c5e2a4c45741ceb60b85a9c0ab9d8746b01e501a1fc0dc5676f16ee715da8da2

Analysis

max time kernel
93s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19/02/2024, 20:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CreamInstaller.exe
Size

144.0MB
MD5

67559b62234c7e272dbd3e9d07a8fe97
SHA1

62a923368ca16a2f7dc1390d048bf9144cf67b6d
SHA256

c5e2a4c45741ceb60b85a9c0ab9d8746b01e501a1fc0dc5676f16ee715da8da2
SHA512

109d3286ea8428732ce8d004fd4c6c3c8947ef8415a18568f1f50552a4bac8895da3951d8ac0a1a92a2caf3793b6cc38333e8da7c745b512b43a82b010a11c41
SSDEEP

3145728:zRvXeFQb3jdH0ltZnUoHlClgmXRWbBAwB1XmRSTCRS8Y91EeC:NvdGjJF+g3BAk1WIeoeh

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 54 IoCs

pid	Process
3568	CreamInstaller.exe
3568	CreamInstaller.exe
3568	CreamInstaller.exe
3568	CreamInstaller.exe
3568	CreamInstaller.exe
3568	CreamInstaller.exe
3568	CreamInstaller.exe
3568	CreamInstaller.exe
3568	CreamInstaller.exe
3568	CreamInstaller.exe
3568	CreamInstaller.exe
3568	CreamInstaller.exe
3568	CreamInstaller.exe
3568	CreamInstaller.exe
3568	CreamInstaller.exe
3568	CreamInstaller.exe
3568	CreamInstaller.exe
3568	CreamInstaller.exe
3568	CreamInstaller.exe
3568	CreamInstaller.exe
3568	CreamInstaller.exe
3568	CreamInstaller.exe
3568	CreamInstaller.exe
3568	CreamInstaller.exe
3568	CreamInstaller.exe
3568	CreamInstaller.exe
3568	CreamInstaller.exe
3568	CreamInstaller.exe
3568	CreamInstaller.exe
3568	CreamInstaller.exe
3568	CreamInstaller.exe
3568	CreamInstaller.exe
3568	CreamInstaller.exe
3568	CreamInstaller.exe
3568	CreamInstaller.exe
3568	CreamInstaller.exe
3568	CreamInstaller.exe
3568	CreamInstaller.exe
3568	CreamInstaller.exe
3568	CreamInstaller.exe
3568	CreamInstaller.exe
3568	CreamInstaller.exe
3568	CreamInstaller.exe
3568	CreamInstaller.exe
3568	CreamInstaller.exe
3568	CreamInstaller.exe
3568	CreamInstaller.exe
3568	CreamInstaller.exe
3568	CreamInstaller.exe
3568	CreamInstaller.exe
3568	CreamInstaller.exe
3568	CreamInstaller.exe
3568	CreamInstaller.exe
3568	CreamInstaller.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3568	CreamInstaller.exe

C:\Users\Admin\AppData\Local\Temp\CreamInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\CreamInstaller.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:3568

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\.net\CreamInstaller\C+9a07dbA1nxS4LRs0bWjK5lQ40y214=\Accessibility.dll

Filesize
24KB

MD5
af36f88a75124d7e2b171b5323e877c5

SHA1
5b683d97ab2706ddfa2802803e8f55d49a21fe2d

SHA256
fa79c1338cd6a563c1e88137d06dd73be2eb667b96d394e0002c23929abe46d0

SHA512
59005b5f10bf61d1145d56de01e6792ee628a78fbf9dd8a6ee43d9b17eaa2de5b12eaee608d31cd6ff599751defd5e3788617cf3ee2bda673e4d65719aa7bfc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreamInstaller\C+9a07dbA1nxS4LRs0bWjK5lQ40y214=\CreamInstaller.dll

Filesize
13.2MB

MD5
39e646d47ee3f8df81d00c6d145f551c

SHA1
e98f18ada7489ab581a2dd1c9ae28317f0e2abb4

SHA256
062f54d5093830296e0b64771da02310e50cbeda6098ffe4b9caece9ae871f95

SHA512
997ff8fa7512f60ac026a552018b37d285739ba94192c4976346b7dc532fc7cd3a1dae0664b3c2f1a83bc03f819a946691e1502ac2afe5acf4303a2ed707a795

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreamInstaller\C+9a07dbA1nxS4LRs0bWjK5lQ40y214=\CreamInstaller.r2r.dll

Filesize
9.3MB

MD5
ff848b782c2596c110413d3b295e7721

SHA1
54d507129fe42f6d5f7850de36f0e2c1d573df1a

SHA256
798a1f289a05305110bf1f25e3821396f5f2b028b78e0c750ec3bce472d3730d

SHA512
a8a0678e82423de691aee00435aa9df4b4a471f583993f4650cc41b48ed13384b139c119cca6c778bc38ab91079bd8b0e969ef4f579bab97a3612d42af61f24c

