Overview

overview

8

Static

static

1

RogueKiller_setup.exe

windows11-21h2-x64

8

Resubmissions

14/01/2024, 02:19

240114-csct8sachp 8

31/12/2023, 19:07

231231-xsrnlscfdj 8

Analysis

  • max time kernel
    590s
  • max time network
    763s
  • platform
    windows11-21h2_x64
  • resource
    win11-20231215-en
  • resource tags

    arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    31/12/2023, 19:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RogueKiller_setup.exe

  • Size

    45.6MB

  • MD5

    cfecd53411665143798a57b8986c46dc

  • SHA1

    156213b283a4785cb703faf2cbf5652ef534e36d

  • SHA256

    c6ba4aed326371d060de64f65b0093af955059b75fbe1f07975d9065bb14a459

  • SHA512

    3e2417f5555d692a7ecd9872be83c35f8ef1b0abdae29ea3f75b59902dc8cd762b53bff2ccb768eade33caf0d5977000f8e05d6baa554c93c52353c9d52108f2

  • SSDEEP

    786432:KHrkPtFKzg9pIv/VuicHlALX1hnyRgZBqFZCcOvz/hGkpjbgi7WP7ywDcgiMjizi:KsIz4aVhcqbS4BqFpOvz/tpj8P7yw9Oi

Score
8/10
bootkitdiscoverypersistencespywarestealer

Malware Config

Signatures

  • Drops file in Drivers directory 2 IoCs
  • Sets service image path in registry 2 TTPs 2 IoCs
    persistence
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Registers COM server for autorun 1 TTPs 3 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 64 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Writes to the Master Boot Record (MBR) 1 TTPs 4 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops file in Program Files directory 15 IoCs
  • Drops file in Windows directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 14 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious behavior: LoadsDriver 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\RogueKiller_setup.exe
    "C:\Users\Admin\AppData\Local\Temp\RogueKiller_setup.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3168
    • C:\Users\Admin\AppData\Local\Temp\is-237TM.tmp\RogueKiller_setup.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-237TM.tmp\RogueKiller_setup.tmp" /SL5="$3026A,47471103,136192,C:\Users\Admin\AppData\Local\Temp\RogueKiller_setup.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Enumerates connected drives
      • Writes to the Master Boot Record (MBR)
      • Drops file in Program Files directory
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:2276
      • C:\Program Files\RogueKiller\RogueKillerSvc.exe
        "C:\Program Files\RogueKiller\RogueKillerSvc.exe" -accept_eula
        3⤵
        • Executes dropped EXE
        • Enumerates connected drives
        • Writes to the Master Boot Record (MBR)
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        PID:5784
  • C:\Program Files\RogueKiller\RogueKillerSvc.exe
    "C:\Program Files\RogueKiller\RogueKillerSvc.exe"
    1⤵
    • Drops file in Drivers directory
    • Sets service image path in registry
    • Executes dropped EXE
    • Enumerates connected drives
    • Writes to the Master Boot Record (MBR)
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: LoadsDriver
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2716
    • C:\Program Files\RogueKiller\RogueKiller64.exe
      -minimize
      2⤵
      • Drops file in Drivers directory
      • Sets service image path in registry
      • Executes dropped EXE
      • Enumerates connected drives
      • Writes to the Master Boot Record (MBR)
      • Modifies data under HKEY_USERS
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious behavior: LoadsDriver
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1400
      • C:\Windows\system32\regsvr32.exe
        "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\RogueKiller\roguekillershell.dll"
        3⤵
        • Loads dropped DLL
        • Registers COM server for autorun
        • Modifies registry class
        PID:244
  • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
    "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:5308
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /0
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:5256
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
    1⤵
      PID:3528
    • C:\Windows\System32\oobe\UserOOBEBroker.exe
      C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
      1⤵
      • Drops file in Windows directory
      PID:4376
    • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
      C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
      1⤵
        PID:1420
      • C:\Program Files\RogueKiller\unins000.exe
        "C:\Program Files\RogueKiller\unins000.exe"
        1⤵
          PID:2888
          • C:\Users\Admin\AppData\Local\Temp\_iu14D2N.tmp
            "C:\Users\Admin\AppData\Local\Temp\_iu14D2N.tmp" /SECONDPHASE="C:\Program Files\RogueKiller\unins000.exe" /FIRSTPHASEWND=$20484
            2⤵
              PID:2448
              • C:\Program Files\RogueKiller\RogueKillerSvc.exe
                "C:\Program Files\RogueKiller\RogueKillerSvc.exe" -uninstall
                3⤵
                  PID:5460
                • C:\Windows\SysWOW64\regsvr32.exe
                  "C:\Windows\system32\regsvr32.exe" /u /s "C:\Program Files\RogueKiller\RogueKillerShell.dll"
                  3⤵
                    PID:4372
                    • C:\Windows\system32\regsvr32.exe
                      /u /s "C:\Program Files\RogueKiller\RogueKillerShell.dll"
                      4⤵
                        PID:5816

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Program Files\RogueKiller\RogueKiller.exe
                  Filesize

                  3.6MB

                  MD5

                  970467b7ce0e5f19a6e66eb3de896ec2

                  SHA1

                  b2531885e87d07cba693e133af63014d59c5af02

                  SHA256

                  c098c3eae97ff22933e4c42423219b4b2a72e184238cffa2d15f7f37485b4aa5

                  SHA512

                  5df2c9cec63599c9154700167d817a396d508c850a5b6baa0209bff49ca811ff8b9c2a640df839c6d1ea3a6c2e5d3d77046838d3ab65373dde02eba931b414d8

                  Download Submit

                • C:\Program Files\RogueKiller\RogueKiller64.exe
                  Filesize

                  64KB

                  MD5

                  25898bdfd2bef88a274a00f09dd541cf

                  SHA1

                  be06bb553373eee4136c83ffa3fca3a2eee2eea9

                  SHA256

                  5512b2c517debb48361e4854ecb5b95f19b94ea7ebbd3976e6a5e40a27b0fccb

                  SHA512

                  4b7773678a12b9a74eb469fd90832d294fba6ccee153459acbe02a0c10062128caf889d944934cba2ba66bd9f554260fffde8898fa4a3a045a0ff0e1fa79578b

                  Download Submit

                • C:\Program Files\RogueKiller\RogueKiller64.exe
                  Filesize

                  11.1MB

                  MD5

                  a0ea18a38d9462f6fe3764de6121a826

                  SHA1

                  7b19fd8521cce8f6cc7aaff6d8a62411aa0588ed

                  SHA256

                  8dbca66c36eb9f26c55b73f417e495150b5914f8971eaacf7ab747b8a1575bea

                  SHA512

                  b9227374ae9485c520008c4f2b74dc7eb0cc3e4482f89b667000538cbeb7328f08d0254394882bfb15f6a3f7068dcaf8f5205bcf0a84d182e6020a6e80f0bfb6

                  Download Submit

                • C:\Program Files\RogueKiller\RogueKiller64.exe
                  Filesize

                  771KB

                  MD5

                  390b172a2cdeff161a2eadc2aadd5359

                  SHA1

                  df79a7c6899df52c726bd76e43dabe257ab05b07

                  SHA256

                  569dc86ffc9596ff669703c237700ef2a31fa8f2bc4abe07a8a4d3ebcde225af

                  SHA512

                  d4c3c526269508ed5f5e2beff9c659f0c05ba287c1c7d74000f73b4d170324fe724293ae3bf5931b27a08e7dd1daa08e3cb1f536e3be6b89eb26b701565b6e00

                  Download Submit

                • C:\Program Files\RogueKiller\RogueKillerDLL.dll
                  Filesize

                  355KB

                  MD5

                  4cdf91d22819de8f9fef445c4d89f8dc

                  SHA1

                  c0692d27e568f5da77e1dac41e805ecba253366c

                  SHA256

                  3b5251e4a24732fd9b36a40d7a67ac90d2cede05cc400671722fb88f2b9cf911

                  SHA512

                  5e97d435adb4dcd5ec770cb6cd8d806449a9492c8bf04bbe66d5582ce833055921ca7997cc51f252c9c0edc1860fc8d8b0ba6a1ffdac90c84797b91d2143773a

                  Download Submit

                • C:\Program Files\RogueKiller\RogueKillerSvc.exe
                  Filesize

                  5.2MB

                  MD5

                  da7cd055f5770bb1ece06a48f1feb0a4

                  SHA1

                  99ace31503068945461aabb715ffa1179d6d0ebf

                  SHA256

                  e3012908b3b1468997b81a682a7b95d3acb0d0995d362032764cd5f88073da6c

                  SHA512

                  2fbf319304bdc2a96a0070f0e2c35df60b2701595984052370277f91d2449bb34339c519c538a49d3e6cc92c10ea644e69733d8315b4f798832394302cde2168

                  Download Submit

                • C:\Program Files\RogueKiller\RogueKillerSvc.exe
                  Filesize

                  3.5MB

                  MD5

                  8e795d031bbd47e78b2094dafcb15387

                  SHA1

                  16b41003d393a1cb5cf29a598077dfdea5cfb1b1

                  SHA256

                  232ba7cb1988bf48d4a25f07db4c938611b4c105a019896998e80ed0d1671d92

                  SHA512

                  c53b90a10c6cfc0a28df6c430b73b9e09bc9513d9aae658d6d4802a974252816ae30b1c9c9796d91f933fc1ece9d83a1c224df8901e25743112b1762785a7714

                  Download Submit

                • C:\Program Files\RogueKiller\RogueKillerSvc.exe
                  Filesize

                  1.4MB

                  MD5

                  8adb86c1b3268d1f203105580355df3b

                  SHA1

                  7f0ae15af4ddfc310be4aa3b28d96a0877b02d4c

                  SHA256

                  1ba3639e84a99898183702704e9549f686789566821b330bd3f7b73583cff228

                  SHA512

                  9baf55010e24f03813cf8f82b2d9012646b26c41215e28a4969936b7918ccfdda84ea1407772f1dd5de9f15107ea98725ce80abded6a84a073ed23ac95485a9c

                  Download Submit

                • C:\Program Files\RogueKiller\RogueKillerSvc.exe
                  Filesize

                  873KB

                  MD5

                  4284550c92b696b8849362168e396e19

                  SHA1

                  4325da4b139fb488b62e227817c0a518e6853009

                  SHA256

                  9467f1959517b2de6c04ed1812581df523666812b6520d91190fd23b813d25d7

                  SHA512

                  48cad29c83b9900448a84f8e1fd347e859f57bdefc79b587accf8510fbdcb1d3a17ea435c71f8184439c5aa411f85909c9a909cc82b9721de5c3b9653861324c

                  Download Submit

                • C:\Program Files\RogueKiller\RogueKillerSvc.exe
                  Filesize

                  92KB

                  MD5

                  3c6bd06d77f6d3f7dfd67bb13a0c7967

                  SHA1

                  03fcb0d3893f79257999781de0607716e5060014

                  SHA256

                  907016177de1999361696e14798d17737bca93eaf85dc89fbf409ca59467e64e

                  SHA512

                  ecca6bde15674d6823cc5c100fd5533734007f6a57655529d66398a3386810b83790c14d24a0ac2edb44473035eff5bbb44b79b9c24d082c7a6ca11e57ee5cf8

                  Download Submit

                • C:\Program Files\RogueKiller\unins000.dat
                  Filesize

                  17KB

                  MD5

                  caff2dc9e22aec36648cd0513d3e003a

                  SHA1

                  832680b848dd9b4b7ab232c3cea41d3a30ca67a6

                  SHA256

                  5231bbfbe9ffa1800fc53a45640536d07030525c7660d5d87bcff61f783c48b7

                  SHA512

                  15a1de68054760574858388aeb35b27a24aa175970563f3239fe4799cbaf326a5691d8d913b26cc89fbb939436703bd24ce25061ae7663a2304219a0e816d06c

                  Download Submit

                • C:\Program Files\RogueKiller\unins000.msg
                  Filesize

                  11KB

                  MD5

                  2019efb38eb66ed6eca1747ce0e0a7dc

                  SHA1

                  8e92db2383410d767e3ac26e90b6b52c3ae0255d

                  SHA256

                  d816931a62cb3bc09ff5d8326d33dbe7c6129c3e804321dfd6c57f5ba93fb715

                  SHA512

                  3618352b8201d76b62a57fe6b9e64edf159253ba48401f120978bb9d9abfce7d18c51dc98465f12068f712f7f40d5c664d5117715838fd0ce4e4bf9a394f6824

                  Download Submit

                • C:\ProgramData\RogueKiller\Debug\RogueKiller Anti-Malware_debug.log
                  Filesize

                  28KB

                  MD5

                  6098703c19645aa674c44a860aa8c99e

                  SHA1

                  02872814c4f0795704ec2132c13174a88e930a71

                  SHA256

                  fdc7ce8a19dd6dfea411498b6d4ff0ca6c55375c05a2f4cc92505f1f39fba512

                  SHA512

                  988fe3914421ff3d8e80d2bbf51c68f07781b6d7e9ab3e5d1e744bb0f730c581c1b78032fa183fd4b2d19ebb4f7792175bce6fe0001eae89fff4e47fbba2c045

                  Download Submit

                • C:\ProgramData\RogueKiller\Debug\RogueKillerSVC_debug.log
                  Filesize

                  5KB

                  MD5

                  ecc6df2f91637e129f0aa649cb9d900a

                  SHA1

                  5dfdb2f46f7710de0c218708d4c923082a8a549f

                  SHA256

                  5dd1596490b5205084104d5120c609b80439277b81eb5772b4bcfa3e78f8eca7

                  SHA512

                  5a794be7b53a4733fbdb92bfa6cf86f4a63c3ee1e93902d56e62d92fc591c5168a007f47e8a31cbb06671885aae100aaeae390194a8c0a628c4b3de13905e373

                  Download Submit

                • C:\ProgramData\RogueKiller\cloud.cache
                  Filesize

                  8KB

                  MD5

                  d91a971b76a5ed639ec53e9050279c72

                  SHA1

                  4c6de91f6341a10245360e18dc11090b56706021

                  SHA256

                  4ae1921238acb7ecc6169b39ccc5db4192de17af2a384146c0b2091bb870c89f

                  SHA512

                  92d09691f210c62fa74aa0503a2a0b88c6d3625c35503a6e3cb3b0c675b763aa9f0934f8bf1865ba9b30a2cc4e0ad562b0ddecf2294c37ea300ab0c7ee264b67

                  Download Submit

                • C:\ProgramData\RogueKiller\config.ini
                  Filesize

                  2KB

                  MD5

                  c402d9753e6a06c2d1e3fdfcf85f75f9

                  SHA1

                  2a05ad0b707018c280e787966ebfd511093f9a43

                  SHA256

                  9e6df6dc051ae4fc9be7f88feb73e500741bbbb33d1e2af981118211b140a618

                  SHA512

                  49c5870c80818ee36f734a95e6d6e7d523fdfbdefc3edca11162eb8033e7748a4a5f6bca5f75aabf633dfbfff466b83974c27afce8a475787a6889ab66fd52cc

                  Download Submit

                • C:\ProgramData\RogueKiller\scheduler
                  Filesize

                  1KB

                  MD5

                  2a919ab52d3ec025a73fa8311c20db1c

                  SHA1

                  c5439d858d95d711b83cf249eb91e3d32fff9769

                  SHA256

                  356c3ce1eb2038d87fb7b92bae86d05e45870dc8dd54f4e2eddc002973785c4c

                  SHA512

                  bc200d0b47e39ff051448282ef93e187c3e45acd555ac0f0c2b6b6850d195a926d6c751984cdb9ddea150fccc09f10ba9f6d4a04554730d5e95b102a5516e97d

                  Download Submit

                • C:\ProgramData\RogueKiller\signatures\addons
                  Filesize

                  816KB

                  MD5

                  a56322fc4d86a207656ad55e24d7472f

                  SHA1

                  75c7fb4e651bcc862194aa96bbbee880bac4e938

                  SHA256

                  0c6e1f5a23f0ed1614489c859e3fd20a5da69042275fe1ce9e079f869ca85a1d

                  SHA512

                  31fce8b1d58ee3a695e2caa30ee7b6497e9722f89dc8ae041c726c59164e91d95265290c251623069958ffa152236ac560efb0bfb1c74518d26e98f1dafff647

                  Download Submit

                • C:\ProgramData\RogueKiller\signatures\addons
                  Filesize

                  381KB

                  MD5

                  23b6a48e8c96f61fd11a01f28a5cf380

                  SHA1

                  044ef84f1bfdd57bee3b44542cfc9393e1af7bf5

                  SHA256

                  bd6819d5db0662e9aa8a6b1028640f6f87ace783daf27f37d5a6e02c60281453

                  SHA512

                  3e60b39273a79bd92017ed3157dfea7c0ad7061d619ecbd337718099a6402354762d18c7f318092295cf71b89857bfe223c2a0f0b9a0db614b284cb8820d0af4

                  Download Submit

                • C:\ProgramData\RogueKiller\signatures\digisig
                  Filesize

                  65KB

                  MD5

                  8b541ae0c4b8f4ac1f93cb6d5a41c5f2

                  SHA1

                  d06fe69b543d3f0affcbeee233cc6c8d558ed119

                  SHA256

                  f913fc639da60aca8bc2b2eb5c6fa93a88d50d9cac7cc811ab60d59026dc1a7e

                  SHA512

                  62140f0620fe698732f6627fe79882957aaa0df8aa90fe5881e651c56668d8f50384831ff47269a7eb813b6d2b8a8dae14154035c33a50a697cbc6a2eedac856

                  Download Submit

                • C:\ProgramData\RogueKiller\signatures\domains
                  Filesize

                  342KB

                  MD5

                  ab5523ccd0943e0ff5dea1fcdf51fe58

                  SHA1

                  c6d87ab55cbd56c25d7afaec1a27a63f263674b9

                  SHA256

                  30ace25c44a409b5b3319e7b39ba927fe97ffbce02b8a200d487637e2d2c1422

                  SHA512

                  a47354f55282963ffcae3c0cda0ca86a411bfc4dbfd7bfda0e31ceff96ae5c8d032d3cd1242b8ac4fc23eeede715b2870d4edc1eaaf4e400145c5035c35a8a3f

                  Download Submit

                • C:\ProgramData\RogueKiller\signatures\domains
                  Filesize

                  92KB

                  MD5

                  654ed0749b4d480a8c04f3214b7525c1

                  SHA1

                  6c97e4ec43dad7ff86a5e3deee42377c71c4b677

                  SHA256

                  9cb47de5ebe3c69d177534136f71c1a736bc174acea9436dabcb7dfbb06b07b7

                  SHA512

                  1764b96e380818309eca0a4397fe16298a833630b33bc334ff03bb39d6a24a8d9b3b07d4dc68fb81af4b076d4bc7f9be1ddb374046438d8a07c1dc16d1d212e6

                  Download Submit

                • C:\ProgramData\RogueKiller\signatures\version
                  Filesize

                  32B

                  MD5

                  557a2af2f0863980a354ce9b8ffc80e6

                  SHA1

                  66d5362c894b84beacea8dfd5d040ca1fbdc16dc

                  SHA256

                  7c8bc2a86e123d1556c0f7478e774f34500a5f005f0126e00b6bb54d3eb070d5

                  SHA512

                  2273656a6a4c8aac6bdec2a6aa47c751f31ecca0b0ff8eaaae353557be8cdace592398f6952f318bdd2364f9dbc2909dfe3f817517d013cfb1ff68a903626a30

                  Download Submit

                • C:\ProgramData\RogueKiller\vt.cache
                  Filesize

                  15B

                  MD5

                  faba9d79bceed5ec3d3f5c3aae8b1e30

                  SHA1

                  dc3d1d79d4199b259e52264c87c243107f3e0256

                  SHA256

                  5d10ea790b9458c94384ff5eb4bfe04069053bacc87347cc0e831950f7eb931b

                  SHA512

                  a8a9ca3977697457af152f3a37a356483c123caf23db12225eab150800cecade1ec468dfeb684a6befeefe0e067db6232df2e4e5d9b69b735425b676d0d2dfca

                  Download Submit

                • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
                  Filesize

                  10KB

                  MD5

                  ac12a83f9054e8dd7f7a2940b188b50d

                  SHA1

                  b28d1584e12dabf36f832cf839a7ed2a6cd6f0e9

                  SHA256

                  1696c89a8b3d41f600ad37dd9bfb311c01cf24330b41ef0f15d3949d733de35a

                  SHA512

                  f9c7a84ae2ab4b9f530abd02537e390f0d0dd646e61aaeb1142c167331e849cb1ae49a22e3a1f8ee6834aa08385a83c3a7a4eb1af8f1c564a2f6c84aa2c101c4

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\is-237TM.tmp\RogueKiller_setup.tmp
                  Filesize

                  784KB

                  MD5

                  79fc0c200d150def1d8abc50b21dbb7c

                  SHA1

                  f4adc9c05e7debf9a22ba354e0ab1221d5a5e27f

                  SHA256

                  459db6129ab3788a2a2d607bc3a4d88ba031766237bbc5ac4adc6de0fc13bf01

                  SHA512

                  e47067253247ccba739b27203e49089e453892217493ba7f082ea9d77bde64a04ca7d48666c20bb335a756fc31ffa838e19a6395c5084b8df751bb1375d72576

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\is-J71A3.tmp\roguekillerdll.dll
                  Filesize

                  5.0MB

                  MD5

                  93f4ba58bd3698fca5eb53c5bc9192a9

                  SHA1

                  e6d0b4558584ccebb769cb9935bb52f007da7ab4

                  SHA256

                  c31f7dd18e1d8a5ad5bcfe25e6b7521314c5f4ed6ad40b55d4342289ddfa62cb

                  SHA512

                  5af38492d83b7b16687118c74ce50cb76c7664e1ce2f0eab84a7ca82d89d2cb29ebe3ec89c98968b4f3723afb9edd94c6f32a4f246378f9ef41d767cb48ad552

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\is-TILCI.tmp\RogueKillerDLL.dll
                  Filesize

                  600KB

                  MD5

                  e36ab6f79a758dfc9acb6ae476ef994c

                  SHA1

                  95643c6b14146c2ca2910af1873573c58f74b8c6

                  SHA256

                  bb3b3a60336fb790d1d826cc7b283b1d6870f1ae2327ad13952dbb74eb62027e

                  SHA512

                  d1952b29fc7b3468874dc0e4a428aabec00833eed5940518a8d36acb598f90ddbb0af1a366ca0a7c2eec2c06dfc1bbdb96dd0c9bdab0c0ab9f201d850f3689ff

                  Download Submit

                • C:\Users\Public\Desktop\ROGUEK~1.LNK
                  Filesize

                  906B

                  MD5

                  764810ebdeb78662a14608cc82f8e1bf

                  SHA1

                  f361f329c20a120ff47bb0dc585e1b846b5dc58d

                  SHA256

                  9384b52a66579c98bf02d51b27d39441063ebee9ca5d47b9395b5b3f20e217c9

                  SHA512

                  4af23542063098affe796fb6e2e6fc3704dcd8d6541b94038c03caab6b7c3e939d39e2de9649e7a157e16c1ff1fd052db069288f3f426b0ac2a9105762a942ed

                  Download Submit

                • C:\Windows\Temp\as_AADC.tmp.zip
                  Filesize

                  92KB

                  MD5

                  2282c4f195eb5d8dae72e46df5058605

                  SHA1

                  f81094af9c66968e63fe8806217a8a1fc5f05ae1

                  SHA256

                  5b82c03886c1388fef5dfa6e281b36abdd27dcd5c3f6bc3ae98738e308d6b31c

                  SHA512

                  15608ca3f4e1faa39ba1ab05604d27c9b2f43c4e22f61b24d8cc52762826dc2f6f9025e14dc5e1248c83beaaf3875b2df2a166248a1cf53e2cefe8ae6f79629b

                  Download Submit

                • C:\Windows\system32\drivers\truesight.sys
                  Filesize

                  52KB

                  MD5

                  c555b977ed786b4dff8627ed64c58f63

                  SHA1

                  48d7b0bd5e3d89b94aeb09f443f87442fbee9ce8

                  SHA256

                  3079c59d84064199bdd48fc590c04e4b9471f99b6d07ad0f542cb09081dfa408

                  SHA512

                  d5231f529a20ae834a09cb03e84e08888a9581beb47d8dbbcd8e23d3ac8c2328cf0fd6401a29d6c2b107021d65e9b89a92d7f88d47640c45e0275938807246c5

                  Download Submit

                • memory/1400-289-0x0000027CE9B20000-0x0000027CE9B30000-memory.dmp

                  Filesize

                  64KB

                  Download

                • memory/2276-18-0x0000000002460000-0x0000000002461000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/2276-17-0x0000000000400000-0x00000000004D1000-memory.dmp

                  Filesize

                  836KB

                  Download

                • memory/2276-232-0x0000000000400000-0x00000000004D1000-memory.dmp

                  Filesize

                  836KB

                  Download

                • memory/2276-6-0x0000000002460000-0x0000000002461000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/2276-20-0x0000000000400000-0x00000000004D1000-memory.dmp

                  Filesize

                  836KB

                  Download

                • memory/2276-49-0x0000000000400000-0x00000000004D1000-memory.dmp

                  Filesize

                  836KB

                  Download

                • memory/2276-82-0x0000000000400000-0x00000000004D1000-memory.dmp

                  Filesize

                  836KB

                  Download

                • memory/2276-12-0x0000000000400000-0x00000000004D1000-memory.dmp

                  Filesize

                  836KB

                  Download

                • memory/2276-39-0x0000000000400000-0x00000000004D1000-memory.dmp

                  Filesize

                  836KB

                  Download

                • memory/2276-15-0x0000000000400000-0x00000000004D1000-memory.dmp

                  Filesize

                  836KB

                  Download

                • memory/2276-45-0x0000000000400000-0x00000000004D1000-memory.dmp

                  Filesize

                  836KB

                  Download

                • memory/2448-548-0x0000000002220000-0x0000000002221000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/2448-611-0x0000000000400000-0x00000000004D1000-memory.dmp

                  Filesize

                  836KB

                  Download

                • memory/2448-594-0x0000000000400000-0x00000000004D1000-memory.dmp

                  Filesize

                  836KB

                  Download

                • memory/2448-592-0x0000000000400000-0x00000000004D1000-memory.dmp

                  Filesize

                  836KB

                  Download

                • memory/2448-573-0x0000000002220000-0x0000000002221000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/2448-558-0x0000000000400000-0x00000000004D1000-memory.dmp

                  Filesize

                  836KB

                  Download

                • memory/2888-557-0x0000000000400000-0x00000000004D1000-memory.dmp

                  Filesize

                  836KB

                  Download

                • memory/2888-610-0x0000000000400000-0x00000000004D1000-memory.dmp

                  Filesize

                  836KB

                  Download

                • memory/2888-541-0x00000000023B0000-0x00000000023B1000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/3168-7-0x0000000000400000-0x0000000000428000-memory.dmp

                  Filesize

                  160KB

                  Download

                • memory/3168-235-0x0000000000400000-0x0000000000428000-memory.dmp

                  Filesize

                  160KB

                  Download

                • memory/3168-0-0x0000000000400000-0x0000000000428000-memory.dmp

                  Filesize

                  160KB

                  Download

                • memory/3168-2-0x0000000000400000-0x0000000000428000-memory.dmp

                  Filesize

                  160KB

                  Download

                • memory/5256-425-0x0000015E397B0000-0x0000015E397B1000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/5256-424-0x0000015E397B0000-0x0000015E397B1000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/5256-415-0x0000015E397B0000-0x0000015E397B1000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/5256-423-0x0000015E397B0000-0x0000015E397B1000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/5256-413-0x0000015E397B0000-0x0000015E397B1000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/5256-414-0x0000015E397B0000-0x0000015E397B1000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/5256-419-0x0000015E397B0000-0x0000015E397B1000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/5256-422-0x0000015E397B0000-0x0000015E397B1000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/5256-421-0x0000015E397B0000-0x0000015E397B1000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/5256-420-0x0000015E397B0000-0x0000015E397B1000-memory.dmp

                  Filesize

                  4KB

                  Download