40df120944411111cff226bbc8850800756fe6b99ab9bdda2c3234bae44fcef3

Analysis

max time kernel
150s
max time network
30s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
06-04-2023 08:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SecurityTaskManager_Setup.exe
Size

2.9MB
MD5

6dac98c7e865cc42e303df3504b0f6a6
SHA1

befd8ef8a73ca588fee6f2e19485bf1502b58734
SHA256

40df120944411111cff226bbc8850800756fe6b99ab9bdda2c3234bae44fcef3
SHA512

172493b2e5397eee622975e20a3758bd3e0f3e466adcb1a3bd3844e1e5645050371f9a593cf1b56293fce8fb2309621f4950379149a5c77dc4850530a4f79652
SSDEEP

49152:Pd+HtGXcROvfipetV2pSDwRgrFYv7WS4oW+ehUpkKmltavtaKhGiD79jkL0O:Pd+pROvapetV2UIMgSoX/xscg6939jkl

Score

7^/10

bootkit discovery evasion persistence spyware stealer trojan

Malware Config

Signatures

Executes dropped EXE 3 IoCs

Processes:

setup.exeTaskMan.exeTaskMan.exe

pid process

1668 setup.exe
304 TaskMan.exe
1552 TaskMan.exe

pid	process
1668	setup.exe
304	TaskMan.exe
1552	TaskMan.exe

Loads dropped DLL 10 IoCs

Processes:

SecurityTaskManager_Setup.exesetup.exeTaskMan.exeTaskMan.exe

pid	process
1984	SecurityTaskManager_Setup.exe
1668	setup.exe
1668	setup.exe
1668	setup.exe
1668	setup.exe
1668	setup.exe
304	TaskMan.exe
304	TaskMan.exe
1552	TaskMan.exe
1552	TaskMan.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

TaskMan.exeTaskMan.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	TaskMan.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	TaskMan.exe

Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

TaskMan.exeTaskMan.exe

description ioc process

File opened for modification \??\PhysicalDrive0 TaskMan.exe
File opened for modification \??\PhysicalDrive0 TaskMan.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	TaskMan.exe
File opened for modification	\??\PhysicalDrive0	TaskMan.exe

Checks system information in the registry 2 TTPs 2 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

TaskMan.exeTaskMan.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	TaskMan.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	TaskMan.exe

Drops file in Program Files directory 64 IoCs

Processes:

setup.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Security Task Manager\leggimi.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\lgs_finnish.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\lgs_korean.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\lgs_swedish.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\manual_en.pdf	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\sqlite3.dll	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\Formulaire.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\lgs_english.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\lgs_portuguese (Brasil).txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\manual_fr.pdf	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\SpyProtector.exe	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\lgs_deutsch.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\lgs_hungarian.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\lgs_polish.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\SpyProtector.exe	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\ascode.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\lgs_ukrainian.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\lgs_turkish.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\lgs_korean.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\lgs_portuguese.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\liesmich.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\manual_de.pdf	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\psapi_.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\Setup.exe	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\bestell.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\lgs_portuguese.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\readme.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\Setup.exe	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\uninstal.exe	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\Formulaire.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\lgs_spanish.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\TaskMan.exe	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\uninstal.exe	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\lgs_french.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\lgs_czech.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\lgs_danish.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\lgs_dutch.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\lgs_english.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\lgs_portuguese (Brasil).txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\LisezMoi.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\ordina.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\lgs_czech.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\lgs_hungarian.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\lgs_norwegian_bokmaal.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\lgs_polish.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\lgs_spanish.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\lgs_swedish.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\order.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\SpyProDll.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\lgs_bulgarian.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\order.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\ordina.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\sqlite3.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\taskman_fr.chm	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\lgs_dutch.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\lgs_turkish.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\LisezMoi.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\readme.txt	setup.exe
File opened for modification	C:\Program Files (x86)\Security Task Manager\TaskMan.exe	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\lgs_french.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\lgs_bulgarian.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\lgs_chinese.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\lgs_finnish.txt	setup.exe
File created	C:\Program Files (x86)\Security Task Manager\lgs_russian.txt	setup.exe

Drops file in Windows directory 2 IoCs

Processes:

TaskMan.exeTaskMan.exe

description	ioc	process
File opened for modification	C:\Windows\WindowsUpdate.log	TaskMan.exe
File opened for modification	C:\Windows\WindowsUpdate.log	TaskMan.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 6 IoCs

Processes:

TaskMan.exeTaskMan.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	TaskMan.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	TaskMan.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	TaskMan.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	TaskMan.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	TaskMan.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	TaskMan.exe

Modifies system certificate store 2 TTPs 4 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

TaskMan.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c909000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c01400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e52000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	TaskMan.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e51d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610b000000010000001200000056006500720069005300690067006e0000001400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af33313353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b060105050703030f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c92000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	TaskMan.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 040000000100000010000000cb17e431673ee209fe455793f30afa1c0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c909000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c01400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e5190000000100000010000000d8b5fb368468620275d142ffd2aade372000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	TaskMan.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5	TaskMan.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

TaskMan.exeTaskMan.exe

pid	process
304	TaskMan.exe
304	TaskMan.exe
1552	TaskMan.exe
1552	TaskMan.exe
1552	TaskMan.exe
1552	TaskMan.exe
1552	TaskMan.exe
1552	TaskMan.exe
1552	TaskMan.exe
1552	TaskMan.exe
1552	TaskMan.exe
1552	TaskMan.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

TaskMan.exe

pid process

1552 TaskMan.exe

pid	process
1552	TaskMan.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

TaskMan.exeTaskMan.exevssvc.exe

description	pid	process
Token: SeDebugPrivilege	304	TaskMan.exe
Token: SeDebugPrivilege	1552	TaskMan.exe
Token: SeManageVolumePrivilege	304	TaskMan.exe
Token: SeBackupPrivilege	1844	vssvc.exe
Token: SeRestorePrivilege	1844	vssvc.exe
Token: SeAuditPrivilege	1844	vssvc.exe
Token: SeDebugPrivilege	1552	TaskMan.exe
Token: SeDebugPrivilege	1552	TaskMan.exe
Token: SeDebugPrivilege	1552	TaskMan.exe
Token: SeDebugPrivilege	1552	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1552	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1552	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1552	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1552	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1552	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1552	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1552	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1552	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1552	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1552	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1552	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1552	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1552	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1552	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1552	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1552	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1552	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1552	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1552	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1552	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1552	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1552	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1552	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1552	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1552	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1552	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1552	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1552	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1552	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1552	TaskMan.exe
Token: SeDebugPrivilege	1552	TaskMan.exe
Token: SeDebugPrivilege	1552	TaskMan.exe
Token: SeDebugPrivilege	1552	TaskMan.exe
Token: SeDebugPrivilege	1552	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1552	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1552	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1552	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1552	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1552	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1552	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1552	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1552	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1552	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1552	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1552	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1552	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1552	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1552	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1552	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1552	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1552	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1552	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1552	TaskMan.exe
Token: SeTakeOwnershipPrivilege	1552	TaskMan.exe

