ef18229305e5d121300834c27485b518782aa7fbd3ec8e654d3114901cc88e1a

Analysis

max time kernel
186s
max time network
212s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
03/01/2024, 10:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

setup_stalker_cop_2.1.0.17.exe
Size

28.2MB
MD5

30a61ac1900d59aa3af1682e58732378
SHA1

9e0fcdf5a756ee1d19e34fbf9c1d42caf385db50
SHA256

ef18229305e5d121300834c27485b518782aa7fbd3ec8e654d3114901cc88e1a
SHA512

8e31602767a75581c5876ac92b831e735bcfef84c02a65a33ccfba1cc92e24b26b1a15baabf4b591fbe16d43ea6041bac7fc9d179b150fcd2277b326948fad11
SSDEEP

786432:PXUMoJKOj/esMcOsbTAkSeGcX6vNrwtWHPEAk:/UMYywOsbTtSLcqNIQJ

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2604	setup_stalker_cop_2.1.0.17.tmp

Loads dropped DLL 7 IoCs

pid	Process
2604	setup_stalker_cop_2.1.0.17.tmp
2604	setup_stalker_cop_2.1.0.17.tmp
2604	setup_stalker_cop_2.1.0.17.tmp
2604	setup_stalker_cop_2.1.0.17.tmp
2604	setup_stalker_cop_2.1.0.17.tmp
2604	setup_stalker_cop_2.1.0.17.tmp
2604	setup_stalker_cop_2.1.0.17.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3136 wrote to memory of 2604	3136	setup_stalker_cop_2.1.0.17.exe	91
PID 3136 wrote to memory of 2604	3136	setup_stalker_cop_2.1.0.17.exe	91
PID 3136 wrote to memory of 2604	3136	setup_stalker_cop_2.1.0.17.exe	91

C:\Users\Admin\AppData\Local\Temp\setup_stalker_cop_2.1.0.17.exe
"C:\Users\Admin\AppData\Local\Temp\setup_stalker_cop_2.1.0.17.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3136
- C:\Users\Admin\AppData\Local\Temp\is-K03M2.tmp\setup_stalker_cop_2.1.0.17.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-K03M2.tmp\setup_stalker_cop_2.1.0.17.tmp" /SL5="$B0090,28894331,242688,C:\Users\Admin\AppData\Local\Temp\setup_stalker_cop_2.1.0.17.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2604

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-DPLIP.tmp\01.Duke-Nukem-3D-Atomic-Edition.png

Filesize
993KB

MD5
8a9a5b0f10a3860bdb642b519c9bc6d7

SHA1
c16c3cd4bdc323835eb2233f8604dc73e1f63b48

SHA256
35837dda843d8e4096e53673bfae754ee6048f9711de52eab1ec5040e380e4f2

SHA512
d5c7ff5e30f1184f15fd58c085e503b18da05b2d67bafdc2ae6fc01efc3fbfefa3778d56743596a05daf75f27c0f0ab2e5630d1bc79ac870ac392118ea3b47c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DPLIP.tmp\02.Far-Cry.png

Filesize
1.6MB

MD5
a20bda23f612f844e13470c5fcabccbd

SHA1
eac506de1c1c6a5b7ec48bfa833b6f75fd6fb4dd

SHA256
8d56c9772132cd08d0c699cd0291e73736502a352956e136bb695c4000088b62

SHA512
a8274ca4030e011bba6f31eeadfaa6c00fc1c4bb86c57141c96cdd2dbfd4f8e7d3d45959c578c7eb402bd863a77ec9316faea5dc6210a15dfe9eb2e0d2cb560c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DPLIP.tmp\03.Comanche-vs.-Hokum.png

Filesize
1.1MB

MD5
a96b568b11034656c162cdc195be1551

SHA1
5d713275a9a7710cdb7c3c848b6f8977581fb580

SHA256
4da9a74c39f98bca3e38045149a494ff062edc9b868ce2916b856c71d6f105ae

SHA512
25afa243633b75fe7f548963750233e216fd5c07d0a2d51ce6d32413d883132fb2c4596e842efbeb44542c5e10f2b17a20f3a07642ccd955c51e0c3e3444eed7

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DPLIP.tmp\03.Postal-2-Complete.png

