Overview

overview

10

Static

static

10

sperma.exe

windows10-2004-x64

10

sperma.exe

windows11-21h2-x64

10

Resubmissions

08-07-2024 23:06

240708-23rtkswdpf 10

08-07-2024 23:03

240708-21sm4awcqc 10

Analysis

  • max time kernel
    145s
  • max time network
    151s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240704-en
  • resource tags

    arch:x64arch:x86image:win11-20240704-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    08-07-2024 23:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sperma.exe

  • Size

    45KB

  • MD5

    8c516d55a8cbe8bfc8304835b01a4c8e

  • SHA1

    d3560c00f9536885edebf2322fe198074110cdc3

  • SHA256

    864c2fef6299628900235abdf8b315a6635a8aaca1ad541b3014e35ede1b6f6c

  • SHA512

    bf72bf6cce5791dec43d5818ac77fa5a0654dab9997a8e95a3d189f0643884f9e1cb34ac402ee2303f3aafa384b409905e9d57bca37c97a66dd6cf21144df291

  • SSDEEP

    768:pdhO/poiiUcjlJInd3H9Xqk5nWEZ5SbTDa2uI7CPW5D:nw+jjgn5H9XqcnW85SbTLuIb

Score
10/10
xenoratrattrojan

Malware Config

Extracted

Family

xenorat

C2

91.246.109.242

Mutex

Xeno_rat_nd8912d

Attributes
  • delay

    5000

  • install_path

    nothingset

  • port

    4444

  • startup_name

    nothingset

Signatures

  • XenorRat

    XenorRat is a remote access trojan written in C#.

    trojanratxenorat
  • Downloads MZ/PE file
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • NTFS ADS 2 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
  • Suspicious use of FindShellTrayWindow 38 IoCs
  • Suspicious use of SendNotifyMessage 16 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\sperma.exe
    "C:\Users\Admin\AppData\Local\Temp\sperma.exe"
    1⤵
      PID:2380
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
      1⤵
      • Enumerates system info in registry
      • NTFS ADS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:2324
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa41b73cb8,0x7ffa41b73cc8,0x7ffa41b73cd8
        2⤵
          PID:4500
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,6596395856413815281,5506304025833657386,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
          2⤵
            PID:4344
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,6596395856413815281,5506304025833657386,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
            2⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:5060
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,6596395856413815281,5506304025833657386,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2528 /prefetch:8
            2⤵
              PID:436
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,6596395856413815281,5506304025833657386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3116 /prefetch:1
              2⤵
                PID:4684
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,6596395856413815281,5506304025833657386,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:1
                2⤵
                  PID:4540
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,6596395856413815281,5506304025833657386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
                  2⤵
                    PID:4624
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,6596395856413815281,5506304025833657386,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4488 /prefetch:1
                    2⤵
                      PID:1688
                    • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1892,6596395856413815281,5506304025833657386,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4608 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:1896
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,6596395856413815281,5506304025833657386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3788 /prefetch:1
                      2⤵
                        PID:2916
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,6596395856413815281,5506304025833657386,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
                        2⤵
                          PID:3588
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,6596395856413815281,5506304025833657386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
                          2⤵
                            PID:124
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1892,6596395856413815281,5506304025833657386,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:8
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:3576
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,6596395856413815281,5506304025833657386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
                            2⤵
                              PID:3272
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,6596395856413815281,5506304025833657386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
                              2⤵
                                PID:232
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1892,6596395856413815281,5506304025833657386,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5712 /prefetch:8
                                2⤵
                                  PID:2648
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,6596395856413815281,5506304025833657386,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:8
                                  2⤵
                                  • NTFS ADS
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:1592
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,6596395856413815281,5506304025833657386,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
                                  2⤵
                                    PID:3804
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:3736
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:4756
                                    • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
                                      "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Desktop\StepMerge.docx" /o ""
                                      1⤵
                                      • Checks processor information in registry
                                      • Enumerates system info in registry
                                      • Suspicious behavior: AddClipboardFormatListener
                                      • Suspicious use of SetWindowsHookEx
                                      PID:1544
                                    • C:\Users\Admin\Desktop\sperma.exe
                                      "C:\Users\Admin\Desktop\sperma.exe"
                                      1⤵
                                        PID:2720
                                      • C:\Users\Admin\Desktop\sperma.exe
                                        "C:\Users\Admin\Desktop\sperma.exe"
                                        1⤵
                                          PID:2508

                                        Network

                                        MITRE ATT&CK Enterprise v15

                                        Replay Monitor

                                        Loading Replay Monitor...