Suspicious use of SetWindowsHookEx 9 IoCs

Processes:

TaskMan.exeTaskMan.exe

pid process

304 TaskMan.exe
304 TaskMan.exe
304 TaskMan.exe
304 TaskMan.exe
304 TaskMan.exe
1552 TaskMan.exe
1552 TaskMan.exe
1552 TaskMan.exe
1552 TaskMan.exe

Suspicious use of WriteProcessMemory 18 IoCs

Processes:

SecurityTaskManager_Setup.exesetup.exeexplorer.exe

description	pid	process	target process
PID 1984 wrote to memory of 1668	1984	SecurityTaskManager_Setup.exe	setup.exe
PID 1984 wrote to memory of 1668	1984	SecurityTaskManager_Setup.exe	setup.exe
PID 1984 wrote to memory of 1668	1984	SecurityTaskManager_Setup.exe	setup.exe
PID 1984 wrote to memory of 1668	1984	SecurityTaskManager_Setup.exe	setup.exe
PID 1984 wrote to memory of 1668	1984	SecurityTaskManager_Setup.exe	setup.exe
PID 1984 wrote to memory of 1668	1984	SecurityTaskManager_Setup.exe	setup.exe
PID 1984 wrote to memory of 1668	1984	SecurityTaskManager_Setup.exe	setup.exe
PID 1668 wrote to memory of 1384	1668	setup.exe	explorer.exe
PID 1668 wrote to memory of 1384	1668	setup.exe	explorer.exe
PID 1668 wrote to memory of 1384	1668	setup.exe	explorer.exe
PID 1668 wrote to memory of 1384	1668	setup.exe	explorer.exe
PID 1668 wrote to memory of 1384	1668	setup.exe	explorer.exe
PID 1668 wrote to memory of 1384	1668	setup.exe	explorer.exe
PID 1668 wrote to memory of 1384	1668	setup.exe	explorer.exe
PID 1796 wrote to memory of 304	1796	explorer.exe	TaskMan.exe
PID 1796 wrote to memory of 304	1796	explorer.exe	TaskMan.exe
PID 1796 wrote to memory of 304	1796	explorer.exe	TaskMan.exe
PID 1796 wrote to memory of 304	1796	explorer.exe	TaskMan.exe

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\SecurityTaskManager_Setup.exe
"C:\Users\Admin\AppData\Local\Temp\SecurityTaskManager_Setup.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1984

C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\setup.exe
".\setup.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1668

C:\Windows\SysWOW64\explorer.exe
"C:\Windows\System32\explorer.exe" "C:\Program Files (x86)\Security Task Manager\taskman.exe"
3⤵
PID:1384

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Suspicious use of WriteProcessMemory
PID:1796

C:\Program Files (x86)\Security Task Manager\TaskMan.exe
"C:\Program Files (x86)\Security Task Manager\TaskMan.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Writes to the Master Boot Record (MBR)
- Checks system information in the registry
- Drops file in Windows directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:304

C:\Program Files (x86)\Security Task Manager\TaskMan.exe
"C:\Program Files (x86)\Security Task Manager\TaskMan.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Writes to the Master Boot Record (MBR)
- Checks system information in the registry
- Drops file in Windows directory
- Modifies registry class
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1552

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1844

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Security Task Manager\TaskMan.exe
Filesize
1.2MB

MD5
3793144e54cf2faf1ea96b0316b167f7

SHA1
c7945adf9781274000b22a1d926c7de213eb7a8d

SHA256
40e0c7135c2b2df40c61a4008dab628be8c0056229c9a8e548669de79094ca86

SHA512
fba738d17c6bf32bcdb90a49cc5979201c2fb9c02c8ba94f451b25855cf2fefea3a9d7b9938721285bc51085dc44afd81482e0279bbbce86404b1c9b357af39e

Download Submit
C:\Program Files (x86)\Security Task Manager\TaskMan.exe
Filesize
1.2MB

MD5
3793144e54cf2faf1ea96b0316b167f7

SHA1
c7945adf9781274000b22a1d926c7de213eb7a8d

SHA256
40e0c7135c2b2df40c61a4008dab628be8c0056229c9a8e548669de79094ca86

SHA512
fba738d17c6bf32bcdb90a49cc5979201c2fb9c02c8ba94f451b25855cf2fefea3a9d7b9938721285bc51085dc44afd81482e0279bbbce86404b1c9b357af39e

Download Submit
C:\Program Files (x86)\Security Task Manager\TaskMan.exe
Filesize
1.2MB

MD5
3793144e54cf2faf1ea96b0316b167f7

SHA1
c7945adf9781274000b22a1d926c7de213eb7a8d

SHA256
40e0c7135c2b2df40c61a4008dab628be8c0056229c9a8e548669de79094ca86

SHA512
fba738d17c6bf32bcdb90a49cc5979201c2fb9c02c8ba94f451b25855cf2fefea3a9d7b9938721285bc51085dc44afd81482e0279bbbce86404b1c9b357af39e

Download Submit
C:\Program Files (x86)\Security Task Manager\TaskMan.exe
Filesize
1.2MB

MD5
3793144e54cf2faf1ea96b0316b167f7

SHA1
c7945adf9781274000b22a1d926c7de213eb7a8d

SHA256
40e0c7135c2b2df40c61a4008dab628be8c0056229c9a8e548669de79094ca86

SHA512
fba738d17c6bf32bcdb90a49cc5979201c2fb9c02c8ba94f451b25855cf2fefea3a9d7b9938721285bc51085dc44afd81482e0279bbbce86404b1c9b357af39e

Download Submit
C:\Program Files (x86)\Security Task Manager\ascode.dll
Filesize
49KB

MD5
7ebfde51ee8e23d22d69b68f7722cc37

SHA1
e057e91ee1934921f5fbc904c11c8e90ddba4b45

SHA256
ca99564a02ca24d1bf6e52505f517ad3eb014884496e49c5afd94fc11b40054f

SHA512
9eb45dcf4f176d268ed81a3f11c0ef1315067e0898a40b59a8e9ad6c051ba85c76fad81a807ffcb9dca7a69ce67bb8101e1270492090045d96de716ef51ca49a

Download Submit
C:\Program Files (x86)\Security Task Manager\lgs_bulgarian.txt
Filesize
37KB

MD5
89f324a12d6e19b549027d3d7bfb7ae8

SHA1
a12479a93c5a70eaf5c4d606dddddefef05ef26e

SHA256
ab2386fff64d22e64fb1e553286996232980706683245806f185fd2f423fbdb5

SHA512
a0e1707719dd4d998f4e02df7672e75723b7dfc7e4f05f02741f059e6a69cc4444b805b9d7ac40ea53e97cd9ed2d89b0314b2b61105416582d6e9bea9965a8b5

Download Submit
C:\Program Files (x86)\Security Task Manager\lgs_english.txt
Filesize
36KB

MD5
34c121268b1c3fce53172b3933b075a3

SHA1
c44fa37db476886859aaef75878dd7806a7ab518

SHA256
f974ea70d717e59d27fa566eeae52831537207ad4bb6308ed93e387f5fced2c4

SHA512
6f2aed20f2ea8bc028f923918a4f2b5af131584af94f51536cdd6ba59ba389a8ad52c586226911d67af9d17b53151d677fe190ec0df4f16d5ace189ca3e503eb

Download Submit
C:\Program Files (x86)\Security Task Manager\sqlite3.dll
Filesize
819KB

MD5
b6f45fbf727f8d872d5dc6fdd6393802

SHA1
558100cb8b451efc205fbd2cde0a8f88bd3c8da5

SHA256
07b9f5c9858f3477f3bb6a11c8283c3a34aa7085f578aec95de37053430de83f

SHA512
d480cb82930551050eacc5b30590b5d1d8dc717baee1936b5576bf330a311f1f1991d5826c2ecbc9b0cb79dcd762ca3221dbdd55025ba858c015cf6e9d8350fc

Download Submit
C:\ProgramData\SecTaskMan\WindowsUpdates\~jb.log
Filesize
5.0MB

MD5
c225fdc43dc99edbd393581ecbe67642

SHA1
d0245d724bfc3f7a7564eb9c8e2804aabef7342a

SHA256
d5ae78442da3d78bb9f4e97eb443ca01155199c0979d7b1f14028f9e3028723c

SHA512
06d9c1fec2e92f09ae65dda99fed4d1619781ec35d3762bbff57df4287d1891dd975df307608c77cd18e6bdb82f8808097fbdecbb6fc26abc22d24e49caf2d54

Download Submit
C:\ProgramData\SecTaskMan\icm_00004109711090400000000000F01FEC.dll
Filesize
10B

MD5
a63c90cc3684ad8b0a2176a6a8fe9005

SHA1
9694c4ebd673a5e2fd26e4b2e64f92e914ebd95f

SHA256
01d448afd928065458cf670b60f5a594d735af0172c8d67f22a81680132681ca

SHA512
19bd3cbb62b1937957a11cabd0d39860582b6928e77d0e0ea5ee7f3b2f8cacb3dea8ea0972651adc3245fd10926f2f31e80377196e4e6c7ee2bd74051e58bcba

Download Submit
C:\ProgramData\SecTaskMan\icm_12342rg
Filesize
152B

MD5
e8434ce01a4913f0edc622a5241501fe

SHA1
ddad5e92180833b5adea3181cbad4c780f72f13c

SHA256
34772b8c0da5d4715d2c4e05ce7bc3be8bbdbee7978ddcd1a0f13691a9c1684a

SHA512
20508af85a54ad67bcccfacf847eb66bee1832f3926b352700fe95633d65a4af9f5c51a9b2d4af730c5d54b0c2aaa19836562f4b8cd79a52fa57302b8b5902fd

Download Submit
C:\ProgramData\SecTaskMan\icm_12342rg
Filesize
626B

MD5
026564cc01680637dc4ba4adc1c223f0

SHA1
1d6b8b34c4c61092f4951e7b632f57854ac8de67

SHA256
a3b2c49fd26eac78f2568cd3656dda580e19510c64d6f134d38dd401deb1ac67

SHA512
4b0446c1edc50354bdd596c31e783ec0a8a49963fa99c7f1b18aa3054b73248ba0debbd07b4221a29ad4b1a0709626187e0aff0c8a52780209f467d0ba315932

Download Submit
C:\ProgramData\SecTaskMan\icm_12342rg
Filesize
1KB

MD5
8c6ef0107164610421a3eb868f555834

SHA1
cc1a260f23a481a3c6a830b0b04fe2153b32e323

SHA256
fbb692337797dd4468b401a0c136e96e454a988eeeed68692f8ccb5707177106

SHA512
ac93cae5dc23fb490e07388f8fea3259329bc116106cc21b4696b54d605cdcb751a08353ea5d81bd7c4b071b671c8fe8fd1c8a0175fde061942f28c0b1d182cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6D18.tmp
Filesize
61KB

MD5
fc4666cbca561e864e7fdf883a9e6661

SHA1
2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

SHA256
10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

SHA512
c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6D3A.tmp
Filesize
161KB

MD5
73b4b714b42fc9a6aaefd0ae59adb009

SHA1
efdaffd5b0ad21913d22001d91bf6c19ecb4ac41

SHA256
c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd

SHA512
73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\Formulaire.txt
Filesize
1KB

MD5
ffba8873713b30b189291c9bcc150cfb

SHA1
3aa4582a1f1afbe9ceedde5c2d546b6c92cf9cb4

SHA256
8b093d87c84187d7d74ce4c4711d7d46966a6eb2cb8eba8ebfa2d885d2c046e6

SHA512
2ae87cf05a50d3a0f9b745138f310e4dfe3a7f2b447160c80914071812ce3015a5b1dadd6071d2f23ec83665d46692e73afa7bd17604d75ddc73b642e1922bd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\LisezMoi.txt
Filesize
8KB

MD5
0637bcd4fccf8d53c05c4935292d5289

SHA1
015a372ee19956efe7557e7fc45c553e8650c742

SHA256
00201a7697011646e1b8aecbd7ab8ee113eef5d01f7db4d9a3a594fbfe11cec3

SHA512
0f874ace456042f19720065d654a2e8049117cc13580feb3a8f52b40f2fdac5fd52429b61c5c9be51c0062dd4238595bb74bb9afb382505fbaba992a5e73abc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\Setup.exe
Filesize
128KB

MD5
694ba0b43cc2ec5055a7ffa3c4fc3aae

SHA1
12863f8925bda943ea510239820be15242b6f1f9

SHA256
a771e2f459f171469c5ef3407034a7dda4ece86f5b4db943cc728696daad6295

SHA512
12ecac18707a10adf3b62187d298c3fe34f54773321439aa9765394f98cd398af5123cc2c0d912f4c86020d960455691b6a7e94f9bf5f1472108bd6395a38f9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\Setup.exe
Filesize
128KB

MD5
694ba0b43cc2ec5055a7ffa3c4fc3aae

SHA1
12863f8925bda943ea510239820be15242b6f1f9

SHA256
a771e2f459f171469c5ef3407034a7dda4ece86f5b4db943cc728696daad6295

SHA512
12ecac18707a10adf3b62187d298c3fe34f54773321439aa9765394f98cd398af5123cc2c0d912f4c86020d960455691b6a7e94f9bf5f1472108bd6395a38f9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\SpyProDll.dll
Filesize
49KB

MD5
642021c03975d907d65803aae9ec3dee

SHA1
cf8821f7e6dcdcccc817a44b52ecad5a49fab07a

SHA256
0289ff37a7d4b6bd44ac96c714fe58329d4b1fdea53f744ac3a5ae731236f87c

SHA512
fb917a2fff05ca44cce9ddee5ecfd5ac79ba943dbb32027353ac428c48aa0b898f9a83bde80cc6c08ed4fcb490046642912bd50c51fecc33d24bff956094a6da

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\SpyProtector.exe
Filesize
141KB

MD5
fe1390ff004aa8fb73f403d603a93a54

SHA1
11b1f9fc0f90629f015cf614da52846eca572332

SHA256
c9d4cae5805c82490facf0bc7f6766b8de645177566532376041af3c4d1000b5

SHA512
67227c7aeb40453293ff3edc23fb5e84eb89e3b56b4b7bf36117390d6937a1c258186c2f25b7ec3be12fbd76b98c5ef2a5c86ea36cb4581307b873f5b486c5c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\ascode.dll
Filesize
49KB

MD5
7ebfde51ee8e23d22d69b68f7722cc37

SHA1
e057e91ee1934921f5fbc904c11c8e90ddba4b45

SHA256
ca99564a02ca24d1bf6e52505f517ad3eb014884496e49c5afd94fc11b40054f

SHA512
9eb45dcf4f176d268ed81a3f11c0ef1315067e0898a40b59a8e9ad6c051ba85c76fad81a807ffcb9dca7a69ce67bb8101e1270492090045d96de716ef51ca49a

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\bestell.txt
Filesize
1KB

MD5
481325e02bd95664323a5299da4f8bfe

SHA1
6cbf8548b86496c66614446113c378f502c597ec

SHA256
d9b135d7c0b39e38fef169306599f3f8b1a82d701424892969ea8c5d6e790777

SHA512
4f44805b213698f926fa28c88b90876cd9fdc853d5bd22fa6b579587915e66aa630686a53382669b2e10952732672258d359085bd9e1961aeee9124aa631176c

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\file_id.diz
Filesize
360B

MD5
85f533f1e1d0c11be713c91f29bbad54

SHA1
a6ecca28854b2f6afa23f3af1befc5c7d88192ea

SHA256
6fed71e2951b70f3e340a982b3d1a2914768d8c9691e6cff465ded170944ba77

SHA512
f9d930bb295db9b2aa00b8262e29a0ec35f48c33bb277f881dd903c81a782e06c6cf0fa279186cb53749a5b08bd8b1e43fefbbaf38b23f0d0199702e701cd822

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\leggimi.txt
Filesize
8KB

MD5
d9928a363ba805ec4b920944aa31e623

SHA1
688dea4e3efa6d137f5c7ba6813dc010c03b9eee

SHA256
96891bd944a5030bda5a821f33e05ba83257107fd3ff32bd292acff91cb9bd11

SHA512
78a001b4c3f7532b1c19dd0e6f6088ef027a0ac5855fb3b526a1e64443d58e4058992469929da6a9e1bebd5522129808adb4e45b5d5c0bfb8d7eda7ac0fba999

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_bulgarian.txt
Filesize
37KB

MD5
89f324a12d6e19b549027d3d7bfb7ae8

SHA1
a12479a93c5a70eaf5c4d606dddddefef05ef26e

SHA256
ab2386fff64d22e64fb1e553286996232980706683245806f185fd2f423fbdb5

SHA512
a0e1707719dd4d998f4e02df7672e75723b7dfc7e4f05f02741f059e6a69cc4444b805b9d7ac40ea53e97cd9ed2d89b0314b2b61105416582d6e9bea9965a8b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_chinese.txt
Filesize
26KB

MD5
5816c90c0fa6f363a1098a3ff8892267

SHA1
7a36ceedf4274bcf470c897631b99b0c60ead4ed

SHA256
60da3e32d256cf8ab02b86a05a483b6f49cc82b852c2ada55a3a0e2af4384eb3

SHA512
e733aec61a6a99fd659bc6d63805fd4ca0038c01012a14075aa1920b524a38ad6404f1e25ca881e5e47ead8df3c616fade8d7b7a94cbd4b45dcf7412be426114

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_czech.txt
Filesize
35KB

MD5
0d76174d68f5fce7e150c972eeacef9c

SHA1
4adc44d638859253e3befa3407fdbde8866a5456

SHA256
d5a4b68cdf201c17b466bc75d29e91b43dca6abda228caf2b6752e09b8a19058

SHA512
2ca4cbc1ef23a0b11bd32cff0824b655285d4c8f5535e7113f915e607361211e20ab28e6f5f1da2a26190141809f233434135c27598b6a7f14d4376cfb916f52

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_danish.txt
Filesize
34KB

MD5
1325b58debc1e7a46c705a44b4504734

SHA1
d68af1fc501342923a23569bb058a7e1510c93da

SHA256
d740c5e0e760f7c7547b98d8ff67efa8cc2558fd05c1e086f25919fda5e681f6

SHA512
7427b50a0ca11bc74f9182c0ad2952b7a0495d75b53b8bae4fa88ce8b615bb905171fa7883a8ce6c93b778a36e579b8963646b7aeee5a4c2569a0e562f6bb56c

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_deutsch.txt
Filesize
39KB

MD5
b33fed70df15a44085aa88647d211c81

SHA1
2ff758266c852d72a6c9aa001c4cb7f50ef15a76

SHA256
a097180501190a3efee4f776485a072a8ba3ec77ae3052932d602b4dfc767738

SHA512
f03330183172e48174c8603dd4ab371b03650ddc9c96941c1cfd9e5b394a60f98a6046d41916992bb8ce42400cb91d7976e4aa2822ee69f950d3e9c7e382d966

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_dutch.txt
Filesize
36KB

MD5
b930f96bb386f7e289310c3f5063178a

SHA1
955a30d309d0dd17d289b918a611bdd9de43cc5d

SHA256
f49bf79f10c2af50e0a584d8f619551b21fe14683f2908ec552fb8364ddbc28a

SHA512
d4a47caf59956e67eaef294ce3e8732365eaf7623d2933b11d7758f80a4b92637dcdbe95ea1a1674f1b69a0b2ee3f97ba529c623c9e7ac9ca585464c0cc0c7aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_english.txt
Filesize
36KB

MD5
34c121268b1c3fce53172b3933b075a3

SHA1
c44fa37db476886859aaef75878dd7806a7ab518

SHA256
f974ea70d717e59d27fa566eeae52831537207ad4bb6308ed93e387f5fced2c4

SHA512
6f2aed20f2ea8bc028f923918a4f2b5af131584af94f51536cdd6ba59ba389a8ad52c586226911d67af9d17b53151d677fe190ec0df4f16d5ace189ca3e503eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_finnish.txt
Filesize
36KB

MD5
7d873c6c96a6725c7b0cb5dfb1a09e87

SHA1
dae7dd06dd465fc4f98d14d027025eef10c5bf77

SHA256
05dbe3b460b51194c276b9fa2b41292ec52e5e408fa005950f027cf11fb2bc26

SHA512
f5f98f46ae0cfb379f7de9258d12287c2f580181ef713af8a9a0b3f81cbc9cab1c9295e18244989bc875dd177f5f6727431cd0dc8b61dade61acdff09677e398

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_french.txt
Filesize
39KB

MD5
3184a1d71306f0b0b2f73169520c1029

SHA1
59d84aa3bd19d6f2aad47450bb7c28da97057e11

SHA256
1dd3e5d60c64b21c265f4635473f9dfde10d1818f7a6ecb3693089c9e225d390

SHA512
bf7813a1410ff8e6a2fca41229147c121a85dab9dceed79a03e5e174eff98fe02c9e031c40c85e27c6af8a55de976983078d641da51a323c6ead8f3e7362719a

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_hungarian.txt
Filesize
39KB

MD5
a54d196a3a36ba5224d4c409489fda77

SHA1
95f6502f4f827f2b70c4aba2ceb8c9a6af9e439c

SHA256
a92d6b1995801bb2e13b8362bacdf2aeaa4efc5abe7a292c1446f60aae553158

SHA512
b774d369c66192ff1ec4cde1f5b11c8e2ef4d856d65bcb0abdee855a7fb41af6a9eebc88934722e13f09ed2d9679986c2556b26d28258778bbd2fbc04e8667ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_italiano.txt
Filesize
40KB

MD5
e0686c0dc62343895f45f57db50cbc70

SHA1
c73dca7e98b014d9bc11bdb7955d60c0fd90b6b9

SHA256
32f2f71bbe5e04a78407b9268ea2cc4c1bd51cd73389da4728450c723c46cd94

SHA512
335d896b4fdb22234ed4b5735d187022c54c1caaee730361943d24e366c6dc7721d000a381f5b212a8817a97ee47b61118f34917151510acc1b94adcf91faf44

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_japanese.txt
Filesize
34KB

MD5
0e62e49c4a1868113e00e266d39c47a5

SHA1
2be41ae1857c30caf6e1124b51652ffc35779034

SHA256
1f6e19ca7500dd3193bdb2d384fe1feed96c1b1dbd9e58c4a27c71b90cb10cfe

SHA512
5a8ac80e582545b6d193db5b5e2013aa7ddc7f6e830f5cb497a4a2c1ec31c6dac382157cc0b0f0b8cf17e7247dbb9a094198131fe66e4f58c1c71a5749d2702a

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_korean.txt
Filesize
31KB

MD5
992c0dde82beac0c0eb86b137744c196

SHA1
8ee1cfccac49a5b9df6d8f3572ecfcbe592676cf

SHA256
312980aa8444655137044d3323ed0f5f3d6d2d4d503512e029ffa4429d92fa6e

SHA512
074caed4ef7044c032960e3aa4240338356323fb3f880588bf35775dca462acfaf792a14d11113f7e814c19d7e947fed15ddec5f764d3b9a896c36a941192541

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_norwegian_bokmaal.txt
Filesize
34KB

MD5
179fe4667bfe1d977d687493f59d7adb

SHA1
b3d900debc52ff3e77fb426636968c1f1feb2800

SHA256
3e7fe5d3b0095143d86173fd99775d8d0065eaafcf9dd683692062e026879922

SHA512
358d51d4f07207ec3017386458d3073e657636505c09cbe1b7e31b3cb778926a9a4a517ecb140e661d3b30586f12e94a5a659cd4cf9ac1332030ddfa3f511c52

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_polish.txt
Filesize
35KB

MD5
ce3dcf85fa453f3d735005340ef90ae0

SHA1
2c33a89e2d7853d8b1dc40287485f172476129e3

SHA256
f1f0bfd7676420d8668d0676ecce039b84b023dd12ecdcc19ac4b01b1bb9de61

SHA512
db7f772511c79e159ef842bc1effe8ede244bdb0757446e97ddd39761c3540a05a2475f11fe90da2b8a9bf0c532cabecb27051a4bbe459387961294fbbb86bd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_portuguese (Brasil).txt
Filesize
38KB

MD5
07d5c6cf24d90859e1bbdec962662ac3

SHA1
2f4f9b6e3f1bdb3de3a44ad98427fc55738d4a8f

SHA256
485de5cc9654510903431e32cf7e7b9afaeb0a575bffca7af5f652429654f0b4

SHA512
689bd4b50a107cb2035dc8d9757d44d53b8c97a4a6979bb3cc2181cd416f6a5fab0293889c3dcde8887414590ff17df627da504d1936e3883300da411ab6ec90

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_portuguese.txt
Filesize
37KB

MD5
57dd15b63e5116d4192756eac357fc77

SHA1
2e4cbdf15c9b2da2658b6e2df1d7faa26d5563cb

SHA256
3692ca1b6e64991835da21e50cd91f2c20395a0a2290655284ec477ed5e241c4

SHA512
316c68da136d6b23d40742e5da545acba87e0c9729663afb43f4a12d40505f8f51657de2ee22c7449d1fa072a9505d16759914e019f47d2b64d4f7fdbd120a76

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_russian.txt
Filesize
36KB

MD5
27775d53a8f8bdd46d2cd07808540fa5

SHA1
f9c905347ac04e465583f5b57c0248d3bc052783

SHA256
1c0888d6a709c536a3f8f29cea3477c8bd1d91bc7beb68e6854c7228c52555dc

SHA512
96e9734ee5c383045f9779348c2977e87c6db249bd51e75667a46d34e105fbb9e99ab68df1ff9aaf092858f751f03996ec6c27b2b35fee7addc300d9642b3306

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_spanish.txt
Filesize
38KB

MD5
1db8fa700e36994c13075acac2b3d1cb

SHA1
049a77576da0bed590109cc15129686d72e12399

SHA256
00fd546aab44ac4cf4cfd822b249ef7ecfa0a4b8afdd6438ecbfd9705c7ec746

SHA512
24a7ed6098c629bd210e0934c13656d6ece22f4da68296ead9a0883ab395afb90c3f37596b8f0007f4ebffef8688a7b1686c1618182a7299ed17da31636d09fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_swedish.txt
Filesize
34KB

MD5
37f4289c2977a484189b9ff44a590b8f

SHA1
8165528ec43e0131d139e6696ed3317bd283d2d0

SHA256
ef67f369daf2eaa2878330c076654d4dec001d9e365e35888e82fb10cae2153d

SHA512
5684e6d543fffef1e08bb5645c3c4d2e1ae37a03243e9df1c44daf1f40f2514fdff8c7cf702d9c7e78f6dad0a7d93e4ded95ea58442125c85b87621d3839d12d

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_turkish.txt
Filesize
39KB

MD5
556405b4c3519915adb0b9a13986366c

SHA1
5aa44fe49df6c7e7e03be06d76e583bca281d66e

SHA256
9320fbf43e752912fff43bc804b43065d75c0924e109a99966825c50a8f04684

SHA512
a06909e508579a34dd48feb125b5f8adec3a0d876a2bc04bb48e52388f521a741f78ae8f31a2626beeb0fb63f198c9029ed70f97213a591b1e9517de2307276b

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\lgs_ukrainian.txt
Filesize
33KB

MD5
df09a44cde9e14378fe3ddd47a8ca3fe

SHA1
39d880fd38980a5dde18c1fb94707711a07878fb

SHA256
59d771c4d45af27f793c38ee78a2a5c5667f877d7f65313cbad93bd8ec3b1fce

SHA512
5a3cf5f280d29496371e4ee8a21966bfd6aaaa208eddf4112d67198ff639798e68338b07ae5b8aeb498c7a3875ce2f42a8f037bf5359ab707d0a6e796510a33c

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\liesmich.txt
Filesize
9KB

MD5
f2a669e3f3716491e48eaf6cd553cb41

SHA1
ae6301b26d5d88833a2f09597d6dff1cd37dc143

SHA256
67a8d6a818632df36bf02fcfd45ef46f65bbf6506a0011e62320083e22ba9f37

SHA512
d1abc235f43e21aaa61f9843eb02728241b58d97f1ae7f8e23bb59e8f3f44eafd7f4a53ed82c29ef3e9a1735d3c3125343c617074cdd111175650ba5681e58d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\manual_de.pdf
Filesize
90KB

MD5
17bbdf9fc220e9effacaa5a76cf4b688

SHA1
05982d1a90ac2c19ab7dd71fbbb841fe48485eb3

SHA256
af89a8b1030faf760c16b66524f8a04188e49669faa6f8123e2a4bf0abaa75bc

SHA512
b77461c2785e68307304da7d7c4307d5c13a6df04d3fe89ed95fd50fd3aaf2417dc384ff806b1824089535da05b2ecf2fb8c67a7521430b4c6f1248a70f90f64

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\manual_en.pdf
Filesize
106KB

MD5
f8dc026ac75362e1e5e41469cddae40c

SHA1
d465fa14ff76602cfaeb3b93bde5bd6fef2b980b

SHA256
d97aad84fc29c2b71ff9d07c645bb1b3db779412f5673f5bd37b55520710cbce

SHA512
08d823c00262f16413cbe461d2bd527c9dadcd1c015ba2466a53146207b1285e8030c584e16cbd7c5d16602783dcf655125127ac53e4804604ee8f2954b277fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\manual_fr.pdf
Filesize
159KB

MD5
2e520e5df20196599be3d391cd2cabbc

SHA1
615cbb1e5d7c2f74cc96e23baaef0e3f64a47744

SHA256
1793d22416e19c15f686c7319146906a41d51bec84488cd4012dfbb3e1d662b0

SHA512
8830444e2acc126939b200ca69b84e9bc9384cf514ecfb6b68d56a3074ececcc344787b00d628e69bf3ef1a93bdf0ad0c2975dea0adf3cc703033ac6c7b318f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\order.txt
Filesize
1KB

MD5
7804e6beed4c16899a2906e78b9a48ac

SHA1
a606e6b2a31511dec5c55a2c173279b001b4b142

SHA256
b219cf498e86556833c2a45d508edfa39065609b0fe02711c8bda925f2330b17

SHA512
4fb6ffad5abb0146de87a9075ecc4def79dd0a899fa4626af70c7fea3fd9b7500465986a3908f34d9e91369c3c92dabd107dbe33b9499a329c826464c313d55b

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\ordina.txt
Filesize
1KB

MD5
f46581e592ad7eefe7068564c1563925

SHA1
04795106725bb6abd226deb305abb49ac9035e64

SHA256
94382fd3bd986b7897b6fbc1a1730adeef8bed24efc29f1a00a3619ed9689878

SHA512
c73f2f287b6bb422fad75eea95990a23deafd80201f2f3f42fe7d0447c28148d10cc90ca5913b3cb8130bab862f36aabb289ebdaa7473b7b877a91deb84c3463

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\psapi_.dll
Filesize
24KB

MD5
f20905d2432a3f160e5f122bc11a6454

SHA1
60d38e62ede037de0ab90bcfee2ce99bf9bc2721

SHA256
45249a3b05447a0d12ef91332e2566552dd78f1fe1eea13c5d4195bee346e220

SHA512
43b9b1160e6607b3acd090c0cbc496c8db901723cd39bebcb41d7203647ff32c3a54e5dbe8f2be337e82da8a25631893283e9f28ef8d1c1cbcf6736a81996688

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\readme.txt
Filesize
7KB

MD5
3947d53282bde3c6bc51fc4134e39aa6

SHA1
19de07e197988ea1de1626b815d003f66a6f97fc

SHA256
91bc91de87c52ee46af6b8636001730608c87a74f92122c590be8c7f453e2ee5

SHA512
9779b28f66b7ede2d79f4933d41c2a25b28ed3f4aaa2d1b4f3b66a9ee1934304a2499bd18573a1a02334629cc5a958883a798bb31e12064f2e3193b1f5f2421f

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\sqlite3.dll
Filesize
819KB

MD5
b6f45fbf727f8d872d5dc6fdd6393802

SHA1
558100cb8b451efc205fbd2cde0a8f88bd3c8da5

SHA256
07b9f5c9858f3477f3bb6a11c8283c3a34aa7085f578aec95de37053430de83f

SHA512
d480cb82930551050eacc5b30590b5d1d8dc717baee1936b5576bf330a311f1f1991d5826c2ecbc9b0cb79dcd762ca3221dbdd55025ba858c015cf6e9d8350fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\taskman.exe
Filesize
1.2MB

MD5
3793144e54cf2faf1ea96b0316b167f7

SHA1
c7945adf9781274000b22a1d926c7de213eb7a8d

SHA256
40e0c7135c2b2df40c61a4008dab628be8c0056229c9a8e548669de79094ca86

SHA512
fba738d17c6bf32bcdb90a49cc5979201c2fb9c02c8ba94f451b25855cf2fefea3a9d7b9938721285bc51085dc44afd81482e0279bbbce86404b1c9b357af39e

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\taskman_de.chm
Filesize
149KB

MD5
2137aaec5e738be123c4299a9968b0fd

SHA1
3ca050c0aeef2151345bc7b3987d025497580a04

SHA256
ecd1cae3351e256b6cf573dd225bbf07d16f1573db405c7e480d42968f7dc112

SHA512
9510dfc86097dac5959bf91c8ef1d28dd4ed3da78d7d86e18074e2f1c8d7a3c0b126531159eb3e533fb8d27223a3b524407727691d4a0346d579bd2f43eb1cd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\taskman_en.chm
Filesize
156KB

MD5
ed18c518441bf68870112b570e194dea

SHA1
4d31c97d4917e8ea1d0a3361d15556e5be3f145c

SHA256
d931e949fdf17712d1df0e685fb12aabb56133cab84d7e2c6650208130b98316

SHA512
5db06e0b6c1503cf23ce13e0c1072277795307b65f4ebd3a8c6710b7c6785ab2ef467f10ee409c42c3cc27ff9c1bc64f3818c7aa654efed6f8b3ad672f59fa0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\taskman_fr.chm
Filesize
139KB

MD5
c811f6be9a3813dbc6baeff19d583924

SHA1
b7e3eb48c401cd8bd65288b5ae31726aff6aadcd

SHA256
d04cd33d43000e280d2733f1bddf40b9e6cb9a1130fdd69691868f8c7e96da8a

SHA512
26a8c184d72ae27b8a8accd8c175630cd64ca9bac82e8ea2006e1f89edeca4b44d0ec5ff10afe24f9fa4ee40486cdba2787695e0b102796e73432ec9ee47994d

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\taskman_ru.chm
Filesize
149KB

MD5
ec03fb4196db58f7dbd23f663ceba54a

SHA1
39dbd6f756d5d831c7b586078cc793c6d292ed25

SHA256
14435e49783fb2758b1ef0b4279478759681dbcad77aa9064cdb13359caaacad

SHA512
02b4389db0df3a7511ba1a6d1e9642895b061674a96d739816a747283530bbf017486bc6d4a957e3bb936df1de380c854093f87fa411110e7f6567db68dbe6ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\WZSE0.TMP\uninstal.exe
Filesize
70KB

MD5
fa9f0f001eeab09b8fadab100ad60d7e

SHA1
56ff1fbcce49dca4050365934ab7242813bd75be

SHA256
709c6c2fb71f06ad8daae77e7af11b3cec059f25793d098d2254572a788ee120

SHA512
7ee2d7c1c4732411fc56236b3457552851f92f0e7e0a358f780fa3e5c505d772906df9e6d9be346029c05bc56615b9a99c179dd023a32b7fae9058f857dc19a9

Download Submit
\Program Files (x86)\Security Task Manager\SpyProtector.exe
Filesize
141KB

MD5
fe1390ff004aa8fb73f403d603a93a54

SHA1
11b1f9fc0f90629f015cf614da52846eca572332

SHA256
c9d4cae5805c82490facf0bc7f6766b8de645177566532376041af3c4d1000b5

SHA512
67227c7aeb40453293ff3edc23fb5e84eb89e3b56b4b7bf36117390d6937a1c258186c2f25b7ec3be12fbd76b98c5ef2a5c86ea36cb4581307b873f5b486c5c4

Download Submit
\Program Files (x86)\Security Task Manager\TaskMan.exe
Filesize
1.2MB

MD5
3793144e54cf2faf1ea96b0316b167f7

SHA1
c7945adf9781274000b22a1d926c7de213eb7a8d

SHA256
40e0c7135c2b2df40c61a4008dab628be8c0056229c9a8e548669de79094ca86

SHA512
fba738d17c6bf32bcdb90a49cc5979201c2fb9c02c8ba94f451b25855cf2fefea3a9d7b9938721285bc51085dc44afd81482e0279bbbce86404b1c9b357af39e

Download Submit
\Program Files (x86)\Security Task Manager\TaskMan.exe
Filesize
1.2MB

MD5
3793144e54cf2faf1ea96b0316b167f7

SHA1
c7945adf9781274000b22a1d926c7de213eb7a8d

SHA256
40e0c7135c2b2df40c61a4008dab628be8c0056229c9a8e548669de79094ca86

SHA512
fba738d17c6bf32bcdb90a49cc5979201c2fb9c02c8ba94f451b25855cf2fefea3a9d7b9938721285bc51085dc44afd81482e0279bbbce86404b1c9b357af39e

Download Submit
\Program Files (x86)\Security Task Manager\ascode.dll
Filesize
49KB

MD5
7ebfde51ee8e23d22d69b68f7722cc37

SHA1
e057e91ee1934921f5fbc904c11c8e90ddba4b45

SHA256
ca99564a02ca24d1bf6e52505f517ad3eb014884496e49c5afd94fc11b40054f

SHA512
9eb45dcf4f176d268ed81a3f11c0ef1315067e0898a40b59a8e9ad6c051ba85c76fad81a807ffcb9dca7a69ce67bb8101e1270492090045d96de716ef51ca49a

Download Submit
\Program Files (x86)\Security Task Manager\ascode.dll
Filesize
49KB

MD5
7ebfde51ee8e23d22d69b68f7722cc37

SHA1
e057e91ee1934921f5fbc904c11c8e90ddba4b45

SHA256
ca99564a02ca24d1bf6e52505f517ad3eb014884496e49c5afd94fc11b40054f

SHA512
9eb45dcf4f176d268ed81a3f11c0ef1315067e0898a40b59a8e9ad6c051ba85c76fad81a807ffcb9dca7a69ce67bb8101e1270492090045d96de716ef51ca49a

Download Submit
\Program Files (x86)\Security Task Manager\sqlite3.dll
Filesize
819KB

MD5
b6f45fbf727f8d872d5dc6fdd6393802

SHA1
558100cb8b451efc205fbd2cde0a8f88bd3c8da5

SHA256
07b9f5c9858f3477f3bb6a11c8283c3a34aa7085f578aec95de37053430de83f

SHA512
d480cb82930551050eacc5b30590b5d1d8dc717baee1936b5576bf330a311f1f1991d5826c2ecbc9b0cb79dcd762ca3221dbdd55025ba858c015cf6e9d8350fc

Download Submit
\Program Files (x86)\Security Task Manager\sqlite3.dll
Filesize
819KB

MD5
b6f45fbf727f8d872d5dc6fdd6393802

SHA1
558100cb8b451efc205fbd2cde0a8f88bd3c8da5

SHA256
07b9f5c9858f3477f3bb6a11c8283c3a34aa7085f578aec95de37053430de83f

SHA512
d480cb82930551050eacc5b30590b5d1d8dc717baee1936b5576bf330a311f1f1991d5826c2ecbc9b0cb79dcd762ca3221dbdd55025ba858c015cf6e9d8350fc

Download Submit
\Users\Admin\AppData\Local\Temp\WZSE0.TMP\Setup.exe
Filesize
128KB

MD5
694ba0b43cc2ec5055a7ffa3c4fc3aae

SHA1
12863f8925bda943ea510239820be15242b6f1f9

SHA256
a771e2f459f171469c5ef3407034a7dda4ece86f5b4db943cc728696daad6295

SHA512
12ecac18707a10adf3b62187d298c3fe34f54773321439aa9765394f98cd398af5123cc2c0d912f4c86020d960455691b6a7e94f9bf5f1472108bd6395a38f9b

Download Submit
\Users\Admin\AppData\Local\Temp\WZSE0.TMP\TaskMan.exe
Filesize
1.2MB

MD5
3793144e54cf2faf1ea96b0316b167f7

SHA1
c7945adf9781274000b22a1d926c7de213eb7a8d

SHA256
40e0c7135c2b2df40c61a4008dab628be8c0056229c9a8e548669de79094ca86

SHA512
fba738d17c6bf32bcdb90a49cc5979201c2fb9c02c8ba94f451b25855cf2fefea3a9d7b9938721285bc51085dc44afd81482e0279bbbce86404b1c9b357af39e

Download Submit
\Users\Admin\AppData\Local\Temp\WZSE0.TMP\TaskMan.exe
Filesize
1.2MB

MD5
3793144e54cf2faf1ea96b0316b167f7

SHA1
c7945adf9781274000b22a1d926c7de213eb7a8d

SHA256
40e0c7135c2b2df40c61a4008dab628be8c0056229c9a8e548669de79094ca86

SHA512
fba738d17c6bf32bcdb90a49cc5979201c2fb9c02c8ba94f451b25855cf2fefea3a9d7b9938721285bc51085dc44afd81482e0279bbbce86404b1c9b357af39e

Download Submit
memory/304-218-0x0000000000400000-0x000000000072F000-memory.dmp

Filesize
3.2MB

Download
memory/304-228-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/304-223-0x0000000000020000-0x0000000000030000-memory.dmp

Filesize
64KB

Download
memory/304-229-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download
memory/304-226-0x00000000020D0000-0x00000000020D3000-memory.dmp

Filesize
12KB

Download
memory/304-227-0x00000000007E0000-0x00000000007E1000-memory.dmp

Filesize
4KB

Download
memory/304-225-0x00000000007F0000-0x00000000007F4000-memory.dmp

Filesize
16KB

Download
memory/304-783-0x0000000000400000-0x000000000072F000-memory.dmp

Filesize
3.2MB

Download
memory/304-785-0x0000000000020000-0x0000000000030000-memory.dmp

Filesize
64KB

Download
memory/304-571-0x00000000060E0000-0x00000000060F0000-memory.dmp

Filesize
64KB

Download
memory/304-784-0x0000000061E00000-0x0000000061EBA000-memory.dmp

Filesize
744KB

Download
memory/304-687-0x0000000008740000-0x0000000008741000-memory.dmp

Filesize
4KB

Download
memory/304-709-0x00000000086F0000-0x00000000086F1000-memory.dmp

Filesize
4KB

Download
memory/1552-786-0x0000000000400000-0x000000000072F000-memory.dmp

Filesize
3.2MB

Download
memory/1552-787-0x0000000061E00000-0x0000000061EBA000-memory.dmp

Filesize
744KB

Download
memory/1552-788-0x0000000000020000-0x0000000000030000-memory.dmp

Filesize
64KB

Download
memory/1552-234-0x0000000000400000-0x000000000072F000-memory.dmp

Filesize
3.2MB

Download
memory/1552-859-0x0000000000790000-0x0000000000794000-memory.dmp

Filesize
16KB

Download
memory/1668-130-0x0000000002E20000-0x000000000314F000-memory.dmp

Filesize
3.2MB

Download
memory/1668-131-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/1668-215-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/1668-129-0x0000000002E20000-0x000000000314F000-memory.dmp

Filesize
3.2MB

Download
memory/1668-213-0x00000000004B0000-0x00000000004C0000-memory.dmp

Filesize
64KB

Download
memory/1668-214-0x00000000004B0000-0x00000000004C0000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads