xred | d584e58130d63580e6ad71f41f09ca5b765d0516d26749e9ace7bc85d49c7a18

Analysis

max time kernel
0s
max time network
150s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
18-12-2024 10:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d584e58130d63580e6ad71f41f09ca5b765d0516d26749e9ace7bc85d49c7a18.exe
Size

8.4MB
MD5

5a7d823359c21af24512dd647c0c3063
SHA1

8478412d6375084597d944dc231a5b8ac16817bd
SHA256

d584e58130d63580e6ad71f41f09ca5b765d0516d26749e9ace7bc85d49c7a18
SHA512

8e3ebafc02d4755fd7bccff4a9edb291e9b2642f5b47bc92fb78018602ebec2a12a432b53c290001444f77ff967229422711564ea21e5331143557d2f79e5778
SSDEEP

196608:tLUdwAmXaSMDdu+FtEF+mt6faSbMdoQDrCqIgxf0OKt72:tW5mKRDdu+MF+xfaSbuoQPLxFKt2

Score

10^/10

xred backdoor discovery macro

Malware Config

Extracted

Family

xred

xred.mooo.com

Attributes

email
[email protected]
payload_url
http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download

https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1

http://xred.site50.net/syn/SUpdate.ini

https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download

https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1

http://xred.site50.net/syn/Synaptics.rar

https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download

https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1

http://xred.site50.net/syn/SSLLibrary.dll

Signatures

Xred
Xred is backdoor written in Delphi.
backdoor xred
Xred family
xred

Suspicious Office macro 3 IoCs

Office document equipped with macros.

macro

resource
behavioral1/files/0x000500000001a4a5-794.dat
behavioral1/files/0x000600000001a4ab-807.dat
behavioral1/files/0x000700000001a4a5-818.dat

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d584e58130d63580e6ad71f41f09ca5b765d0516d26749e9ace7bc85d49c7a18.exe

C:\Users\Admin\AppData\Local\Temp\d584e58130d63580e6ad71f41f09ca5b765d0516d26749e9ace7bc85d49c7a18.exe
"C:\Users\Admin\AppData\Local\Temp\d584e58130d63580e6ad71f41f09ca5b765d0516d26749e9ace7bc85d49c7a18.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2708
- C:\Users\Admin\AppData\Local\Temp\._cache_d584e58130d63580e6ad71f41f09ca5b765d0516d26749e9ace7bc85d49c7a18.exe
  "C:\Users\Admin\AppData\Local\Temp\._cache_d584e58130d63580e6ad71f41f09ca5b765d0516d26749e9ace7bc85d49c7a18.exe"
  2⤵
  PID:2468
- - C:\Users\Admin\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
    "C:\Users\Admin\AppData\Local\Temp\TeamViewer\TeamViewer_.exe"
    3⤵
    PID:1676
- C:\ProgramData\Synaptics\Synaptics.exe
  "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
  2⤵
  PID:2508
- - C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
    "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
    3⤵
    PID:2716
  - - C:\Users\Admin\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
      "C:\Users\Admin\AppData\Local\Temp\TeamViewer\TeamViewer_.exe" InjUpdate
      4⤵
      PID:2872

C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
1⤵
PID:1384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Synaptics\Synaptics.exe

Filesize
8.4MB

MD5
5a7d823359c21af24512dd647c0c3063

SHA1
8478412d6375084597d944dc231a5b8ac16817bd

SHA256
d584e58130d63580e6ad71f41f09ca5b765d0516d26749e9ace7bc85d49c7a18

SHA512
8e3ebafc02d4755fd7bccff4a9edb291e9b2642f5b47bc92fb78018602ebec2a12a432b53c290001444f77ff967229422711564ea21e5331143557d2f79e5778

Download Submit
C:\Users\Admin\AppData\Local\Temp\._cache_d584e58130d63580e6ad71f41f09ca5b765d0516d26749e9ace7bc85d49c7a18.exe