                                        Downloads

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                          Filesize

                                          152B

                                          MD5

                                          be6d8a5227798b38c33128c43f9febf0

                                          SHA1

                                          b5db7c6a1593f45c75ebb6a81e57628d11fcb892

                                          SHA256

                                          7eaf875fc88b9d5125a56f088e3f676d1762503427fb6b94dbe0eaef71c23234

                                          SHA512

                                          e34ec91b098f08c06754d1e873acfa7773e696dcd2f7be1b2cfe83962944cdbc59703511341d95ed8e5e0aea8f28c9d7b7b497cec719e7a771e6b5e5f6c28368

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                          Filesize

                                          152B

                                          MD5

                                          dd3589b97978441d244d4e821fd239da

                                          SHA1

                                          63286c2b1fc75939d6ad4e1176901b5c7dc58143

                                          SHA256

                                          6ddace977f58c209176969a77634f8a7cdcaf6f1a550cdbc056674b2b538a5f9

                                          SHA512

                                          6a6a16c168445ee2511c363b31faae8bdd851259ccbdcdd8e93584dc076e1bd688891e5804479a1313019428387207b7a2ba23fe854c53ac86467c730c25b4c2

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                          Filesize

                                          180B

                                          MD5

                                          00a455d9d155394bfb4b52258c97c5e5

                                          SHA1

                                          2761d0c955353e1982a588a3df78f2744cfaa9df

                                          SHA256

                                          45a13c77403533b12fbeeeb580e1c32400ca17a32e15caa8c8e6a180ece27fed

                                          SHA512

                                          9553f8553332afbb1b4d5229bbf58aed7a51571ab45cbf01852b36c437811befcbc86f80ec422f222963fa7dabb04b0c9ae72e9d4ff2eeb1e58cde894fbe234f

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                          Filesize

                                          5KB

                                          MD5

                                          7facaf4f802d8439f592a35dc5221d91

                                          SHA1

                                          19c6cea6b834518acb6231978f8c85f571c610df

                                          SHA256

                                          6d3d69727d97c378d6ee0e75ff331ef5679decb6e8909b9fd95fa333c05db9f1

                                          SHA512

                                          cd23ddc099c9cdd29b27f9c263097e2c3ccf6dfeb268d1f5f3a36085e8c4e50880d99ce0aac3f77a8d3daf6c10d6573cf8cc718a1b6172a9cebfd72f21d0a36f

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                          Filesize

                                          5KB

                                          MD5

                                          619bbc16f3b5bb503445d8e87b19d838

                                          SHA1

                                          2bf065c119aa585229984689ec25e9ff1bbd82df

                                          SHA256

                                          b4b295e9ae67050691f2d0c71fea334b0f4ffb90238aa8cabcb54932b212cea3

                                          SHA512

                                          a8a63e3bc01cce14bdcfb706d38e48fa154bac25acb54fde92a58118171cd534263eeeae7c9c9c232910fcdb95bb3071bd4dea459b0fbbd1a9bccf848e477f14

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                          Filesize

                                          5KB

                                          MD5

                                          ede628e4272995192bf2408c4dfa6b2a

                                          SHA1

                                          a31716033c4b130331e7bda82f02f7fca00cfb3a

                                          SHA256

                                          f7b5084f7afd7e2ae24370d3d8d8c90730233321d875de56c1b68dafc6f862dc

                                          SHA512

                                          04f4b5618b2b79b703a79961ea396e0e1f8c093390938fd1bc3324e7d7b6bf8ef637800613cf916a841c6348e7e17d9424238316cace25cb47ce7432de402e68

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                          Filesize

                                          16B

                                          MD5

                                          46295cac801e5d4857d09837238a6394

                                          SHA1

                                          44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                          SHA256

                                          0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                          SHA512

                                          8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                          Filesize

                                          16B

                                          MD5

                                          206702161f94c5cd39fadd03f4014d98

                                          SHA1

                                          bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                          SHA256

                                          1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                          SHA512

                                          0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                          Filesize

                                          11KB

                                          MD5

                                          79f2ea21e9b6d1465eb0ddc2d4c6e5b0

                                          SHA1

                                          ec5541d2575333b327d18db3fc0cc09c43386a96

                                          SHA256

                                          900ae74f5ccb180a95fcb761dc510ce7952d767b9ab0d53ae6cbf4bba6981fa2

                                          SHA512

                                          737bc0414af81a1748fbff3bad099629bb77fd5c4b2ba3daeb9594f9044b1cea0d6660ec82303985fc418abd4cb535a121115ececc81a29e4e3e3221b22e5ce9

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                          Filesize

                                          11KB

                                          MD5

                                          2c29ea9bfe62bf60ebedfea0d111ec76

                                          SHA1

                                          aa97e6453bd6f5933b3857359e7c4219866c9469

                                          SHA256

                                          5ba188e6c67dc692657a5b5b166a1e745f69313fda96fbe0b8131be8c64a0803

                                          SHA512

                                          6f985165f082c7af58ea7792867a7965fe046fefa47958d953fc7d4330bb1e344c6799e97aab9f52c7720bdb58ffdc3aadb7d300f715c545027b4b10d5f1f335

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                          Filesize

                                          11KB

                                          MD5

                                          a9fe6384ee38d6baf0c382f9dd912fc2

                                          SHA1

                                          cdf9b122faec3f1014e03cad31bbc33bd74648e2

                                          SHA256

                                          567a296301b445a95b323288424f4692d96cd89250ed2b4c5e6460551efeb847

                                          SHA512

                                          d3fe154b7528601284b9c3279ae5f90a898a3619dbf23ea0f9ef8bc1bd9d3cb1671b4ce69b6fa8f71cd3591b60d3ddc100f91eb53613574e0e3ed74938feb24d

                                          Download Submit

                                        • C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
                                          Filesize

                                          331B

                                          MD5

                                          269d813cc03c63fe0d1132af5fdf411a

                                          SHA1

                                          16b99b3051d3d90bea397c5aa1e1384e6a65fd26

                                          SHA256

                                          f674e8573fd1ff36f020357d68c69b4cc3dab2e9bfd37185ef26b680c8960468

                                          SHA512

                                          ca21ac967a212e75843a56e9337d06cf9b8ca014e0bbf0a2c025160be931017ff6ca915f13e87cfbc01b5e0c719aa3c0e9cf22d8590f83e20c568c7a796456a0

                                          Download Submit

                                        • C:\Users\Admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex
                                          Filesize

                                          2B

                                          MD5

                                          f3b25701fe362ec84616a93a45ce9998

                                          SHA1

                                          d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                          SHA256

                                          b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                          SHA512

                                          98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

                                          Download Submit

                                        • C:\Users\Admin\Downloads\Unconfirmed 112432.crdownload
                                          Filesize

                                          45KB

                                          MD5

                                          8c516d55a8cbe8bfc8304835b01a4c8e

                                          SHA1

                                          d3560c00f9536885edebf2322fe198074110cdc3

                                          SHA256

                                          864c2fef6299628900235abdf8b315a6635a8aaca1ad541b3014e35ede1b6f6c

                                          SHA512

                                          bf72bf6cce5791dec43d5818ac77fa5a0654dab9997a8e95a3d189f0643884f9e1cb34ac402ee2303f3aafa384b409905e9d57bca37c97a66dd6cf21144df291

                                          Download Submit

                                        • C:\Users\Admin\Downloads\sperma.exe:Zone.Identifier
                                          Filesize

                                          76B

                                          MD5

                                          975e2bb535922be97bf8862d14eed685

                                          SHA1

                                          7d31a4ab32e7c41382ffe70e1d0dc47e435f9433

                                          SHA256

                                          d34a6f16b2ba71d6698d5a3ec541f48a9a7199bf3a11d1d0fcd8b3cdfc38acc7

                                          SHA512

                                          42cc36d58ac45d86acc5928674aa8c9517db2138f22d36c0503dd144f9108b2f93387dd9795bd24ed9446b4e084d023fe6e03ed0899ea7886469c627c17c8ed0

                                          Download Submit

                                        • memory/1544-210-0x00007FFA10870000-0x00007FFA10880000-memory.dmp

                                          Filesize

                                          64KB

                                          Download

                                        • memory/1544-212-0x00007FFA10870000-0x00007FFA10880000-memory.dmp

                                          Filesize

                                          64KB

                                          Download

                                        • memory/1544-252-0x00007FFA10870000-0x00007FFA10880000-memory.dmp

                                          Filesize

                                          64KB

                                          Download

                                        • memory/1544-209-0x00007FFA10870000-0x00007FFA10880000-memory.dmp

                                          Filesize

                                          64KB

                                          Download

                                        • memory/1544-211-0x00007FFA10870000-0x00007FFA10880000-memory.dmp

                                          Filesize

                                          64KB

                                          Download

                                        • memory/1544-253-0x00007FFA10870000-0x00007FFA10880000-memory.dmp

                                          Filesize

                                          64KB

                                          Download

                                        • memory/1544-213-0x00007FFA10870000-0x00007FFA10880000-memory.dmp

                                          Filesize

                                          64KB

                                          Download

                                        • memory/1544-254-0x00007FFA10870000-0x00007FFA10880000-memory.dmp

                                          Filesize

                                          64KB

                                          Download

                                        • memory/1544-214-0x00007FFA0E2D0000-0x00007FFA0E2E0000-memory.dmp

                                          Filesize

                                          64KB

                                          Download

                                        • memory/1544-215-0x00007FFA0E2D0000-0x00007FFA0E2E0000-memory.dmp

                                          Filesize

                                          64KB

                                          Download

                                        • memory/1544-251-0x00007FFA10870000-0x00007FFA10880000-memory.dmp

                                          Filesize

                                          64KB

                                          Download

                                        • memory/2380-72-0x0000000074E50000-0x0000000075601000-memory.dmp

                                          Filesize

                                          7.7MB

                                          Download

                                        • memory/2380-0-0x0000000074E5E000-0x0000000074E5F000-memory.dmp

                                          Filesize

                                          4KB

                                          Download

                                        • memory/2380-2-0x0000000074E50000-0x0000000075601000-memory.dmp

                                          Filesize

                                          7.7MB

                                          Download

                                        • memory/2380-71-0x0000000074E5E000-0x0000000074E5F000-memory.dmp

                                          Filesize

                                          4KB

                                          Download

                                        • memory/2380-1-0x0000000000510000-0x0000000000522000-memory.dmp

                                          Filesize

                                          72KB

                                          Download