Overview

overview

10

Static

static

10

2025-01-04...er.exe

windows7-x64

10

2025-01-04...er.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    143s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    04-01-2025 10:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2025-01-04_439985361f75dac79129b3fc3f062ba6_darkgate_magniber.exe

  • Size

    10.9MB

  • MD5

    439985361f75dac79129b3fc3f062ba6

  • SHA1

    a649b2d152b777a6c1d43c4c08e2bf52bb53d972

  • SHA256

    81defdaafcd1103c8e8af43ba52efc3648f47d2029adb3ff0a3f9c90e21168ba

  • SHA512

    df5b0f11d339572416add3944cc5bfbe2e4e516925db40fa4b7e4d52901137d01580d52ca0c53b01040bbb391e0765d77592124fe9f2e695d370ef23dee03359

  • SSDEEP

    196608:XLysV7fyBk+EPFSlWgLqIAMmVKuGv6zU84RxV3+gTRs1v0KmpGaMV7fyBk+EPm:XR8LMe6zU84Rb+gTg0Kba

Score
10/10
xredbackdoordiscoverypersistence

Malware Config

Extracted

Family

xred

C2

xred.mooo.com

Attributes
  • email

    [email protected]

  • payload_url

    http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

    https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download

    https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1

    http://xred.site50.net/syn/SUpdate.ini

    https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download

    https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1

    http://xred.site50.net/syn/Synaptics.rar

    https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download

    https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1

    http://xred.site50.net/syn/SSLLibrary.dll

Signatures

  • Xred

    Xred is backdoor written in Delphi.

    backdoorxred
  • Xred family
    xred
  • Boot or Logon Autostart Execution: Port Monitors 1 TTPs 6 IoCs

    Adversaries may use port monitors to run an adversary supplied DLL during system boot for persistence or privilege escalation.

    persistence
  • Boot or Logon Autostart Execution: Print Processors 1 TTPs 1 IoCs

    Adversaries may abuse print processors to run malicious DLLs during system boot for persistence and/or privilege escalation.

