xred | 8a58157c7f0bfd5e19c41a6816d563804afedb384bc55268b893dd00f644168e

Analysis

max time kernel
14s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20250410-en
resource tags

arch:x64arch:x86image:win10v2004-20250410-enlocale:en-usos:windows10-2004-x64system
submitted
11/04/2025, 07:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-04-11_c7f0965068af5f6299108153cbac9f99_black-basta_darkgate_elex_luca-stealer.exe
Size

8.1MB
MD5

c7f0965068af5f6299108153cbac9f99
SHA1

74815195fff3cf56a1fc59584105972f3e07ef5f
SHA256

8a58157c7f0bfd5e19c41a6816d563804afedb384bc55268b893dd00f644168e
SHA512

1795a8a976d9df32d348f6c8770e1704c594ef6e4062812cbc37bd06ba163c3209f36e12157cc00a66d286e47c091455f77e5fb3fcc0ca1a313cf977e7590a0a
SSDEEP

196608:uLn5FdsbOcRZO6Q55CfSzCfKXFR5a4t3QXZuXc1o9yaaI6HMaJTtGbja:u3CCcRZO106Wf749yX

Score

10^/10

xred backdoor discovery persistence

Malware Config

Extracted

Family

xred

xred.mooo.com

Attributes

email
[email protected]
payload_url
http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download

https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1

http://xred.site50.net/syn/SUpdate.ini

https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download

https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1

http://xred.site50.net/syn/Synaptics.rar

https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download

https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1

http://xred.site50.net/syn/SSLLibrary.dll

Signatures

Xred
Xred is backdoor written in Delphi.
backdoor xred
Xred family
xred

Checks computer location settings 2 TTPs 6 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation	._cache_2025-04-11_c7f0965068af5f6299108153cbac9f99_black-basta_darkgate_elex_luca-stealer.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation	Synaptics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation	Synaptics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation	._cache_Synaptics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation	._cache_Synaptics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000\Control Panel\International\Geo\Nation	2025-04-11_c7f0965068af5f6299108153cbac9f99_black-basta_darkgate_elex_luca-stealer.exe

Executes dropped EXE 5 IoCs

pid	Process
2588	._cache_2025-04-11_c7f0965068af5f6299108153cbac9f99_black-basta_darkgate_elex_luca-stealer.exe
4792	Synaptics.exe
4756	Synaptics.exe
2736	._cache_Synaptics.exe
3048	._cache_Synaptics.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe"	2025-04-11_c7f0965068af5f6299108153cbac9f99_black-basta_darkgate_elex_luca-stealer.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks system information in the registry 2 TTPs 6 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	._cache_2025-04-11_c7f0965068af5f6299108153cbac9f99_black-basta_darkgate_elex_luca-stealer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	._cache_2025-04-11_c7f0965068af5f6299108153cbac9f99_black-basta_darkgate_elex_luca-stealer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	._cache_Synaptics.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	._cache_Synaptics.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	._cache_Synaptics.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	._cache_Synaptics.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\._cache_Synaptics.exe	Synaptics.exe
File opened for modification	C:\Windows\SysWOW64\._cache_Synaptics.exe	Synaptics.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Synaptics.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	._cache_Synaptics.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	._cache_Synaptics.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-04-11_c7f0965068af5f6299108153cbac9f99_black-basta_darkgate_elex_luca-stealer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	._cache_2025-04-11_c7f0965068af5f6299108153cbac9f99_black-basta_darkgate_elex_luca-stealer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Synaptics.exe

Checks processor information in registry 2 TTPs 9 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	._cache_Synaptics.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	._cache_Synaptics.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	._cache_Synaptics.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	._cache_Synaptics.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	._cache_Synaptics.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	._cache_Synaptics.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	._cache_Synaptics.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	._cache_Synaptics.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	._cache_Synaptics.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	._cache_Synaptics.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	._cache_Synaptics.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	._cache_Synaptics.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	2025-04-11_c7f0965068af5f6299108153cbac9f99_black-basta_darkgate_elex_luca-stealer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	Synaptics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	Synaptics.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4464	EXCEL.EXE

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2588	._cache_2025-04-11_c7f0965068af5f6299108153cbac9f99_black-basta_darkgate_elex_luca-stealer.exe
2736	._cache_Synaptics.exe
3048	._cache_Synaptics.exe
4464	EXCEL.EXE
4464	EXCEL.EXE
4464	EXCEL.EXE
4464	EXCEL.EXE
3196	OfficeClickToRun.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 4648 wrote to memory of 2588	4648	2025-04-11_c7f0965068af5f6299108153cbac9f99_black-basta_darkgate_elex_luca-stealer.exe	87
PID 4648 wrote to memory of 2588	4648	2025-04-11_c7f0965068af5f6299108153cbac9f99_black-basta_darkgate_elex_luca-stealer.exe	87
PID 4648 wrote to memory of 2588	4648	2025-04-11_c7f0965068af5f6299108153cbac9f99_black-basta_darkgate_elex_luca-stealer.exe	87
PID 4648 wrote to memory of 4792	4648	2025-04-11_c7f0965068af5f6299108153cbac9f99_black-basta_darkgate_elex_luca-stealer.exe	90
PID 4648 wrote to memory of 4792	4648	2025-04-11_c7f0965068af5f6299108153cbac9f99_black-basta_darkgate_elex_luca-stealer.exe	90
PID 4648 wrote to memory of 4792	4648	2025-04-11_c7f0965068af5f6299108153cbac9f99_black-basta_darkgate_elex_luca-stealer.exe	90
PID 3460 wrote to memory of 4756	3460	cmd.exe	91
PID 3460 wrote to memory of 4756	3460	cmd.exe	91
PID 3460 wrote to memory of 4756	3460	cmd.exe	91
PID 4756 wrote to memory of 2736	4756	Synaptics.exe	92
PID 4756 wrote to memory of 2736	4756	Synaptics.exe	92
PID 4756 wrote to memory of 2736	4756	Synaptics.exe	92
PID 4792 wrote to memory of 3048	4792	Synaptics.exe	94
PID 4792 wrote to memory of 3048	4792	Synaptics.exe	94
PID 4792 wrote to memory of 3048	4792	Synaptics.exe	94
PID 2588 wrote to memory of 3196	2588	._cache_2025-04-11_c7f0965068af5f6299108153cbac9f99_black-basta_darkgate_elex_luca-stealer.exe	99
PID 2588 wrote to memory of 3196	2588	._cache_2025-04-11_c7f0965068af5f6299108153cbac9f99_black-basta_darkgate_elex_luca-stealer.exe	99

C:\Users\Admin\AppData\Local\Temp\2025-04-11_c7f0965068af5f6299108153cbac9f99_black-basta_darkgate_elex_luca-stealer.exe
"C:\Users\Admin\AppData\Local\Temp\2025-04-11_c7f0965068af5f6299108153cbac9f99_black-basta_darkgate_elex_luca-stealer.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4648
- C:\Users\Admin\AppData\Local\Temp\._cache_2025-04-11_c7f0965068af5f6299108153cbac9f99_black-basta_darkgate_elex_luca-stealer.exe
  "C:\Users\Admin\AppData\Local\Temp\._cache_2025-04-11_c7f0965068af5f6299108153cbac9f99_black-basta_darkgate_elex_luca-stealer.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2588
- - C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
    OfficeClickToRun.exe platform=x64 culture=en-us productstoadd=HomeBusinessRetail.16_en-us_x-none cdnbaseurl=http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60 baseurl=http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60 version=16.0.18623.20178 mediatype=CDN sourcetype=CDN HomeBusinessRetail.excludedapps=groove updatesenabled=False bitnessmigration=False deliverymechanism=492350f6-3a01-4f97-b9c0-c7c6ddf67d60 flt.useoutlookshareaddon=unknown flt.useofficehelperaddon=unknown flt.UseTeamsOnInstallConsumer=unknown flt.UseTeamsOnUpdateConsumer=unknown uninstallcentennial=True scenario=CLIENTUPDATE
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:3196
- - C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
    OfficeClickToRun.exe platform=x64 culture=en-us productstoadd=HomeBusinessRetail.16_en-us_x-none cdnbaseurl.16=http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60 baseurl.16=http://officecdn.microsoft.com/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60 version.16=16.0.18623.20178 mediatype.16=CDN sourcetype.16=CDN HomeBusinessRetail.excludedapps.16=groove updatesenabled.16=False bitnessmigration=False deliverymechanism=492350f6-3a01-4f97-b9c0-c7c6ddf67d60 flt.useoutlookshareaddon=unknown flt.useofficehelperaddon=unknown flt.UseTeamsOnInstallConsumer=unknown flt.UseTeamsOnUpdateConsumer=unknown uninstallcentennial=True
    3⤵
    PID:2724
- C:\ProgramData\Synaptics\Synaptics.exe
  "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:4792
- - C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
    "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Checks system information in the registry
    - System Location Discovery: System Language Discovery
    - Checks processor information in registry
    - Enumerates system info in registry
    - Suspicious use of SetWindowsHookEx
    PID:3048

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\ProgramData\Synaptics\Synaptics.exe
1⤵
- Suspicious use of WriteProcessMemory
PID:3460
- C:\ProgramData\Synaptics\Synaptics.exe
  C:\ProgramData\Synaptics\Synaptics.exe
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Drops file in System32 directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:4756
- - C:\Windows\SysWOW64\._cache_Synaptics.exe
    "C:\Windows\system32\._cache_Synaptics.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Checks system information in the registry
    - System Location Discovery: System Language Discovery
    - Checks processor information in registry
    - Enumerates system info in registry
    - Suspicious use of SetWindowsHookEx
    PID:2736

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4464

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
1⤵
PID:1304

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe" /progressandlaunch AppTargets="root\office16\excel.exe|root\office16\onenote.exe|root\office16\outlook.exe|root\office16\powerpnt.exe|root\office16\winword.exe" ManualUpgrade=False ScenarioToTrack="Scenario:{477E0208-58BD-4F33-978A-09BCC9AA9EB1}@INSTALL"
1⤵
PID:1676

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Common Files\microsoft shared\ClickToRun\Updates\16.0.18623.20178\i640.hash

Filesize
106B

MD5
e007e5ddbfbcf22a24c0b278f914874b

SHA1
721d9ccfd8dfedf3d0af7d03709408a3f1d6f90c

SHA256
0fa5e8929fb40e5058f2b61d02a7b51da0117b5c14f47c02e6a26c30b58ca56e

SHA512
0bd668cbb24bc84fc1b9debd8a915bbd15aa2af8616ec046b73fe8ff6c003bb1a26a2b6f09ab791a46d4793c50fc323c8b43de4cb3a913f01a607376ad91cd19

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.cab.cat

Filesize
30KB

MD5
b8be94da284f8ac45ed1ee24002caeb3

SHA1
f100a2b42f8ca6f90d51104c395afdda39c32e03

SHA256
6c3a9b7180c862b5c939e78d3440080f5f189ba12ce14934b6cf1cbb9e0135c4

SHA512
02f6992818fba3ccd13801eff53f1dcc1882779383d9a3ee3722654eee9133c5a0f6a2d76d85ac1c691a86b0101317fe5f030f23b7176c15b817c7272170f722

Download Submit
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe

Filesize
5.2MB

MD5
473906733c66d4027a1173371b797fd8

SHA1
9b2ac002cf679c7266ea8e856dae00350effcf2a

SHA256
af65f55084c4a88aa7adc0794c92570366a5c41b34bb588d69ec555e2468736e

SHA512
96087c78d10af95836d21ac91f18e30ad153f3531561ddfa1e3092170ae3c175138da5d5f3df9f7cecc6aa2d2458b1f59fc14c86d2dfaf910b96efcd5c26dc57

Download Submit
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\DA6D8E54-FB1A-4B4A-89FD-51713551EF7C\en-us.16\MasterDescriptor.en-us.xml

Filesize
40KB

MD5
afeae60c4a0e5bdd187092ecedcb6b12

SHA1
b3c23ea9a65388569a361e9b145206a9299a8349

SHA256
32ca98adcd4c88f45d5ce001426a897614b340ea0e65950f48a5ce46d2e792a1

SHA512
576029b278ec73903ea6e4a80d2065dc6e3b87f86edc8108ec1da068b2f62d65faed6fadb7b19d25cc380e023496f835beed7ce906553a2bcb0f411e98273e98

Download Submit
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\DA6D8E54-FB1A-4B4A-89FD-51713551EF7C\en-us.16\stream.x64.en-us.dat.cat

Filesize
76KB

MD5
40c021702bba87de0f2d1eab90d4cb77

SHA1
94cde479521406ab0113f273feb94d22ce07c15c

SHA256
6c97338db74f4febf5fa5b321483251a5d8caa3fe68050f66f14650d785406da

SHA512
6c5f3f48a480939140fdb5f0c86f3d23eefdc367f33a1de6fee1acbe0f4dbd769f5be8bbe2b8994151c89929997b2f097a1d52ad69d3fe2072b7f827a64c88a2

Download Submit
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\DA6D8E54-FB1A-4B4A-89FD-51713551EF7C\sd640.delta02.cab_extractOfficeC2R82326E18-8EBD-433D-970B-30880FC5303A\MasterDescriptor.x-none.xml

Filesize
35KB

MD5
bc7a911f9b666c3813d02ec266d77ffc

SHA1
17db48fd8cb6eff82ba7b1902cbdd0d11cc294ec

SHA256
762d0379df6793419851eba870d9a4ffdf6d0d61231fea26386315303985fe03

SHA512
7556e332f558687713fef3b33adde4a23c2f7bb43e28a75ec210ce967076fdf4997d08d94ee2032e5a189492797d82c8477903b7035711369fe1954c20ec1947

Download Submit
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\DA6D8E54-FB1A-4B4A-89FD-51713551EF7C\sd640.delta03.cab_extractOfficeC2R878FB13C-AACA-468D-8208-55658565DC80\stream.x64.x-none.delta03.hash

Filesize
128B

MD5
a8b7617156b117a8baa737273d768702

SHA1
efd8129cb0098823452667a8e49918a0de8ab564

SHA256
06fa0a7e03f0793ba5f2c810a9fc862570e1ba1d5059f750ad3c740c9feaf0b8

SHA512
3d9a6194ff639f453e7a575685450da68a239bb1395d677b6ca891f5d6b5ba81fc1e5eda9ec3a5364a236767fc1693b8aca9109e03229b29399802376d0ba730

Download Submit
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\DA6D8E54-FB1A-4B4A-89FD-51713551EF7C\sd640.delta03.cab_extractOfficeC2R878FB13C-AACA-468D-8208-55658565DC80\stream.x64.x-none.delta03.man.dat

Filesize
23KB

MD5
8adeb55a5dfda3fe6b2a5e59eb05be77

SHA1
71472567f811662284d2be2f18a0bf142c61096c

SHA256
dc3e912a28a39f03fea8a72b7d26bd627633bec5aaed370348fda5f8921c1544

SHA512
e5a83cf589b9bf6fe7678fcfaac932713bba9d7611ea6b249fb8f2097109b9fa7407fc51c36ecb14b061206a858391e98bd51b8db23d8aea29724f9fb8a6ca5c

Download Submit
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\DA6D8E54-FB1A-4B4A-89FD-51713551EF7C\sd641033.delta03.cab_extractOfficeC2RA668D1FE-F2A5-430E-8558-849B9918B878\stream.x64.en-us.delta03.hash

Filesize
128B

MD5
a7b81a895fcb6dfb87031d2d307da457

SHA1
1d375bda69b748b19f5b016c62c251d85aa15be9

SHA256
b6f2f62a37448b6319776c02cd752e91ef98999b6b1bec0e94e45655def417eb

SHA512
b2cf0f902a12a3fcaa5ccedc665e017a7dfb58471c545d2382aefb5109d73906b7cf4c9d00d8797522564960c40f86646479da5e0123c20f37d7dcdecff8649e

Download Submit
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\DA6D8E54-FB1A-4B4A-89FD-51713551EF7C\sd641033.delta03.cab_extractOfficeC2RA668D1FE-F2A5-430E-8558-849B9918B878\stream.x64.en-us.delta03.man.dat

Filesize
15KB

MD5
b4f8049a0ca506cc0a98c2e32c601553

SHA1
2375873cbc5be7406d6b5240a104ce3a4bdb08bb

SHA256
3b4bcca833d1f8a4bcc328729606cc0a8b2b89ce0addd17f95add24c7625058c

SHA512
abf80978ab712c0a4d08488b9102240a724c9fdf975eacc22174d88ac1056f868f3b067db7498266a8b9615d461fb20affcf847272b7ad91b617653cbc80e37b

Download Submit
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\DA6D8E54-FB1A-4B4A-89FD-51713551EF7C\x-none.16\MasterDescriptor.x-none.xml

Filesize
40KB

MD5
e025f31bad484f82736f31ecd01e232d

SHA1
2c5951e85e52b616708492dd8dae2020e66bff6b

SHA256
b99c8f60c55605f74c6f1fa0ebc3089f73a72635547a47068690a9b3763d3eb7

SHA512
aa39a2429d5b6d2d62b748d3c9683eb2bc467d099c1292fa599e33c29c0a0448d542dfcdf0cd71a76eff7a66d878d02a5f45870af0c010597f64b899bce7498f

Download Submit
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\DA6D8E54-FB1A-4B4A-89FD-51713551EF7C\x-none.16\stream.x64.x-none.dat.cat

Filesize
753KB

MD5
e4d104ec8b7be8fca3e3cd7989f6ad43

SHA1
99372bdb6a4f30c0a0c7662c7d8b2539633311de

SHA256
3dd69612703c46858414ea48ab779ebbed5c37e14e05d6cf2492a3ed25a948ee

SHA512
0b7c32e9a5d4f7d7812e74fb21add00b95b2c7b32de77ee35e54cf5fd175071c15a6e2df611827a3939e067bc9f22f419908de262da13f4d06db9c9d51218d58

Download Submit
C:\ProgramData\Synaptics\Synaptics.exe

Filesize
8.1MB

MD5
c7f0965068af5f6299108153cbac9f99

SHA1
74815195fff3cf56a1fc59584105972f3e07ef5f

SHA256
8a58157c7f0bfd5e19c41a6816d563804afedb384bc55268b893dd00f644168e

SHA512
1795a8a976d9df32d348f6c8770e1704c594ef6e4062812cbc37bd06ba163c3209f36e12157cc00a66d286e47c091455f77e5fb3fcc0ca1a313cf977e7590a0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\._cache_synaptics.exe_Rules\rule1000v5.xml

Filesize
1KB

MD5
35a756bb6ca3f8bddc97342284174200

SHA1
22f2158d40d9b17c665a965fe8721d45a352856a

SHA256
8c638b3bf14baca701c62344e8f41568d031bf006a440f0c92039d3685d13096

SHA512
e31a85134f96f2ab82fa9b9b89bbfba9eaf15035a397eda4630d6f42a2859fbed98a112ae4560054d571f836c12c17024821926659afdabd0c588557d99bee50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\._cache_synaptics.exe_Rules\rule10450v3.xml

Filesize
1KB

MD5
b0c15d905cf6bb86a791d25d695d5034

SHA1
5a8cd74f5879e46f852047535998230a6dd9c77f

SHA256
30d89b15725cef2d6cff1c1de721f454c5485ec3600ee6e9e0a6cd52d940f143

SHA512
b62ebe2f4879268985b56d6cec6ddacc9159e89a5b1783a199b6e9bffff7f80c0f2c11936da79b7bbd898b08acf7598d735ef12957d6c2fa0f9aef0a30f6c09f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\._cache_synaptics.exe_Rules\rule10625v0.xml

Filesize
2KB

MD5
349928dbc417dbabf83bccf623718be8

SHA1
e8ad2264c660c5da5ba4bb72010ecd4f75a55810

SHA256
d5996b4eb38900cbc00bf99c2bf2ab398b229f1b68243eec3a1598ee8dda5cf3

SHA512
44e4084b78b9bc8bc5c25c401feea60e9bbff3470e338aa2576e4fba5d0a19a75a2dac4edead6ebcf6783cf18b72b03c77826f144637782d7c66de43d2dc81d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\._cache_synaptics.exe_Rules\rule10626v1.xml

Filesize
1KB

MD5
62b246f01735d691f6d39795331fcb25

SHA1
ccbfbcd2bc7709252234c88c158724368d7180b8

SHA256
244e300e1802580de0a76cc73fec6161563037fd30fbb7e78df2682a2996b3ba

SHA512
e41680ad13498202e1ba9208c7bfebf47fa8c24c86ba379abdd51001100f2f93409b7c5dddf15803ffa6c1728ec400ff17916d57333bd563b719e2f7227e27d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\._cache_synaptics.exe_Rules\rule10627v1.xml

Filesize
1KB

MD5
dc41e43c5b36cef2ae702a73f26be79c

SHA1
f743367dc7ab80dae6cee0d7378acb0436f780c5

SHA256
ceafb6a575942193e5e532dd6ac3b0b849c42cdbfedcb929abafb854315808c4

SHA512
87c72cbcbf56dbd14a6fc9f25c9d552551946e9ef99f6d064d113f490a8a110c187b6abf3e51a3dc828f01a1816913294d6906ada5f457356213090ee81f888f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\._cache_synaptics.exe_Rules\rule10781v1.xml

Filesize
479B

MD5
6f934c775a771c17017e8bc2085d9a37

SHA1
84b8a31be7df60e200da64a5c3cf9960d0a2f636

SHA256
f0a4c86159bb76dbe5aefa4acbd458603fcd36dc672f5d40178b3a7ffe034924

SHA512
f159a83ed11531ea1b3b357947763fe0c053d3e3df12e5b6c32130d764067748322e7e5a73003afd7147f682951e6f1a23526b7f8ba227fe1dd4a809525c870d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\._cache_synaptics.exe_Rules\rule10784v0.xml

Filesize
1KB

MD5
478da0edaf828ce7fad17cb9a41c741e

SHA1
09bf669f108e10e6cfa738c0fbf01612647d5c5f

SHA256
8737205fe766b0b5529aae314794bd4bb4b1ea7970257289c14a26c54ea97091

SHA512
9002600d2e10e95b9daf3347f0765826a1248b9d6c776910441c42c4cad7daa15f05b1e2b4340d6e91a79bc7e71d47f91b65cffbe8b535c1ffd2ed5e1085175d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\._cache_synaptics.exe_Rules\rule10800v0.xml

Filesize
455B

MD5
d32db9adfaaaee45d3b6ae82a3292be4

SHA1
3f56b0b338398fb2bccb8ec1645f2d5a07aea938

SHA256
3967aec34f6f912314e4b09f719349ee20160ec6e460db0f4dc55ebd81d2f075

SHA512
326e86f467bf6292a7af84f058d9990401c3dc1d27f2196060de94df2df73ff8dd8edab77d998fa3775ab4c0b4aa4ff4311a58eb9f225e476ad2754465bd1937

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\._cache_synaptics.exe_Rules\rule10801v0.xml

Filesize
2KB

MD5
3f36a9c98f1f9a7c0274b018ea824f2b

SHA1
d4d59977a39d2a21f26dec9a296ddb6dd89e9482

SHA256
fa747fcc832754d1c1f4181e8e225898e66e4fe466940ea53f3ff67a7fede0c5

SHA512
ab2e7fb650998947f29ef1c4b99c7aca4ded646f334b0d6408527a1309a7316441b5464c7b3d5fae0399051e8effba4a9b9be53b39c9f59c74ab4274f386d3fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\._cache_synaptics.exe_Rules\rule10802v0.xml

Filesize
2KB

MD5
34009fbf6298e1eaed5db556c610dce4

SHA1
4023b2c284673a052f31c40f92f1e9e062bff840

SHA256
be81e59c2bba681945cfd10ae299d0aa83b638d0943cbcf5e069f4b28213615f

SHA512
63508d855abba44acdde3be0411c7f7ce6385b997679e794d2c45cf7d7eb4d215a2c8975ae5161c6b11b58488949fc5b09ba70d6668fc9e9eed064bcd63548bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\._cache_synaptics.exe_Rules\rule10803v1.xml

Filesize
4KB

MD5
22ecf976c9843fd6c46022b73b3948f2

SHA1
46db28d4fe84d38fe72949b882c67a7ab7ead845

SHA256
b33939e23cad9b9b9c13b16e1015e9f9fca182c15c6aa1eb004f40eeac05c8ae

SHA512
0cebc1457b6a68a2e61f6afa0b48d0913978ee839c718aa74c875cad59be59b3c95f255bfb49dc16322031f12069ad42452b91f8ba35310fe28c37060e9f2af4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\._cache_synaptics.exe_Rules\rule10807v0.xml

Filesize
995B

MD5
fc2c37ee38a3ead195ca7034a4c21811

SHA1
a8e252007cc0be00e4c9cbacd4ebefe7a63c1880

SHA256
71ddab80391bfa696d2a9d7f10a656da92fc854a525f81a5bc38dedb6c23b881

SHA512
34fa6d3e8b800915894871d97a57dcc004ab5aacb9c0b04ce733ee564f79c4014432502e51ed57b263cdb46a390f0b642dc85d6ea78e1ae822d75f0eb87b290b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\._cache_synaptics.exe_Rules\rule10808v0.xml

Filesize
1KB

MD5
acef7985804d93211b6b522a14e8d515

SHA1
c68809dcad83c8de77c39faeb28163067408a588

SHA256
0eb6285f536ad8d31ee2558bb0a1e88e58e1b071c8d6ee56ffc162a125e552d2

SHA512
c5cd22bc1d00a1cd6c5e2add466c0b563ad3b5df0523ccbf9392fc8a427c17c3bff3dcef0320258a795ad71563a48b2a2aaac67041bec58adfbf12ebdda70780

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\._cache_synaptics.exe_Rules\rule10818v3.xml

Filesize
790B

MD5
7fdb0d30bce859350ae0f6710c398544

SHA1
b2c812fe419ba84c432a0ce5147517fe1105ffcd

SHA256
cf03a73cba7372f2dd1b81ec9a9f452b6f779e54e88021f168f91656c2971244

SHA512
7ca22c6822118d950441273cefa5ece3722c989fbdcf35d3fee3df39bd3ca47566dbfebe2ec89a044e2564d2f998074ea73c85b7c100e9cfa59386d25a20d2b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\._cache_synaptics.exe_Rules\rule10819v1.xml

Filesize
8KB

MD5
c747cd34026e1302c1614c323ade9808

SHA1
bcfa859acc88409e96449ff3eaa8ec933967b39b

SHA256
2f50c4c4879c6036fe6e115c5063065c00380209a7d4461b5285b1f9dce1f5ce

SHA512
6e7620831d20384015ccfaad9ce81ebef444b6dfed9259818c8b7eceed3f9beae1e1aba565fd3069ae07f96f80931d72e7dcf87e958db75e61e02a7a43058ce3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\._cache_synaptics.exe_Rules\rule10820v3.xml

Filesize
5KB

MD5
1dfb43eaa09ac0ae7eb5384813a40433

SHA1
60b268869771cf0cfd7c7ca8b74d3aa893c023fb

SHA256
c242fb7c96ac9816b01125d1beead43d73806875f03c8313e08206e9e2137796

SHA512
9cdbfb054c7d15ddf638bb24252cef20ab70ab4ffff8cc674248a5a78dc3fafae0e46f9be08e91c7bc2fd3e71182fb221156b76cbbb3732a3e1abe59d421df3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\._cache_synaptics.exe_Rules\rule10821v3.xml

Filesize
4KB

MD5
44e94a2eb7901d6ff85292a6acac80fc

SHA1
805c47614e74f202caeac376654aa91542dbe5a4

SHA256
8bffa7414c818f25f55f02040d08e59e220fc0009c577df8930fb72b75fb204b

SHA512
eb025c1eae42b97944b919296632fb4b06f4e899f2442c5929b42f261d9b0cd736097992fb1e47c0b8ccb77f0f2dbc64e70886eb5637a42060181e7dc9d70e74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\._cache_synaptics.exe_Rules\rule10822v2.xml

Filesize
4KB

MD5
3c4ad726af98c553c2edbfb9f106b71a

SHA1
1b8d4f15173c774cc3eb88e8e001bc93dd7b78e3

SHA256
36c4d95619b7d07968dba0e91f8f01af384d0b239bd69a77c9f005eb3e883d22

SHA512
70044dee2025104e34b0fa47455b09268ef86fa045d7b4a8e789856c3cc128399511e853d7e719faab2b0e9a77d7ce3078d2bb248647f353694868f301c88b65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\._cache_synaptics.exe_Rules\rule10829v1.xml

Filesize
2KB

MD5
7994ae221f53abf1fb3baad3775bdece

SHA1
cef4fff1b183887611e4bee01205145ea37282b0

SHA256
ea5b45902dc96775e9fc9f862e25825df06f1cbdb7be315604f458d69ee60ac3

SHA512
28ed525284a94adc34594afefb7c460fc13be55fdba525c72fa03bc27baf5b6c5e8d2ba6e05a244df7894d40c38b46c86905c5ddf6805fe9cc54f0eb50c525a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\._cache_synaptics.exe_Rules\rule10879v0.xml

Filesize
455B

MD5
d6c398fac8f9d87101db8fef53c2b876

SHA1
c01f2ffb8d8c3fcebcd0b29709c1c4f40044d83d

SHA256
653f87bac5821a543929ec0015fb8b6f86c77b227f6ab063210d9b594d5d376d

SHA512
c7771791f75d9db8a9a9b78db310f988bfefbb89ea2011770f7857c5780caa1de2f87070c3e886b77a8142e43b83cda74a27d09f771dbbf38292f1f61976f47a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\._cache_synaptics.exe_Rules\rule10880v0.xml

Filesize
2KB

MD5
d5628c2352a9b3d4c4602f5afa2036e4

SHA1
e7d8230316ac0dd065d2638eec718eae75794ac0

SHA256
7466102bd56efec53753921c3f7a6d7e03c0f5bcc8bdfa9e071d413a31e71bd3

SHA512
1e83f499724e6ddbeb51acf21191075c5b502fc34967d2137ef383951253ff835aa7f9261a600ce6ed7f9e8b11a72bf59a65724850b5113249f0afd6fd374ce8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\._cache_synaptics.exe_Rules\rule10881v1.xml

Filesize
489B

MD5
9776094dc797155d2034f31172f11855

SHA1
64d1ebadbe368c9871662a8e55a508a916a0d3dd

SHA256
d29ff2cf8d1225e5908f202f04f77ff6687e74444ecf6d4c08ce772ad3cd85c3

SHA512
b949fa714541012864cad0e3f664ab0c02dd41470b8f1a3e2eb18a825341ebb2859c6ee0e3654ab3e426ead57f06e81e9d1b2469f088b055135fecf95d7fbcca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\._cache_synaptics.exe_Rules\rule10882v0.xml

Filesize
2KB

MD5
9cd208b8d4670da9984d5a05ae008e00

SHA1
99cfe5945c3ab601460b083f61a237e5ecc9bf97

SHA256
8e2b06bc23226f0819031a9fb7ce418a3babf447164286d58fcd291add0e6def

SHA512
6a87b9ee407ea4494afb5267b829859319dbc7c557a64f9bba6c2bbf836ab3a687a8e2aeda431943f89686fe64a9a50fc71aeda4e6484cbd5e1d80e14406826f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\._cache_synaptics.exe_Rules\rule10902v0.xml

Filesize
687B

MD5
feaaca09fb62c5cfb917cae5237fc877

SHA1
5fde90894237354a828f6b1b74fd50d4ba4353f1

SHA256
fd63052c95c11d915b143b48823e7dcb6313048bc7b0420ef791da6190d266b0

SHA512
1fd47c44c947d3d85dc3920831c4acca20aef26995d920acab005ca04b927c9bc2d3663e2c4817580c8c1eb51d2b1f6ccfd50ac9edd1ecfcd59916ec07756e7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\._cache_synaptics.exe_Rules\rule10906v1.xml

Filesize
1KB

MD5
0c98e8f4582e20a6cd3615d3bb144989

SHA1
2f05ea2b3862aa41c02c0883ab229f313054a190

SHA256
df43fd7e80c4416bba49e6d58bd1b38a23fae380b75dd8c008e930acafe73ce6

SHA512
ce8d69fe375909d49608ed5c44ceb269770d4465b488abed1445134fea1bd19c471ec710c244336da2c0d29b1047895c7ac09d6c66bc2706e2fa3c7217eb0c41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\._cache_synaptics.exe_Rules\rule10907v0.xml

Filesize
603B

MD5
918ef7df4cde0af53b2f7c803fff103a

SHA1
cf97a237a7b69d714ed36b3755cd08eb8e576ea0

SHA256
3a357011143d8adb29d928c1f186aaf0e72faaa6f4bd0c4069e639a1ccb644f9

SHA512
55ab72e88e18c82b3490ed8fb6a3c38397ed929ccc293b4086e9a83146493920b89ecf33714a646204cd455eb05f29d2588a5b1d0f97a30d42687b793afd1969

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\._cache_synaptics.exe_Rules\rule10924v0.xml

Filesize
557B

MD5
4b8072735030b28c33e36e2efee4c9d1

SHA1
552df1d720f6e3bcaadab492b869a8a1e273100c

SHA256
97e70abd7a17256b70074373aecd5e90095d469b172ea0e8cd4c12ac238bbc37

SHA512
6c9b535453688390a4f0728b2567e30d48240d9f5bf3edb56b53eeebc176d4e92ffb8c0739c21492483f23d385800134c537fdccf89686ed6a53b8d2cb549bde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\._cache_synaptics.exe_Rules\rule10925v0.xml

Filesize
715B

MD5
c4cea076980deb12c0991d7b101110c9

SHA1
e2a238f706ea93cfff0889ef57fcceb48de5b725

SHA256
46cb0f703c967bc7f9e8fbd425a6ee75c880b5f01a1ae3c160663a1525324cef

SHA512
6f97be0f973db7f7f2c6d5382d2ae4114c05b4bc96970b935aa47ba20ccaa876f0b4406a773b7c85bf7b654257e7d5a161b285ca290f62e4384c188901ad7a19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\._cache_synaptics.exe_Rules\rule10940v0.xml

Filesize
551B

MD5
20b506c4e954324503fc29a917134690

SHA1
11c22010ab256a96e145c879d85261ab50ae80d0

SHA256
69d015a975443a6ceccf863ea9ff6eca053d463f8f94ff288c61c381071dfc33

SHA512
2ddd90cfffdb5574d719599143e8f0fd5147f66847bc3aa224e76f6b0333f2e6923c1814b7d65899fbfe5625c6583635fedbc490c109988d631618a0d0786321

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\._cache_synaptics.exe_Rules\rule10952v1.xml

Filesize
8KB

MD5
baf641b9b63941b3f96c99bd4a2423fd

SHA1
f925e3a3e0ff6a906d2e773539be93025a6883d1

SHA256
2c06dc5b4079e454f5b306e1207447e3901c378bc3a795b7a5132d202aa3309c

SHA512
344ce2775d17bcd42a2badeed3934b44a83e33866e5cacc34c264fcc112a481185d844f10cbd7942c4371a697f2f313bbe8b979a0b53634c3e062f192d7be732

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\._cache_synaptics.exe_Rules\rule10955v0.xml

Filesize
908B

MD5
28c43c4d594be12a1ff9a9c398bb2c9a

SHA1
15b9fc017f3b34bde6031de15ef13c5f9217b96d

SHA256
20d07a2c04bb1caaf99ea9b654ce309a478c4ceae5eca928258ea86d02fb1df0

SHA512
c1755aa647ce28be61bec1057f501cbacb1236cdd1362756a7d9ae84b1a23196bf9d39ab8a142c8f6d273bd51ab734b6e424eab4cd159f8e111d6dd596305fc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\._cache_synaptics.exe_Rules\rule11150v1.xml

Filesize
851B

MD5
eb35d36daee1084dec8e571b7f0e1323

SHA1
c25fcfc9dc9ed572dac19a84a3a92fcc73767dfa

SHA256
10de6c430c3c6aa6586659fff4ac370da02e94886fdbb42e273ff8851f2cad06

SHA512
4f412cd23ffaf44ab105e264607616cd3c68301f8b427eb6abf1dfbd099596f149f2b0320af0fe7541bb478fc8cb105bd27dcd224f47856b796085e7323738cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\._cache_synaptics.exe_Rules\rule11154v0.xml

Filesize
739B

MD5
538857315d6b1ec91ef9d56a7005623f

SHA1
2199f2660c4c527c1cf69582a0408559caa5ee13

SHA256
e41e45745b00a33eb0c399a33e26d69b069b4515c7a308d279585a677ef49f2f

SHA512
da0f16bb6c90dc1c36faca35ba5a5050a25bca7d691b59eb0986e90c1b7eb758d2969c1f70176efdc3addf3e8231568b4dd838436bb743735696a3b04ec3db70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\._cache_synaptics.exe_Rules\rule11187v1.xml

Filesize
2KB

MD5
170aa116b280c3df602ec0681280eb46

SHA1
8b7816c2e86da5584400c0ec2de0326a825ef74d

SHA256
0f05de3ecaaa1b75bf4347e8a0c8e284074f2839436eae720bdbb27bcc8b045c

SHA512
49c362e4dc2b83347a3f8a6ff0c29c22ded96624e81fe6ddfd82b62537203ba64a909430dba931885261c4f8e0b315117348dcbb359d420aae4288ae48628b5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\._cache_synaptics.exe_Rules\rule11190v0.xml

Filesize
897B

MD5
549f50b18abdfd6a5eb6e8f708f5652e

SHA1
46689288627a7bc3e486dcac4da3342d1e2424b0

SHA256
0718460cf8b77112ddf1e6d4b154aed22e4214bdb6672c2e48b8943d28dd6746

SHA512
f18ac65d4d8468d34d5733ae7fde782ae1d78ea37471ef594e25ac55b8f42b92985ef8ed7226db1fc5021a7e02cffa8636f1eb9ab6850d6822812eaef2f106a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\._cache_synaptics.exe_Rules\rule11195v1.xml

Filesize
7KB

MD5
fc1a0dd2909fcc19f5b4bb445ee04268

SHA1
054b5856cf093a7570fa9dbc2efa2242907955a5

SHA256
9c684fff33faf45cac4b224939918c2fcf0c43ea325040b95181d81085aa46b3

SHA512
08c6187cbf46f2f9c2b18ecac909ae395b3a5baa5325f136b504c181bb064d8c7a7b939c4f7ea17fce7842afe7b3b803859fffe5ff6770794adf867f02324226

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\._cache_synaptics.exe_Rules\rule11208v0.xml

Filesize
482B

MD5
061a4c6406ac78ae104f7b7d3d798de5

SHA1
a98ca10363cae6d6955c6fa0e18a8737a736cbe9

SHA256
528e51c38f25c600e8ce341b73f6734247f225d74618d540f0ff91230b7fb1b0

SHA512
f492ba1c321b359cd1436fbec2d967495bbe230cc905c0b9ae6ccbf760fa57e679638bc761be52a047fd27ae082c18926ead13d51601c065b0dcd3330a27d928

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\._cache_synaptics.exe_Rules\rule11209v0.xml

Filesize
1KB

MD5
f5251b9e8dd51cb106a9a6b2921aedd6

SHA1
d8e840633abb4508e1fe8bab15a8f72b8544acf9

SHA256
b4b942b736993e909ea354566ca6b057be5039d6c5acfd6c1e535945efb5fe52

SHA512
3c4ca66943907b3b16cacd5197fe4b7f8b5fd69e150f182cc7543b6ee166fc751c34c8961ab4f5986659005da42ba894a6c7149b1f8b0508a4dca9f9ac47ef86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\._cache_synaptics.exe_Rules\rule11210v0.xml

Filesize
977B

MD5
d681872ed46dde631b20dcff9d2e2aba

SHA1
12db7c20dabd06839bffbc07f5512c9ad8ee0a04

SHA256
e3ea7a7ce2e903f74cfc02146b7a4317efc79f18921f3193ddb4b56dc66eb109

SHA512
78b3c010978dce85186e4e7ddea493d3abd0a8175ea8459ab1ca030744ba5e1dc8cc56d30c633ad6d559145f58f0798d79cb4db04c2cc93789f7c38d0bf601ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\._cache_synaptics.exe_Rules\rule11264v0.xml

Filesize
2KB

MD5
1475747c715c573242bbc0e81ef435d0

SHA1
6c1a6c7e42d6aed9614344e1f0f42835b8755b0b

SHA256
d5829a4d9fcf20a62fe6d3df6853b1e18b9401ef32e02b1540fb5262d549d6da

SHA512
2f350737ea5514b5c8aa5c4da341f18905ce0cc6cd1c475a5963ab79019ac6be8eb03ce83b3f76b9c975ed6ef0ff6ef37a2f62a0050d67b8ac0d86132aa8db42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\._cache_synaptics.exe_Rules\rule11265v1.xml

Filesize
1KB

MD5
69298a7654bbb32e5452168e560d93fc

SHA1
79d7eeaf933d57b30d3b9952fd6c4aeafe0329f1

SHA256
2c9bf7dd1612cbd01e93f7b62f536c15e6d03dd13222f02bce44e56c15fd01e3

SHA512
807e2d687554d8e9d075a05c605689af886ff8a8de519f9dc6be31035baa24c9ded4a5f11167a3fd5a07d088df7c3fb882332f6a7f09dedcb4a9fc076af965a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\._cache_synaptics.exe_Rules\rule11285v1.xml

Filesize
7KB

MD5
ef888029b882d703d2e11c22eb2c7e71

SHA1
0b201c55924ccd192d721c2982d09b980e006891

SHA256
7c118544529a7c902b31d280dce6b2ea1105937b4548ce22b3bf94da90dce6ea

SHA512
1fa7ff22c9ea2938a630ea39a6625727ccccab40c9a5ca49761208a43429fcc98870260ce5d1dbc07e5034193cfdac7efddc72983cbe3c05cd92722dcfcb7209

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\._cache_synaptics.exe_Rules\rule11289v0.xml

Filesize
3KB

MD5
12d04c599611704fc11a4b3f9153ca44

SHA1
7922a8d14b9d632b245cd056fa55b06726f5d6e8

SHA256
d3b86ef8c08a6e74dddac76bc95d792aa188b1171398893ca84b9cdedc0cb299

SHA512
d63fa41238dd274d59608c184b2454177ad7226b11a0cc503d07eb55558fbb62937ff9bef5e9f62dfa86fe67b1011e9070883d4ca61ffacc9baf1b262701c652

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\._cache_synaptics.exe_Rules\rule11300v1.xml

Filesize
4KB

MD5
c5414f230477caff4d6cacff8dd4de76

SHA1
1300a7d6f3fe2cfe5116ad9c003fd86bbc973184

SHA256
109d4477a13cad32c72765224a3f1d5b0eaa8c020d67a76991f5f86a4a433091

SHA512
25efffd1eb7c62afa6f6ad256da4b5ff8f1c423f360138b78370ddd7daaf8f2c6446109675776c3bf77319e540b829ab558be562f39edd86cba32125a00baaca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\._cache_synaptics.exe_Rules\rule11302v0.xml

Filesize
2KB

MD5
0a1986d2552c4f0399e56f96c92cf389

SHA1
0fcb9fd7673c76a0bc90be8e5553ce90b1168f7a

SHA256
d28f30420b69ccc7f24f5f5a3dc3e8c269585cc5ef5063ca158729769a3d23ac

SHA512
03b0090bc3dccd9eb7b41443814565bddfceee50eb2c735f0f62c833f0836f130e38277fc200e495b652419fb89da4efefbdd433eaff909c21bcaff05980465a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\._cache_synaptics.exe_Rules\rule11362v0.xml

Filesize
5KB

MD5
8203650dea49b30cfa19da152b9941f4

SHA1
00bebb96486c1b2c0ee4196cc19a7ed4c49ff0d9

SHA256
c7fcdad71bf23b579f33f06f84d5a40ae51ada789507edda7be71396f1c9013e

SHA512
26d8ca27da5c7b056d1746b85fcd11434d986ad57a402eeff063a6e5525cbecaa18790511bd16deb378f6db2b3bc349a3354439710a79c064ac78e6168f417b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\._cache_synaptics.exe_Rules\rule11369v1.xml

Filesize
1KB

MD5
a3d87b371db3b80301865dd822e8a4eb

SHA1
7ab546903dea6db7eaffd77a2f2d905d5465e86e

SHA256
7271ee468d5c39e227b0a29e2edced4ebbdfd17be20b4d22edaecd7da6e52a0b

SHA512
2cdd1c3128ee4c37397967c476468f5f1fbcf1a9fe4150b54abb053804714c9c18def0c246a48b75b5339acc062569a729cac7f596cd2929772fe783ad5ebfb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\._cache_synaptics.exe_Rules\rule11370v1.xml

Filesize
667B

MD5
c282e64d7711e21dff8c26bc92417a32

SHA1
b088056dd50031cc254cc63dc90c2f377b05c728

SHA256
c36a2d390ec0ada2b77e271696742cf472024f9732f802af1333a635ce77a5b6

SHA512
2a93415f4f3f9f93339c79acda657ed6e8abd4eecc3a3c4b300ad1e5dda5d7559f1c7eaa5ea3db0f98e672c7f25ba4d695c145fdb2911877701bd89220b4978a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\._cache_synaptics.exe_Rules\rule11381v0.xml

Filesize
2KB

MD5
0bd0afbfc2854052b3489bd8764ec93d

SHA1
ef5cac1230cddbc39884a3abb5ce5b07d8de209e

SHA256
8043fd42529c4f6d8ae7af858b4f60342746f4d3cb5a3e587d6925d93a1ecc11

SHA512
176e5b1386946308370f613064df81fe4a05903f0417bd2ad6756825e56070a9c4a56beb681c01be145cf38b31f7df951f614c1404f9e0fa62f48c608723d552

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\._cache_synaptics.exe_Rules\rule11446v1.xml

Filesize
10KB

MD5
1bd4b6968bfed45aaec164fc1424786e

SHA1
c69191e8465a30427ca4ba4661dfa8adbd3de362

SHA256
36d4f2474508e536b344342b83057ad723c339f2b43d51c7f43756afc458201e

SHA512
59f6e64d219e8d05a79e9368bb5390745c293eceabb46e8e62961890b05dd10f1f9c1c99d9dc37bde16e427c11bf1f31b39a1b5c88ab90b7c7e06625879f829d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\._cache_synaptics.exe_Rules\rule11464v1.xml

Filesize
473B

MD5
6d7684ed89f01b1f25f22ccceb188d18

SHA1
b0a430410b55aaa957caaf584dd9d6fa8349d92d

SHA256
71aa44019046ebe311685a30a99c4b53e1473464b833b176d26acfc2a8a540c3

SHA512
db07473f10c9be776b312ced56e3073c7715661e0eaf54909ad57e00165c171508c48c928d101ae7b405f7d73e2768f47b502018e0f3dfe6a12cbcaedbba87e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\._cache_synaptics.exe_Rules\rule11498v0.xml

Filesize
413B

MD5
17a3609f404082a6029b68cfd8b74234

SHA1
080f0449f9f12778e381d7cca5e35c4cc5d5a042

SHA256
bef5c21fa8bdd1a3d599376797f5a5435c6e4139641ce156fff9c95453b610ba

SHA512
0521e03e89189423f3019dc500455395f300b3b7e0cd57833a02f2d8bead9b5c96ee04189629b3035fe7914894b38c9824b64efb739c73fa90ea745dc3dec632

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\._cache_synaptics.exe_Rules\rule11499v0.xml

Filesize
1KB

MD5
89bc403254c78d9de16f871cc90d62b1

SHA1
60345156473dc978ecb07a6c690c0d31ff1bdfc6

SHA256
bf73007c777271c877ae39a21a7d98fb1ef752d59ab0b157b06b3627481e53b0

SHA512
b3c832f7b1b014006f9c09facd894b614254d146b7134d96349ad60d7613a649f05fc7369fb260c51f82182384c6ff62e9b6115a698260e88e91cf4163c3706c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\._cache_synaptics.exe_Rules\rule11500v0.xml

Filesize
552B

MD5
b0b0428d2dac2acc68088d0fa6968995

SHA1
42cee8eaeac216fee697fa2146bb5786ac20d813

SHA256
6c4ce6976d89fbbc99eb4118900af1d92f1659ce9536ca4316ded6cd09949623

SHA512
4c243eea3ebd6942a8267da8430c1f7c8a1540d6de189a70fef837c1fea33b5bc7e910a058c5de40681fcac9c7a2f402542d173782af08bf18f69bc37fe276f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules.xml

Filesize
314KB

MD5
cc58ff31ab8b2a251219afeab62814b2

SHA1
81e86d978dc0cecb60e352789853ec81197c1199

SHA256
f4b83d622b572bc46945e7b41865278d9ff53faa35558691790e731016d67f02

SHA512
9d98dc09b48a07eeaf291463ba8b88b2ddd5e194a84d08fe6f34b0462feca9cf6c903404158320944b3ff84d16e1d3c057243ae295c3ef1b7a082c00b8927e84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule120100v3.xml

Filesize
999B

MD5
0847565b252c325b0f3f4b65ddbf8cc2

SHA1
bbae496c74dd0952de4cfc8a2f86fd0a8a9bb3b8

SHA256
0534c65211d5503b490beed86790ee243c5da900eada1b419d593c90ee082a9e

SHA512
d53981bfddf765ca9e4544744a234b7fef266dfa85700e51523e52d784b4ee955a670da22a549ee53bccdc4d2ce5a9007ec793a732202ab143db6f27317c98fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\officec2rclient.exe_Rules\rule90401v3.xml

Filesize
1KB

MD5
01bdec61af8a91f0974fa2877635c522

SHA1
65bcd305418e0f394bf8a480cb312c2dd2006b2e

SHA256
cb9affbb94de8a990e1c1fe1f108947d0be197c7d95483c774a758dbc594c677

SHA512
98fcaa668198a45b741c849137d0af8c8da2eb0409d9a47b86520cf7f14b7ceb78d9ba88b7f26f0d873cc036925fb52720a91582fd04889d5790cbd0d5e9b635

Download Submit
C:\Users\Admin\AppData\Local\Temp\._cache_2025-04-11_c7f0965068af5f6299108153cbac9f99_black-basta_darkgate_elex_luca-stealer.exe

Filesize
7.4MB

MD5
fecdb3b0961548380e11e02fc2fad4dc

SHA1
98e0f37c52b1e7e11cea9fd427ae7a441467fd87

SHA256
d5434b0b9d1e5ff139db0ddcef0ac5494fd5ea00c11943915ea656941105fed7

SHA512
e404091348281e34fce9cb7928c9fd09686caa9c7c7cb6aa76721ada6e799619fd486797f555b8bb9971a91a80dfbb8dab208b98753bfc2854b0db8c0d8c2ca6

Download Submit
C:\Users\Admin\AppData\Local\Temp\OFFICE~1\i640.cab

Filesize
30.3MB

MD5
7f1e985962d217bc38d74678f8cbd118

SHA1
1a29addb96ca5687e07c14bf96fe15a96b547c56

SHA256
7ed643a58fc9d79600d52fd36bb65bf1c54d6c490111b350c6029fae3d51c798

SHA512
b37c58865d86d7c12bbe86f6f6eec8e34cd1e000d447c19cbf016e76f19f56035d48b265816c14d1094b148fa1a80d5d2b5625b0a95de28f4c95c562b39944cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\OfficeC2RC76D6F1A-4239-4EDA-B2D2-587946F7D09A\VersionDescriptor.xml

Filesize
25KB

MD5
936260fb82b1c161ade61808e21ed10e

SHA1
0a6928bb34d498821242190f6816e2c10dab7768

SHA256
81b74cd66b985676dc761a176d41495b783c66ac6695be143df246fbc90a5c20

SHA512
be192e01384a852d9123af1b70ac6c6c65efdea67331d8d2f040d3874753c693dd2fdf91eb97e8c0ef162355ed4c7dcf51cf4756c0b460cfe0f382fd2cde5b79

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules\rule130010v0.xml

Filesize
674B

MD5
bcdd117e151424029040784a770a980d

SHA1
c7c28ded2644ac182dedbc283a2de38a0dcb3d43

SHA256
a8f9b357507e7b5f708a8ddab6585127a5bf82349a268b883d898a6d81f24364

SHA512
3c1acc9fe52e5f99e37f2025e8a0f7a595fda9929e546751ff3bb3f1a3a7a0c76e392b73ec44e1c61e520d3703c5cd89b191229cd19d17b8b94077d6a0073be4

Download Submit
C:\Windows\Temp\OFFICE~1\d640.cab

Filesize
9KB

MD5
ebe3e85bb1e2bce70635455001289905

SHA1
a84ed1fb3ab8354db37a70030ddc9cff33b7e64f

SHA256
4ee75e68078dafd0c64d10d6fe3d16cb989651f07a270571ec2886ba9e7b5476

SHA512
a3e1da8a6519bccd5f5cc5755dd4b58a45a7d74addfe3cfcc09b01790ca651ee7cd5577eb5e4e584a9ce174e6f9287d0a29ab472809735d5ec972c4cf9772c7e

Download Submit
C:\Windows\Temp\OFFICE~1\d641033.cab

Filesize
9KB

MD5
10b14e32396800c064890aa3ea33da1c

SHA1
9e641fe2b6bff9b467987cdbf0096795fb923feb

SHA256
83a12129a0bfa26504b0a408e744850c046340da51cf6c29a8dc5877416974f9

SHA512
1561046f71f3bc9e1809877a166bccb20b436d6ab992428105b31f7f291a932cc350fd0d88818f6ef33b2e0e1c94aae2224c66ef62c5c22686fe18e8ff6f8ded

Download Submit
C:\Windows\Temp\OFFICE~1\s640.cab

Filesize
2.8MB

MD5
2ec1c3b3ef477e83f42fa432e9c43f45

SHA1
763a258a9c6244e5f0c833ddbf227616fdfda39f

SHA256
d3fc5363da461f6d33df655c7d620fed16ae92a19ab056520eb255a0b9e50ef6

SHA512
14bab361128187a2c120651a8ab373f6b6f6bd774ee565d255ef777b339421254a28a31b49d56a5136aaa89c53ec84b3902a18e39a19201469ef3ba0a94ebf56

Download Submit
C:\Windows\Temp\OFFICE~1\s641033.cab

Filesize
549KB

MD5
12aa534e425d394deb36c528acb266eb

SHA1
f562f11e7e93198ea7a86dde8bf87be9e73078d6

SHA256
fa647673913e0ad5409371721bc9aa045d412d71b222c2eec19eea5a7d1bcaa8

SHA512
9858aa2e5204a715e309daad09b51c5e053dd73751537f211ed7725fea8e66fa1f5001b0e17ca75b69e59cab6c5bcc3cd0edb5da1333edd15edb079cb760a45b

Download Submit
C:\Windows\Temp\OFFICE~1\sd640.delta00.cab

Filesize
2.4MB

MD5
14bedbe01b30099626ab4008fcd7530f

SHA1
7cec1722f6ff970fd23fe1c264e6bb670efe861d

SHA256
744bdda7af438b2daaa8b59fa25cf43085f245842b36583c3b84f6340e9d412a

SHA512
a0e1156f2e4f4cbfded066897d769559bf334858be738c81c4f3365d0e44c5823d955d72436cfb6795e2e2fc1f0467dab940b38fea521e56674d8afc5f1a6024

Download Submit
C:\Windows\Temp\OFFICE~1\sd640.delta01.cab

Filesize
34KB

MD5
4f1c0a6cdb38e01a364e09dfdf83ce03

SHA1
c660f6ac713a92cc0f530ec339e160f9d9273c54

SHA256
55f707d8051d2e18c259576aa8703d4c5d1d297da7f4fd420e7d0355b6b07c1e

SHA512
8cc7c61525bc5036c699c872a6d4f70e03d67ae0e7dffc42a6352a1a0e179a826683824358586721900f910a5f72575a192de4b2fe2513c0d704abbd18720ab3

Download Submit
C:\Windows\Temp\OFFICE~1\sd640.delta02.cab

Filesize
34KB

MD5
cb86bbaa06cb3b005ee31d22a1ae083f

SHA1
b1a21f5e1181a31314f998f786224ef1b6f81f5b

SHA256
01e941f1e6a6179b983e02c992823d96109ce5789de204885be8e8ba7a2deb73

SHA512
bf0c4bf3094498cce0d05ba76f79010ec8c30334c01d8e5145f242b1678e6c84c054fe147672d7bef74573db9b3c1a90b674496c0db3507c5fa96b0afe448481

Download Submit
C:\Windows\Temp\OFFICE~1\sd640.delta03.cab

Filesize
34KB

MD5
3f25b7911efc686c865625e39a77d8e4

SHA1
329cfd89d2a131c706aab6db207aafe943d0a360

SHA256
abec6e6e166032b5a13df3086ef9337206440dd718129d7576f6cc51430049a0

SHA512
51133a349855db5f0fd9a1b4cd7ca51dff1db5156691c492c937fcc334f608ff87e46c45eca3a2cfa7dd1ceaf7116f688b77b93ffd5d375cad48b19707078056

Download Submit
C:\Windows\Temp\OFFICE~1\sd641033.delta00.cab

Filesize
339KB

MD5
45bc024fdeaa6ebe20fd6b94b91aedd1

SHA1
11e3586a6ca8613a8447f997b3bc78e7cc89e297

SHA256
4725ab5e07da2c91c854a0299078b9a51afcd55918725d18a42f7b960a1bb6bc

SHA512
dceda4b6e96a42b469c45bf888990d3823da3bbe5e5d069b4ef830f8b3e2e27aa4c954a61c6151b3acea18b746ba5a5d1abf542949aa89577b69b82835a56123

Download Submit
C:\Windows\Temp\OFFICE~1\sd641033.delta01.cab

Filesize
30KB

MD5
802a35a8fef028835d4298554f829665

SHA1
6a7fe5ff9add1b58c9eecf02a5dc7603feca768f

SHA256
c9b3a1ba324b6fe6c955bc7ac81f3cf5cc3c1cd3f67321331a0408885e6ac12b

SHA512
f9b37cd2f93bb46600d6c2361fa4a93a37d4f89076dc2fa09cbfdaf10b5c539d0f95c73d6d8af5f1b14a18eec8ce5a3f569408d479cffa099dc513a7a0370527

Download Submit
C:\Windows\Temp\OFFICE~1\sd641033.delta02.cab

Filesize
30KB

MD5
692357d01cc7fa20f28a2d03ad53a47c

SHA1
cb6f7133695497c5d5fffe081e9d85feaf12f9e7

SHA256
002fcefba5ef4a0f040f109329d5d00d332ac0a192f5f2b623e902a0a08f1cf1

SHA512
75674af2212a4ef62543bc55602fc9d475d18b682d0a0b6be26126de5d7d6a00d41b732de9d78ac905a35a177cf4e8812002b1c5d9ab9eb10b24d96740e59e9a

Download Submit
C:\Windows\Temp\OFFICE~1\sd641033.delta03.cab

Filesize
30KB

MD5
7ad5e32b178d569067f895ef53bb1a47

SHA1
05b107681626dbfda93e0e1742745423fd167ab3

SHA256
fcf19acd1201533bb78371c5162a76d951da70ff075269ac91cad99ac68c1877

SHA512
4e7ec8e5c2adcc2070071fffdd888f4e6c235eb08e43774f17ca8451d9363b7c5dceb621c9843f0272506d5497cef8d40ae57166871eed5a0f9a74f22d0ee922

Download Submit
memory/3196-1623-0x00007FFDE3660000-0x00007FFDE36FB000-memory.dmp

Filesize
620KB

Download
memory/3196-1626-0x0000019934540000-0x0000019934549000-memory.dmp

Filesize
36KB

Download
memory/3196-1621-0x00007FF726C60000-0x00007FF7276F9000-memory.dmp

Filesize
10.6MB

Download
memory/3196-1625-0x00007FFDCF8C0000-0x00007FFDCFBCE000-memory.dmp

Filesize
3.1MB

Download
memory/3196-1622-0x00007FFDE9E30000-0x00007FFDE9E45000-memory.dmp

Filesize
84KB

Download
memory/3196-1624-0x00007FFDE5F10000-0x00007FFDE5F4A000-memory.dmp

Filesize
232KB

Download
memory/4464-196-0x00007FFDB4470000-0x00007FFDB4480000-memory.dmp

Filesize
64KB

Download
memory/4464-197-0x00007FFDB4470000-0x00007FFDB4480000-memory.dmp

Filesize
64KB

Download
memory/4464-194-0x00007FFDB4470000-0x00007FFDB4480000-memory.dmp

Filesize
64KB

Download
memory/4464-378-0x00007FFDB1ED0000-0x00007FFDB1EE0000-memory.dmp

Filesize
64KB

Download
memory/4464-245-0x00007FFDB4470000-0x00007FFDB4480000-memory.dmp

Filesize
64KB

Download
memory/4464-195-0x00007FFDB4470000-0x00007FFDB4480000-memory.dmp

Filesize
64KB

Download
memory/4464-365-0x00007FFDB1ED0000-0x00007FFDB1EE0000-memory.dmp

Filesize
64KB

Download
memory/4648-0-0x0000000000E10000-0x0000000000E11000-memory.dmp

Filesize
4KB

Download
memory/4648-128-0x0000000000400000-0x0000000000C23000-memory.dmp

Filesize
8.1MB

Download
memory/4756-1202-0x0000000000400000-0x0000000000C23000-memory.dmp

Filesize
8.1MB

Download
memory/4756-2378-0x0000000000400000-0x0000000000C23000-memory.dmp

Filesize
8.1MB

Download
memory/4792-1201-0x0000000000400000-0x0000000000C23000-memory.dmp

Filesize
8.1MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v16

Replay Monitor

Loading Replay Monitor...

Downloads