Overview

overview

10

Static

static

10

2025-01-04...er.exe

windows7-x64

10

2025-01-04...er.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-01-2025 10:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2025-01-04_439985361f75dac79129b3fc3f062ba6_darkgate_magniber.exe

  • Size

    10.9MB

  • MD5

    439985361f75dac79129b3fc3f062ba6

  • SHA1

    a649b2d152b777a6c1d43c4c08e2bf52bb53d972

  • SHA256

    81defdaafcd1103c8e8af43ba52efc3648f47d2029adb3ff0a3f9c90e21168ba

  • SHA512

    df5b0f11d339572416add3944cc5bfbe2e4e516925db40fa4b7e4d52901137d01580d52ca0c53b01040bbb391e0765d77592124fe9f2e695d370ef23dee03359

  • SSDEEP

    196608:XLysV7fyBk+EPFSlWgLqIAMmVKuGv6zU84RxV3+gTRs1v0KmpGaMV7fyBk+EPm:XR8LMe6zU84Rb+gTg0Kba

Score
10/10
xredbackdoordiscoverypersistence

Malware Config

Extracted

Family

xred

C2

xred.mooo.com

Attributes
  • email

    [email protected]

  • payload_url

    http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

    https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download

    https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1

    http://xred.site50.net/syn/SUpdate.ini

    https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download

    https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1

    http://xred.site50.net/syn/Synaptics.rar

    https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download

    https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1

    http://xred.site50.net/syn/SSLLibrary.dll

Signatures

  • Xred

    Xred is backdoor written in Delphi.

    backdoorxred
  • Xred family
    xred
  • Boot or Logon Autostart Execution: Port Monitors 1 TTPs 13 IoCs

    Adversaries may use port monitors to run an adversary supplied DLL during system boot for persistence or privilege escalation.

    persistence
  • Boot or Logon Autostart Execution: Print Processors 1 TTPs 1 IoCs

    Adversaries may abuse print processors to run malicious DLLs during system boot for persistence and/or privilege escalation.

    persistence
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 10 IoCs
  • Loads dropped DLL 6 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in System32 directory 44 IoCs
  • Drops file in Windows directory 19 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 38 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 63 IoCs
  • Modifies registry class 2 IoCs
  • Runs net.exe
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 38 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-01-04_439985361f75dac79129b3fc3f062ba6_darkgate_magniber.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-01-04_439985361f75dac79129b3fc3f062ba6_darkgate_magniber.exe"
    1⤵
    • Checks computer location settings
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2896
    • C:\Users\Admin\AppData\Local\Temp\._cache_2025-01-04_439985361f75dac79129b3fc3f062ba6_darkgate_magniber.exe
      "C:\Users\Admin\AppData\Local\Temp\._cache_2025-01-04_439985361f75dac79129b3fc3f062ba6_darkgate_magniber.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:1256
      • C:\Users\Admin\AppData\Local\Temp\{B091CE79-50A6-4637-8F51-74DAF5782432}\ISBEW64.exe
        C:\Users\Admin\AppData\Local\Temp\{B091CE79-50A6-4637-8F51-74DAF5782432}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{11D02142-AA2B-48BB-B896-FB1D0530B7CD}
        3⤵
        • Executes dropped EXE
        PID:8212
      • C:\Users\Admin\AppData\Local\Temp\{B091CE79-50A6-4637-8F51-74DAF5782432}\ISBEW64.exe
        C:\Users\Admin\AppData\Local\Temp\{B091CE79-50A6-4637-8F51-74DAF5782432}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6A220091-C964-4C2D-8621-2387FCC9B561}
        3⤵
        • Executes dropped EXE
        PID:8356
      • C:\Users\Admin\AppData\Local\Temp\{B091CE79-50A6-4637-8F51-74DAF5782432}\ISBEW64.exe
        C:\Users\Admin\AppData\Local\Temp\{B091CE79-50A6-4637-8F51-74DAF5782432}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{61A7165F-3838-4E7D-B7FF-C71060111A2E}
        3⤵
        • Executes dropped EXE
        PID:8408
      • C:\Users\Admin\AppData\Local\Temp\{B091CE79-50A6-4637-8F51-74DAF5782432}\ISBEW64.exe
        C:\Users\Admin\AppData\Local\Temp\{B091CE79-50A6-4637-8F51-74DAF5782432}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8B5FF66B-F68E-43FF-88C6-6FCC06179DA3}
        3⤵
        • Executes dropped EXE
        PID:8452
      • C:\Users\Admin\AppData\Local\Temp\{B091CE79-50A6-4637-8F51-74DAF5782432}\ISBEW64.exe
        C:\Users\Admin\AppData\Local\Temp\{B091CE79-50A6-4637-8F51-74DAF5782432}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{36F3BAD5-55BE-45DB-BF32-66A32EDF5A62}
        3⤵
        • Executes dropped EXE
        PID:8560
      • C:\Users\Admin\AppData\Local\Temp\{B091CE79-50A6-4637-8F51-74DAF5782432}\ISBEW64.exe
        C:\Users\Admin\AppData\Local\Temp\{B091CE79-50A6-4637-8F51-74DAF5782432}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E612B684-F5B6-40E9-8450-4E8E8960AA87}
        3⤵
        • Executes dropped EXE
        PID:8668
      • C:\BIXOLON Printer Driver\SRP-F312\SRPF312_Installer.exe
        "C:\BIXOLON Printer Driver\SRP-F312\SRPF312_Installer"
        3⤵
        • Boot or Logon Autostart Execution: Print Processors
        • Executes dropped EXE
        • Drops file in System32 directory
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:3764
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c RUNDLL32 printui.dll,PrintUIEntry /ia /m "BIXOLON SRP-F312" /f .\SRPF312.inf
          4⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:8180
          • C:\Windows\SysWOW64\rundll32.exe
            RUNDLL32 printui.dll,PrintUIEntry /ia /m "BIXOLON SRP-F312" /f .\SRPF312.inf
            5⤵
            • Drops file in Windows directory
            • System Location Discovery: System Language Discovery
            PID:8128
        • C:\Windows\SysWOW64\net.exe
          net start spooler
          4⤵
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:1972
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 start spooler
            5⤵
            • System Location Discovery: System Language Discovery
            PID:6140
    • C:\ProgramData\Synaptics\Synaptics.exe
      "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:428
      • C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
        "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:4688
  • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:4708
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
    1⤵
    • Drops file in Windows directory
    • Checks SCSI registry key(s)
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:7952
    • C:\Windows\system32\DrvInst.exe
      DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{e3ed8d10-226f-2c43-824a-4590be7fad5b}\srpf312.inf" "9" "486a2d4eb" "00000000000000E8" "WinSta0\Default" "0000000000000150" "208" "c:\bixolon printer driver\srp-f312"
      2⤵
      • Drops file in System32 directory
      • Drops file in Windows directory
      • Checks SCSI registry key(s)
      • Modifies data under HKEY_USERS
      PID:7916
  • C:\Windows\System32\spoolsv.exe
    C:\Windows\System32\spoolsv.exe
    1⤵
    • Boot or Logon Autostart Execution: Port Monitors
    • Drops file in System32 directory
    • Checks SCSI registry key(s)
    • Modifies data under HKEY_USERS
    PID:5788

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\BIXOLON Printer Driver\SRP-F312\BXLCtrlAEditor.exe
    Filesize

    331KB

    MD5

    0d6b97ddb5e02d95a4c2054143ae68b2

    SHA1

    75fed457f8abf5d9528cd09e78bbdafb00799ca8

    SHA256

    db6cb2dcdf32f9069e2a6e3840f004c0ec0ec536129e0c17d2b54f13ac00bc46

    SHA512

    2484360cc3e73ee1f76f2a4849846f70c3921dde0683fcc74ec2c82e6709ba575152e380e3550a0e689d718c722b38ded5e3bf78d975d054cde7254cba9e0146

    Download Submit

  • C:\BIXOLON Printer Driver\SRP-F312\Driver32\SRPAD77.tmp
    Filesize

    8KB

    MD5

    1243a6b4ccaea5503e49a71ac78b821e

    SHA1

    4cd477885cf1e28dfb9087c5b89e36d14e46bb3b

    SHA256

    eb6c877aa8fa72cdf38705e1737072d9f691e472ba8316da910b7ccb6344fb0e

    SHA512

    1d1b7978a3add8a637acaad04c2d1a95bdcc0afdab9325a461753953e58e8cd768d6e2114eddfac2378f3a44ab34cb23a3b85d2731954c6f14677794a7a73528

    Download Submit

  • C:\BIXOLON Printer Driver\SRP-F312\Driver32\STDAD8B.tmp
    Filesize

    14KB

    MD5

    cd0ba5f62202298a6367e0e34cf5a37e

    SHA1

    0507c7264281efb362931deb093308a5cc0f23a5

    SHA256

    b5e8e0c7339ef73f4dd20e2570ee2c79f06ca983f74d175dbe90c0319c70ce3a

    SHA512

    0da97d886bbf6e06bdef240b0ca32e80ed56140349902f2a58fcd00a95f85aedeabb779ca99308da39e995bdb7c179e2d7a0705643af609ec7e05323964851f8

    Download Submit

  • C:\BIXOLON Printer Driver\SRP-F312\Driver32\UIFAD8E.tmp
    Filesize

    65B

    MD5

    1f1c099c5733d30e86c2261c6c6fd7d5

    SHA1

    5eeccf813df3edf0688f69936eaa3c8eaf830237

    SHA256

    a3b8dd3f18e09d19725ec6a7f383b423a8159bb9ef320150156ba606648f07f3

    SHA512

    92e746a22ebad9dc0366979ab25d159eb79f4162a5425fdac2076ed0e0eff300e01d467179b084747c6ca208eca84db9f54c92b878893744e0f482f8fdd3aef1

    Download Submit

  • C:\BIXOLON Printer Driver\SRP-F312\Driver32\UNIADE1.tmp
    Filesize

    20KB

    MD5

    6798f64959c913673bd66cd4e47f4a65

    SHA1

    c50faa64c8267ac7106401e69da5c15fc3f2034c

    SHA256

    0c02b226be4e7397f8c98799e58b0a512515e462ccdaac04edc10e3e1091c011

    SHA512

    8d208306b6d0f892a2f16f8070a89d8edb968589896cb70cf46f43bf4befb7c4ca6a278c35fe8a2685cc784505efb77c32b0aabf80d13bcc0d10a39ae8afb55a

    Download Submit

  • C:\BIXOLON Printer Driver\SRP-F312\ImageMacro.exe
    Filesize

    1.2MB

    MD5

    bbe2ab2bd5ff913c8737e0d30e944e2a

    SHA1

    914927f0ca87947f504b71504274853dd59a8b89

    SHA256

    4f039e6ecee8807bb8ae0af3e47bbfa0400ed8d481c67aca41c1f44d76206b54

    SHA512

    084de959b286d6365d8a66794e79da6480f83a39c1f560bce6a6019c9993e650b502608ee91c9532cadca13e845dc0f6d633ea6e2f1eb1e951cfc15a446036ed

    Download Submit

  • C:\BIXOLON Printer Driver\SRP-F312\JournalViewer.exe
    Filesize

    123KB

    MD5

    b86146f60a1e7d801b718df3aae839fd

    SHA1

    2631fa0b0289ab75945428e0b7a5d4136b5fd5f2

    SHA256

    f6e79a96c4a0ed35024adc0c957b3b3f0b290b18291a1c7028d6f41ee46c20fd

    SHA512

    1c9e15a94bdbee6ba8d7b546484182cb3284ed1bd2ab86ca8cb3bc18fa86e71f2cf5cf8c6143725d879a3aee2da94662df022ba14c1a41e01ed88ce0d83d98ef

    Download Submit

  • C:\BIXOLON Printer Driver\SRP-F312\SRP-F312_NVTool_V1.1.0.exe
    Filesize

    152KB

    MD5

    86fb0b5431728f7124de3cb9e1f9a5f9

    SHA1

    223a7de301ea682f7a2aab8e0744e3589d42bfd7

    SHA256

    a1a91590c45713989eeef73fe30998c4e186a714f6fe3747d9a9d0855a738050

    SHA512

    33e02be2effb48969a6fd21d75d60f8f81327de2476504147df4cccaba073108a6ac885f432ae6ada1dea2947ad36698b06855af85f9edf31f33170e3985665e

    Download Submit

  • C:\BIXOLON Printer Driver\SRP-F312\SRPF312.INI
    Filesize

    68B

    MD5

    1b484e7ba0ee1d15cd2e8ac536873354

    SHA1

    a67a53db9a9886807f15bded8ee9fe94c2832470

    SHA256

    54186380654c040bc3c106e252e58cd01b0773c88df3566c80fd5abde5d7a17f

    SHA512

    6645be76902cb23d034aa063731042ac788cfb4fd72e097c84c4e43ec31fcc441377ba683d965312f271ea05f2e18c443bd6f1edadb59b78f9e206a26a86e43d

    Download Submit

  • C:\BIXOLON Printer Driver\SRP-F312\SRPF312_Config.BXL
    Filesize

    294B

    MD5

    bb56a0772b4d6c5b7d78c93854aa2ca2

    SHA1

    de7fe97d5828eb0a4bcdc9d36a3a329e2699bff0

    SHA256

    d872ca85aafd2f534b0181af3beb87029281e346157ca1415281c6cde203929a

    SHA512

    d976978da4e4229f3e3fb60d001d9940b76f24b9fa9323812430d8c08467f5d53eaabb7564f0fe834cd8845783d82fdfe988ac11d1723704fec4e54522c2b267