    persistence
  • Executes dropped EXE 10 IoCs
  • Loads dropped DLL 15 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in System32 directory 38 IoCs
  • Drops file in Windows directory 17 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 10 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Modifies data under HKEY_USERS 57 IoCs
  • Runs net.exe
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 42 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-01-04_439985361f75dac79129b3fc3f062ba6_darkgate_magniber.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-01-04_439985361f75dac79129b3fc3f062ba6_darkgate_magniber.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:264
    • C:\Users\Admin\AppData\Local\Temp\._cache_2025-01-04_439985361f75dac79129b3fc3f062ba6_darkgate_magniber.exe
      "C:\Users\Admin\AppData\Local\Temp\._cache_2025-01-04_439985361f75dac79129b3fc3f062ba6_darkgate_magniber.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:1552
      • C:\Users\Admin\AppData\Local\Temp\{E0A4444C-EAE3-4AB3-AF0F-E2D8988E05B4}\ISBEW64.exe
        C:\Users\Admin\AppData\Local\Temp\{E0A4444C-EAE3-4AB3-AF0F-E2D8988E05B4}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{4BD6939A-F1E3-4586-B025-909DC15022E0}
        3⤵
        • Executes dropped EXE
        PID:19720
      • C:\Users\Admin\AppData\Local\Temp\{E0A4444C-EAE3-4AB3-AF0F-E2D8988E05B4}\ISBEW64.exe
        C:\Users\Admin\AppData\Local\Temp\{E0A4444C-EAE3-4AB3-AF0F-E2D8988E05B4}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3CAC29D6-2D36-4A94-9296-6A68C253783E}
        3⤵
        • Executes dropped EXE
        PID:19848
      • C:\Users\Admin\AppData\Local\Temp\{E0A4444C-EAE3-4AB3-AF0F-E2D8988E05B4}\ISBEW64.exe
        C:\Users\Admin\AppData\Local\Temp\{E0A4444C-EAE3-4AB3-AF0F-E2D8988E05B4}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{FA23E790-9347-4C38-A596-C7013BB6F509}
        3⤵
        • Executes dropped EXE
        PID:19892
      • C:\Users\Admin\AppData\Local\Temp\{E0A4444C-EAE3-4AB3-AF0F-E2D8988E05B4}\ISBEW64.exe
        C:\Users\Admin\AppData\Local\Temp\{E0A4444C-EAE3-4AB3-AF0F-E2D8988E05B4}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0E0BA9D3-3625-4040-B466-39C611E079AA}
        3⤵
        • Executes dropped EXE
        PID:19932
      • C:\Users\Admin\AppData\Local\Temp\{E0A4444C-EAE3-4AB3-AF0F-E2D8988E05B4}\ISBEW64.exe
        C:\Users\Admin\AppData\Local\Temp\{E0A4444C-EAE3-4AB3-AF0F-E2D8988E05B4}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{080D6C50-3EA9-4F11-B9FE-B8A2B343AA21}
        3⤵
        • Executes dropped EXE
        PID:19968
      • C:\Users\Admin\AppData\Local\Temp\{E0A4444C-EAE3-4AB3-AF0F-E2D8988E05B4}\ISBEW64.exe
        C:\Users\Admin\AppData\Local\Temp\{E0A4444C-EAE3-4AB3-AF0F-E2D8988E05B4}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F69EB5A6-ADC7-4A25-B91E-D07A5C23C3B9}
        3⤵
        • Executes dropped EXE
        PID:20084
      • C:\BIXOLON Printer Driver\SRP-F312\SRPF312_Installer.exe
        "C:\BIXOLON Printer Driver\SRP-F312\SRPF312_Installer"
        3⤵
        • Boot or Logon Autostart Execution: Print Processors
        • Executes dropped EXE
        • Drops file in System32 directory
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:16356
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c RUNDLL32 printui.dll,PrintUIEntry /ia /m "BIXOLON SRP-F312" /f .\SRPF312.inf
          4⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:9272
          • C:\Windows\SysWOW64\rundll32.exe
            RUNDLL32 printui.dll,PrintUIEntry /ia /m "BIXOLON SRP-F312" /f .\SRPF312.inf
            5⤵
            • Drops file in Windows directory
            • System Location Discovery: System Language Discovery
            • Suspicious use of AdjustPrivilegeToken
            PID:9248
        • C:\Windows\SysWOW64\net.exe
          net start spooler
          4⤵
          • System Location Discovery: System Language Discovery
          PID:5800
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 start spooler
            5⤵
            • System Location Discovery: System Language Discovery
            PID:5776
    • C:\ProgramData\Synaptics\Synaptics.exe
      "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:5192
      • C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
        "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:16036
  • C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
    1⤵
    • System Location Discovery: System Language Discovery
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:20176
  • C:\Windows\system32\DrvInst.exe
    DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{3dba2156-5827-6f07-353b-014276de687f}\srpf312.inf" "9" "6ac5e6d3b" "0000000000000060" "WinSta0\Default" "0000000000000328" "208" "c:\bixolon printer driver\srp-f312"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    PID:9028
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
    1⤵
      PID:8548
    • C:\Windows\System32\spoolsv.exe
      C:\Windows\System32\spoolsv.exe
      1⤵
      • Boot or Logon Autostart Execution: Port Monitors
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      PID:8396

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\BIXOLON Printer Driver\SRP-F312\BXLCtrlAEditor.exe
      Filesize

      331KB

      MD5

      0d6b97ddb5e02d95a4c2054143ae68b2

      SHA1

      75fed457f8abf5d9528cd09e78bbdafb00799ca8

      SHA256

      db6cb2dcdf32f9069e2a6e3840f004c0ec0ec536129e0c17d2b54f13ac00bc46

      SHA512

      2484360cc3e73ee1f76f2a4849846f70c3921dde0683fcc74ec2c82e6709ba575152e380e3550a0e689d718c722b38ded5e3bf78d975d054cde7254cba9e0146

      Download Submit

    • C:\BIXOLON Printer Driver\SRP-F312\Driver32\SRP3D9.tmp
      Filesize

      8KB

      MD5

      1243a6b4ccaea5503e49a71ac78b821e

      SHA1

      4cd477885cf1e28dfb9087c5b89e36d14e46bb3b

      SHA256

      eb6c877aa8fa72cdf38705e1737072d9f691e472ba8316da910b7ccb6344fb0e

      SHA512

      1d1b7978a3add8a637acaad04c2d1a95bdcc0afdab9325a461753953e58e8cd768d6e2114eddfac2378f3a44ab34cb23a3b85d2731954c6f14677794a7a73528

      Download Submit

    • C:\BIXOLON Printer Driver\SRP-F312\Driver32\STD3DD.tmp
      Filesize

      14KB

      MD5

      cd0ba5f62202298a6367e0e34cf5a37e

      SHA1

      0507c7264281efb362931deb093308a5cc0f23a5

      SHA256

      b5e8e0c7339ef73f4dd20e2570ee2c79f06ca983f74d175dbe90c0319c70ce3a

      SHA512

      0da97d886bbf6e06bdef240b0ca32e80ed56140349902f2a58fcd00a95f85aedeabb779ca99308da39e995bdb7c179e2d7a0705643af609ec7e05323964851f8

      Download Submit

    • C:\BIXOLON Printer Driver\SRP-F312\Driver32\UIF3F0.tmp
      Filesize

      65B

      MD5

      1f1c099c5733d30e86c2261c6c6fd7d5

      SHA1

      5eeccf813df3edf0688f69936eaa3c8eaf830237

      SHA256

      a3b8dd3f18e09d19725ec6a7f383b423a8159bb9ef320150156ba606648f07f3

      SHA512

      92e746a22ebad9dc0366979ab25d159eb79f4162a5425fdac2076ed0e0eff300e01d467179b084747c6ca208eca84db9f54c92b878893744e0f482f8fdd3aef1

      Download Submit

    • C:\BIXOLON Printer Driver\SRP-F312\Driver32\UNI4EE.tmp
      Filesize

      20KB

      MD5

      6798f64959c913673bd66cd4e47f4a65

      SHA1

      c50faa64c8267ac7106401e69da5c15fc3f2034c

      SHA256

      0c02b226be4e7397f8c98799e58b0a512515e462ccdaac04edc10e3e1091c011

      SHA512

      8d208306b6d0f892a2f16f8070a89d8edb968589896cb70cf46f43bf4befb7c4ca6a278c35fe8a2685cc784505efb77c32b0aabf80d13bcc0d10a39ae8afb55a

      Download Submit

    • C:\BIXOLON Printer Driver\SRP-F312\ImageMacro.exe
      Filesize

      1.2MB

      MD5

      bbe2ab2bd5ff913c8737e0d30e944e2a

      SHA1

      914927f0ca87947f504b71504274853dd59a8b89

      SHA256

      4f039e6ecee8807bb8ae0af3e47bbfa0400ed8d481c67aca41c1f44d76206b54

      SHA512

      084de959b286d6365d8a66794e79da6480f83a39c1f560bce6a6019c9993e650b502608ee91c9532cadca13e845dc0f6d633ea6e2f1eb1e951cfc15a446036ed

      Download Submit

    • C:\BIXOLON Printer Driver\SRP-F312\JournalViewer.exe
      Filesize

      123KB

      MD5

      b86146f60a1e7d801b718df3aae839fd

      SHA1

      2631fa0b0289ab75945428e0b7a5d4136b5fd5f2

      SHA256

      f6e79a96c4a0ed35024adc0c957b3b3f0b290b18291a1c7028d6f41ee46c20fd

      SHA512

      1c9e15a94bdbee6ba8d7b546484182cb3284ed1bd2ab86ca8cb3bc18fa86e71f2cf5cf8c6143725d879a3aee2da94662df022ba14c1a41e01ed88ce0d83d98ef

      Download Submit

    • C:\BIXOLON Printer Driver\SRP-F312\SRP-F312_NVTool_V1.1.0.exe
      Filesize

      152KB

      MD5

      86fb0b5431728f7124de3cb9e1f9a5f9

      SHA1

      223a7de301ea682f7a2aab8e0744e3589d42bfd7

      SHA256

      a1a91590c45713989eeef73fe30998c4e186a714f6fe3747d9a9d0855a738050

      SHA512

      33e02be2effb48969a6fd21d75d60f8f81327de2476504147df4cccaba073108a6ac885f432ae6ada1dea2947ad36698b06855af85f9edf31f33170e3985665e

      Download Submit

    • C:\BIXOLON Printer Driver\SRP-F312\SRPF312.INI
      Filesize

      68B

      MD5

      1b484e7ba0ee1d15cd2e8ac536873354

      SHA1

      a67a53db9a9886807f15bded8ee9fe94c2832470

      SHA256

      54186380654c040bc3c106e252e58cd01b0773c88df3566c80fd5abde5d7a17f

      SHA512

      6645be76902cb23d034aa063731042ac788cfb4fd72e097c84c4e43ec31fcc441377ba683d965312f271ea05f2e18c443bd6f1edadb59b78f9e206a26a86e43d

      Download Submit

    • C:\BIXOLON Printer Driver\SRP-F312\SRPF312_Config.BXL
      Filesize

      294B

      MD5

      bb56a0772b4d6c5b7d78c93854aa2ca2

      SHA1

      de7fe97d5828eb0a4bcdc9d36a3a329e2699bff0

      SHA256

      d872ca85aafd2f534b0181af3beb87029281e346157ca1415281c6cde203929a

      SHA512

      d976978da4e4229f3e3fb60d001d9940b76f24b9fa9323812430d8c08467f5d53eaabb7564f0fe834cd8845783d82fdfe988ac11d1723704fec4e54522c2b267