Filesize
7.7MB

MD5
6ff62388b265f3682a390417ae4b47d6

SHA1
8e7afffd442a54ce004972181b0eec6d34270634

SHA256
b0edb941157eb8bb6b1e80d53b0ad2bce180f54abffddc08b7e7b2d20be445c1

SHA512
3429572e0d634ea4eeb01cf903e6ca654b993a0abe698bb6e682a86c4d3405216c58da70a9d58aaf81cb19dad51a009974f746885a5545d44809db3257a81a68

Download Submit
C:\Users\Admin\AppData\Local\Temp\TeamViewer\TeamViewer_.exe

Filesize
7.5MB

MD5
2f33659e551eac0332b2bd9f228fb811

SHA1
5e8c5e0e5e6d871740d163b7a81beeae709b3942

SHA256
a52f02c33354022b329f86f6283235aa7a58942e60659dcce3069d3a873845bb

SHA512
653b8632c1aeddfbe90a9a8e94966a8f3660bb42edb7dcce303f23f5d95f568a7e2d7dc3d7b3a2ba0657877812829f7aae49a08c1a4da792d450f2d4a9b5df51

Download Submit
C:\Users\Admin\AppData\Local\Temp\TeamViewer\tvinfo.ini

Filesize
102B

MD5
69a564a941c3b40b7745d8d30f77095c

SHA1
05a5b4e997bcdd9d8214ed7c77425eb871546fd5

SHA256
dc2f88879af6cc7301370feac2e0fc83724e1641bfa3224b228c83eee8c680a5

SHA512
6100b07556d54f4f953b9584383299bb5cfe42743fad45565144392c75b469c0d5db66e91680fff7f824da7ae139f6642197dbb016192a20e6f4b06ad034ca5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\TeamViewer\tvinfo.ini

Filesize
47B

MD5
b79df1c7a14576aeee74a58fdac22c69

SHA1
3cb7c8558f62f0c7b641c451d5c871cbd1bb951c

SHA256
6fc06809746090e4c55613cc16b7f673b89e4dd49a34f0f72c6f3d54225a5f75

SHA512
cfc5207320b56f5df83d5afc6256a9a594bcdc3de846747e09306ecfa5a4d1ff33f14327e5e4dddb26fab2b4fbd59dc912c5e7d5d9791e88179cfc3b3d919930

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjA278.tmp\TvGetVersion.dll

Filesize
153KB

MD5
a366cd40b73d191cdb1aa7b14267213f

SHA1
d7bad68f24127972b1363c44ad3a225fdf3d3659

SHA256
3d661aaac7698a5b4611ca22bda5e0194d90ec238d9dfe7e4ab38a8d866176b0

SHA512
96ea62df2ec21d80eae9a48c23fe38601564aa942e1e02013f1d78497ff4d9a332f41a4105c4d79e632b24bb7e75b1532d1a58e790c929570da51d6584e2eb8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstA353.tmp\advanced_unicode.ini

Filesize
1KB

MD5
8b3e104f11c5d046bd93df4e9fb40f4e

SHA1
0362bb65744a07563dc05cd612dd54a865233d79

SHA256
cc18c611578d796a879cac46746406dbaa96eddd544d7a12d4fa56856cb2cbc1

SHA512
edc08be542234c3ed6a94c46c610eb5398782c580859eda11f35df6112b3dfee10cf4be068c7a87f39a339f10a9176350cae9f657857375d641a35d5d151ced8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstA353.tmp\start_unicode.ini

Filesize
2KB

MD5
559f0cca4d20a554d5204bd1042fc542

SHA1
8b044fc3f0677865c5c34e1553f40cea9183b0bd

SHA256
875ff04e222429a3000b0c4f1e6da22936b7db94ed8cb8d47c81ff81a566161f

SHA512
22ee4d0fe1da08929adbcacb18246cc4ffe53dfe2132666d73a7366d04b63d2119810f89320b73a91abed4c683454b4a4ff8b968ec3f11ca21659fdad8750e66

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstA353.tmp\start_unicode.ini

Filesize
2KB

MD5
03c0d364bad57f247772c65794226fa2

SHA1
d2b6444d1225b7a5c077955f7193d1a5efbf5cef

SHA256
d80ea5e05253ce8724f645e05d18fa37893e330085b4327e528e2a69b11012a5

SHA512
9c6d84e762ff296c3811e15d6f94486138199bb61d5bf12ff884a3cb848f41a648ccbfef39d8d2e7f7a8199dd97d61301da43fafd8d66387073601eed8d744c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstA353.tmp\start_unicode.ini

Filesize
2KB

MD5
37c6075cd2918b5c34304dd6fa9224f1

SHA1
022378a4c2e7c5d13cc2298aa6e90f0949b52148

SHA256
d063a2306d0ab2f9918f07febf4a18cf8d703156aa1cbc6a82652d5b84805770

SHA512
0a5b07e76ab09e25134b6ff3497bece19545948c3dbbcad46a6ebf353d2026981a2820cd0ae41331583ad3429c11c909f6d0adacf366fd0ccc29090811da775f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstA353.tmp\start_unicode.ini

Filesize
2KB

MD5
384b28556fb1c437c7913b30a665baca

SHA1
57e47554c4dd38194d2d712abe87dfe21ba44849

SHA256
fac09582ee822af06d5540af7149a4ede9eb5af586e5b8fce350a74b35e4e014

SHA512
1fa52ce71716e4fdddb232c9b7536e375d24ec9de4ca2fab766f889c61f5907c0dc72c095bc59b616d41847456587f13d2947ebf28a7fedb8edd2d5cc7b8b4fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstA353.tmp\start_unicode.ini

Filesize
2KB

MD5
04117a23d29582fe605940d999d4739a

SHA1
5eca522bd9f793a5b53099271d51f4d859fcf279

SHA256
9327f65a5a53fe57a61b172b301e2bc76d6097a24a2ceba0293f29fbf595a190

SHA512
4e1656fba384453294f4d5cb64254f51e9519ae3d2dc91f9d981866c39a11e4056a9feda36bebdcc4bbb771b643ab679b49afb385b5ddf562736766293b7e018

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstA353.tmp\start_unicode.ini

Filesize
2KB

MD5
62e5c038a256820d6234037dee87142b

SHA1
607f4d418d3a6450ad6055b0049f77d65bc91858

SHA256
e3c3b6755d4902dffb0e1e0b3aa4b97c015f2da964e33f03e30cfb667937d662

SHA512
c1cdd9bc748be407573a26a6e1e8e90ee47a23715de9da9719318f09c473c302aef265b021063da059d24edad56ae8f4b51ea52e55886a5449318734e354df4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstA353.tmp\start_unicode.ini

Filesize
2KB

MD5
d5a5ef226467d3668a50d08bed3b43b1

SHA1
42a27bd861a3268d63562f5cafd28edf6fb8a2dd

SHA256
c7761dd5736d7eac61a9e480309e8bb0791bc87467d9f4e9cb95714b11d29ba8

SHA512
f891d36965acfb017a1f9f12ec2e018697f69477017b33dc566b49d2d699b23b0173a67f9cbebc4c0d6d1a6ae72f9d22b80d827f048aedf777479ff653972b8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstA353.tmp\start_unicode.ini

Filesize
2KB

MD5
f9deb344ebfcb4dd2fa7a9152159c24b

SHA1
2a7bfd3b7e4384ef3b45f91f6bbd7827dd079848

SHA256
c2085f6ea5f7ce0de220592308fefd6dd05777a6ee42853cfdec037a4295f162

SHA512
c4f68e78e9a72719795fb6e2e49d5f5721a8da9b60ed817613a7a87cbc517d314e76d04f849a7230f6791b33e8a6fb88162ee3f9a433025fcebf929546c3a069

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstA353.tmp\start_unicode.ini

Filesize
2KB

MD5
904229f9f8ca89a4efda147c2d25154d

SHA1
776ae793a9a2339a38d741dc6475ee90f28563a2

SHA256
c0d811308323365586b431d8836f0d4c3cdeb1c24a87c735df384f32c7830c17

SHA512
3b577139b745094d75d64ecbe24c87b9cef345b87f3142e6b08f8b8a59bf330d3bd055b7658fcc9a4b2c359957c90fc6a72f602a33771895cd3fec46a4d4a328

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstA353.tmp\start_unicode.ini

Filesize
2KB

MD5
2e1ebca41d5c7073748bc5a659e6f3f9

SHA1
8d1135dd05c729d6701043805949e535ef2e3596

SHA256
82f0e3f26c007dd806085ff7003981dcc54f21b9508b2e1cce1102578945ac3a

SHA512
fb7c6e842c09ed023a86ffda4349d38f2482a5476ae6763d205ebf7823ad59f746f8b42640faa8449fa3157c1b7ca898a18c20eff20cf3d88959da9696b69db2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstA353.tmp\start_unicode.ini

Filesize
2KB

MD5
6a74b68995e65b46816b010f48800a22

SHA1
a24abc55e1e331f2b5de260cdcd144e5b26d70e4

SHA256
f7be76cf182083e014a1f9a71101ec8d35e1b776cf476f5f7f975a642640426d

SHA512
0459ab1663221371f3f48473db34e4bb67f83e3bc49c4d994ba1a33d9ab6afe86f14e5921a23aee85ea1da89027b1e6ad26d6c0dac5147deab43aa789c3a216c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstA48B.tmp\start_unicode.ini

Filesize
2KB

MD5
655bd85f424b8c6b7952b90f9802bc54

SHA1
c447fbd65745550c44b9c2453310623a59ff2204

SHA256
e0c510ee31d4972fc6aee1721af79c38b962f8f6e58f178e1c9ffe9c776fe1b9

SHA512
124d67cd40e7de4f43d60a814702b2bcade39b5ef986e496779d0eed0fdb5e34ee139abca27469a4e2dba754c692507812aaa51c5815f84addef8e4f10335278

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstA48B.tmp\start_unicode.ini

Filesize
2KB

MD5
2a8a139cdab38b5f4264ae82850cbd22

SHA1
816e8acb2adc36c7f138f963a9802622dfc9536a

SHA256
94bde605292510f8ae6df19083130770ae8c754906007ea93150cab63962190b

SHA512
d6f99e88e72cfb28afc4af0780d2ac380f00f9fe9265cbbb4b8e6390e9b6ee5870a723e1971288783fd919158659ff214bab383242fa22470d9f6f1a170e2cf1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstA48B.tmp\start_unicode.ini

Filesize
2KB

MD5
cba8ae722ce9460fbdbf5e950d24cfaf

SHA1
d18cb106478d5a168f0e8911c388990fb2f57ed1

SHA256
fa2b958ebefd9f5a6f7be8088383f7ae62c3620f7309f6662a5f5be9ea895be0

SHA512
b37add715c018c59914c043dd1ef58b22f1a38fb91d8ebf43744acb5dbaf5fb66a4b722a6b74e30fa46e7095056fb918d65189821d9cdd4357473a289c0a3939

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstA48B.tmp\start_unicode.ini

Filesize
2KB

MD5
dcb01e16497497516453695f9b9a869f

SHA1
33e0b8c523720bca37eaa132778481f068ba6d0e

SHA256
04f12e6ffa84b2ef5c73298667c3fba9b7d4632d8543b675ad76f99b2ba6c8b6

SHA512
fc471041772dff1913671ec83bdb0da5fe7ac474c0a2c55500602c97279f07169ed9e3a842ba72dd2a0043af9de740816089039e4a60f1ebdb968f9e6d341cd2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstA48B.tmp\start_unicode.ini

Filesize
2KB

MD5
7da50602d01c16439a9735f15170636d

SHA1
8717cfd083aaa3c2542401d0e337934c7640d47a

SHA256
4a0f27d1b399f5fe1409a4ea07f958e809e4be291d2a546c512993efa28171a3

SHA512
bd6aa1d05ad1c1e279671d12f4ec7f53779d929baeded21c779b8a745ed3e1bb52ae37b8934ecc6fcccb865696d4d5e819e68eb1db9a22b4a040d4d765ceab27

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstA48B.tmp\start_unicode.ini

Filesize
2KB

MD5
ac35fb6f6d58b894458f304076c3c986

SHA1
17b9447979582b6a5d3ebc71e1f5014df30766c7

SHA256
0529e786a4cf52cf489bfe68296a74bc75a2a647d9f6d4f0045cd9230b4919a1

SHA512
f2a083bb6146471816a614842ddea83cde1b853514e75780dfeecc04280b8427a68142ac0feb2f604d3b9e6b06e3f2bfcf39db700082d7a3af3d4d70475f26ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstA48B.tmp\start_unicode.ini

Filesize
2KB

MD5
cde6ce710457cdbf5ebdbfd69dd83bf5

SHA1
3a21077d7716e012809fc6e6a4ac7867d56e886c

SHA256
44d708df4e4369d80110510c546b334236e138c3a7c9958e06e166fe06eb44cf

SHA512
bb1ace7dc75aa4bc89183e25f4b76966d01504c7becca742c550aa080839c90e44f716027bd8e1d8e9a7a457b50b24ab0aa96ee07a06293c430460d1dffaf15c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstA48B.tmp\start_unicode.ini

Filesize
2KB

MD5
27a077f79f8d2a22e7ccd548590f2c23

SHA1
976e095c4b0369b2d279bf287cb8f252e586aaa2

SHA256
9cea60b54a4c36c40db573b5b233eb27c1565153cf9c15bddfce4080a20e27eb

SHA512
5dbf2feceddc4b98787d2c817216703125eee531f3f8b3ac8c349438a66c3cdb1afd9085d82932d1b92fef701894a985a8c92b0efa2dd81c13badcd59dff10f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstA48B.tmp\start_unicode.ini

Filesize
2KB

MD5
8dda76b0679253cab892a52c5681c7c5

SHA1
3b135e6265435d16251d20c954151022c349ea49

SHA256
e84d3d2d1ee143ea30e0cabe9a60d084d4d9e5be6f80826befd200e88ba8f5a1

SHA512
27c69bb5d2f7d44574ea0f633565f586eaa880f2cef1d10bb892847cea4cabb42e4c677790eb3d083aa20f0a1bdaaed91d594b9a30d89db688928c86272afe29

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstA48B.tmp\start_unicode.ini

Filesize
2KB

MD5
9136773dcd1521ed245a1332a119ae61

SHA1
04b49cf2345a4ba666c30a3ea2ddcca3f393ef15

SHA256
abb2dc4f342d27bb8ee6d81bb99622269f07e53a73f40e377634979b39be371c

SHA512
165b4ab322ea8dfcba90b515a4ec930a0e75ac8c699fa86a248c6f13c75220543ba3c337d07b6c47e02296712898d20357cd16014d9731e7b125c6dbcedadfc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\qB9qllri.xlsm

Filesize
17KB

MD5
e566fc53051035e1e6fd0ed1823de0f9

SHA1
00bc96c48b98676ecd67e81a6f1d7754e4156044

SHA256
8e574b4ae6502230c0829e2319a6c146aebd51b7008bf5bbfb731424d7952c15

SHA512
a12f56ff30ea35381c2b8f8af2446cf1daa21ee872e98cad4b863db060acd4c33c5760918c277dadb7a490cb4ca2f925d59c70dc5171e16601a11bc4a6542b04

Download Submit
C:\Users\Admin\AppData\Local\Temp\qB9qllri.xlsm

Filesize
23KB

MD5
eda2e3937ca8929d5816056703cb79c1

SHA1
aa3899b7b4d76b9f006ad8c203f63a03a24dfc57

SHA256
81213e69dd8afc36b7e0d23965a9812d87db16cc343a0c0b52b7ce7ab42d8abf

SHA512
7a59821497049b2551a65607f0843b6d43709ea1a99079e8b44bc89be582b850d6c21a2ff8f0e09538b3a5babcd50112ce51a7b37a3ce94e743b28720b2da103

Download Submit
C:\Users\Admin\AppData\Local\Temp\qB9qllri.xlsm

Filesize
27KB

MD5
9973bb342492f0fab7dc6e00102ab5a0

SHA1
eddf7160b903d6662f1d9bb1d4650756abb1a428

SHA256
4dcae491a74230d027db9decff2d94870655899799ac23fd2a368d4d07ebd471

SHA512
99c1acb30122b1e1fab4b62145505b399975898b42dc67309988057c8203dfb788c35ee4af2dddb1cf63ee86fe06cd45f6c599204d80794a807347aad6be259e

Download Submit
C:\Users\Admin\AppData\Local\Temp\qB9qllri.xlsm

Filesize
28KB

MD5
75acd1af1696ef217177e854a8c1b45b

SHA1
d674eaafd7c680eb341fbfe7c08895062bb06a9a

SHA256
8b0dd032cbae8d620f4b7327448dba3575e9d3c5f28d7e5bb86161a9aab595e7

SHA512
e64134882464126d638862214646b2947a34b9374df34a3d5df16ad7680b31f68f2cd66eea35dddbbbd93da27fc0f2e7c0ffde36354c659dbecac7f068a7d411

Download Submit
\Users\Admin\AppData\Local\Temp\nstA353.tmp\InstallOptions.dll

Filesize
15KB

MD5
89351a0a6a89519c86c5531e20dab9ea

SHA1
9e801aaaae9e70d8f7fc52f6f12cedc55e4c8a00

SHA256
f530069ef87a1c163c4fd63a3d5b053420ce3d7a98739c70211b4a99f90d6277

SHA512
13168fa828b581383e5f64d3b54be357e98d2eb9362b45685e7426ffc2f0696ab432cc8a3f374ce8abd03c096f1662d954877afa886fc4aa74709e6044b75c08

Download Submit
\Users\Admin\AppData\Local\Temp\nstA353.tmp\UserInfo.dll

Filesize
4KB

MD5
c7ce0e47c83525983fd2c4c9566b4aad

SHA1
38b7ad7bb32ffae35540fce373b8a671878dc54e

SHA256
6293408a5fa6d0f55f0a4d01528eb5b807ee9447a75a28b5986267475ebcd3ae

SHA512
ee9f23ea5210f418d4c559628bbfb3a0f892440bcd5dc4c1901cb8e510078e4481ea8353b262795076a19055e70b88e08fee5fb7e8f35a6f49022096408df20e

Download Submit
\Users\Admin\AppData\Local\Temp\nstA353.tmp\linker.dll

Filesize
45KB

MD5
4ac3f0ab2e423515ed9c575333342054

SHA1
a3e4f2b2135157f964d471564044b023a64f2532

SHA256
f223d6c72f86544b358a6301daf60ccdd86198f32e3447a1860acf3f59f2dae9

SHA512
8fbd5b4989be51c27fa15af155d2921bea9aa5d0557a22d4224256e678dfe7dcaa5f80917a748c31dc9c9a91573e4618e2497ccfd47eefd7a0fa08c12366a1e5

Download Submit
\Users\Admin\AppData\Local\Temp\nstA48B.tmp\System.dll

Filesize
11KB

MD5
bf712f32249029466fa86756f5546950

SHA1
75ac4dc4808ac148ddd78f6b89a51afbd4091c2e

SHA256
7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af

SHA512
13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4

Download Submit
memory/1384-824-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/1384-759-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/2508-923-0x0000000000400000-0x0000000000C70000-memory.dmp

Filesize
8.4MB

Download
memory/2508-1120-0x0000000000400000-0x0000000000C70000-memory.dmp

Filesize
8.4MB

Download
memory/2508-2132-0x0000000000400000-0x0000000000C70000-memory.dmp

Filesize
8.4MB

Download
memory/2508-660-0x0000000000400000-0x0000000000C70000-memory.dmp

Filesize
8.4MB

Download
memory/2708-39-0x0000000000400000-0x0000000000C70000-memory.dmp

Filesize
8.4MB

Download
memory/2708-0-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download