    Download Submit

  • C:\BIXOLON Printer Driver\SRP-F312\SRPF312_Installer.exe
    Filesize

    1.7MB

    MD5

    a5f621b39cfb6bdb3ba9267541da9889

    SHA1

    90dbdabeb53e1802161e52d489a23938c7fb14ac

    SHA256

    91bcbc846c76799ff45f2468f143df4c085bc58f61a6dbe3565ee67274f2d1d4

    SHA512

    55e34a936d83381afeb2a1db5fe7a29e6d472d378003231787b8f005057eacb2102a5d73bf9d42808d593acc43f13c7cb7cc449dd8450af1bdfe73986b5640bc

    Download Submit

  • C:\BIXOLON Printer Driver\SRP-F312\SRPF312_Uninstaller.exe
    Filesize

    1.7MB

    MD5

    09f3aedc4e17c97dfcb14a005ba14fcd

    SHA1

    bfde23993bda0261ee5379ca9a93bb34d3ed0925

    SHA256

    baee0786e432423a5ce14d53ac0dbfc768047e3ae4d008b1fb107f8662b8105b

    SHA512

    67f7af102f4ffffbab7c5db2cfb55c3fd664c92d4eeb6d0883b2e73b231b86778989a1130072c3376fcd5ea3c06ddc35efe69bfbfb38ba5187c4c6eaaa5665e6

    Download Submit

  • C:\BIXOLON Printer Driver\SRP-F312\TextMacro.exe
    Filesize

    119KB

    MD5

    f5248f59e6a4a4bd79466881c1e2c75a

    SHA1

    4978566f9304524ddcd19186e9b0815fe14d421a

    SHA256

    310dcf991b2ff88af00061e88be536dd3dbef25dd1b0712ff2204932a5c61280

    SHA512

    72cb3ec930d6c34354776f89b726fb3d89c7f58c8f86c5960a7ee2463bef1e7236c170ebb908081fe38df028117c7700450b544e71b43593e6bad85c38c68d75

    Download Submit

  • C:\BIXOLON Printer Driver\SRP-F312\VMSM.exe
    Filesize

    3.1MB

    MD5

    72907140badc15e8f151093c53ff9cb7

    SHA1

    921ae6d219425bf2e59bec9df84c89733b98f443

    SHA256

    bc93baf4931b07ead21e782190a372f0e662abe9e085da2e96ee6446e0c39f0b

    SHA512

    9bb0c0665ad31a9e9a284a7229d038d34328398b34a5a5ab8d965241230d5664d39ad27c9a08663a06ca84275fe21e0bb3761c2327d1f23f5730419074013f0c

    Download Submit

  • C:\ProgramData\Synaptics\Synaptics.exe
    Filesize

    10.9MB

    MD5

    439985361f75dac79129b3fc3f062ba6

    SHA1

    a649b2d152b777a6c1d43c4c08e2bf52bb53d972

    SHA256

    81defdaafcd1103c8e8af43ba52efc3648f47d2029adb3ff0a3f9c90e21168ba

    SHA512

    df5b0f11d339572416add3944cc5bfbe2e4e516925db40fa4b7e4d52901137d01580d52ca0c53b01040bbb391e0765d77592124fe9f2e695d370ef23dee03359

    Download Submit

  • C:\Temp\SRP-F312_Installer.txt
    Filesize

    1KB

    MD5

    e87961f081120c035e0ac92df28c04c2

    SHA1

    8efea122e3eeed29794147cb528fb27749d17e07

    SHA256

    7d79d0b771be763a6802ee0a1fe643415378b21c86f14b6c28cdc8960fd634d6

    SHA512

    0eebc84e015eb8376dffcc01e4128ec398cd882a7594125feed35dbd356ebb1cf14ad4916e65c99621e1050fad9385be6f1c13238cb868a1f479b8def5e4eda2

    Download Submit

  • C:\Temp\SRP-F312_Installer.txt
    Filesize

    2KB

    MD5

    6cc9eb95e0e4898d5b2ecfb3a9ac11ec

    SHA1

    0c65b60a9ed2c778363bc4114f0e7a34339fce4b

    SHA256

    85bcd876e3b8d220124bc2389a02390c24b494065f8f9ce889d27b2da73b842d

    SHA512

    6fc90275b1503b6298d94b6737c67758366324e668a9be5557329db2834319c7aaca5346cf15b743c765085fbfc201680c35290215998339d71160b045cc2abf

    Download Submit

  • C:\Temp\SRP-F312_Installer.txt
    Filesize

    5KB

    MD5

    12642efda563e1b28b0af45afaf0a185

    SHA1

    32f334d14eced6eceb3044b5c85900905bbbdce4

    SHA256

    c74769f57400381b4b4fa7690a54d94abd2be3ba67cbe55cdfe340c792bce428

    SHA512

    31d25345675855625fcd3ff95d061ed540ffdd7752794cf983bc7b57d65328d6587765ab1e130453cf30da6adbd5da063681364e72d40f08632b00cb460222f0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\._cache_2025-01-04_439985361f75dac79129b3fc3f062ba6_darkgate_magniber.exe
    Filesize

    10.2MB

    MD5

    d6e6191cef5f226604071c58eb08dce2

    SHA1

    1af89add77f93b0c16ee46fd15af8804ba9549b4

    SHA256

    2fc1e64ad79e1da2181798f6ee5b3f084c4d3231c4625703d7d76e31a845ffd3

    SHA512

    a65cfe4fb7d512e8d2ebf5389f0e65e2a2f70f162058ddd17216acbc8b7ca9339c8cd37fc37e0e3b64ad19de4252fc93d88c63eb835830c853a90fb3849bc052

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\BF975E00
    Filesize

    22KB

    MD5

    3a764ab19f97d2cf87aab1c8763fc810

    SHA1

    551fc0f2119f12d886495ac69e5ce98859a0f3ff

    SHA256

    924dce51250c3213747962e09c4bc7568c8b4244dbaf5c88a4a2346c803bb01b

    SHA512

    afe0a2bc575add73f8a4b7ef5d5bfee03a3a061283614a4e52601dc18d62e0507935aa14dd643da4483c13423134b3c3602aaf44de2f07faf6c37596a00f2e93

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\YbP78I8R.xlsm
    Filesize

    17KB

    MD5

    e566fc53051035e1e6fd0ed1823de0f9

    SHA1

    00bc96c48b98676ecd67e81a6f1d7754e4156044

    SHA256

    8e574b4ae6502230c0829e2319a6c146aebd51b7008bf5bbfb731424d7952c15

    SHA512

    a12f56ff30ea35381c2b8f8af2446cf1daa21ee872e98cad4b863db060acd4c33c5760918c277dadb7a490cb4ca2f925d59c70dc5171e16601a11bc4a6542b04

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\skin7d3e.rra
    Filesize

    25KB

    MD5

    4b4710ec6332f22f2cc85744b6a2bd8c

    SHA1

    9978539594c4f9bf6ad98032f9bf2abd10d0b2b5

    SHA256

    e9ccebc18123b09ad7ec2ee208cb795a5dfbdbba9e60b31ccdd409636c5cf1c0

    SHA512

    813ea91adf0c84500350d55ee705c99393f9d0d099ef67c2afad1fc4701ef546f4ba41ef785ccabcf7e24ba92e212ccec3aa50b4f9fc690f5096e4f21d844be7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{2C152EBE-A20C-49E0-8CF4-30A4319124F1}\Disk1\ISSetup.dll
    Filesize

    781KB

    MD5

    1fdfd3b865a4d3792c7a5dff4834820f

    SHA1

    85048b2c595698cde467b43a51bc770c4f0e047d

    SHA256

    0a52eae209effbf02a8f7194cff5ee0dd3a5635e5ec0a090a081389d3225f48f

    SHA512

    4e2e8129ad29365bb195f7e47f2cd032f4b4056be3f9e67eaeafd2b9a5eb94791e6fa4ffdfbf7075d8950537684ce03aaf5734e7d1cb705885618ccbb2f8b62c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{2C152EBE-A20C-49E0-8CF4-30A4319124F1}\Disk1\data1.cab
    Filesize

    988KB

    MD5

    64f89030992e6e59e19bb9c45d81cf9f

    SHA1

    eeee62ccf9cb1e179462f42bf91feef246c1e004

    SHA256

    8c929c6c291073ba50de90f2ecfc518423e9c408e96808ca2f3e26fb4e87a2bc

    SHA512

    1ec742629f2a658cd6eeaac1c0dae57dc55f1f9c83b318fb47746f965a3e4a2f61d0b39ea7633e89e1ccda766e344dbe3e6895acb191f56199d73edc589e098e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{2C152EBE-A20C-49E0-8CF4-30A4319124F1}\Disk1\data1.hdr
    Filesize

    17KB

    MD5

    aaa56c73ba39717c9a7169670aa4664f

    SHA1

    edc9e2497531837a427074d2104bcaad2d141d6b

    SHA256

    aa13b95e203ab63fa4aa7d4246b416190e51faeb84c33f67acd4a00bc1b84313

    SHA512

    0806274c4a48a86eb082ded6945a4947e466ad652e82765a21f0b67e594e7e06c6cda046be59c195fd7973ab6cdb392fb0533c6c6cb07a055ecc87fc6c74d3e7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{B091CE79-50A6-4637-8F51-74DAF5782432}\ISBEW64.exe
    Filesize

    176KB

    MD5

    9f9c3f526ee03b257b7447d4305b9c73

    SHA1

    f0412cd79b2c733f5fa4b1f26c9fae753491be2e

    SHA256

    e933bf52d25f7bfc5ec0b58cd0df771dbc696b5ebe5a41a11cd1703f7348a669

    SHA512

    f5bc22491049858b49263c1bad8732726caf25d0da7c7fae7ff4448d8fe77d2f3882abc99fc376c17635ba9b37d9cdd6de64d9b61cec98d6e7b1f8bbfdc8c0d7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{B091CE79-50A6-4637-8F51-74DAF5782432}\{165FF66F-A283-4A2F-B73E-9A5279A0F312}\DIFxData.ini
    Filesize

    84B

    MD5

    1eb6253dee328c2063ca12cf657be560

    SHA1

    46e01bcbb287873cf59c57b616189505d2bb1607

    SHA256

    6bc8b890884278599e4c0ca4095cefdf0f5394c5796012d169cc0933e03267a1

    SHA512

    7c573896abc86d899afbce720690454c06dbfafa97b69bc49b8e0ddec5590ce16f3cc1a30408314db7c4206aa95f5c684a6587ea2da033aecc4f70720fc6189e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{B091CE79-50A6-4637-8F51-74DAF5782432}\{165FF66F-A283-4A2F-B73E-9A5279A0F312}\FontData.ini
    Filesize

    37B

    MD5

    8ce28395a49eb4ada962f828eca2f130

    SHA1

    270730e2969b8b03db2a08ba93dfe60cbfb36c5f

    SHA256

    a7e91b042ce33490353c00244c0420c383a837e73e6006837a60d3c174102932

    SHA512

    bb712043cddbe62b5bfdd79796299b0c4de0883a39f79cd006d3b04a1a2bed74b477df985f7a89b653e20cb719b94fa255fdaa0819a8c6180c338c01f39b8382

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{B091CE79-50A6-4637-8F51-74DAF5782432}\{165FF66F-A283-4A2F-B73E-9A5279A0F312}\_isres_0x0409.dll
    Filesize

    1.4MB

    MD5

    34310b90dab7073f5c32d846da4aff3d

    SHA1

    700234d2b820bbf28db60fa8f4f74b6b4b0218c0

    SHA256

    bbc07f49b7d4d579623b56c6667ada4ab9ac2caad6328d781759150b3491ba27

    SHA512

    b8eb80c7f211be066788e8fecaa46109568fd09ac7f6d9fac43d27e5e96b7b6037bff1853f433b6ea01e7725296ace8cc21473e036a4b6693944b505d5cbf1bd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{B091CE79-50A6-4637-8F51-74DAF5782432}\{165FF66F-A283-4A2F-B73E-9A5279A0F312}\isrt.dll
    Filesize

    417KB

    MD5

    98c6b4b41996aceeabc6be68533ab5d4

    SHA1

    4708bb8597a4f930a4a742cb2410165ca3ff5278

    SHA256

    695e64964eaa368fc1f7ef8be022adde8bdeabdf31edbf82e0518617615df79b

    SHA512

    246271fcafc9eabbe9d430e07e92dc4178dacbd9e35fb575815ad8563eb0ced95cd1c790e91477439f98975c2011eeefacc518957a0b89f7b7d20fe9eb9973fb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{B091CE79-50A6-4637-8F51-74DAF5782432}\{165FF66F-A283-4A2F-B73E-9A5279A0F312}\setup.inx
    Filesize

    238KB

    MD5

    0cb4370f90e8902f820a58b6733d5895

    SHA1

    b2dac82856c58e0521929418f6a59a490c2a66c3

    SHA256

    8813f7f1578dac6304d79da310bdf1ec620b0c0ffe14c2e4f0e13b3e54e56c0c

    SHA512

    f5e1f86d71886cb486db9350e406f75d528b50eed8bb1ae1fbbf5475c01f67be454b0790555a6bc3eaeb6168198406507beb6317f1a7b701c9834b9a6723001d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{D827A86C-E917-4A6D-A3B7-3EBDED8B025A}\0x0409.ini
    Filesize

    21KB

    MD5

    be345d0260ae12c5f2f337b17e07c217

    SHA1

    0976ba0982fe34f1c35a0974f6178e15c238ed7b

    SHA256

    e994689a13b9448c074f9b471edeec9b524890a0d82925e98ab90b658016d8f3

    SHA512

    77040dbee29be6b136a83b9e444d8b4f71ff739f7157e451778fb4fccb939a67ff881a70483de16bcb6ae1fea64a89e00711a33ec26f4d3eea8e16c9e9553eff

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{D827A86C-E917-4A6D-A3B7-3EBDED8B025A}\0x0412.ini
    Filesize

    13KB

    MD5

    73e70a6b9354e80237c8e2b3170830a0

    SHA1

    b4c8777ce9c2d2fff4c0c914825cbe698feaadaf

    SHA256

    316577cf74d3545d632b0de55513a3511d654849655157cb84821b871ec081e9

    SHA512

    f15e736e7c0b55437b39869a0bbce15d5365f04c70be23fc373d83ce0e99e0a806244c1c44cd298dc4970d20af6cb1198a9d84749f5d5ac02162c261b1460ed7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{D827A86C-E917-4A6D-A3B7-3EBDED8B025A}\Disk1\setup.exe
    Filesize

    1.1MB

    MD5

    dcdf7f2a1443ecf19213ffe275fd003d

    SHA1

    e88cebc1b4cafeacf101f15a64f0367aafbe8148

    SHA256

    1f70dbc910d120fa063c1d5bd5e8b008948fb8004e6087a68ceb53b6e75aee08

    SHA512

    88f07475f1cb31c743b86f7501ed34a757f0d6ce4c59aeea4341f5cb963db812fc27f7a89b2c70bcaa45d85b93419c5dfdcf9d7db6c4d3f7369750fc0d749947

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{D827A86C-E917-4A6D-A3B7-3EBDED8B025A}\Disk1\setup.ini
    Filesize

    2KB

    MD5

    78f3991c887b9c27b56fcb06069eec67

    SHA1

    688667b4b1b5f3e7eff62a906821d10954c11411

    SHA256

    b94f58ab99b175d47bb97881512ae12510deaac8c1e9804c6efa33a50ce8e674

    SHA512

    0e572d6e1b6120c8a757c4daac711623780cfb5dbd75bd076c9d77bf8b0714cfcd55a373d5f23950a21f9b2e6c4f2c0aac6f11fb50c389a7c59571545d781ca4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{D827A86C-E917-4A6D-A3B7-3EBDED8B025A}\Disk1\setup.isn
    Filesize

    253KB

    MD5

    2c1eaf7365689693f0db2867680e26f7

    SHA1

    4e76f27ecd3b4426d2c828fdafd9f5f13cfc3426

    SHA256

    ab1ddb8870b410a6db38f02a8d7763dd3a1fa393b7d617cc11392b25bafd6175

    SHA512

    9b40aac9cc128d1cf1ea0a41c39d7ee9f76ae0987b5c4c49a942e3ac3eeebe03b065db1b1808963f69690e5030b84e8534b9a411dbcc9434f5504df208f5fc5e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{e3ed8d10-226f-2c43-824a-4590be7fad5b}\Driver64\SETC796.tmp
    Filesize

    171KB

    MD5

    c87e5ad06a43b1ac3a7242d45fbf2e37

    SHA1

    3234550f3211f9c6fd943c37c5ebf4c8daa009ae

    SHA256

    d954d1c8e694ff1666cffe703999e44e225c35835b777461678bfb35c482a05c

    SHA512

    0adf9922e044d0f7b07e0f21f8f2ae94c5cdb601cc89462c01df8ae9203a7860aad26cb72c7d5d56b8b49d75de4d40efb523f8150b907c7342d9a6bb857dcdc2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{e3ed8d10-226f-2c43-824a-4590be7fad5b}\Driver64\SETC7B7.tmp
    Filesize

    23KB

    MD5

    c0c096dde4274f76b12de0111f209945

    SHA1

    d61d61fe98b38c17aba03ac054068bd7b9b8c179

    SHA256

    cb459ee284dd68b94a380e500e26a4bb67e2a537c5527aeb7493a4d062fd1e60

    SHA512

    75746309bac856098fcd8cda5e4131cdb6d3e8e15c753d38a9bd6a6c2dacfa5c5d4a2071f15685b3924e9b9f0115d0628b4187d65c99c822de21837cc2278c86

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{e3ed8d10-226f-2c43-824a-4590be7fad5b}\Driver64\SETC7B8.tmp
    Filesize

    18KB

    MD5

    2fa4671ff84c50d035b8e8e5b80e6037

    SHA1

    e9d5005721e76a875adc10398709ba692e11926d

    SHA256

    514c4d8210f1c59723bac834af1898673620f99e8bc30b155fed94220ee0c630

    SHA512

    93c0aae8cf5f71c726beea66518d31e588a9037fc6322ee45b8ba9aa43ada85fbcc72970357f28084471435dbd7c81469328d79f7aec1f6d37228fbff6f33c87

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{e3ed8d10-226f-2c43-824a-4590be7fad5b}\Driver64\SETC7B9.tmp
    Filesize

    74KB

    MD5

    2b9436e8e53170d6a9f07ff79b975a8a

    SHA1

    e8f9c216853e4389ca607c09dead3067f843e8aa

    SHA256

    8c375a6d3fafe8c00fe0e76193820b923fbac313d1c64b16fa88b5877c7ef1e9

    SHA512

    3d6b17fa1e0095a6f2f8d5f1bf13dcede92eb0477407ceae3044794883d807127cb8d723e406ed223772aa8d00c7133523c50389e78e1ae5f3fd0d094699d883

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{e3ed8d10-226f-2c43-824a-4590be7fad5b}\Driver64\SETC7BB.tmp
    Filesize

    149KB

    MD5

    a1c7d1560ac5aaff2922e417329fc717

    SHA1

    f1024af1f4b0cce6adb17362cec8923acb903263

    SHA256

    95d26944a31b3a28646fcb060d4c18bed83bdee64617084c72131be706d6db5e

    SHA512

    cf68b52792c6e7241bcd972729c8835f97fdc1e1c6c6c956b2b1feadc91e5fa8f60dacdae79f5e64de371f527e8fb196f351e722bc9b0d49e723adff61baf9a5

    Download Submit

  • \??\c:\bixolon printer driver\srp-f312\SRPF312.cat
    Filesize

    14KB

    MD5

    8287be5d1f7f34a4d4bd296870233eca

    SHA1

    934222e1ec253aa02051592acc15340bfdf66943

    SHA256

    b7697df54deb0792f627547626ecf1e1768ff7281084e489ca0c463dc46a50a5

    SHA512

    de4049fe6d9a48dfc925713d03278ae3fba6cc53c26e01ff9b924e0e726fc84b83b44c73a10facaa4cc341fd7a250895b655b3c7864e64120646b5f8d805a294

    Download Submit

  • \??\c:\bixolon printer driver\srp-f312\srpf312.inf
    Filesize

    1KB

    MD5

    6370283cf3c690510ceba8626d9d7bdd

    SHA1

    8d0abc7d9dd99703d945c522491b741a88a8e5be

    SHA256

    42cc17dc09f111fb9fa701ca79274a68516fa3328c0de7f1d76014d843ebf132

    SHA512

    6751b2af9fda14dbfd602d9aac1a49b7024bf6346b7b5e47af6229acc97a740b240a0cd6a8c09da9b7f470cfe8434037fc24378acd2eaa64dab1bcf0e7b8aa7a

    Download Submit

  • memory/428-11055-0x0000000000400000-0x0000000000EF3000-memory.dmp

    Filesize

    10.9MB

    Download

  • memory/428-11089-0x0000000000400000-0x0000000000EF3000-memory.dmp

    Filesize

    10.9MB

    Download

  • memory/428-11101-0x0000000000400000-0x0000000000EF3000-memory.dmp

    Filesize

    10.9MB

    Download

  • memory/428-10549-0x0000000000400000-0x0000000000EF3000-memory.dmp

    Filesize

    10.9MB

    Download

  • memory/428-10947-0x0000000000400000-0x0000000000EF3000-memory.dmp

    Filesize

    10.9MB

    Download

  • memory/1256-10548-0x0000000004AD0000-0x0000000004BE0000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1256-480-0x0000000000B50000-0x0000000000B52000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1256-10945-0x0000000002830000-0x0000000002A87000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/1256-10547-0x0000000002830000-0x0000000002A87000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/1256-243-0x0000000002830000-0x0000000002A87000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/1256-5394-0x0000000004AD0000-0x0000000004BE0000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1256-5395-0x0000000004AD0000-0x0000000004BE0000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2896-0-0x0000000002DA0000-0x0000000002DA1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2896-1670-0x0000000000400000-0x0000000000EF3000-memory.dmp

    Filesize

    10.9MB

    Download

  • memory/4708-5380-0x00007FFA8FE30000-0x00007FFA8FE40000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4708-5385-0x00007FFA8DDD0000-0x00007FFA8DDE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4708-5383-0x00007FFA8FE30000-0x00007FFA8FE40000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4708-5384-0x00007FFA8FE30000-0x00007FFA8FE40000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4708-5382-0x00007FFA8FE30000-0x00007FFA8FE40000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4708-5386-0x00007FFA8DDD0000-0x00007FFA8DDE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4708-5381-0x00007FFA8FE30000-0x00007FFA8FE40000-memory.dmp

    Filesize

    64KB

    Download