      Download Submit

    • C:\BIXOLON Printer Driver\SRP-F312\SRPF312_Installer.exe
      Filesize

      1.7MB

      MD5

      a5f621b39cfb6bdb3ba9267541da9889

      SHA1

      90dbdabeb53e1802161e52d489a23938c7fb14ac

      SHA256

      91bcbc846c76799ff45f2468f143df4c085bc58f61a6dbe3565ee67274f2d1d4

      SHA512

      55e34a936d83381afeb2a1db5fe7a29e6d472d378003231787b8f005057eacb2102a5d73bf9d42808d593acc43f13c7cb7cc449dd8450af1bdfe73986b5640bc

      Download Submit

    • C:\BIXOLON Printer Driver\SRP-F312\SRPF312_Uninstaller.exe
      Filesize

      1.7MB

      MD5

      09f3aedc4e17c97dfcb14a005ba14fcd

      SHA1

      bfde23993bda0261ee5379ca9a93bb34d3ed0925

      SHA256

      baee0786e432423a5ce14d53ac0dbfc768047e3ae4d008b1fb107f8662b8105b

      SHA512

      67f7af102f4ffffbab7c5db2cfb55c3fd664c92d4eeb6d0883b2e73b231b86778989a1130072c3376fcd5ea3c06ddc35efe69bfbfb38ba5187c4c6eaaa5665e6

      Download Submit

    • C:\BIXOLON Printer Driver\SRP-F312\TextMacro.exe
      Filesize

      119KB

      MD5

      f5248f59e6a4a4bd79466881c1e2c75a

      SHA1

      4978566f9304524ddcd19186e9b0815fe14d421a

      SHA256

      310dcf991b2ff88af00061e88be536dd3dbef25dd1b0712ff2204932a5c61280

      SHA512

      72cb3ec930d6c34354776f89b726fb3d89c7f58c8f86c5960a7ee2463bef1e7236c170ebb908081fe38df028117c7700450b544e71b43593e6bad85c38c68d75

      Download Submit

    • C:\BIXOLON Printer Driver\SRP-F312\VMSM.exe
      Filesize

      3.1MB

      MD5

      72907140badc15e8f151093c53ff9cb7

      SHA1

      921ae6d219425bf2e59bec9df84c89733b98f443

      SHA256

      bc93baf4931b07ead21e782190a372f0e662abe9e085da2e96ee6446e0c39f0b

      SHA512

      9bb0c0665ad31a9e9a284a7229d038d34328398b34a5a5ab8d965241230d5664d39ad27c9a08663a06ca84275fe21e0bb3761c2327d1f23f5730419074013f0c

      Download Submit

    • C:\ProgramData\Synaptics\Synaptics.exe
      Filesize

      10.9MB

      MD5

      439985361f75dac79129b3fc3f062ba6

      SHA1

      a649b2d152b777a6c1d43c4c08e2bf52bb53d972

      SHA256

      81defdaafcd1103c8e8af43ba52efc3648f47d2029adb3ff0a3f9c90e21168ba

      SHA512

      df5b0f11d339572416add3944cc5bfbe2e4e516925db40fa4b7e4d52901137d01580d52ca0c53b01040bbb391e0765d77592124fe9f2e695d370ef23dee03359

      Download Submit

    • C:\Temp\SRP-F312_Installer.txt
      Filesize

      706B

      MD5

      d4fe0f28cccc74afb59396a386d7c489

      SHA1

      4a3c06654e6b55ef9cb147817b92691fd9612270

      SHA256

      80a6c5bb50df7a2421270877b650dd880cf06adf71ef4a62b1909ba4b8f2302d

      SHA512

      0bf169be192181d9ee5cbf85da32a5299759a2145b1b87ad0be8f941ef0af27a1bde2a6f096e6b20a9e0e21e56849b7cacac5977221686e85ce232067aa34b2e

      Download Submit

    • C:\Temp\SRP-F312_Installer.txt
      Filesize

      1KB

      MD5

      5aac3c0dc3e4816065f873338a10ff4c

      SHA1

      2c6f9e33c6763fcac5062768647523c0e700066a

      SHA256

      c1e9d2780f8c37c9a4c5fb99eb5cec3e338e65a232a56fe9f3a10a20203fc229

      SHA512

      59b54621e6c6748fa543863a8a125f438253835baa683422c9cf12152e3d54c8d236aecf40a8a8bf77db983099790459334e82a1fb86ad5d923ca28961eec618

      Download Submit

    • C:\Temp\SRP-F312_Installer.txt
      Filesize

      5KB

      MD5

      c873cbae452925a4a3d7a482863a808b

      SHA1

      d114552eed94642f0ed53d82476b8d5b21f2f93a

      SHA256

      e7a7fae9e73fd1a937781a97c6d6e30df4b19316773f6b628e6d65e43747450e

      SHA512

      b65a64cbe6d105b5323cdffea7271941ee95f1e0b0ab24e2ccdceba4f4fdd4326e7f9a92e57b9bff536055367b1b87f9e2569496cd3ddc8bf0954ab664e47918

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\ERgmCxs7.xlsm
      Filesize

      17KB

      MD5

      e566fc53051035e1e6fd0ed1823de0f9

      SHA1

      00bc96c48b98676ecd67e81a6f1d7754e4156044

      SHA256

      8e574b4ae6502230c0829e2319a6c146aebd51b7008bf5bbfb731424d7952c15

      SHA512

      a12f56ff30ea35381c2b8f8af2446cf1daa21ee872e98cad4b863db060acd4c33c5760918c277dadb7a490cb4ca2f925d59c70dc5171e16601a11bc4a6542b04

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\ERgmCxs7.xlsm
      Filesize

      24KB

      MD5

      6d84da670a79af7d93c978bd896a0cf1

      SHA1

      4520fe18cf7534a951b24af4d43cfd25bbd35929

      SHA256

      0e142969301ff881e674e539d9041b4fbe74b0ce7d5424bdce3b87d6c1898f19

      SHA512

      3a2c64c3e761f1c80ab49e90b1cdd937968e9776006f04dc307bd49660d3b168f8b0adda3218f6d16c6ced5be13112abfa50b24f984ee7be022b11679b23683b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\ispDAE1.tmp
      Filesize

      253KB

      MD5

      2c1eaf7365689693f0db2867680e26f7

      SHA1

      4e76f27ecd3b4426d2c828fdafd9f5f13cfc3426

      SHA256

      ab1ddb8870b410a6db38f02a8d7763dd3a1fa393b7d617cc11392b25bafd6175

      SHA512

      9b40aac9cc128d1cf1ea0a41c39d7ee9f76ae0987b5c4c49a942e3ac3eeebe03b065db1b1808963f69690e5030b84e8534b9a411dbcc9434f5504df208f5fc5e

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\skind327.rra
      Filesize

      25KB

      MD5

      4b4710ec6332f22f2cc85744b6a2bd8c

      SHA1

      9978539594c4f9bf6ad98032f9bf2abd10d0b2b5

      SHA256

      e9ccebc18123b09ad7ec2ee208cb795a5dfbdbba9e60b31ccdd409636c5cf1c0

      SHA512

      813ea91adf0c84500350d55ee705c99393f9d0d099ef67c2afad1fc4701ef546f4ba41ef785ccabcf7e24ba92e212ccec3aa50b4f9fc690f5096e4f21d844be7

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{1734CBF7-79FA-48D1-951D-F9D5EED1D716}\0x0409.ini
      Filesize

      21KB

      MD5

      be345d0260ae12c5f2f337b17e07c217

      SHA1

      0976ba0982fe34f1c35a0974f6178e15c238ed7b

      SHA256

      e994689a13b9448c074f9b471edeec9b524890a0d82925e98ab90b658016d8f3

      SHA512

      77040dbee29be6b136a83b9e444d8b4f71ff739f7157e451778fb4fccb939a67ff881a70483de16bcb6ae1fea64a89e00711a33ec26f4d3eea8e16c9e9553eff

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{1734CBF7-79FA-48D1-951D-F9D5EED1D716}\Disk1\data1.hdr
      Filesize

      17KB

      MD5

      aaa56c73ba39717c9a7169670aa4664f

      SHA1

      edc9e2497531837a427074d2104bcaad2d141d6b

      SHA256

      aa13b95e203ab63fa4aa7d4246b416190e51faeb84c33f67acd4a00bc1b84313

      SHA512

      0806274c4a48a86eb082ded6945a4947e466ad652e82765a21f0b67e594e7e06c6cda046be59c195fd7973ab6cdb392fb0533c6c6cb07a055ecc87fc6c74d3e7

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{1734CBF7-79FA-48D1-951D-F9D5EED1D716}\Disk1\setup.inx
      Filesize

      238KB

      MD5

      0cb4370f90e8902f820a58b6733d5895

      SHA1

      b2dac82856c58e0521929418f6a59a490c2a66c3

      SHA256

      8813f7f1578dac6304d79da310bdf1ec620b0c0ffe14c2e4f0e13b3e54e56c0c

      SHA512

      f5e1f86d71886cb486db9350e406f75d528b50eed8bb1ae1fbbf5475c01f67be454b0790555a6bc3eaeb6168198406507beb6317f1a7b701c9834b9a6723001d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{1734CBF7-79FA-48D1-951D-F9D5EED1D716}\setup.ini
      Filesize

      2KB

      MD5

      78f3991c887b9c27b56fcb06069eec67

      SHA1

      688667b4b1b5f3e7eff62a906821d10954c11411

      SHA256

      b94f58ab99b175d47bb97881512ae12510deaac8c1e9804c6efa33a50ce8e674

      SHA512

      0e572d6e1b6120c8a757c4daac711623780cfb5dbd75bd076c9d77bf8b0714cfcd55a373d5f23950a21f9b2e6c4f2c0aac6f11fb50c389a7c59571545d781ca4

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{1A07EA01-3087-4216-9E63-657D338DC3F7}\0x0412.ini
      Filesize

      13KB

      MD5

      73e70a6b9354e80237c8e2b3170830a0

      SHA1

      b4c8777ce9c2d2fff4c0c914825cbe698feaadaf

      SHA256

      316577cf74d3545d632b0de55513a3511d654849655157cb84821b871ec081e9

      SHA512

      f15e736e7c0b55437b39869a0bbce15d5365f04c70be23fc373d83ce0e99e0a806244c1c44cd298dc4970d20af6cb1198a9d84749f5d5ac02162c261b1460ed7

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{1A07EA01-3087-4216-9E63-657D338DC3F7}\Disk1\setup.exe
      Filesize

      1.1MB

      MD5

      dcdf7f2a1443ecf19213ffe275fd003d

      SHA1

      e88cebc1b4cafeacf101f15a64f0367aafbe8148

      SHA256

      1f70dbc910d120fa063c1d5bd5e8b008948fb8004e6087a68ceb53b6e75aee08

      SHA512

      88f07475f1cb31c743b86f7501ed34a757f0d6ce4c59aeea4341f5cb963db812fc27f7a89b2c70bcaa45d85b93419c5dfdcf9d7db6c4d3f7369750fc0d749947

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{3dba2156-5827-6f07-353b-014276de687f}\Driver64\SET209B.tmp
      Filesize

      171KB

      MD5

      c87e5ad06a43b1ac3a7242d45fbf2e37

      SHA1

      3234550f3211f9c6fd943c37c5ebf4c8daa009ae

      SHA256

      d954d1c8e694ff1666cffe703999e44e225c35835b777461678bfb35c482a05c

      SHA512

      0adf9922e044d0f7b07e0f21f8f2ae94c5cdb601cc89462c01df8ae9203a7860aad26cb72c7d5d56b8b49d75de4d40efb523f8150b907c7342d9a6bb857dcdc2

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{3dba2156-5827-6f07-353b-014276de687f}\Driver64\SET209D.tmp
      Filesize

      23KB

      MD5

      c0c096dde4274f76b12de0111f209945

      SHA1

      d61d61fe98b38c17aba03ac054068bd7b9b8c179

      SHA256

      cb459ee284dd68b94a380e500e26a4bb67e2a537c5527aeb7493a4d062fd1e60

      SHA512

      75746309bac856098fcd8cda5e4131cdb6d3e8e15c753d38a9bd6a6c2dacfa5c5d4a2071f15685b3924e9b9f0115d0628b4187d65c99c822de21837cc2278c86

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{3dba2156-5827-6f07-353b-014276de687f}\Driver64\SET209E.tmp
      Filesize

      18KB

      MD5

      2fa4671ff84c50d035b8e8e5b80e6037

      SHA1

      e9d5005721e76a875adc10398709ba692e11926d

      SHA256

      514c4d8210f1c59723bac834af1898673620f99e8bc30b155fed94220ee0c630

      SHA512

      93c0aae8cf5f71c726beea66518d31e588a9037fc6322ee45b8ba9aa43ada85fbcc72970357f28084471435dbd7c81469328d79f7aec1f6d37228fbff6f33c87

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{3dba2156-5827-6f07-353b-014276de687f}\Driver64\SET209F.tmp
      Filesize

      74KB

      MD5

      2b9436e8e53170d6a9f07ff79b975a8a

      SHA1

      e8f9c216853e4389ca607c09dead3067f843e8aa

      SHA256

      8c375a6d3fafe8c00fe0e76193820b923fbac313d1c64b16fa88b5877c7ef1e9

      SHA512

      3d6b17fa1e0095a6f2f8d5f1bf13dcede92eb0477407ceae3044794883d807127cb8d723e406ed223772aa8d00c7133523c50389e78e1ae5f3fd0d094699d883

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{3dba2156-5827-6f07-353b-014276de687f}\Driver64\SET20A1.tmp
      Filesize

      149KB

      MD5

      a1c7d1560ac5aaff2922e417329fc717

      SHA1

      f1024af1f4b0cce6adb17362cec8923acb903263

      SHA256

      95d26944a31b3a28646fcb060d4c18bed83bdee64617084c72131be706d6db5e

      SHA512

      cf68b52792c6e7241bcd972729c8835f97fdc1e1c6c6c956b2b1feadc91e5fa8f60dacdae79f5e64de371f527e8fb196f351e722bc9b0d49e723adff61baf9a5

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{E0A4444C-EAE3-4AB3-AF0F-E2D8988E05B4}\ISBEW64.exe
      Filesize

      176KB

      MD5

      9f9c3f526ee03b257b7447d4305b9c73

      SHA1

      f0412cd79b2c733f5fa4b1f26c9fae753491be2e

      SHA256

      e933bf52d25f7bfc5ec0b58cd0df771dbc696b5ebe5a41a11cd1703f7348a669

      SHA512

      f5bc22491049858b49263c1bad8732726caf25d0da7c7fae7ff4448d8fe77d2f3882abc99fc376c17635ba9b37d9cdd6de64d9b61cec98d6e7b1f8bbfdc8c0d7

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{E0A4444C-EAE3-4AB3-AF0F-E2D8988E05B4}\{165FF66F-A283-4A2F-B73E-9A5279A0F312}\DIFxData.ini
      Filesize

      84B

      MD5

      1eb6253dee328c2063ca12cf657be560

      SHA1

      46e01bcbb287873cf59c57b616189505d2bb1607

      SHA256

      6bc8b890884278599e4c0ca4095cefdf0f5394c5796012d169cc0933e03267a1

      SHA512

      7c573896abc86d899afbce720690454c06dbfafa97b69bc49b8e0ddec5590ce16f3cc1a30408314db7c4206aa95f5c684a6587ea2da033aecc4f70720fc6189e

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{E0A4444C-EAE3-4AB3-AF0F-E2D8988E05B4}\{165FF66F-A283-4A2F-B73E-9A5279A0F312}\FontData.ini
      Filesize

      37B

      MD5

      8ce28395a49eb4ada962f828eca2f130

      SHA1

      270730e2969b8b03db2a08ba93dfe60cbfb36c5f

      SHA256

      a7e91b042ce33490353c00244c0420c383a837e73e6006837a60d3c174102932

      SHA512

      bb712043cddbe62b5bfdd79796299b0c4de0883a39f79cd006d3b04a1a2bed74b477df985f7a89b653e20cb719b94fa255fdaa0819a8c6180c338c01f39b8382

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{E0A4444C-EAE3-4AB3-AF0F-E2D8988E05B4}\{165FF66F-A283-4A2F-B73E-9A5279A0F312}\_isres_0x0409.dll
      Filesize

      1.4MB

      MD5

      34310b90dab7073f5c32d846da4aff3d

      SHA1

      700234d2b820bbf28db60fa8f4f74b6b4b0218c0

      SHA256

      bbc07f49b7d4d579623b56c6667ada4ab9ac2caad6328d781759150b3491ba27

      SHA512

      b8eb80c7f211be066788e8fecaa46109568fd09ac7f6d9fac43d27e5e96b7b6037bff1853f433b6ea01e7725296ace8cc21473e036a4b6693944b505d5cbf1bd

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{E0A4444C-EAE3-4AB3-AF0F-E2D8988E05B4}\{165FF66F-A283-4A2F-B73E-9A5279A0F312}\isrt.dll
      Filesize

      417KB

      MD5

      98c6b4b41996aceeabc6be68533ab5d4

      SHA1

      4708bb8597a4f930a4a742cb2410165ca3ff5278

      SHA256

      695e64964eaa368fc1f7ef8be022adde8bdeabdf31edbf82e0518617615df79b

      SHA512

      246271fcafc9eabbe9d430e07e92dc4178dacbd9e35fb575815ad8563eb0ced95cd1c790e91477439f98975c2011eeefacc518957a0b89f7b7d20fe9eb9973fb

      Download Submit

    • C:\Windows\System32\DriverStore\INFCACHE.1
      Filesize

      1.4MB

      MD5

      a1359a5763bfe06db9f7470a8e4b1db9

      SHA1

      9092979a04acab09221f2df0d225a798dccba023

      SHA256

      28a79db2631996c0546c46eefdefdad731436c9c71c206674b0de32511e6c7d2

      SHA512

      a5f9a9b16045d3071cbb7864986a78c5d773d47d3af84148b7477ee0182c8bacd8589b7f6778896f5a17463d0cca08fd354960c3ef6c7a8e60dc38291f6f1c8d

      Download Submit

    • \??\c:\bixolon printer driver\srp-f312\SRPF312.cat
      Filesize

      14KB

      MD5

      8287be5d1f7f34a4d4bd296870233eca

      SHA1

      934222e1ec253aa02051592acc15340bfdf66943

      SHA256

      b7697df54deb0792f627547626ecf1e1768ff7281084e489ca0c463dc46a50a5

      SHA512

      de4049fe6d9a48dfc925713d03278ae3fba6cc53c26e01ff9b924e0e726fc84b83b44c73a10facaa4cc341fd7a250895b655b3c7864e64120646b5f8d805a294

      Download Submit

    • \??\c:\bixolon printer driver\srp-f312\srpf312.inf
      Filesize

      1KB

      MD5

      6370283cf3c690510ceba8626d9d7bdd

      SHA1

      8d0abc7d9dd99703d945c522491b741a88a8e5be

      SHA256

      42cc17dc09f111fb9fa701ca79274a68516fa3328c0de7f1d76014d843ebf132

      SHA512

      6751b2af9fda14dbfd602d9aac1a49b7024bf6346b7b5e47af6229acc97a740b240a0cd6a8c09da9b7f470cfe8434037fc24378acd2eaa64dab1bcf0e7b8aa7a

      Download Submit

    • \Users\Admin\AppData\Local\Temp\._cache_2025-01-04_439985361f75dac79129b3fc3f062ba6_darkgate_magniber.exe
      Filesize

      10.2MB

      MD5

      d6e6191cef5f226604071c58eb08dce2

      SHA1

      1af89add77f93b0c16ee46fd15af8804ba9549b4

      SHA256

      2fc1e64ad79e1da2181798f6ee5b3f084c4d3231c4625703d7d76e31a845ffd3

      SHA512

      a65cfe4fb7d512e8d2ebf5389f0e65e2a2f70f162058ddd17216acbc8b7ca9339c8cd37fc37e0e3b64ad19de4252fc93d88c63eb835830c853a90fb3849bc052

      Download Submit

    • \Users\Admin\AppData\Local\Temp\{1734CBF7-79FA-48D1-951D-F9D5EED1D716}\Disk1\ISSetup.dll
      Filesize

      781KB

      MD5

      1fdfd3b865a4d3792c7a5dff4834820f

      SHA1

      85048b2c595698cde467b43a51bc770c4f0e047d

      SHA256

      0a52eae209effbf02a8f7194cff5ee0dd3a5635e5ec0a090a081389d3225f48f

      SHA512

      4e2e8129ad29365bb195f7e47f2cd032f4b4056be3f9e67eaeafd2b9a5eb94791e6fa4ffdfbf7075d8950537684ce03aaf5734e7d1cb705885618ccbb2f8b62c

      Download Submit

    • memory/264-0-0x0000000000220000-0x0000000000221000-memory.dmp

      Filesize

      4KB

      Download

    • memory/264-5199-0x0000000000400000-0x0000000000EF3000-memory.dmp

      Filesize

      10.9MB

      Download

    • memory/1552-40-0x0000000010000000-0x0000000010257000-memory.dmp

      Filesize

      2.3MB

      Download

    • memory/1552-10339-0x0000000004300000-0x0000000004410000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1552-10632-0x0000000010000000-0x0000000010257000-memory.dmp

      Filesize

      2.3MB

      Download

    • memory/1552-10338-0x0000000010000000-0x0000000010257000-memory.dmp

      Filesize

      2.3MB

      Download

    • memory/1552-5187-0x0000000004300000-0x0000000004410000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/5192-10775-0x0000000000400000-0x0000000000EF3000-memory.dmp

      Filesize

      10.9MB

      Download

    • memory/5192-10340-0x0000000000400000-0x0000000000EF3000-memory.dmp

      Filesize

      10.9MB

      Download

    • memory/5192-10781-0x0000000000400000-0x0000000000EF3000-memory.dmp

      Filesize

      10.9MB

      Download

    • memory/5192-10898-0x0000000000400000-0x0000000000EF3000-memory.dmp

      Filesize

      10.9MB

      Download

    • memory/20176-10435-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download