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreamInstaller\C+9a07dbA1nxS4LRs0bWjK5lQ40y214=\Microsoft.Win32.Primitives.dll

Filesize
16KB

MD5
0ac7fa618423911cd4475dcc803e0252

SHA1
00cea4a96d369d5b4ed5e9e89ee6accef852beb8

SHA256
fc0a9e9c982a792437676d0bb8dacf519c8fe3947fb138834870781fcb7070dd

SHA512
0799d4acc1ebc982bf5db9de410589360ad53cab0a27662fce77890c1d33882dbf74f538d97c020768dd309bfeb36da6a8a52324902dc236e2346c0f38a7551b

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreamInstaller\C+9a07dbA1nxS4LRs0bWjK5lQ40y214=\Microsoft.Win32.Registry.dll

Filesize
56KB

MD5
d11c7d71929f2add8f753332ee9f8feb

SHA1
34e20b1f24a002adc711eb806465e4d1f9f86c61

SHA256
c68da626f5b5f1a44ace066f4abbd82ea751dcd94b7ff65791eced5c09141a33

SHA512
2725bef14ff2e6743559cdb961cee3983f5fb4881dd8831a9f39efb615203ec2e9729f9568a8e2259cc1830d855b6caf5abfc2021a3987fac259de7b2f136a0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreamInstaller\C+9a07dbA1nxS4LRs0bWjK5lQ40y214=\Microsoft.Win32.SystemEvents.dll

Filesize
60KB

MD5
a1be55bd432b83021da697c79f5429f3

SHA1
af21bc74748d6e823ae5d040fd47d38c44050307

SHA256
d8981fad34c88cd7053e540fc2b4b660380705e35a92730ef971c6b010342690

SHA512
d1b2cebbe4544bf3f11ec67dc982fd341446e002f71b994f6e385a86089a169f6cb1e0b43d5f01dc51ba0433c09fdb836c91711b6705bbb6af40e977eb94fc6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreamInstaller\C+9a07dbA1nxS4LRs0bWjK5lQ40y214=\Newtonsoft.Json.dll

Filesize
700KB

MD5
d9b75bcabfaca487a9d3c3a8371503c7

SHA1
6c4aec9f236cdb02f11dfad710391ddb947d2e79

SHA256
af034d2ad0fb46cb83a1ce8db27d6edbe12471a36dcfb4ad0cf65851e5592ffe

SHA512
21bbd7d0bc79812b77944303a567c8e9b0acaa0527020de2f709d37bbb735a02abbb39aaf6f303bd895948c3cef75fa005392aff1e9904de2a06af18e2d16525

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreamInstaller\C+9a07dbA1nxS4LRs0bWjK5lQ40y214=\System.Collections.Concurrent.dll

Filesize
88KB

MD5
e76da6c9ed86131f3a9d659126a134ed

SHA1
221097d2a4028dbe8bdb34b97b6cd4591c3666bb

SHA256
aab9c40d44ef929b442c8873153093881cc3360626743ee46a851a8119ea8335

SHA512
e1539d166e7dadfeb1cd1d53ea6f8db1f0c06fea887c450a0213c14c9ebf43b6539a615cccd6827ef1b76a467fbfb80434ffe8272b1cf69e3828da555338ff6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreamInstaller\C+9a07dbA1nxS4LRs0bWjK5lQ40y214=\System.Collections.NonGeneric.dll

Filesize
48KB

MD5
b682fcbea028d0dca7c70e699c9497d2

SHA1
ee9f18aef45fa8a736d570973e8733c2c807804e

SHA256
b404d28acc07efbab12ea0d35c16692602f891c1d6bb6e1a4b3139e5416a9247

SHA512
aa760ba0aba09c0daac4759195eae7c424da0b24bfda8b2370d403e45b4d7dbb9cb58255f0f945c9522557c5890021c43a51081b061417f36be8edcae56b20b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreamInstaller\C+9a07dbA1nxS4LRs0bWjK5lQ40y214=\System.Collections.Specialized.dll

Filesize
48KB

MD5
976c75f0de6da42557c92fc4774d2fc7

SHA1
d4e29e3943a5c1de8970af0ba3681962918e8be2

SHA256
7cb545024cecfb4832aebd42312f1d919712bd0685105176d64e9c50de514491

SHA512
b985bd0d240e5a5e68f5aa8b0fa2f3fef82f18c67a2ef0c9f9eb07b166079512ff530d27f934b8c050e322ab9d1f33a7c4427da3349504c3ea6a871d06dbd12c

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreamInstaller\C+9a07dbA1nxS4LRs0bWjK5lQ40y214=\System.Collections.dll

Filesize
104KB

MD5
bc09f0ab1cf5770987814f199b5b0b9a

SHA1
47343c23c65610443e73d0033500ac93a9dd59ba

SHA256
89336fbad6ac6ff7dbf45a84dae9f368267bf0f075a4233db7a08e1db677d795

SHA512
70f374b0e713bdc53e5d7453c10355bca90890526a4c6281f46235ff4137a1205e618ab9ffb50de3c7e8db99d16d5617f14a253db990f574efade29fbb61b1dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreamInstaller\C+9a07dbA1nxS4LRs0bWjK5lQ40y214=\System.ComponentModel.EventBasedAsync.dll

Filesize
28KB

MD5
db26e3832baa513b893e689fcd540f5e

SHA1
d391243eee511ce8f8e59514d6f1cef6c2203cfd

SHA256
d6e43b9b6592717f06168942903b99fa33002d7e39c08551b8708b45930a626d

SHA512
2ffc502af7e25532503346255386787e08b9adb0e15a13a186da7dfbe8b8730d485ce8266c33357e9db2e351be8b2d50381b01e1fe1dd6e5386e3cbaec29344e

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreamInstaller\C+9a07dbA1nxS4LRs0bWjK5lQ40y214=\System.ComponentModel.Primitives.dll

Filesize
44KB

MD5
b46a43ce581f4cdcdb3023d2612874d3

SHA1
987b68963b7ac86cc9de93b23b30986693c89fa1

SHA256
8375f953bd2b8583ea25ff8da4c924eb0ae04bf24115fcf83bf25d6d107377ef

SHA512
40f9d444769f0d544b280f9510aaa58517bbc92bfa75d56d6d9b0e4b4e33354158d7a8b7de64b43025b34b225ceca56e8569d7b12f4eb1aa60ad2be118d3242f

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreamInstaller\C+9a07dbA1nxS4LRs0bWjK5lQ40y214=\System.ComponentModel.TypeConverter.dll

Filesize
300KB

MD5
c9573b27acf6df2a7a9ac11c674b1b73

SHA1
173f7ae43bf715eb334f0544415d81285a37f834

SHA256
9501bd0153536bda3e49276a15166c46b45239bd3ee769dde531641b12add201

SHA512
e83ec661a764bb952a553075afa4b29042869ed88e9eda047af0eb4071c423170bdce8583638ea7357361def5cce1cc7946b1841b1a50ed117221f81eceab3eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreamInstaller\C+9a07dbA1nxS4LRs0bWjK5lQ40y214=\System.ComponentModel.dll

Filesize
20KB

MD5
01c4bbb8b57c12a54a6f04a2220ea340

SHA1
67835df12952a30251e160d4a0d282ebb85337f6

SHA256
a9c5de56b345f4eeb8d2f687bf12eb0a685127fb5a76641e2eb7fc92843e9e1b

SHA512
099590167a89ce26c7fd19a9262ffc4e598dd5a3980ac5cded185d0da5dbbc053c341b4570fb0c01dbb3e46b9d72b8c682fed310734e8b91a8c1cdd4c84b171e

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreamInstaller\C+9a07dbA1nxS4LRs0bWjK5lQ40y214=\System.Data.Common.dll

Filesize
1004KB

MD5
59fcf0819716d06a4fddb783e7e0ff40

SHA1
b5f5d9263750404e71b38650a945026de250d053

SHA256
0af9299c8dc770a204e0e5e0969c8734a06befdeaeb7bb4461031863f8cc783e

SHA512
540e2fcca07bd2f5b38cc10be445573222209823c0bb1b4cf3c3aeb9743e4f90fd2e66cb87bb7c2f2f04bec53f76b26594ecddf8146e12c913f839db69d3c800

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreamInstaller\C+9a07dbA1nxS4LRs0bWjK5lQ40y214=\System.Diagnostics.DiagnosticSource.dll

Filesize
164KB

MD5
3afac84042c3dbccbd3f726331a8cf02

SHA1
b72ae11d8bbd721b1f574d8ee8090e5a05f9ade9

SHA256
f773c9fa90f4f5ac0792ffff786b0b0043c7c30a75242f0a336790e3b855bee2

SHA512
19377cfb70410600a287d9f50e0b34e50cba729ff50693f5f6b96bd60c7867736b2678beaf49ea7617488299f4e3b6d981f4b0707ce07cdbe136fda48b8cef63

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreamInstaller\C+9a07dbA1nxS4LRs0bWjK5lQ40y214=\System.Diagnostics.Process.dll

Filesize
144KB

MD5
d58e35ee2c65c86cba90da9dab979493

SHA1
f9bd678e8906936775e5845ab529b6ff313f2a0f

SHA256
3bcfc8879d6e317e83d8ba0319c6a7b2158b27f7a5621fc7310038d61f664477

SHA512
93562701e39fc36973212d51dec0a553287e489c6c4d26c6d2784a71351194caf8b38f60155f6f53aae3648a2613d27f250470160275fcea68cfc6f9974e5bda

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreamInstaller\C+9a07dbA1nxS4LRs0bWjK5lQ40y214=\System.Diagnostics.TraceSource.dll

Filesize
60KB

MD5
43f985970ae2de1bb3eb18f6da54f2c6

SHA1
4bedac6338f7b8f42f1fd4236432a37047813dab

SHA256
1fab009d42e431a8c6f17a12c5d3c135eec6704483ec651d0acbda2dc9d6e4ee

SHA512
c53943c636232b548e14c70099482c2c0e4619f071bc5f0668e262733beb4dcdb43275995b8ac2e7faa7b2ca8b40a6a1cbb0e5183e0d999384488d1bac095b20

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreamInstaller\C+9a07dbA1nxS4LRs0bWjK5lQ40y214=\System.Diagnostics.Tracing.dll

Filesize
20KB

MD5
87a4c973a792ee7365a27148b2cb1785

SHA1
d5f30f3d02a066746dce277fe5f15010e06af79f

SHA256
ea92480753e80f8a9e8a02ce29d613f9d2934247101c04fc89c681dd4612b1d5

SHA512
181a5edea50fdad3b6d5f64d93c9e6d45709751a9c4897d78c67940419d693701671cbb2651bcd3941553a8a0a7cb44f055b98712cd58881e6cfdb40b91ffa7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreamInstaller\C+9a07dbA1nxS4LRs0bWjK5lQ40y214=\System.Drawing.Common.dll

Filesize
600KB

MD5
3b415ae1d43bf12e6f085816ce39ef3a

SHA1
8bbddda92b9d090fa265f3956f5934cb0c96e931

SHA256
acff4edc7562148eab28002645474777bc60fa0deffb411609c8ea36750aa3e3

SHA512
aab2da37702fcf0482b0ef33ebd8354ca5e3fe473c9287d771ae36ad8526e7d2aeaa7f59f03b94d21b59ca1c5a2e848ed0dac8ad11fa796b23e811a6be9f7c18

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreamInstaller\C+9a07dbA1nxS4LRs0bWjK5lQ40y214=\System.Drawing.Primitives.dll

Filesize
64KB

MD5
51f054779e69438da281d122ae27d961

SHA1
c93d6ee6f1c4c5b7e31c0f39611ccbeaf3185941

SHA256
9fef6c447f23ad9dca197b733f83f7294347784e8fbe16781a3675592feb6ac8

SHA512
b1476b7aed0f45f2cf993f65a3ced1d8c68fea2250b69549b315485d39433e68ee0dc073f5da26720c2676ff67820461063659e6b6d5eb3f6837fca773713d07

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreamInstaller\C+9a07dbA1nxS4LRs0bWjK5lQ40y214=\System.Drawing.dll

Filesize
24KB

MD5
dabd9227654b938a8fcb9c816ecde621

SHA1
ab7b108ec21cf0c9c48ea1ab2c35b9c6080a2a99

SHA256
2046c915440f8c5e6a80e934dee12c355c3be4dc2cb197ea582850c42c5e1401

SHA512
5cda11c41486b344230f7176c4728498c248c130a1afd038a6753adf310587629607f39fd87963e94dbb4cd56da79d2123f59e57543d1191aea1f59dff6b7b27

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreamInstaller\C+9a07dbA1nxS4LRs0bWjK5lQ40y214=\System.Linq.Expressions.dll

Filesize
572KB

MD5
9da0bfc1f7ceca3a5ce3446b41d73723

SHA1
41071e416167ce04f00731a591ab724ebef75e5f

SHA256
a8eee2459bad021fb1220b7905257ace1e1dda09ed2433a53f1aa9156d29e8ee

SHA512
3644a101d62f2389fdc5e77bae20cb8ccc72bf71cf2734dab4f20d9cb1953eeae189d3cf135f52358103e20cba2b26ab62f42001f7cdff2318d212eaac72375a

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreamInstaller\C+9a07dbA1nxS4LRs0bWjK5lQ40y214=\System.Linq.dll

Filesize
164KB

MD5
7aac46fad547a9f070ceb10605e7d262

SHA1
b4b3416c03d95ed83755c5ff27d2c0ac64276839

SHA256
91d9186c2e01490f6164082eb9e2adfe3ef431eac730e38326baa268a0e85797

SHA512
baba43bae96434be87aef4f1f96fc2b86133d23e30a74f3b1a74d6b41c40ac237fb3f2f1b8d342a3a6c865f8914ad0f99f362e63f6e2d10594cf75d859abe76a

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreamInstaller\C+9a07dbA1nxS4LRs0bWjK5lQ40y214=\System.Memory.dll

Filesize
56KB

MD5
0039ac08f98108435f11e2323aa10785

SHA1
3ec0bb2dc4db6e2de042e6610003b515a2319757

SHA256
e3832c9e4993d3cf6ec335d39afa9b4dc9f4b3824f0449982117eaf1dca6f977

SHA512
0044858fabd443dbc779a82e7e449456ac77e6fd512c04201b80b8002f886405189e1c18cf358ec59bb6268130b2e8da30df61fa0c3e2e1f47535aea0414c079

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreamInstaller\C+9a07dbA1nxS4LRs0bWjK5lQ40y214=\System.Net.Http.dll

Filesize
644KB

MD5
1da24a87926289398ffd6ae41c493e1e

SHA1
51318add51d414a421a6daef040ae2e5bbbfee0d

SHA256
6389b405fc20ad8befaf18641cb947abbf295079dc55aab53dacd4ddf32e54ef

SHA512
5d14440a9361f1a85e23d1838c457cfbf75cdbea446a17bd075420f9120f28c94f1bf2c9bbc05633b160fd667711540779c500f0f6987d22c46d94ac93b5e50b

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreamInstaller\C+9a07dbA1nxS4LRs0bWjK5lQ40y214=\System.Net.NameResolution.dll

Filesize
52KB

MD5
cbe10d96a062c76221d172c7b01d5e43

SHA1
e8d7308e82ed5d835022977b8c8cebacfc23162f

SHA256
c5756264d60b87372785de0dcf5c1da0c6ee340e69e8c4ebdd94f7a5cca84328

SHA512
32245312ae85bd70d2c4210856214506ef29db7cf1491af11ed3cfdfa1d6e614de568d8163621a1a078e022c653539bbca81b869d36031f86fe25aa0b983eaf9

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreamInstaller\C+9a07dbA1nxS4LRs0bWjK5lQ40y214=\System.Net.Primitives.dll

Filesize
100KB

MD5
3a901a8a784d14daae8321cfcb00c5e2

SHA1
bd010f8bf01923a63f28b72d9aa61ee6d2c0644b

SHA256
16ec748006a195a475bfc07a6664bd61de051f8868e8223803a42ac7dc6c5e90

SHA512
d7b82cda100faddaf145a33bbbbce96c7213ee36a9934ab1a68452d828738a369ff14bf6dcda704eefb538bcf73285ca5462ae4583646ccf7da94544ee479148

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreamInstaller\C+9a07dbA1nxS4LRs0bWjK5lQ40y214=\System.Net.Security.dll

Filesize
260KB

MD5
10f99c7eb103fdb18287ff70fa8f02a2

SHA1
623136c6a7d1e8fc9f020da935ddce14087cc5a3

SHA256
d9c7eec16f7da34d7a7b5b3594cf4ba8a6ebc7d23340c8d4f928e146d1afdae3

SHA512
1fed23339412bf17a161d6a7bd065cc3aa553c91d6fec9249ab1e33c742c693780e81a07c4c33f1676b8435f908fbccb1fdc41e1cf30bd495c8aee8e090768e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreamInstaller\C+9a07dbA1nxS4LRs0bWjK5lQ40y214=\System.Net.Sockets.dll

Filesize
204KB

MD5
5705cc93ed43f6896be8d5f81e3a1c34

SHA1
b425607363f0c36b669d42994ebdfb4674752ae7

SHA256
2c771d2da08ebcbc8cb917a893516935d3f15762a5318b0fa6e943f1f2011501

SHA512
649a5f2fdf79bbc28e3d394534b0ea271461741550a469f796605f02394bcaf4ea5da6b79cbfbf5ef1d4f02a4d65034263e1f53f27c9d622d5c4247296ce5d6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreamInstaller\C+9a07dbA1nxS4LRs0bWjK5lQ40y214=\System.Numerics.Vectors.dll

Filesize
16KB

MD5
ac77bd54d1dbded3ce41f50af00b9da6

SHA1
a5ccce0f84fa519ae23b1c9b820a524a38811767

SHA256
13cb0c54ea86f34fdc788db58de68a7bd0aee425d167e4b12afff15ab2162d00

SHA512
75dbc2d9e436dfe494edb36b65a707e462fd0595aa0b945451c909d2bf6a1eef76fc93ed11439fcc6b407ae1edd655f2f50bd911bfedf0e617bb654645ad12e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreamInstaller\C+9a07dbA1nxS4LRs0bWjK5lQ40y214=\System.ObjectModel.dll

Filesize
40KB

MD5
e91fdfab0ad4b694f3c004b4c2101b5e

SHA1
d9b06082608307f84d1b4562dc950fed58c041a0

SHA256
ebb19f2ff8327003cab69a19cdcb80cb0141b1d097eb7c0cdbd7dd856ec820f6

SHA512
86614f7f98be26fcdca2262568633184ec57a1a7bcc6c39edb8b44836049fefb3551b674c22f3a498f16c2c85a672bb9272a7a86be59d5c82e367e8a792470d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreamInstaller\C+9a07dbA1nxS4LRs0bWjK5lQ40y214=\System.Private.CoreLib.dll

Filesize
4.5MB

MD5
eafcfa0edd0ffcde7f5d7c65f1a4f49b

SHA1
54c1d9a439185b2717d2bfa0144bcca1b22d7b42

SHA256
3ccb0b292cb85bf67f28095640196ae0918fb8c5f65675c492abefdcf7abd6e2

SHA512
6c22b43f5abc98ab4cea68b38bdd80fc3158d8028f57794ee65e2b779afb95cbb13f55b014880ef367f0fb5972a2a42dcedea8163476bb0f418312dc3e4fcbdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreamInstaller\C+9a07dbA1nxS4LRs0bWjK5lQ40y214=\System.Private.Uri.dll

Filesize
104KB

MD5
b2d3d7174cacf4f7f1bcfdd90e95f446

SHA1
c087ec43c039ae9e501a9b3d743956e085eb9e14

SHA256
078e2e976596efaf5080a07f6c1c9ccc67045d827a2fbe41275c867d902d5cbb

SHA512
f1bcdb3ade050d975e42d3772926cd11b83375deff139a64a785866ecef0cd4b39ba7b92d57c4fa1e9df7ad10692eb0b7fd2fc1d748914778e9f25177fde35fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreamInstaller\C+9a07dbA1nxS4LRs0bWjK5lQ40y214=\System.Private.Xml.dll

Filesize
3.0MB

MD5
7a7ef87a75919829e41a79eec7917c97

SHA1
9d981d7f680cba8aab202c1bbf17b3f0f2b60307

SHA256
0a00005206ad0f4e93a1b04bf7756c7acfb79c13e692da9737689a9390331a79

SHA512
aa0ee8b08d798e17bc395aa8a32947bb5b2d828adcc6c5c26eb06700e655d78a12dd428471a7f6b06b05df4cea1cbc59ee7b86df99e7e5fc05e27b92da41a9a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreamInstaller\C+9a07dbA1nxS4LRs0bWjK5lQ40y214=\System.Reflection.Emit.ILGeneration.dll

Filesize
16KB

MD5
69e5f02a24e4528b53a2be831dc51f7e

SHA1
39687cbe46cc5b157a868652ae0e9ab7f017e3d1

SHA256
ea20339e609fcafda5e0fdf7a164dbeea3ad71c1e358c7f2018eaf894e0b1fea

SHA512
eadf764253f3866d82d22cf1cb28e2c028066a86c0e15e0f76f45e2f2324124d231f28a8bb40dcda5a3971b8bebdad3b21b09ad9a15ba041eb6c8b560560abfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreamInstaller\C+9a07dbA1nxS4LRs0bWjK5lQ40y214=\System.Reflection.Primitives.dll

Filesize
20KB

MD5
5837f792a14e31f07a9a352743fae97d

SHA1
64556f2d3a923ed070a4ac83a951d9cfc779f5cc

SHA256
c9d6b6974a23612132384451bbe73725c440b292da2e5b4993141f0ae778c91a

SHA512
971d82fe665af930382bed9b3c92e3c21c01c9e5ed5da0e45cfad8a9b7e4014d96f0b40023d036cddf517bf613ba2084344981bae706c0be07670b768be12b53

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreamInstaller\C+9a07dbA1nxS4LRs0bWjK5lQ40y214=\System.Resources.Extensions.dll

Filesize
76KB

MD5
809225bff79d1a2d28c06fbd50b90847

SHA1
63b5e4739914ba334753cb9d5cfbce13d3507c79

SHA256
ded489c48aad41313c384eddc6810234612081387d46dad68998899dce6bdd92

SHA512
d3eea18cf4028f5a2a56d88a2391eb514c97e03294bb5726c00a4189217f61ce9cace1282381dcaada6ef2d1f09bf5ebb3dddd493a03b7650d50c46257858420

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreamInstaller\C+9a07dbA1nxS4LRs0bWjK5lQ40y214=\System.Runtime.InteropServices.dll

Filesize
60KB

MD5
091ddd4503abccf016d5c7beb52629d1

SHA1
063223ad1271c3c7a8369dcf70ec8ac236909a70

SHA256
20ddcca37b129e6d3f51e2277f433d66861b7b30bf04e0d83788b7ea54dae5b6

SHA512
219e63e5ccbd6378b2505a3c845150d02915cd9160b5b3e3f23427a3a7e299698cef1ab469b9887599e11fd700e59ce029da0950856d7d374bf9d38c91dfb9d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreamInstaller\C+9a07dbA1nxS4LRs0bWjK5lQ40y214=\System.Runtime.Numerics.dll

Filesize
128KB

MD5
395d793d480437fbd7180de3e3e09641

SHA1
f3534c7337bb5999c280724900e9610c939409f8

SHA256
18fd0f6a31e7aa996e5cb96eeb6efbe5aee71b89754fbfb5b2df766d78dc81ab

SHA512
17e8fcce1ac7fa9b0b6630efc31ebd1f99045599d5deb6128aa1efc6ff07c694d20cfc83683e534112747bcbcb3abd2b62be515829de621f818f23da15d21199

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreamInstaller\C+9a07dbA1nxS4LRs0bWjK5lQ40y214=\System.Runtime.Serialization.Formatters.dll

Filesize
136KB

MD5
9790edc6837a6e4a1bbce373d397788a

SHA1
ac557634985520efb367da28af68b9203faf26d9

SHA256
7f558e78fe64bfd17b366d25d2175d5e7ef016eea2430e79198f88c8f1ba54d3

SHA512
7e79dc033e0409d83705877acb88e07378ff645f77047e47d36e414de8b57369df69ce251601299e279b71ea8da5063d17cf12209b0d3e3dd024cf89928f9943

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreamInstaller\C+9a07dbA1nxS4LRs0bWjK5lQ40y214=\System.Runtime.Serialization.Primitives.dll

Filesize
24KB

MD5
e2c83d38e4abc7bda7cdf3ec54611a26

SHA1
ec1e3d7af172573854fd90abb0d0849bb2196da4

SHA256
d765263ba4b50a98e1e3ff8d80b41a7ee4d8f1f0928da27943bd0245948cf9f4

SHA512
057264cfc03856647add56b1ee0bf5ca7114439d3c61a078ee64ac950683dd91a64ba5bd440faa1a3d392fb27d81a882711328fa731f1ba5d004e0c5310e6c54

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreamInstaller\C+9a07dbA1nxS4LRs0bWjK5lQ40y214=\System.Runtime.dll

Filesize
44KB

MD5
3fb0787467fe7bba5427da6951aa0a3b

SHA1
3da353fe6fdd82ca046761ec97b7b8f07dc80948

SHA256
d98eec07147d2688bca10af43d9bcb5a341189e90d3366f1bba0bbe73f09d7bf

SHA512
f06a878fbb43cb2bb381746c446aee99c3ce25802a92694c0bd2dcfc82b9e1d5b0aa58e3b7ebfd608aebeb05cf3a248042c4e81ba0bae870c0c1e99524266dfc

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreamInstaller\C+9a07dbA1nxS4LRs0bWjK5lQ40y214=\System.Security.Claims.dll

Filesize
56KB

MD5
30f5d46099b743357856d62de49de4f9

SHA1
c77bb2d9d93b2dec31e66ada1a1ba15d0acff140

SHA256
73de0aab75803bffaa2d2268366e68a015c0989e1150d9d0ff251c55ad4d1757

SHA512
8512a1d1392e300322ee24a9d21b9445c73a99af0b5d59668b697c46b9d1232a16d6fec32ef210ced7df3d154beca98179ec6cd184dd85a96950b17798343a21

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreamInstaller\C+9a07dbA1nxS4LRs0bWjK5lQ40y214=\System.Security.Cryptography.dll

Filesize
748KB

MD5
2492e3725319b8af310a08ea7ed2f6ed

SHA1
d038c921f4e37825fdb21539b89bcb5e5410f384

SHA256
94c3a1a893d2e16bfc4fa79d8e250ac805cfde460a7fda9b8a759793ed0b5233

SHA512
efb26fb76ff5d9d25822f7fb05c64e7accc6d65858a51cb9fcf0727d4e0875537ef54b3c3914d3e68216695c64019b40c70b29218feab70f7e627073ff9dec4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreamInstaller\C+9a07dbA1nxS4LRs0bWjK5lQ40y214=\System.Security.Principal.Windows.dll

Filesize
84KB

MD5
b358617ce6e13c63e425144e02947ad4

SHA1
b18083fd3635e87f4db05cd5da0ad0aac13c2cd0

SHA256
a21e33a63788f681e6d2b212e9d397d726d569727115d66c8a85b8aeb05fc578

SHA512
dbc8279ee0f2dc81e7a87171c753446d90be7a626b1d23115732b026335520fb7149a4ae5746786efe74abfae0bccf5ce8d4d046dc8e08161e124e95a1e8b7b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreamInstaller\C+9a07dbA1nxS4LRs0bWjK5lQ40y214=\System.Threading.Overlapped.dll

Filesize
16KB

MD5
65206f92607ce3731edc25554adf9e4e

SHA1
d1ec0637d672c9e36ed67f0e8c196d0b3a2cd8b7

SHA256
d2e76a6bb0fa7a107e2c8815710e8b8a34ba89584d6cb50a867990cd756cc5bb

SHA512
bd0dcaeb045984e56f85e5268838f123640122db3d8a23da30cb27e3cabfa03bb362f24bafc3844bb578f3a928a1940c6ba8fb7a21f3f2313c3c68cebab8a7bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreamInstaller\C+9a07dbA1nxS4LRs0bWjK5lQ40y214=\System.Threading.Thread.dll

Filesize
16KB

MD5
68bd4465b24a71a2c1e969ab4b3d67a2

SHA1
9ca6e294c2bca4df50d5d3eae1a8e09dd49f96f7

SHA256
1fe4b1bfa98fa3a3c36134bae996fea2b40f11d6ec9c891de1b1d7b98c64ce95

SHA512
c2348e52aa91cf90899b72abc21d9e7b82cf58d300b50836de5dd9ccf5544d13692a824e752f40c47b9762c8ba75f2eecb4a22bfa9cbb0be704b7f5363a5c01a

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreamInstaller\C+9a07dbA1nxS4LRs0bWjK5lQ40y214=\System.Threading.ThreadPool.dll

Filesize
16KB

MD5
73ce457ebe0cbd5cb6765cbb30310db5

SHA1
8a4056e999ae9a1754fee1c6f75ac8c658a6e203

SHA256
983505c636e3660b083b8999760e0cd43092930db4abdbd53746bb6bb41d4f4f

SHA512
72e1581db218a14fb28610a4b9ec1013eda186b31f00d821f34318830cbdb5970ccbadcbd4d70d2e00bdba5fc18f7507db9f06d923ddeb065aa5bf5639f16c2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreamInstaller\C+9a07dbA1nxS4LRs0bWjK5lQ40y214=\System.Threading.dll

Filesize
44KB

MD5
97d2028f1097e0dcc891bdd07a8e9046

SHA1
7eeeb1f55c41daf66ae8bf17bc7f16ce1f90628e

SHA256
7376ad65dba3b89ab9b5a6103b029c8a0ceaac0407a559000aa698fd071671a1

SHA512
7abe218d90442277ea2274f14edfe3b5445bbfbc5be1e13ce6fd6acc54ec0bd804c867ab772b1b4d5d4801daf38f02b076a00a1af43b988f696f091ee49331b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreamInstaller\C+9a07dbA1nxS4LRs0bWjK5lQ40y214=\System.Windows.Forms.Primitives.dll

Filesize
1.8MB

MD5
6a67016c90934317be9f252bcff2f30e

SHA1
cb43009093782306f4de60bf3c55df60317c4595

SHA256
162784abd343309a53995322689dc7474b9708642d16255c3cfa5788936eb145

SHA512
a29633ae9faed3863838d97291d3714c0760908e61d844d9d6e4a0b2467cc1936bf52f283f8586905c8869c3cd7f97ba14488f3200ea4b1657c8d5ddf1af78b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreamInstaller\C+9a07dbA1nxS4LRs0bWjK5lQ40y214=\System.Windows.Forms.dll

Filesize
6.7MB

MD5
36750d8306dbb6c6c4a749fce015794f

SHA1
6e938c087b0b1f970ac7f975b92ebf02b29b88f8

SHA256
a843cf59a523de869316ad670e7b141906bf1cf926f3657fbc996c17b41e6441

SHA512
8e4cd70424342ce959b836dec27abbef881b916b40b354a77a75fc9be4828ce3b5fe058e95e6a8d6639cbe30e07cecdb7d77e34ac841346f884ed84ca03cb713

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreamInstaller\C+9a07dbA1nxS4LRs0bWjK5lQ40y214=\System.Xml.ReaderWriter.dll

Filesize
24KB

MD5
8a8747255d137dd5287fb06320e36403

SHA1
05dea2db4ba8300405bdf32a3126093923a37468

SHA256
459d44e3634c65cfc62730f66ac152aae06c6701b08a1e7b07e44e86e41049b9

SHA512
dd7ec7157407799e1e830c0e99c7ae67f96b9b1975f8646cb5d936e7dd5d7bed4a3e576fce56b055fb7be78884b9bfdced13b5e8f7d910175e2c4599749e9a02

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads