesize
24KB

MD5
dc1c05a9fce06cf659c20aed317dd417

SHA1
2447c12e75ed0f4b5bd9d4c6acb29aee35562f23

SHA256
98d6ceef6a444b9e8450abefc5b72bd6b0df1cd5d7c7cd2822eb1bd186ff8526

SHA512
2cdd4932e279988b0dfeefd86e5b997a9d5f5bc6780819d80293baf5a9b0b56c9d0aa597150cadc1c7b2c329f5feaf308f97fa22dd4b915050bcc6d911cdda96

Download Submit
C:\Users\Admin\AppData\Local\Temp\{8759BCEE-8FF1-4664-A364-06F0EEA2A64A}\0x0414.ini

Filesize
23KB

MD5
e526541768a0b9a3618a2894a8e2447e

SHA1
e06078517baafa6eb077ef7fe19170e2de037ed1

SHA256
7020c177a60a340c836576d5357305cafedaa4add1a8ad18a3e207d40bfcead4

SHA512
70f32aa31c0c4b96add20417f26ced38ca7cc6a25c95a4cc461ead94414ca9d746a18e7f45688ad354448a048e9c722eb32c330a01ffda620e835697a26ea492

Download Submit
C:\Users\Admin\AppData\Local\Temp\{8759BCEE-8FF1-4664-A364-06F0EEA2A64A}\0x0415.ini

Filesize
23KB

MD5
3a87540523d5a3a31bdf99d89e3b7eec

SHA1
c16518a13c22cc6f821608b855844bd7353db808

SHA256
7be7a4bf4aedff37e81a6c20bf97ba8521b6aa3440a5fe65918b2942a040eb29

SHA512
3c6ba359bed621e72d24f50ddc71a022229c5f6ecc2cc8c688b0834af1a8db6650b06c473381dc3f8706c1ea6ac4b566a7e940bdfa51ffff314d8ca502e6fb5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\{8759BCEE-8FF1-4664-A364-06F0EEA2A64A}\0x0416.ini

Filesize
23KB

MD5
76740d1a6e424e9803e3808205b32003

SHA1
f8ceda97fae62a68b53af625015087803b7632b0

SHA256
95a27c86976f958f8b8fb64c2990de08d4a99749a9a8df17927b48608486d9fd

SHA512
76b715df3c241c4840fab389007c31de1e5e1c70c625a29902980c51ad822d583a6db1de534f72d68b4a08a8489d1755bea82cde91015b95a9b85a0c1a217d8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\{8759BCEE-8FF1-4664-A364-06F0EEA2A64A}\0x0418.ini

Filesize
24KB

MD5
21b6308422fac36fadd143bc7166d082

SHA1
41e47de7092e303219e3e2c50711aa7f52b95c70

SHA256
b1f0ac697cbd5c6a4e10edaedbfb28ba2ebddfc5fd9e391b3b2ec15123119295

SHA512
c7c8e79d39277c1d03c74bdd6f75f2d0e67a4ea417d3481ef8728844bd2d9cdc1d3038f49a8d706d887616b8dc3b8dd1d0d45355909edb5cf2b0d0411f95a744

Download Submit
C:\Users\Admin\AppData\Local\Temp\{8759BCEE-8FF1-4664-A364-06F0EEA2A64A}\0x0419.ini

Filesize
22KB

MD5
d12957cbc8d709ddacb854ccb7e09bea

SHA1
332f16c47a6f77390421e8dd9e1e5cd10625c46c

SHA256
79fe5a9a1dcd35ed68016fc5aa3720945f87a34c7b85f14763dc08f55796485e

SHA512
75351baa104682fedcc4b237c1df1804c3c1ec2671e0200eaa4e37f26d1d28e3a6a33c93f6ff35cec58e7701fa6a0961efd7a2cbb44ed6c2cbd29d7c5db057f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\{8759BCEE-8FF1-4664-A364-06F0EEA2A64A}\0x041a.ini

Filesize
23KB

MD5
fb6a3f20ce97f400dbf455f7a1c204f0

SHA1
ab29a882c4ca927a4523ce08f702e9ed36b67a03

SHA256
b4efe119a16e59d0f62048c0d160d6874c41dd43c605db9942fa8bfc4e6a411a

SHA512
ed2be839eb6c6b42c741cbba17ee60f4f89578a31d02e556b76961af2056168e18af3276b2e6e4137c2716e942f0177ae8cca5b0085ed94121563acf3db3609e

Download Submit
C:\Users\Admin\AppData\Local\Temp\{8759BCEE-8FF1-4664-A364-06F0EEA2A64A}\0x041b.ini

Filesize
22KB

MD5
0bee9dd7762e406f7a2396788a00d2c9

SHA1
d322da9462549b18370eed51690b0c553fd914a9

SHA256
d0e19206c359a3121fc63a4f9b86bf56fdf0b5d7cb003a37f050498edbbbf0cf

SHA512
64f1ec96c82c64bd60907198ca9e8b42d16c91ada54f33d1fee458a0e46ce717c2bfd0271bd673301ce8ce881cee14dfb48d5da0e1bb909185cf5c1b4714177e

Download Submit
C:\Users\Admin\AppData\Local\Temp\{8759BCEE-8FF1-4664-A364-06F0EEA2A64A}\0x041d.ini

Filesize
22KB

MD5
93369d4b2cce8b9de7c55e8e5fcedc30

SHA1
250cf3de891f460874fc58ffc96606c3c901fd03

SHA256
9e71b18fa3278c951db2033b913e1e945ae13e2e51f0d79c7913e8c07fc03556

SHA512
f7d6b278588303180d743158aa08c3fb4c5ec371633896a60977ede2b8c822a31d520f286a0468b949f54401dc86ed606e3352b1281715593ec0462132232b03

Download Submit
C:\Users\Admin\AppData\Local\Temp\{8759BCEE-8FF1-4664-A364-06F0EEA2A64A}\0x041e.ini

Filesize
21KB

MD5
8ffded15081f4deb72f57fa5d2311930

SHA1
b02f45c6a0281c78411ff6db975e59cc4a6ab529

SHA256
b336271a1a6989875615d46b4c91500a16596d592a7fe86d2e28e5f19ddec378

SHA512
5d0a24ef3e1003f02c5c5e2613cd5f7debc720d633cf09e44d8fd38ac93b4dd1d1c8ee8de7669a468bfb6416d54ce28c0f26ac10aa6104a169442f12beaf80f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\{8759BCEE-8FF1-4664-A364-06F0EEA2A64A}\0x041f.ini

Filesize
22KB

MD5
a27cbe2097f5b565ef28aa45ede705d8

SHA1
78c9b61d6fe0438dd898da6bbd0f5c537421f739

SHA256
24291186fa6965adda3aadc800c5c35418f47b314fbc9dfa49a72f79cd4467fd

SHA512
06da424eb0dbcd7597ad2b57a7ce15490bdd57eef78b0b3b780bb09816794d2251c94d0ec490c9fe4099a7ed5768225aceb2d6f9f04d6f216482575c30a231a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\{8759BCEE-8FF1-4664-A364-06F0EEA2A64A}\0x0421.ini

Filesize
24KB

MD5
71d320ad6f04473c8e9e6bb8d524d882

SHA1
6cd2a7951fb326590fc8c8c850958fb41da3231f

SHA256
557b4af37a697028e2fd9d91912988a029f50b7ca310374696205ff611d05b72

SHA512
383eb74971632acc00159716204f8fd4d39146729762d78f473216c2948573b3f5da13e50abb01db4307d9f47ab18f906aad1e4882fb95dbbefb0e6529dcee50

Download Submit
C:\Users\Admin\AppData\Local\Temp\{8759BCEE-8FF1-4664-A364-06F0EEA2A64A}\0x0422.ini

Filesize
21KB

MD5
0fdd77fc11cb19200eb9ed7dc6b33e6d

SHA1
2d6c058b25df76261f5842e3339dd2a43d5b1f57

SHA256
c7ac9603dfc80fad11ad59162836da18c6d09133f04e80f777eb42a20718405e

SHA512
01dfdb318959f05dc941d6477af52e79ef91cdf8636963490e7ee87dd607fec14ec7a76945ed5d28c0b5b7855f3542cf27b2fe11357247ee897b0940c041f80a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{8759BCEE-8FF1-4664-A364-06F0EEA2A64A}\0x0424.ini

Filesize
23KB

MD5
7231ba1301dba9e30ea0872f7cf0bbb0

SHA1
4739096c5014e909ef044d57a86a49ff1ad92ff4

SHA256
65ab88b1fbcc351e29b73e5c0ed575b88b19a78067ffb99a4be4eb2aa57bec0d

SHA512
e332e1540f54b04c228b6dc72ff6b4c03abd4c8682f307ef9d84519670291c24aa626bae39455b96407d8fc48eeaeed90780793b0c8b51f989dba9578a4fe7f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\{8759BCEE-8FF1-4664-A364-06F0EEA2A64A}\0x042d.ini

Filesize
23KB

MD5
7899609e5715a75703315c90b5587a47

SHA1
d15451765a6137df4facc5c898def88f50572d7d

SHA256
4b9fa911873bb115d3196b27233ee691bc22a1d33a786cc93c8768ccdc73df22

SHA512
200af331b96da16ad6419e2540f81524b60c1bda51529a1e7ae442cdc6d5f3943a4185972ff641f4cbd70b9f44e2e121cc236b287303621fbe3c6af38e2fb49b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{8759BCEE-8FF1-4664-A364-06F0EEA2A64A}\0x0804.ini

Filesize
10KB

MD5
3d94ea458231bb249e464a3246e47d39

SHA1
a1660eface2d76b3bab6e21980d64ec5da9a3844

SHA256
b1422d24b8b703541404776badf70d377df435d519cc5fff2ee6666581ce407c

SHA512
46bfbd5d1d86cffceef1316b13815b1d9a099e247ecb7ca12974107f921787eaa917ddc04bb937c7bf293eaff12a45b56952174c1059eb42b325dbbc48ce4fa4

Download Submit
C:\Users\Admin\AppData\Local\Temp\{8759BCEE-8FF1-4664-A364-06F0EEA2A64A}\0x0816.ini

Filesize
24KB

MD5
778d180bc04720f5bbff25e3d750bbda

SHA1
84ade1aafa9aeb5bc03c8a8109551763cca092b0

SHA256
952426ca23ad40adb6ee8330442b7b704cf160f23aea573663fdb3d65d06ce6c

SHA512
5e665179ddd219abf5fa96fa1c775d5ffd25eb2f678b822d78d45da14110bd2180b8a322f8c770c0dd65bdbfa8de5cedf27fc0c667417b5e8766d85599fd6b9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\{8759BCEE-8FF1-4664-A364-06F0EEA2A64A}\0x0c0c.ini

Filesize
25KB

MD5
62888396ed6fa3cacd828b6819a2cedf

SHA1
a0622a4dd30fe7dd417d6732a6ac2d501d1765a5

SHA256
c3883b7c750df5e262a9abe6234e0f8de920bef31ddf454f21c6b967a9f5c9c2

SHA512
c5dc4fa2fd92585856a3811fb436131f425e9b13268821dcd1eaab8ca222e22c2f918ad8f004f714940dc66e73926f4f5f13bfb7f0df0d84dc741dc010deb8ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\{8759BCEE-8FF1-4664-A364-06F0EEA2A64A}\0x0c1a.ini

Filesize
23KB

MD5
86c914540b0c3fed955c8720679d981a

SHA1
5c7ee582c78a294a9e225bd98ed837fc8c9d710b

SHA256
7dfe4b6652cd22b9b4a8f7cf68cd659870eeefc77b2e81594db1bc35410dd889

SHA512
f4cceaacc7d64f81474d527655c4f58c171326d67aeb453307d4328bfae86dd199c229aacd8113651a3878249fac135bd9a030e4dd69b2d508365140e6ba6fb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\{8759BCEE-8FF1-4664-A364-06F0EEA2A64A}\ISSetup.dll

Filesize
8.4MB

MD5
bdc5a14556155f6145531ca2a96260d9

SHA1
66c38610efe2786bbdbe66f876d7985a806a4109

SHA256
75643fc6e233371d3d4d2fd9234481d5e46f5d7638988331f3927fc341ae5e8f

SHA512
6316ef6096e5ce7284b785b55b172710c3a055a8441fada47225b4ad6ebcf17da31c5f2c3f3f39bd26499f19e5ce35c509aafc1ed5aa5f642b62f95ec83f0ad1

Download Submit
C:\Users\Admin\AppData\Local\Temp\{8759BCEE-8FF1-4664-A364-06F0EEA2A64A}\Wireless LAN Driver.msi

Filesize
2.9MB

MD5
5440f4c8f2dc447fc20c8bd8fd2929dc

SHA1
78e4d3753c83f96e8428ef3090a1371bd612965b

SHA256
1cda0a99b10a0ff822d21b8150151a7bb77b632b161acfa8d97c79ca4f19ff78

SHA512
efc0b624da71c46feb460ae0ed613b6ebc8b6b3d81e42178f362acbbdc4dee4a06fb1fffb3f3b11b0533f69be42257af29cabdcae3d6c16d662e91cab21728c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\{8759BCEE-8FF1-4664-A364-06F0EEA2A64A}\_ISMSIDEL.INI

Filesize
4KB

MD5
0847cc75e8f0186fc2386e5990102410

SHA1
c7ce22a3d8ef1f43c2021155b933495e6b8935b0

SHA256
28758c5657693682150756d63eefc4f02a6b1615a66aa3bdf5e39b7cf91728e5

SHA512
2b382252157130fb6bdc4a788df1e2be2ebaf6b29099acec25a1d7ecce3d099e911c86b348f3748cdec9e9e437c8aad2faa6df3b39f6b12ccc7b73080983b6ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\{8759BCEE-8FF1-4664-A364-06F0EEA2A64A}\_ISMSIDEL.INI

Filesize
6KB

MD5
3936346a5300e793f12998bf54659887

SHA1
db5d302f76ec66e946ae2665dd6eaab6b7e7d93a

SHA256
7af7e2b7b77dc6d0b44e7f36d407d66534aa5bfbf585caf83d1ee59f91743b05

SHA512
3b93f3a5627d0a9133afff5954f644f1afd8c552336c51a57336ac38f0b4928b8435555cd41e4e2c311e0694e30b8eeeff1ec35a1d19ad03ad6320147c0ec771

Download Submit
C:\Users\Admin\AppData\Local\Temp\{E3D77AAD-DDF9-4937-A652-79A37C2311A8}\DIFxAPI.dll

Filesize
306KB

MD5
45ab10aceb68bd32d107cdc1bc615a01

SHA1
324878b9404bf503668f9a81b8e7edbcee52edaf

SHA256
cf8de4129f4e09e18b62127c488b9f19e6b6007847972571ecaa5f3f1d00827d

SHA512
ad1254f886b7cec4e1c722844051f75f42d864d5cfcbf75b03ab4584510efe8d3889750dc4f8dc687608c4e691737ce28445bc79e0b878e9edbfb79e981522b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\{E3D77AAD-DDF9-4937-A652-79A37C2311A8}\DIFxAPI_IA64.dll

Filesize
681KB

MD5
3c96388e9eb0d7d3508adc4467d36cfc

SHA1
5a69b051adff4eaa2d5f3ca4b9449ddb14b290b4

SHA256
0fc53cc55a7b50e2abd9fa236aaa78532d5d3f20d2a0e5546c68fed509fb56ed

SHA512
7e7b5a87f493f22fbbe062e4032e88447b58c57ce1849cb0128e079b96321a4d8dfd5e841620636e9a2f4e80c9a1bf564bf879a5d7036cc05f91d7383abb55b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\{E3D77AAD-DDF9-4937-A652-79A37C2311A8}\DIFxAPI_X64.dll

Filesize
500KB

MD5
16acbf28c145db06923e0d1fa3cf7271

SHA1
efdc33063bedddf78166c63fb1e209e1a1b97e51

SHA256
ff40ca88816ed35b63d5c41e627bb9cff8738a0c4773874fe0dc8d25af7e0d43

SHA512
f54cfdf070cd95a258e07275a591802188c2314567ac4ac05467177c847d164a29211e4177ac29f5f9b75b43b79c2fd661053fc65919beba51765476a5bef24a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{E3D77AAD-DDF9-4937-A652-79A37C2311A8}\EAPInstall.exe

Filesize
68KB

MD5
89f60dfec0b583a116e01c571775fef6

SHA1
f9f9a2e3488e1fec74280778a53b094509d53eb5

SHA256
e90b9b830395f863272735ba3c790d437a5ab723d881cf331bf2ca63a5950939

SHA512
01d63e0483e96e33c98becae2c9da51d2320a166a5de68ecf576ecd2782b9bbb7dfbeddc16adb723698b017b2499d61d643ce132845623a0c6c3d3d345dc5696

Download Submit
C:\Users\Admin\AppData\Local\Temp\{E3D77AAD-DDF9-4937-A652-79A37C2311A8}\EAPPkt.inf

Filesize
3KB

MD5
96e45d86451e8f4ee5632a96ba217807

SHA1
62a32529c41c47dbbe02a9ef1c0c4e2d1f2dce1d

SHA256
0aa46cf181dffc2919025654f1559e9c99747d31cf74370ec04855714d1adea0

SHA512
33371e503280b003535c77a9c68fb51dcd7a6ddc77c3039cd450528610e951f32b60c9ccaf2f8554a6e2bf865ea89b9ab600186b9d57d55bb810d1cf88532dc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\{E3D77AAD-DDF9-4937-A652-79A37C2311A8}\FindRtl.exe

Filesize
47KB

MD5
6fd84895fed2e784c02a2ddb745a1ae5

SHA1
68c0889e3d0208637f7bd0a464f1806aca405e9c

SHA256
d90b211a6db558ef0f228e4ff9c66b52cd26a0ef0343a68568782e837238dc13

SHA512
d92870ce48798673a2c40886eab33e03f84fd4711da2d8e315b43addd7f4892d67c615d67f0e2af22784023ede3e74fac8f9eec7186621f45e3f4ceb9b619618

Download Submit
C:\Users\Admin\AppData\Local\Temp\{E3D77AAD-DDF9-4937-A652-79A37C2311A8}\ISBEW64.exe

Filesize
176KB

MD5
9f9c3f526ee03b257b7447d4305b9c73

SHA1
f0412cd79b2c733f5fa4b1f26c9fae753491be2e

SHA256
e933bf52d25f7bfc5ec0b58cd0df771dbc696b5ebe5a41a11cd1703f7348a669

SHA512
f5bc22491049858b49263c1bad8732726caf25d0da7c7fae7ff4448d8fe77d2f3882abc99fc376c17635ba9b37d9cdd6de64d9b61cec98d6e7b1f8bbfdc8c0d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\{E3D77AAD-DDF9-4937-A652-79A37C2311A8}\ISLangUni.ini

Filesize
100KB

MD5
54cc77ea7980ac8263b67d1d094f3850

SHA1
b63c76182ff11f22a956e7b62dfa89223de8397b

SHA256
0698d5b9c8ea6d83d31c55562915bc04222b87920fb883f886e375348577607d

SHA512
c4af93d5b65236ee72437255f99246326a4b30b8bec5551905986600b3ce6eb68894af07a3f8ee61be3b0b4d6c723f48702343dfa90e4b883af9e9efd3f1e12d

Download Submit
C:\Users\Admin\AppData\Local\Temp\{E3D77AAD-DDF9-4937-A652-79A37C2311A8}\ISRT.dll

Filesize
417KB

MD5
98c6b4b41996aceeabc6be68533ab5d4

SHA1
4708bb8597a4f930a4a742cb2410165ca3ff5278

SHA256
695e64964eaa368fc1f7ef8be022adde8bdeabdf31edbf82e0518617615df79b

SHA512
246271fcafc9eabbe9d430e07e92dc4178dacbd9e35fb575815ad8563eb0ced95cd1c790e91477439f98975c2011eeefacc518957a0b89f7b7d20fe9eb9973fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\{E3D77AAD-DDF9-4937-A652-79A37C2311A8}\SetDrvAllX64.exe

Filesize
141KB

MD5
5463cc8a2feea53650600bedf2e8573b

SHA1
e1e1b713b69779929d8af8dc7f99035e1324ff6b

SHA256
475ddf856ac0eaa3494e5cab3e1106805141b2e5e7daa20f78a9ab9fada2f81b

SHA512
d219d347846b4dc85df5c6c9afc07b12be3af86c603aa814ac24929c723efcf2292efed2001aa5733d4218520a7139b580e65af6eb59f2a83fae5557207f3ea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\{E3D77AAD-DDF9-4937-A652-79A37C2311A8}\SetDrvAllX86.exe

Filesize
112KB

MD5
d229fcee3d73ff6e49599f0be80ac740

SHA1
98a4976d4e6d58364e58e237f1e48301f7b82fe7

SHA256
210dd68ef974316386aaf06fe9e7876c8ffbf975fd81e251fd4b9e591dc09d41

SHA512
410fb69289e5754b1a3a6076649110659a1a95421056c284aef154a625a691d0ef6f908bb9a70eb922da1cf995d80f8c906665fff294c30a98ed9e42276d39f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\{E3D77AAD-DDF9-4937-A652-79A37C2311A8}\SwUSB.exe

Filesize
489KB

MD5
8e339e1b41be03f27d736c74d6b7638a

SHA1
8894b212fb543363a11178e9428f5c1ab7e9d4e2

SHA256
db4fdc362500cdc0aa2c3c5465247b2ab980a28007fe5ae96837cf89b1c665b4

SHA512
141c82d306499f36a218ff14c0e7d9e846cfbc88edfb1f54e845672126d1762a22c87fdf4a8707b4107c3b317b22c829d796dc349747a5f91697666dd5390a7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\{E3D77AAD-DDF9-4937-A652-79A37C2311A8}\_isres_0x0409.dll

Filesize
1.8MB

MD5
b6c16d95777a4e9257c5b5d546b36959

SHA1
e094a45da75fd8bf3e01d29872af5dc397f31da9

SHA256
e4a9354a4d9bc5cbcfd440ae1cc658522ae81e90801232707394bb904ef14669

SHA512
de8e21e7b1dce95f8e7a9cd874188cfc645654a174205d7e8dde99b58b858783de4343bc2b53d14764c91032385bf523e27198ec54fed99c756a6715c0e64f8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{E3D77AAD-DDF9-4937-A652-79A37C2311A8}\eappkt.sys

Filesize
37KB

MD5
c47e7c5e7410c7de98f7219e3008c23d

SHA1
a84cc4a95cb5f0ee529df68b0a86b18b56aa0325

SHA256
314d549f50d5c4c49b44d2320512e87daa95d903f8ae15c09a566e78938cce4e

SHA512
5e928ebbd1039f406993dc4e5b3bad0d5beee9accca756df8d048a9ba416cedf482f37ff7a61ed41b5ba3c8a5d5b457470af353c9ffdb0bf482f6fc6b954d1a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\{E3D77AAD-DDF9-4937-A652-79A37C2311A8}\eappkt.sys_X64

Filesize
51KB

MD5
1be7b30ce627794453793f24bc722d13

SHA1
c0d89f13620c576f82a0292a391bb225d9eb3095

SHA256
f7e0f0a9d039697eb2c23c60953bba2fb881e953bdb3206f920463e55209b2cf

SHA512
34cc2ce893452fb33c39675ef179c67635d345464640d9c584b64d0cea309e473e5f9bad58157ffcf056fc2eaaf97f6a20134993d4c40c2a3e639673b51c8739

Download Submit
C:\Users\Admin\AppData\Local\Temp\{E3D77AAD-DDF9-4937-A652-79A37C2311A8}\runSW.exe

Filesize
43KB

MD5
c967ff9ce59d51c6d4f6e126c7fb0eee

SHA1
7fcfac8c4b382dba966d00e51ccd62f1597b9410

SHA256
3693a1fda30a9c1314fa976ac149725bb314e7c6defd81fdf42d050e5b3d033c

SHA512
af3ffa2fb169de07ac6fc8d89e1916df0075df8400b3b0fce0636b97f88edc79cd6b15fca99c36eda327c3c7ee9ea76e3fd5a4adb3938ed62530840ee744b762

Download Submit
C:\Users\Admin\AppData\Local\Temp\{E3D77AAD-DDF9-4937-A652-79A37C2311A8}\setup.ico

Filesize
14KB

MD5
84cc2cced724960793a58f0c6a5088eb

SHA1
e710d464c30ef4981428491b5345158d47f8337d

SHA256
825ea6331d016185c37e9a081a1302b84e8d674cbc39d312eca9e2e3b417b771

SHA512
23e1241f7a136c5de7c00dd1d1639f4eb0b8b9385192ac32a64f0f394ada37d056d36f2005f37d839b3f2242a19ed7b62c155821c29c8d5eb635dccf267163f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\{E6AAC55D-EA97-4F4F-A1B1-10BF6A54F058}\_ISMSIDEL.INI

Filesize
6KB

MD5
86e5fd8cf67c8399dfc82a82dc94a698

SHA1
87ebbc7c68e3f67622a17dd6505ffbac1d9c4fa5

SHA256
20e815d92a987604aac05a85f9642d6b66d9e6c6408346941aa32e127bfdd339

SHA512
9d6303eee9fa66353c48b23e2bd7ea95669af3b7524da7e3913dbf2940a007ca6798bc917b9125b93b71dc62571c8822181b08db545040b1e32cdae8bacfd050

Download Submit
C:\Users\Admin\AppData\Local\Temp\{E6AAC55D-EA97-4F4F-A1B1-10BF6A54F058}\_ISMSIDEL.INI

Filesize
6KB

MD5
0843acd83fe863c5598c264c39533925

SHA1
5a67d39f0b58db17b11cc114e4050d441ebfcf99

SHA256
481d5a74b72a0410159710e70f28c7bce7f6095fa38e15adf3c468ceca0925b3

SHA512
469ed4a989f4705a5d0d53b9d47027a4c50e4b17f656f2c68a77e3ef528a192f80bf710106059f3367a689d8425edd3d90427f0968caa0d826deda543f22b6e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\{E6AAC55D-EA97-4F4F-A1B1-10BF6A54F058}\_ISMSIDEL.INI

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\{E6AAC55D-EA97-4F4F-A1B1-10BF6A54F058}\_ISMSIDEL.INI

Filesize
20B

MD5
db9af7503f195df96593ac42d5519075

SHA1
1b487531bad10f77750b8a50aca48593379e5f56

SHA256
0a33c5dffabcf31a1f6802026e9e2eef4b285e57fd79d52fdcd98d6502d14b13

SHA512
6839264e14576fe190260a4b82afc11c88e50593a20113483851bf4abfdb7cca9986bef83f4c6b8f98ef4d426f07024cf869e8ab393df6d2b743b9b8e2544e1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\~8685.tmp

Filesize
5KB

MD5
1f22caa34c2dabf3fb74c1e1386a3390

SHA1
096d6c57aa1c39950e67a1d100924de4a5f5479c

SHA256
ecac8672f31ce035bbe6c885518a34f7a2271d97bcb8c8e9ffc0d212f1494d33

SHA512
2b2a152935af7f329cd04d51ca66a687f19993d66b34aa8fa2571dbdb2bec82c5c35aea1387aca9b947c2ead4a41ca0c01141929d2ab6f9196702ba5e7b5dcf4

Download Submit
memory/544-347-0x0000000006670000-0x0000000006837000-memory.dmp

Filesize
1.8MB

Download
memory/544-350-0x0000000006560000-0x0000000006670000-memory.dmp

Filesize
1.1MB

Download
memory/544-772-0x0000000006560000-0x0000000006670000-memory.dmp

Filesize
1.1MB

Download
memory/544-280-0x0000000010000000-0x0000000010245000-memory.dmp

Filesize
2.3MB

Download
memory/544-771-0x0000000010000000-0x0000000010245000-memory.dmp

Filesize
2.3MB

Download
memory/2432-427-0x00007FFEA7970000-0x00007FFEA7980000-memory.dmp

Filesize
64KB

Download
memory/2432-499-0x00007FFEA5820000-0x00007FFEA5830000-memory.dmp

Filesize
64KB

Download
memory/2432-429-0x00007FFEA7970000-0x00007FFEA7980000-memory.dmp

Filesize
64KB

Download
memory/2432-459-0x00007FFEA5820000-0x00007FFEA5830000-memory.dmp

Filesize
64KB

Download
memory/2432-430-0x00007FFEA7970000-0x00007FFEA7980000-memory.dmp

Filesize
64KB

Download
memory/2432-431-0x00007FFEA7970000-0x00007FFEA7980000-memory.dmp

Filesize
64KB

Download
memory/2432-428-0x00007FFEA7970000-0x00007FFEA7980000-memory.dmp

Filesize
64KB

Download
memory/3148-279-0x00000000016A0000-0x00000000016A1000-memory.dmp

Filesize
4KB

Download
memory/4464-281-0x0000000000400000-0x000000000143B000-memory.dmp

Filesize
16.2MB

Download
memory/4464-260-0x00000000004A5000-0x00000000006CD000-memory.dmp

Filesize
2.2MB

Download
memory/4464-0-0x00000000004A5000-0x00000000006CD000-memory.dmp

Filesize
2.2MB

Download
memory/4464-2-0x0000000000400000-0x000000000143B000-memory.dmp

Filesize
16.2MB

Download
memory/4464-1-0x00000000015E0000-0x00000000015E1000-memory.dmp

Filesize
4KB

Download