Filesize
1.4MB

MD5
61379f47cca47bdb93d09c7f94f6bd30

SHA1
b078ec6072c41fc5f5e14087db3803723d08aa0e

SHA256
e4bb826548a803cc83e7c40f106691c1dda471f071ae0e234c1a1b57bc403076

SHA512
be68bfbe76bd3469c8a214d7c38f4b62d444c036b07a2d80a690b297cf7d93c593bb9d15df242dad18417ff11154000a5355ef3dd844d532cfbe67f2a3ffd832

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DPLIP.tmp\04.Beyond-Good-&-Evil.png

Filesize
1.1MB

MD5
09a1c0bd5cc9a98eb1fbfdfe3f0088a1

SHA1
e7f52becab2ee85791f952bbaa241e284642ec18

SHA256
9dccdb83823e116a86f5ae1dee97dd9f1602e6dfa769e1dd416ad46290623b84

SHA512
9adb4e073c5ba5e291fc0df810f9aad7d4ce3b6edc326d0d484274ea71b6c586e363c22c94c4f69f2a50c5de7acc3d83589add45557fdab137e6784533878db9

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DPLIP.tmp\04.Unreal-GOTY.png

Filesize
1.1MB

MD5
b2c209f2993034d18da35a22327d2381

SHA1
f5135d2d5f6ea27ccb268901ebb2bc59a318f266

SHA256
2f571168047dee59b2bdc966a22db53c60cf2d318c2a68d24bc26ea9ae5f64fd

SHA512
4510d6f94476cacb1db7fcc884093f5466c2da5736e1a02701decad9d3863861afda58e71d3ca348aa1e47faceba2dff8eec8d0eb581db69fafa7e7a83a18d66

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DPLIP.tmp\05.Another-World-15th-Anniversary-Edition.png

Filesize
1.1MB

MD5
8f3d9f46fcd97756d219f1172d36b374

SHA1
de86175c5ed4e217b76c777f6736bc6fa2f32fa3

SHA256
fc7c654a5568fef1c3ba5c64bc4201d092fbbc45becdfe4675153176025b73aa

SHA512
0951df68a87fbec57483240c4fb0c7dbf3454de669f5c21ed51202720bce55271b4a3bb9d58b6f0c0e0fe0f926b346cc5283d6caf3dcf9bab881d6e807387514

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DPLIP.tmp\05.Painkiller-Black-Edition.png

Filesize
667KB

MD5
bc4ec854c2c075e8da937684edc28859

SHA1
715bb0def91c8150687ccc248ac103c093a16641

SHA256
5b96dfdfbcc4998921cbb8cc6eda1103dae22c327a41230bb1338581914aad42

SHA512
f5ec30320756173ca835cd8a96260936936818084d62e039a7a0a8caf45cd86ac8c9941e8a626abdbdeb56fef86d5254b2531d30e16cbfa33b1fefbf67f9dcdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DPLIP.tmp\06.Driver-Parallel-Lines.png

Filesize
101KB

MD5
8fb8e81d1f3c873556ee3b1607653326

SHA1
438ada25d9c14ff5a8053e99f836213f2aabfa4b

SHA256
cc200ca4f86309acd57bd2d411ca0876ea00c2dfdf2024c8df91b8d646c909f7

SHA512
4a38d5f2b82ab896510088616752933d9ffcee13ae3e55d58571f92c2eafde7af4921f393218afe521e5f5e6ca0ffb0b552c3398ebd4510814605e062ce6a567

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DPLIP.tmp\06.Raptor-Call-of-The-Shadows-2010-Edition.png

Filesize
883KB

MD5
cbfb05fc79fc444b417d30ac68f5d7e7

SHA1
f3fe1673c77761cca0884c598a8383ff49114f30

SHA256
ae717e73232e77ce2f0fc94f255c416c35ece4a28df102f7a8d0710c57d4abf4

SHA512
8506fb61566319a376dfcba321135bceac32e5139bcadf188fdd282d493ab6b5ffdd5ed8427844f14c9f4d304eda2529ae4b0ec63f910f6a78cdfb1d9b77a6b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DPLIP.tmp\07.ArmA-II.png

Filesize
1.2MB

MD5
9cf8953e72c50584ab9755594ac1254d

SHA1
62e5a0a36f0255bf086a00dddb75683bb7020221

SHA256
c25fb47597e0ec3d0f30ec070d064f89cc1214559a8229a8e35c7f0886ab9044

SHA512
f657bc5ea367989a5c8a7ffdf731ecd2634e0d576c0d3c4c32a1e09d1ba7c8c7e41c3782b901ea0372b46777d6b75d15f766bf7c3387292b1084915336948c5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DPLIP.tmp\08.Alone-in-The-Dark-1+2+3.png

Filesize
1.4MB

MD5
73aeb58a396014ce68d583bab0a493a7

SHA1
2aee79ab3aa56e51a70a143e0b53740bdb41b4e4

SHA256
c9de28cdc37c625c06da59691f159ebd61ace72f099855554638e0ae8922e5f3

SHA512
5cf94b77061fea47ec01bc4811a0a9d993d379a39db01c6dff2eada20ff83ac4ca8360eb0f810bbd1cbe11bcbcb796a9e170f4e1a248519827cee17d9c1d7ad2

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DPLIP.tmp\08.Blood-(One-Unit-Whole-Blood).png

Filesize
840KB

MD5
06ae449f1d2a632ed25ab318141f5eae

SHA1
c0e72f5fa5ca80994cfa8ea12e4196eef725b6d7

SHA256
c905dc24bd5b1c8112e629b8994ed7b1c2d4feb94655e771d24e4bee86903d40

SHA512
288f7a3818e296cc74420813fa65d7cd1f9d45ab1cbc2669596a0217190cefd136ba392c0617ec24fba02bf70df974bcc47c19f5b1c090b758b0511a5ae2b2b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DPLIP.tmp\09.Alan-Wake.png

Filesize
1.0MB

MD5
8ef699ac1dfcbfe06c37fd39c5f5d9bc

SHA1
5864498ac82ff24098878afe489e46a88df1a56b

SHA256
312086ae02de7cc344a0019308ff1e30376b971993668b8296e6ad0447fd9d4d

SHA512
7744853f3415ab9d1ae24f417d5a0e41831951a48bf48a9d73d10270c97ed36d8ac19ddcb47fe75d442d6c4399bdfd90cc9cd67ce5e04d8c93c598357c589224

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DPLIP.tmp\09.Redneck-Rampage-Collection.png

Filesize
1.2MB

MD5
ea2ba5d7b7614abcf555af6ab2ef19ed

SHA1
45cb838eb2525cfbc9e8e3f1c1952f6945dedbff

SHA256
10b5f92faafd5be4e9b6ccb5f762dd91518cc9f894da15fb8917bb1d4fb34576

SHA512
c89e4c38256ca30b9e0320926e8e47f9509291922eb67fb212ef64ad08db6271c4d5a2d50ebdc0302a5009390d0b775de13b4f4aee549b836356cbb6afe17767

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DPLIP.tmp\10.Bloodrayne.png

Filesize
1.1MB

MD5
4b75617bac44a2b7e26b1299d4b1a5d1

SHA1
8e4856e02e25bf4b9becb69eb6b2314e065a1b96

SHA256
fe517255b091b7edc6281f691ab1a4757c8da3ff016fb2a9e11188dbf8acf6d0

SHA512
6fa243991d6f021ccfd3bf3eb7fdfccbcd8eb36a84e170b1aec6afede72d77f19e7fcea4e192e35a80aea2fae9ef7840cc78400939feafbf9478100a83f806f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DPLIP.tmp\11.Age-of-Wonders.png

Filesize
1.0MB

MD5
4951d82baf1f5943e4a6c9340a357502

SHA1
67f8de01ba6065b19c9a29d6bc268e5d9095b6f5

SHA256
9fce659eb3d379ccfda3925a12e1bd756f53a354069e2372f6420fd8bdd7fa81

SHA512
e5bcbb9da68a1d2bdc1783868762ce180f56070516417ba4cea8176d7ff3dcf167adc2186b3c6913c800b675dd6fd66788fedb22dee7c02c6421ef26c5555aeb

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DPLIP.tmp\12.Oddworld-Abe's-Exoddus.png

Filesize
1.3MB

MD5
db97d808132043971ec91b6311919e86

SHA1
3a5baa558d5366619129153f6c6f367318c170ea

SHA256
590a307fe5247ac3509f6dc8703122cc48d51fd3645cad8b2a25f55c0e1500fe

SHA512
7ce886ae3fbcd78d9b070192b9d6605cc33251dd078c5ce8ffa791092a38c56c5eedb78741daf61bba53b70484928d39406b0c714bc91fbeb2a696857647e4a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DPLIP.tmp\12.Symphony.png

Filesize
958KB

MD5
84e4825ad792b46e2e33507e18aa89d9

SHA1
560cbb5f9412e6c2072ad008070924fb3194ebc0

SHA256
5461e90f3c7804ebcfa4a3c308952a5550a40a18e638a3ef25d7dbee3add7d40

SHA512
988fc52896a171a8daacbe8bd567dba4f2bf9cccbac81fc3ed3c04efb68da874ee1728feefc8853ca2b98fd6c87caa470c9e46bff4e1c0e4a9b1c736768fa1ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DPLIP.tmp\1207660583.ini

Filesize
3KB

MD5
b8da2ed66d5ae7a479534e3397982e31

SHA1
f6786c0e6c2eaf5f47a1fdbdf988af8781b6060e

SHA256
abddaa6cb4d789aef91041d56239ffd13a2d673c3814b0e24caf27abb918c3ad

SHA512
fddf2ccd67e3ab61a90313c4d8e90150f940d56dc4415ccc818e07b91cd473f29c76339cddbff7aad30efb67e3496e937f4a05bd28b9733af12e75dd327e3de9

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DPLIP.tmp\13.Cannon-Fodder.png

Filesize
1.1MB

MD5
a754cc7f09927a95c388ec0878fc4ced

SHA1
07000d141807d2405593e61c421cbb54fc0511eb

SHA256
20a1fcc5c4e196a5dc085c87e9ee28b45457b5105c4117ea348d95c93308223d

SHA512
f5e1796660860d8e1c261ce33f1f633778ab3fc87b75add6eb72f8c433e0567aadf84ab900b06869022b21a89ba0f34a36d31db579c3337407a5a7b326d76eaa

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DPLIP.tmp\14.Fahrenheit-(Indigo-Prophecy).png

Filesize
704KB

MD5
9f4bb27d1be14616f21d104acfa478c2

SHA1
1c86dcefb2c5c83b0cd5bd84951b9e8d21fa53f5

SHA256
e99d4cc0d72c0cc7dd646996b2fec80aa81d77142f90a8e9efbd3551960fca04

SHA512
b49ad6711cad222167f92075f74c040aa090c3d52a137ec62407d2815c5a47e136071a757f80672a243683c05925ec34d7d953d0e2100d73d4a7e4cde6383d05

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DPLIP.tmp\14.Wing-Commander-Privateer.png

Filesize
1.2MB

MD5
038032021d717f6777757dacb490e5c4

SHA1
851fb1165098d27f158b3892bc9952f8cbf9156b

SHA256
d9d39160f08377f1850ab028d8d7aeb69971510d3bc8af6c39066f754c9aad35

SHA512
51e6cb668451734d421c24a52fe5fe2ffb79db7ef4e5359df57c57c455dbdb73e7129625e9446a8a4141874b9696ff67230647e4b584121f844f970b8a0a86bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DPLIP.tmp\15.Crusader-No-Regret.png

Filesize
1.2MB

MD5
a30c1bfa6300814b16a4012717e8bc8c

SHA1
966897863ab99ff55605ce482111d6afa470cec3

SHA256
e967ae319a1034411755f8829bd2549a472e662074b38725ab5b36209685a8fd

SHA512
d07bd87ca251872211651893c516f576ea99dc71541d288c0ca28ebce776e35cc703e0dff3848638d385192ab92c1c276d6cea5ec4f662f187183f2ba864fc70

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DPLIP.tmp\15.Rise-of-The-Triad.png

Filesize
1.3MB

MD5
c7976e0def49543b3da908c139155d82

SHA1
78a0588267542ab6ee13fab7af8c8df2532175af

SHA256
ac352b94688a1a1428f39afbfab9dadf70d3d2e508859c94e44ab7ad115bb872

SHA512
99b0fbbb75ea109b74b41029ed29074841db635446e2d842acc0fce3cb0a669738a9708bf77dffb42b04a5b64a03c811b7d28f16b295ccda1b8f430985bbe615

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DPLIP.tmp\BigOK.png

Filesize
3KB

MD5
5b43a5d975a53f4fc1da67ce9f7784c1

SHA1
8543fa1e471030049942252b23cb22e0880c3af5

SHA256
59d8bb3e87a89ef523c0495addce38d69560af42aaa82f56dd41b12e6612c13a

SHA512
5dd5c4e9859a555a4a32da76f5231b44f7556274c6501da530b2cdd570bcb4675f710bee708322a40ed3ef9280c0d652b4e7ef0e9eaf128c08534f59291917f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DPLIP.tmp\EULAAccepted.png

Filesize
2KB

MD5
461dfeb75927bdb39f9db5348612a611

SHA1
b7893b1fff6801e37ee7337d876962a09184941e

SHA256
0de278f5ca6d8570d9bda592268a14a28b87d3631fea2d25721947397aaab79c

SHA512
68528cf45c81c2c024a672f42c2cd6d4f72c015b443f103ca21deb8ee2bec4f4027490e7f33b5338a87537b5bf7f255f2828aed149f622155ec89cc81687651b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DPLIP.tmp\EULAShow.png

Filesize
1KB

MD5
c596bc9111edc702bbbb29b70984254f

SHA1
d4712c7b91ff4f8994e7907d31357c42eb47c738

SHA256
6112851daea2aaa7174e8cfac4a0f61c968bc090342503804c476eff47cc2462

SHA512
db50d0a39ec644873a03d64552fff1776cc94f016e8dfc8918e65aee94f7529a6de4637567b5e65c4ea988f3775785c4b52c2d96fe8dbc52b1e21ff59c737c2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DPLIP.tmp\GameuxInstallHelper.dll

Filesize
94KB

MD5
4d3ac88054df63fc810427bdaa96c458

SHA1
e4d554e03ba91f6b53a2a80253b339f56e303c94

SHA256
b07ffcd0af80f6b9fba09abe816ba2f0ff0d336639f1768fc317291bc635ece6

SHA512
d4732ad89bbb19b316dff1b9c534acf98bb985c89d1295f08e24b21531123426500b3712979dda2f0e941a5969c0cbca15bbd52f6c167653f96a494a6677ca54

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DPLIP.tmp\background.jpg

Filesize
554KB

MD5
2db2d65be37f9f628ce80660e64fc8b8

SHA1
f13d9e78e59b9c5b74aabfc63dd0ce40a0f63b8f

SHA256
7204fe09dd12eeb8b13636e658a289468dd7d757ab9868c1b4e0d2e6f7299105

SHA512
f183ca082bc9a1f6b6579cc73108a6f0bcd8bd6c0df9c358260001c9247c3fcc08047ac44c04396d532b065679ea00c41641a9844e79ae72e46f2539b49638d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DPLIP.tmp\botva2.dll

Filesize
35KB

MD5
0177746573eed407f8dca8a9e441aa49

SHA1
6b462adf78059d26cbc56b3311e3b97fcb8d05f7

SHA256
a4b61626a1626fdabec794e4f323484aa0644baa1c905a5dcf785dc34564f008

SHA512
d4ac96da2d72e121d1d63d64e78bcea155d62af828324b81889a3cd3928ceeb12f7a22e87e264e34498d100b57cdd3735d2ab2316e1a3bf7fa099ddb75c5071a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DPLIP.tmp\btn_md5.png

Filesize
8KB

MD5
3befe9739354ee24a0b1ea8df05ce274

SHA1
ab0bda986a8c46aa19f57b75a2b7b22445a3c625

SHA256
b0193ab375f604fa4a25cabdea8f713babde1c07ab562ffc5679352c8e01db47

SHA512
ac016a59e0bfc9b22c376ae5d498c5660893a983d932b2bd502dabe032883c69e79ea8d93c2db49f95415c3cdb068e9f7d1d85527a4f9e68e065a989852d09dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DPLIP.tmp\crcdll.dll

Filesize
69KB

MD5
1d51fac9e2384eeb674199cfd5281d7d

SHA1
861dfdc121357d605d0cc3793266713788109eb2

SHA256
23e90ce5a1f2d634a7bf5d5d0522fafeea6df9e536e16f5ce91035d5197128ec

SHA512
921b00adfe43b883200960e8d0958d4e6b97f6d5cfc096ee277766a3e44cc7805a20877a4edf8bd4d9102bb71a20ac218a9a512f4f76bd751d3ef14f4e0a6eda

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DPLIP.tmp\error.png

Filesize
726B

MD5
df10adc25b673e74e19971c17bee5a98

SHA1
ee16fb1cf9491f5e611282f0574b27d76fede412

SHA256
142b16dc6239421691fa6e619d1a61e61176d89fa018a88b46893c29a57aad8b

SHA512
dc3de10e0321966cbbfb2e57b3b41da6f26dff0c7233a47469da58775b5c471e6b5181e4d4ffc81ef8b83dbcad74ccc1aad7678518f99c9185a441d2a23e010f

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DPLIP.tmp\error_icon.png

Filesize
1KB

MD5
263720c4b8bb111567a2a49989b8f467

SHA1
cf346fa3c70164648e0eaf72a37c6f4920ab4792

SHA256
acdf96ee4261fae138e6350a0ad50b367022ed5b908fa168baad92644f566ee8

SHA512
94f06a81dc735cf264abde86e6169e5fd78d873d2e926fd48287d2ac5208fc930c3c432186e3510add002bd1b4ae32ad8d35270b17c3ce5f18c43764a8e9de43

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DPLIP.tmp\get_hw_caps.dll

Filesize
76KB

MD5
2e35d2894df3b691dbd8e0d4f4c84efc

SHA1
d0fc14963e397d185e9f2d7dea1d07bc6308d5b9

SHA256
869079ba362cbc560d673db290248ec2aa075a74f22a82d90621f1118f8e1c4d

SHA512
29ba662ab2e77aef0547ff76213a1b6ef52be27a446923790a27cf8b69377621048387dbb9f22001b6d15837dddada84c7350614ec9622258319658822705f90

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DPLIP.tmp\innocallback.dll

Filesize
63KB

MD5
1c55ae5ef9980e3b1028447da6105c75

SHA1
f85218e10e6aa23b2f5a3ed512895b437e41b45c

SHA256
6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f

SHA512
1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DPLIP.tmp\ok.png

Filesize
1KB

MD5
103c1368e60806b1b7995a0894eacf87

SHA1
971392527f6e4b655044773132505c901a6b5469

SHA256
0d37d4421a39ca8852eb6760b8e914302bdc6cfcc7b170dc1b6c9bb9be148b7e

SHA512
652177e94438aff102f2ed873b26f0985ebed134763852b49b1ca2698463c1dbeb85152f19c8e18d397229ec5cb2cd1d17c61d454ab7c425a2cab540adc8228a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-K03M2.tmp\setup_stalker_cop_2.1.0.17.tmp

Filesize
1.3MB

MD5
f5b7021b59e4e6d63b649e5c464ff4b2

SHA1
ebb127b5f8cb424c461866538cfe47bda62fc3bf

SHA256
b4017ff8cfc283232e76c4c0fc6c8f4c8a8fda65d838d7e0e8b4b9a36adea8b2

SHA512
17360f28e48936e409de4e78cd1923970054322c96cb2ff8b873a55b5eff47d58be8eff3a9892515dd838d6bc74c700513a9759c3873510a00069689d413fa00

Download Submit
memory/2604-45-0x0000000002A50000-0x0000000002A65000-memory.dmp

Filesize
84KB

Download
memory/2604-46-0x0000000002310000-0x0000000002311000-memory.dmp

Filesize
4KB

Download
memory/2604-6-0x0000000002310000-0x0000000002311000-memory.dmp

Filesize
4KB

Download
memory/2604-454-0x0000000002FF0000-0x0000000002FFE000-memory.dmp

Filesize
56KB

Download
memory/2604-38-0x0000000000400000-0x000000000054E000-memory.dmp

Filesize
1.3MB

Download
memory/2604-39-0x0000000002A50000-0x0000000002A65000-memory.dmp

Filesize
84KB

Download
memory/2604-41-0x0000000000400000-0x000000000054E000-memory.dmp

Filesize
1.3MB

Download
memory/2604-44-0x0000000000400000-0x000000000054E000-memory.dmp

Filesize
1.3MB

Download
memory/2604-422-0x0000000002CB0000-0x0000000002DB0000-memory.dmp

Filesize
1024KB

Download
memory/2604-81-0x0000000002FF0000-0x0000000002FFE000-memory.dmp

Filesize
56KB

Download
memory/2604-20-0x0000000002A50000-0x0000000002A65000-memory.dmp

Filesize
84KB

Download
memory/2604-410-0x0000000002CB0000-0x0000000002DB0000-memory.dmp

Filesize
1024KB

Download
memory/2604-411-0x0000000000400000-0x000000000054E000-memory.dmp

Filesize
1.3MB

Download
memory/2604-412-0x0000000002A50000-0x0000000002A65000-memory.dmp

Filesize
84KB

Download
memory/2604-413-0x0000000002FF0000-0x0000000002FFE000-memory.dmp

Filesize
56KB

Download
memory/3136-37-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download
memory/3136-0-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads