rms | f482ebcd0af782431dae0bff57e93bb999b97e5d10803e4125e187a0d0c634f4

Analysis

max time kernel
149s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
30-11-2022 17:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f482ebcd0af782431dae0bff57e93bb999b97e5d10803e4125e187a0d0c634f4.exe
Size

4.3MB
MD5

1e70fd57ca450025f58f08e6f43d3e89
SHA1

85aa2be789dcf465020a6affb99a7938a5da7ef6
SHA256

f482ebcd0af782431dae0bff57e93bb999b97e5d10803e4125e187a0d0c634f4
SHA512

4f7caecc0564d148970b7fd742f70658d3e0ced981440f012956ed6802544195a55886037e4c128d4bf01a232e72fb802630c8ad4f50510d137f0529ea761eae
SSDEEP

98304:PcrtMNtLqI88MvBQWnj7QEng+2BPn5zlbA46Juq/LfWFVw8aL:PCMNZqxvBQWnj7QCt25tlM4QuqjWFVc

Score

10^/10

rms aspackv2 rat trojan upx

Malware Config

Signatures

RMS
Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
trojan rat rms

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

Processes:

resource	yara_rule
\??\c:\program files\java\vp8encoder.dll	acprotect
\??\c:\program files\java\vp8decoder.dll	acprotect

ASPack v2.12-2.42 9 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

Processes:

resource	yara_rule
C:\Program Files\Java\rutserv.exe	aspack_v212_v242
\??\c:\program files\java\rutserv.exe	aspack_v212_v242
C:\Program Files\Java\rutserv.exe	aspack_v212_v242
C:\Program Files\Java\rutserv.exe	aspack_v212_v242
C:\Program Files\Java\rutserv.exe	aspack_v212_v242
\??\c:\program files\java\rfusclient.exe	aspack_v212_v242
C:\Program Files\Java\rfusclient.exe	aspack_v212_v242
C:\Program Files\Java\rfusclient.exe	aspack_v212_v242
C:\Program Files\Java\rfusclient.exe	aspack_v212_v242

Executes dropped EXE 9 IoCs

Processes:

VkBot_Gladiator.sfx.exeVkBot_Gladiator.exerutserv.exerutserv.exerutserv.exerutserv.exerfusclient.exerfusclient.exerfusclient.exe

pid	process
5032	VkBot_Gladiator.sfx.exe
4520	VkBot_Gladiator.exe
1512	rutserv.exe
2896	rutserv.exe
4816	rutserv.exe
4592	rutserv.exe
1812	rfusclient.exe
3776	rfusclient.exe
2160	rfusclient.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
\??\c:\program files\java\vp8encoder.dll	upx
\??\c:\program files\java\vp8decoder.dll	upx

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

VkBot_Gladiator.exeWScript.exef482ebcd0af782431dae0bff57e93bb999b97e5d10803e4125e187a0d0c634f4.exeVkBot_Gladiator.sfx.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	VkBot_Gladiator.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	f482ebcd0af782431dae0bff57e93bb999b97e5d10803e4125e187a0d0c634f4.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	VkBot_Gladiator.sfx.exe

Drops file in Program Files directory 15 IoCs

Processes:

VkBot_Gladiator.exe

description	ioc	process
File created	C:\Program Files\Java\__tmp_rar_sfx_access_check_240599515	VkBot_Gladiator.exe
File opened for modification	C:\Program Files\Java\install.vbs	VkBot_Gladiator.exe
File created	C:\Program Files\Java\rutserv.exe	VkBot_Gladiator.exe
File created	C:\Program Files\Java\vp8decoder.dll	VkBot_Gladiator.exe
File opened for modification	C:\Program Files\Java\vp8encoder.dll	VkBot_Gladiator.exe
File opened for modification	C:\Program Files\Java\regedit.reg	VkBot_Gladiator.exe
File created	C:\Program Files\Java\install.bat	VkBot_Gladiator.exe
File opened for modification	C:\Program Files\Java\install.bat	VkBot_Gladiator.exe
File opened for modification	C:\Program Files\Java\rfusclient.exe	VkBot_Gladiator.exe
File opened for modification	C:\Program Files\Java\vp8decoder.dll	VkBot_Gladiator.exe
File created	C:\Program Files\Java\vp8encoder.dll	VkBot_Gladiator.exe
File created	C:\Program Files\Java\regedit.reg	VkBot_Gladiator.exe
File created	C:\Program Files\Java\install.vbs	VkBot_Gladiator.exe
File created	C:\Program Files\Java\rfusclient.exe	VkBot_Gladiator.exe
File opened for modification	C:\Program Files\Java\rutserv.exe	VkBot_Gladiator.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Delays execution with timeout.exe 1 IoCs
evasion

Processes:

timeout.exe

pid process

1112 timeout.exe
Kills process with taskkill 2 IoCs
evasion

Processes:

taskkill.exetaskkill.exe

pid process

4064 taskkill.exe
3756 taskkill.exe
Modifies registry class 1 IoCs

Processes:

VkBot_Gladiator.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings VkBot_Gladiator.exe
Runs .reg file with regedit 1 IoCs

Processes:

regedit.exe

pid process

1212 regedit.exe

pid	process
1112	timeout.exe

pid	process
4064	taskkill.exe
3756	taskkill.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings	VkBot_Gladiator.exe

pid	process
1212	regedit.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

Processes:

rutserv.exerutserv.exerutserv.exerutserv.exerfusclient.exe

pid	process
1512	rutserv.exe
1512	rutserv.exe
1512	rutserv.exe
1512	rutserv.exe
1512	rutserv.exe
1512	rutserv.exe
2896	rutserv.exe
2896	rutserv.exe
4816	rutserv.exe
4816	rutserv.exe
4592	rutserv.exe
4592	rutserv.exe
4592	rutserv.exe
4592	rutserv.exe
4592	rutserv.exe
4592	rutserv.exe
1812	rfusclient.exe
1812	rfusclient.exe

Suspicious behavior: SetClipboardViewer 1 IoCs

Processes:

rfusclient.exe

pid process

2160 rfusclient.exe

pid	process
2160	rfusclient.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

Processes:

taskkill.exetaskkill.exerutserv.exerutserv.exerutserv.exe

description	pid	process
Token: SeDebugPrivilege	3756	taskkill.exe
Token: SeDebugPrivilege	4064	taskkill.exe
Token: SeDebugPrivilege	1512	rutserv.exe
Token: SeDebugPrivilege	4816	rutserv.exe
Token: SeTakeOwnershipPrivilege	4592	rutserv.exe
Token: SeTcbPrivilege	4592	rutserv.exe
Token: SeTcbPrivilege	4592	rutserv.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

rutserv.exerutserv.exerutserv.exerutserv.exe

pid process

1512 rutserv.exe
2896 rutserv.exe
4816 rutserv.exe
4592 rutserv.exe

Suspicious use of WriteProcessMemory 48 IoCs

Processes:

f482ebcd0af782431dae0bff57e93bb999b97e5d10803e4125e187a0d0c634f4.execmd.exeVkBot_Gladiator.sfx.exeVkBot_Gladiator.exeWScript.execmd.exerutserv.exerfusclient.exe

description	pid	process	target process
PID 1496 wrote to memory of 320	1496	f482ebcd0af782431dae0bff57e93bb999b97e5d10803e4125e187a0d0c634f4.exe	cmd.exe
PID 1496 wrote to memory of 320	1496	f482ebcd0af782431dae0bff57e93bb999b97e5d10803e4125e187a0d0c634f4.exe	cmd.exe
PID 1496 wrote to memory of 320	1496	f482ebcd0af782431dae0bff57e93bb999b97e5d10803e4125e187a0d0c634f4.exe	cmd.exe
PID 320 wrote to memory of 5032	320	cmd.exe	VkBot_Gladiator.sfx.exe
PID 320 wrote to memory of 5032	320	cmd.exe	VkBot_Gladiator.sfx.exe
PID 320 wrote to memory of 5032	320	cmd.exe	VkBot_Gladiator.sfx.exe
PID 5032 wrote to memory of 4520	5032	VkBot_Gladiator.sfx.exe	VkBot_Gladiator.exe
PID 5032 wrote to memory of 4520	5032	VkBot_Gladiator.sfx.exe	VkBot_Gladiator.exe
PID 5032 wrote to memory of 4520	5032	VkBot_Gladiator.sfx.exe	VkBot_Gladiator.exe
PID 4520 wrote to memory of 3100	4520	VkBot_Gladiator.exe	WScript.exe
PID 4520 wrote to memory of 3100	4520	VkBot_Gladiator.exe	WScript.exe
PID 4520 wrote to memory of 3100	4520	VkBot_Gladiator.exe	WScript.exe
PID 3100 wrote to memory of 628	3100	WScript.exe	cmd.exe
PID 3100 wrote to memory of 628	3100	WScript.exe	cmd.exe
PID 3100 wrote to memory of 628	3100	WScript.exe	cmd.exe
PID 628 wrote to memory of 3756	628	cmd.exe	taskkill.exe
PID 628 wrote to memory of 3756	628	cmd.exe	taskkill.exe
PID 628 wrote to memory of 3756	628	cmd.exe	taskkill.exe
PID 628 wrote to memory of 4064	628	cmd.exe	taskkill.exe
PID 628 wrote to memory of 4064	628	cmd.exe	taskkill.exe
PID 628 wrote to memory of 4064	628	cmd.exe	taskkill.exe
PID 628 wrote to memory of 864	628	cmd.exe	reg.exe
PID 628 wrote to memory of 864	628	cmd.exe	reg.exe
PID 628 wrote to memory of 864	628	cmd.exe	reg.exe
PID 628 wrote to memory of 1212	628	cmd.exe	regedit.exe
PID 628 wrote to memory of 1212	628	cmd.exe	regedit.exe
PID 628 wrote to memory of 1212	628	cmd.exe	regedit.exe
PID 628 wrote to memory of 1112	628	cmd.exe	timeout.exe
PID 628 wrote to memory of 1112	628	cmd.exe	timeout.exe
PID 628 wrote to memory of 1112	628	cmd.exe	timeout.exe
PID 628 wrote to memory of 1512	628	cmd.exe	rutserv.exe
PID 628 wrote to memory of 1512	628	cmd.exe	rutserv.exe
PID 628 wrote to memory of 1512	628	cmd.exe	rutserv.exe
PID 628 wrote to memory of 2896	628	cmd.exe	rutserv.exe
PID 628 wrote to memory of 2896	628	cmd.exe	rutserv.exe
PID 628 wrote to memory of 2896	628	cmd.exe	rutserv.exe
PID 628 wrote to memory of 4816	628	cmd.exe	rutserv.exe
PID 628 wrote to memory of 4816	628	cmd.exe	rutserv.exe
PID 628 wrote to memory of 4816	628	cmd.exe	rutserv.exe
PID 4592 wrote to memory of 1812	4592	rutserv.exe	rfusclient.exe
PID 4592 wrote to memory of 1812	4592	rutserv.exe	rfusclient.exe
PID 4592 wrote to memory of 1812	4592	rutserv.exe	rfusclient.exe
PID 4592 wrote to memory of 3776	4592	rutserv.exe	rfusclient.exe
PID 4592 wrote to memory of 3776	4592	rutserv.exe	rfusclient.exe
PID 4592 wrote to memory of 3776	4592	rutserv.exe	rfusclient.exe
PID 1812 wrote to memory of 2160	1812	rfusclient.exe	rfusclient.exe
PID 1812 wrote to memory of 2160	1812	rfusclient.exe	rfusclient.exe
PID 1812 wrote to memory of 2160	1812	rfusclient.exe	rfusclient.exe

C:\Users\Admin\AppData\Local\Temp\f482ebcd0af782431dae0bff57e93bb999b97e5d10803e4125e187a0d0c634f4.exe
"C:\Users\Admin\AppData\Local\Temp\f482ebcd0af782431dae0bff57e93bb999b97e5d10803e4125e187a0d0c634f4.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:1496

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\2.bat" "
2⤵
- Suspicious use of WriteProcessMemory
PID:320

\??\c:\VkBot_Gladiator.sfx.exe
VkBot_Gladiator.sfx -p1 -dc:/
3⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:5032

C:\VkBot_Gladiator.exe
"C:\VkBot_Gladiator.exe"
4⤵
- Executes dropped EXE
- Checks computer location settings
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4520

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\program files\java\install.vbs"
5⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:3100

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Program Files\Java\install.bat" "
6⤵
- Suspicious use of WriteProcessMemory
PID:628

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im rutserv.exe
7⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:3756

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im rfusclient.exe
7⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:4064

C:\Windows\SysWOW64\reg.exe
reg delete "HKLM\SYSTEM\Remote Manipulator System" /f
7⤵
PID:864

C:\Windows\SysWOW64\regedit.exe
regedit /s "regedit.reg"
7⤵
- Runs .reg file with regedit
PID:1212

C:\Windows\SysWOW64\timeout.exe
timeout 2
7⤵
- Delays execution with timeout.exe
PID:1112

\??\c:\program files\java\rutserv.exe
rutserv.exe /silentinstall
7⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1512

\??\c:\program files\java\rutserv.exe
rutserv.exe /firewall
7⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2896

\??\c:\program files\java\rutserv.exe
rutserv.exe /start
7⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4816

\??\c:\program files\java\rutserv.exe
"c:\program files\java\rutserv.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4592

\??\c:\program files\java\rfusclient.exe
"c:\program files\java\rfusclient.exe" /tray
2⤵
- Executes dropped EXE
PID:3776

\??\c:\program files\java\rfusclient.exe
"c:\program files\java\rfusclient.exe"
2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1812

\??\c:\program files\java\rfusclient.exe
"c:\program files\java\rfusclient.exe" /tray
3⤵
- Executes dropped EXE
- Suspicious behavior: SetClipboardViewer
PID:2160

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\2.bat
Filesize
29B

MD5
e24af91d28263115f2bfedb58c0d3f49

SHA1
6b7f383a39dedc109dc5bee9d92bb7cd7fd9d9af

SHA256
eb8a75952a8f00a62a7ae6d8f968ffb3d7aabacd68f6b4a1b97f6106d6196ca0

SHA512
374754014bf0a213b55f13c8866a0eda2f1fd5bf0d74b09fb58390f4a91acd4d71b4c95fb354296ada4bba59cb84f8549740b631f09ac2694cca4b40d7c832f5

Download Submit
C:\Program Files\Java\install.bat
Filesize
292B

MD5
22d9c5de4ae0f36c4ecee13dbee6b661

SHA1
dc1e05dce9b90946233a98879b3b404ad84010bf

SHA256
f689fd8d491ceb8e7a04812970e21fc6a7e8d8e5e7e0e33041b6cd1871a08a9a

SHA512
0183e64b6fff3e92494f6f955e7a95decedb0970ce14303c17903d0fb1f7273209b9ec6d40120d2bfbdf14621de56327ca38c7510ad9a7ef9805486b75fa75e5

Download Submit
C:\Program Files\Java\rfusclient.exe
Filesize
1.5MB

MD5
b8667a1e84567fcf7821bcefb6a444af

SHA1
9c1f91fe77ad357c8f81205d65c9067a270d61f0

SHA256
dc9d875e659421a51addd8e8a362c926369e84320ab0c5d8bbb1e4d12d372fc9

SHA512
ec6af663a3b41719d684f04504746f91196105ef6f8baa013b4bd02df6684eca49049d5517691f8e3a4ba6351fe35545a27f728b1d29d949e950d574a012f852

Download Submit
C:\Program Files\Java\rfusclient.exe
Filesize
1.5MB

MD5
b8667a1e84567fcf7821bcefb6a444af

SHA1
9c1f91fe77ad357c8f81205d65c9067a270d61f0

SHA256
dc9d875e659421a51addd8e8a362c926369e84320ab0c5d8bbb1e4d12d372fc9

SHA512
ec6af663a3b41719d684f04504746f91196105ef6f8baa013b4bd02df6684eca49049d5517691f8e3a4ba6351fe35545a27f728b1d29d949e950d574a012f852

Download Submit
C:\Program Files\Java\rfusclient.exe
Filesize
1.5MB

MD5
b8667a1e84567fcf7821bcefb6a444af

SHA1
9c1f91fe77ad357c8f81205d65c9067a270d61f0

SHA256
dc9d875e659421a51addd8e8a362c926369e84320ab0c5d8bbb1e4d12d372fc9

SHA512
ec6af663a3b41719d684f04504746f91196105ef6f8baa013b4bd02df6684eca49049d5517691f8e3a4ba6351fe35545a27f728b1d29d949e950d574a012f852

Download Submit
C:\Program Files\Java\rutserv.exe
Filesize
1.7MB

MD5
37a8802017a212bb7f5255abc7857969

SHA1
cb10c0d343c54538d12db8ed664d0a1fa35b6109

SHA256
1699b9b4fc1724f9b0918b57ca58c453829a3935efd89bd4e9fa66b5e9f2b8a6

SHA512
4e20141da8ea4499daf8be5cc41b664dc4229e9575765caf6dc5873d8d0a09f9e200988e1404e767d0415005876a4cf38d5737bd3e1b2c12c4a8fb28adb4f0a0

Download Submit
C:\Program Files\Java\rutserv.exe
Filesize
1.7MB

MD5
37a8802017a212bb7f5255abc7857969

SHA1
cb10c0d343c54538d12db8ed664d0a1fa35b6109

SHA256
1699b9b4fc1724f9b0918b57ca58c453829a3935efd89bd4e9fa66b5e9f2b8a6

SHA512
4e20141da8ea4499daf8be5cc41b664dc4229e9575765caf6dc5873d8d0a09f9e200988e1404e767d0415005876a4cf38d5737bd3e1b2c12c4a8fb28adb4f0a0

Download Submit
C:\Program Files\Java\rutserv.exe
Filesize
1.7MB

MD5
37a8802017a212bb7f5255abc7857969

SHA1
cb10c0d343c54538d12db8ed664d0a1fa35b6109

SHA256
1699b9b4fc1724f9b0918b57ca58c453829a3935efd89bd4e9fa66b5e9f2b8a6

SHA512
4e20141da8ea4499daf8be5cc41b664dc4229e9575765caf6dc5873d8d0a09f9e200988e1404e767d0415005876a4cf38d5737bd3e1b2c12c4a8fb28adb4f0a0

Download Submit
C:\Program Files\Java\rutserv.exe
Filesize
1.7MB

MD5
37a8802017a212bb7f5255abc7857969

SHA1
cb10c0d343c54538d12db8ed664d0a1fa35b6109

SHA256
1699b9b4fc1724f9b0918b57ca58c453829a3935efd89bd4e9fa66b5e9f2b8a6

SHA512
4e20141da8ea4499daf8be5cc41b664dc4229e9575765caf6dc5873d8d0a09f9e200988e1404e767d0415005876a4cf38d5737bd3e1b2c12c4a8fb28adb4f0a0

Download Submit
C:\VkBot_Gladiator.exe
Filesize
3.9MB

MD5
aa6e6ff85d0b9bffd86c81ade21b7e95

SHA1
656af3fdd2d6348042e0703537f333da01a3ac09

SHA256
3b275129e94333720cc3f7bec547040ddcae8dec94f157e46f2623b365e0b13c

SHA512
4a33e54ddafeabab92fd6c99d7c7ef5fa0c64aa2409629b3573581136b9c4ef6ca76ae18ed95259aa394ff9692e5da1b82240963f3a5464fb30ba2ad71b67988

Download Submit
C:\VkBot_Gladiator.exe
Filesize
3.9MB

MD5
aa6e6ff85d0b9bffd86c81ade21b7e95

SHA1
656af3fdd2d6348042e0703537f333da01a3ac09

SHA256
3b275129e94333720cc3f7bec547040ddcae8dec94f157e46f2623b365e0b13c

SHA512
4a33e54ddafeabab92fd6c99d7c7ef5fa0c64aa2409629b3573581136b9c4ef6ca76ae18ed95259aa394ff9692e5da1b82240963f3a5464fb30ba2ad71b67988

Download Submit
C:\VkBot_Gladiator.sfx.exe
Filesize
4.1MB

MD5
90784cb1c670e0e088d33533a2e60f3a

SHA1
7b8ef637938df5b67ab728ac78915ce010f4dc4c

SHA256
3cab649d930909bcb66acf6571eba4fbff1e8b3c7ec43275ce2b1647cfd1776d

SHA512
b4c5aceae14329f35388af914c329605f63d018e2b689ae366e78bea3c844e39b0c8abb13c50813a3e273f0554242dc1ee13bf038c60654ff112e6b8eaad1236

Download Submit
C:\program files\java\install.vbs
Filesize
117B

MD5
65fc32766a238ff3e95984e325357dbb

SHA1
3ac16a2648410be8aa75f3e2817fbf69bb0e8922

SHA256
a7b067e9e4d44efe579c7cdb1e847d61af2323d3d73c6fffb22e178ae476f420

SHA512
621e81fc2d0f9dd92413481864638a140bee94c7dbd31f944826b21bd6ad6b8a59e63de9f7f0025cffc0efb7f9975dde77f523510ee23ada62c152a63a22f608

Download Submit
\??\c:\VkBot_Gladiator.sfx.exe
Filesize
4.1MB

MD5
90784cb1c670e0e088d33533a2e60f3a

SHA1
7b8ef637938df5b67ab728ac78915ce010f4dc4c

SHA256
3cab649d930909bcb66acf6571eba4fbff1e8b3c7ec43275ce2b1647cfd1776d

SHA512
b4c5aceae14329f35388af914c329605f63d018e2b689ae366e78bea3c844e39b0c8abb13c50813a3e273f0554242dc1ee13bf038c60654ff112e6b8eaad1236

Download Submit
\??\c:\program files\java\regedit.reg
Filesize
11KB

MD5
77ba37fbcaf2577f55bb8abe772642b1

SHA1
9842ba62c277bba37433bd2cae422e008f7818f2

SHA256
d1a300dea81c63d2da9df30293ffb0e6ca9212f438f21c44a3e71143f0925674

SHA512
bd376234f3e84053881c8e71b9db182266e44c71686b2484747e20a85f49e7882837f3db7a4154379b56f5fecd06315f845fc6517bf5d5a786c783618c218117

Download Submit
\??\c:\program files\java\rfusclient.exe
Filesize
1.5MB

MD5
b8667a1e84567fcf7821bcefb6a444af

SHA1
9c1f91fe77ad357c8f81205d65c9067a270d61f0

SHA256
dc9d875e659421a51addd8e8a362c926369e84320ab0c5d8bbb1e4d12d372fc9

SHA512
ec6af663a3b41719d684f04504746f91196105ef6f8baa013b4bd02df6684eca49049d5517691f8e3a4ba6351fe35545a27f728b1d29d949e950d574a012f852

Download Submit
\??\c:\program files\java\rutserv.exe
Filesize
1.7MB

MD5
37a8802017a212bb7f5255abc7857969

SHA1
cb10c0d343c54538d12db8ed664d0a1fa35b6109

SHA256
1699b9b4fc1724f9b0918b57ca58c453829a3935efd89bd4e9fa66b5e9f2b8a6

SHA512
4e20141da8ea4499daf8be5cc41b664dc4229e9575765caf6dc5873d8d0a09f9e200988e1404e767d0415005876a4cf38d5737bd3e1b2c12c4a8fb28adb4f0a0

Download Submit
\??\c:\program files\java\vp8decoder.dll
Filesize
155KB

MD5
88318158527985702f61d169434a4940

SHA1
3cc751ba256b5727eb0713aad6f554ff1e7bca57

SHA256
4c04d7968a9fe9d9258968d3a722263334bbf5f8af972f206a71f17fa293aa74

SHA512
5d88562b6c6d2a5b14390512712819238cd838914f7c48a27f017827cb9b825c24ff05a30333427acec93cd836e8f04158b86d17e6ac3dd62c55b2e2ff4e2aff

Download Submit
\??\c:\program files\java\vp8encoder.dll
Filesize
593KB

MD5
6298c0af3d1d563834a218a9cc9f54bd

SHA1
0185cd591e454ed072e5a5077b25c612f6849dc9

SHA256
81af82019d9f45a697a8ca1788f2c5c0205af9892efd94879dedf4bc06db4172

SHA512
389d89053689537cdb582c0e8a7951a84549f0c36484db4346c31bdbe7cb93141f6a354069eb13e550297dc8ec35cd6899746e0c16abc876a0fe542cc450fffe

Download Submit
memory/320-132-0x0000000000000000-mapping.dmp

Download
memory/628-143-0x0000000000000000-mapping.dmp

Download
memory/864-146-0x0000000000000000-mapping.dmp

Download
memory/1112-149-0x0000000000000000-mapping.dmp

Download
memory/1212-147-0x0000000000000000-mapping.dmp

Download
memory/1512-154-0x0000000000400000-0x0000000000AB9000-memory.dmp

Filesize
6.7MB

Download
memory/1512-155-0x0000000000400000-0x0000000000AB9000-memory.dmp

Filesize
6.7MB

Download
memory/1512-156-0x0000000000400000-0x0000000000AB9000-memory.dmp

Filesize
6.7MB

Download
memory/1512-157-0x0000000000400000-0x0000000000AB9000-memory.dmp

Filesize
6.7MB

Download
memory/1512-158-0x0000000000400000-0x0000000000AB9000-memory.dmp

Filesize
6.7MB

Download
memory/1512-153-0x0000000000400000-0x0000000000AB9000-memory.dmp

Filesize
6.7MB

Download
memory/1512-150-0x0000000000000000-mapping.dmp

Download
memory/1812-192-0x0000000000400000-0x00000000009B6000-memory.dmp

Filesize
5.7MB

Download
memory/1812-201-0x0000000000400000-0x00000000009B6000-memory.dmp

Filesize
5.7MB

Download
memory/1812-196-0x0000000000400000-0x00000000009B6000-memory.dmp

Filesize
5.7MB

Download
memory/1812-194-0x0000000000400000-0x00000000009B6000-memory.dmp

Filesize
5.7MB

Download
memory/1812-186-0x0000000000000000-mapping.dmp

Download
memory/1812-197-0x0000000000400000-0x00000000009B6000-memory.dmp

Filesize
5.7MB

Download
memory/1812-199-0x0000000000400000-0x00000000009B6000-memory.dmp

Filesize
5.7MB

Download
memory/2160-209-0x0000000000400000-0x00000000009B6000-memory.dmp

Filesize
5.7MB

Download
memory/2160-203-0x0000000000000000-mapping.dmp

Download
memory/2160-205-0x0000000000400000-0x00000000009B6000-memory.dmp

Filesize
5.7MB

Download
memory/2160-206-0x0000000000400000-0x00000000009B6000-memory.dmp

Filesize
5.7MB

Download
memory/2160-207-0x0000000000400000-0x00000000009B6000-memory.dmp

Filesize
5.7MB

Download
memory/2160-210-0x0000000000400000-0x00000000009B6000-memory.dmp

Filesize
5.7MB

Download
memory/2160-211-0x0000000000400000-0x00000000009B6000-memory.dmp

Filesize
5.7MB

Download
memory/2896-162-0x0000000000400000-0x0000000000AB9000-memory.dmp

Filesize
6.7MB

Download
memory/2896-166-0x0000000000400000-0x0000000000AB9000-memory.dmp

Filesize
6.7MB

Download
memory/2896-167-0x0000000000400000-0x0000000000AB9000-memory.dmp

Filesize
6.7MB

Download
memory/2896-163-0x0000000000400000-0x0000000000AB9000-memory.dmp

Filesize
6.7MB

Download
memory/2896-161-0x0000000000400000-0x0000000000AB9000-memory.dmp

Filesize
6.7MB

Download
memory/2896-159-0x0000000000000000-mapping.dmp

Download
memory/2896-164-0x0000000000400000-0x0000000000AB9000-memory.dmp

Filesize
6.7MB

Download
memory/3100-140-0x0000000000000000-mapping.dmp

Download
memory/3756-144-0x0000000000000000-mapping.dmp

Download
memory/3776-187-0x0000000000000000-mapping.dmp

Download
memory/3776-200-0x0000000000400000-0x00000000009B6000-memory.dmp

Filesize
5.7MB

Download
memory/3776-193-0x0000000000400000-0x00000000009B6000-memory.dmp

Filesize
5.7MB

Download
memory/3776-198-0x0000000000400000-0x00000000009B6000-memory.dmp

Filesize
5.7MB

Download
memory/3776-190-0x0000000000400000-0x00000000009B6000-memory.dmp

Filesize
5.7MB

Download
memory/3776-191-0x0000000000400000-0x00000000009B6000-memory.dmp

Filesize
5.7MB

Download
memory/3776-202-0x0000000000400000-0x00000000009B6000-memory.dmp

Filesize
5.7MB

Download
memory/4064-145-0x0000000000000000-mapping.dmp

Download
memory/4520-137-0x0000000000000000-mapping.dmp

Download
memory/4592-177-0x0000000000400000-0x0000000000AB9000-memory.dmp

Filesize
6.7MB

Download
memory/4592-181-0x0000000000400000-0x0000000000AB9000-memory.dmp

Filesize
6.7MB

Download
memory/4592-179-0x0000000000400000-0x0000000000AB9000-memory.dmp

Filesize
6.7MB

Download
memory/4592-180-0x0000000000400000-0x0000000000AB9000-memory.dmp

Filesize
6.7MB

Download
memory/4592-178-0x0000000000400000-0x0000000000AB9000-memory.dmp

Filesize
6.7MB

Download
memory/4592-182-0x0000000000400000-0x0000000000AB9000-memory.dmp

Filesize
6.7MB

Download
memory/4816-174-0x0000000000400000-0x0000000000AB9000-memory.dmp

Filesize
6.7MB

Download
memory/4816-173-0x0000000000400000-0x0000000000AB9000-memory.dmp

Filesize
6.7MB

Download
memory/4816-171-0x0000000000400000-0x0000000000AB9000-memory.dmp

Filesize
6.7MB

Download
memory/4816-172-0x0000000000400000-0x0000000000AB9000-memory.dmp

Filesize
6.7MB

Download
memory/4816-168-0x0000000000000000-mapping.dmp

Download
memory/4816-170-0x0000000000400000-0x0000000000AB9000-memory.dmp

Filesize
6.7MB

Download
memory/4816-175-0x0000000000400000-0x0000000000AB9000-memory.dmp

Filesize
6.7MB

Download
memory/4816-195-0x0000000000400000-0x0000000000AB9000-memory.dmp

Filesize
6.7MB

Download
memory/5032-134-0x0000000000000000-mapping.dmp

Download