Overview

overview

7

Static

static

3

fe1c426cb9...18.exe

windows7-x64

3

fe1c426cb9...18.exe

windows10-2004-x64

7

$SYSDIR/Em...er.scr

windows7-x64

3

$SYSDIR/Em...er.scr

windows10-2004-x64

3

$TEMP/dospop.exe

windows7-x64

7

$TEMP/dospop.exe

windows10-2004-x64

7

tbu03852/dospop.dll

windows7-x64

6

tbu03852/dospop.dll

windows10-2004-x64

6

tbu03852/options.html

windows7-x64

3

tbu03852/options.html

windows10-2004-x64

3

tbu03852/s...g.html

windows7-x64

3

tbu03852/s...g.html

windows10-2004-x64

3

tbu03852/s...b.html

windows7-x64

3

tbu03852/s...b.html

windows10-2004-x64

3

tbu03852/tbhelper.dll

windows7-x64

3

tbu03852/tbhelper.dll

windows10-2004-x64

3

tbu03852/t...091.js

windows7-x64

3

tbu03852/t...091.js

windows10-2004-x64

3

tbu03852/u...ll.exe

windows7-x64

3

tbu03852/u...ll.exe

windows10-2004-x64

3

tbu03852/update.exe

windows7-x64

3

tbu03852/update.exe

windows10-2004-x64

3

Uninstall.exe

windows7-x64

7

Uninstall.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/09/2024, 08:09

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    fe1c426cb92802fc1e6cd9dfd5ae182d_JaffaCakes118.exe

  • Size

    2.9MB

  • MD5

    fe1c426cb92802fc1e6cd9dfd5ae182d

  • SHA1

    25b0fbb76cb28a9645bd5b370d7d91bf367313b1

  • SHA256

    7fc6667437072cad620b7a531ff8cc39ff8c231832f075a4b8db3137dc629cba

  • SHA512

    2f4aef9b7e12a5fb4aba1fdcec44074cbc08b2a3e2c736fcdd4b77e32ea0096de3bab139306a55510e4d90ab6013589b1dd2ad56fd2b2ce18c0241ad6d02dcd2

  • SSDEEP

    49152:ZYRGywzExp6f6H2BfdyX9iEkT4kxJn/TWZV1U6rz6rGPmB4hGrwdzfF8pPKRW/Bm:q+zSp6f6HAfdC8Ek8kxJ/aZrUyzW4maH

Score
7/10
adwarediscoverystealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 5 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 3 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 15 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • NSIS installer 1 IoCs
    installer
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Control Panel 4 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 25 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fe1c426cb92802fc1e6cd9dfd5ae182d_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\fe1c426cb92802fc1e6cd9dfd5ae182d_JaffaCakes118.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Modifies Internet Explorer start page
    • Suspicious use of WriteProcessMemory
    PID:2908
    • C:\Windows\SysWOW64\explorer.exe
      explorer "http://www.bandsscreensavers.com/info.php?title=Eminem scr"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:3228
    • C:\Users\Admin\AppData\Local\Temp\dospop.exe
      dospop.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      PID:2956
      • C:\Windows\SysWOW64\regsvr32.exe
        C:\Windows\system32\regsvr32 /s "C:\Program Files (x86)\DosPop\DospopToolbar\dospop.dll"
        3⤵
        • Loads dropped DLL
        • Installs/modifies Browser Helper Object
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Modifies registry class
        PID:5616
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe desk.cpl,InstallScreenSaver "C:\Windows\system32\C:\Windows\system32\EMINEM~1.SCR"
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Control Panel
      PID:4244
  • C:\Windows\explorer.exe
    C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2348
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.bandsscreensavers.com/info.php?title=Eminem scr
      2⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:5892
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff813bb46f8,0x7ff813bb4708,0x7ff813bb4718
        3⤵
          PID:5964
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,11897553752196545429,5228879893494810059,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
          3⤵
            PID:4756
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,11897553752196545429,5228879893494810059,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
            3⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:3040
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,11897553752196545429,5228879893494810059,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2608 /prefetch:8
            3⤵
              PID:2200
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11897553752196545429,5228879893494810059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
              3⤵
                PID:1676
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11897553752196545429,5228879893494810059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
                3⤵
                  PID:4448
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11897553752196545429,5228879893494810059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1
                  3⤵
                    PID:4300
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11897553752196545429,5228879893494810059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
                    3⤵
                      PID:2084
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,11897553752196545429,5228879893494810059,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4072 /prefetch:8
                      3⤵
                        PID:4476
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,11897553752196545429,5228879893494810059,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4072 /prefetch:8
                        3⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:4568
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11897553752196545429,5228879893494810059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
                        3⤵
                          PID:2280
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11897553752196545429,5228879893494810059,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
                          3⤵
                            PID:1420
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11897553752196545429,5228879893494810059,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
                            3⤵
                              PID:5272
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11897553752196545429,5228879893494810059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
                              3⤵
                                PID:5380
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11897553752196545429,5228879893494810059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1944 /prefetch:1
                                3⤵
                                  PID:4960
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11897553752196545429,5228879893494810059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
                                  3⤵
                                    PID:5128
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,11897553752196545429,5228879893494810059,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3196 /prefetch:2
                                    3⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:5188
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:4528
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:4516

                                  Network

                                        MITRE ATT&CK Enterprise v15

                                        Replay Monitor

                                        Loading Replay Monitor...

                                        Downloads

                                        • C:\Program Files (x86)\DosPop\DospopToolbar\basis.xml
                                          Filesize

                                          7KB

                                          MD5

                                          ddd7fcc20dd29eed331b186b5ca2889d

                                          SHA1

                                          f7890c5e84f74890bd36dfac8d6f6912e68bf60e

                                          SHA256

                                          c0d0a01a21c19475a5be0b5552e992520da735d86e6a40688b26735d4a7490b5

                                          SHA512

                                          b3b8ead777be600f59218d988c80b752a30587f1d298900f97beb32966fde18f72158eae3a0da6be6aaf4b5fb3ba4603cf36a99fe79fbd3bab38e8110c8061b2

                                          Download Submit

                                        • C:\Program Files (x86)\DosPop\DospopToolbar\dospop.crc
                                          Filesize

                                          223B

                                          MD5

                                          ec3733d5ea6c6404204c5bbaae9210e1

                                          SHA1

                                          6b70c10e79e29904fee05a76b3852ed4e437fb25

                                          SHA256

                                          194c4acf404911afcd0f563659ffcc45f33f249e0e41e8681cc15308d0132903

                                          SHA512

                                          3d419529e187c6c93d46e7216cdfe6710f77ba575a0fb42b57efedcc6a41261056bfda1ce17bbb85e9619931d420fb1e111748e6d8359d5b9776f1adaea0cb54

                                          Download Submit

                                        • C:\Program Files (x86)\DosPop\DospopToolbar\dospop.dll
                                          Filesize

                                          2.1MB

                                          MD5

                                          0f1846b9162b08ba83b187f8b812882a

                                          SHA1

                                          3bb577471354017b5c8f6ff1f5159801000110e8

                                          SHA256

                                          0c647f88a0f7f7d6ea9796bd7b0401b6359edeb21060c26b911dcfdfc874b37f

                                          SHA512

                                          ebacf6356894c8159d6ce0a3a4aac973b09ad6e80751f0edfda004e1df5cc2221f9967d1eff0cb59a3acfbede05e92ddd20b1dc095b2db65ca5c3eb278b9e5c0

                                          Download Submit

                                        • C:\Program Files (x86)\DosPop\DospopToolbar\icons.bmp
                                          Filesize

                                          60KB

                                          MD5

                                          0540c76a162cf8aea5b333a6e183bdbc

                                          SHA1

                                          10650aed77cafd0e0e10a98a67343157abe93652

                                          SHA256

                                          6f00271baba262330950c748e67f41f0d2c98d5e0a5ef7cf099d864d7d9891c0

                                          SHA512

                                          7acbe3537f07ef6dc4a2dff809b8cc74edbf7d02ee4a75d0f399725d2dda28c5fa1f407495a23301f322e1655cfef83271be05e8062aab022538fddd6b001ee4

                                          Download Submit

                                        • C:\Program Files (x86)\DosPop\DospopToolbar\logo16.bmp
                                          Filesize

                                          6KB

                                          MD5

                                          ecf6053084c253b4ecb999b77fd5e7fb

                                          SHA1

                                          fe7359187bd92e1e9312789a7c9ca1df08947c26

                                          SHA256

                                          4d502980795f580774e0904c22cef73aaf81eef9858e67e05d0ef10b74c62105

                                          SHA512

                                          7a86d529bf6eca3daaa428fbc7d0dbac20cf30261f2ab1495532cf52087209eb712734fa90d23e063bb3a8e833d90c827fc920cc6785fc19951b5c883fa93f3f

                                          Download Submit

                                        • C:\Program Files (x86)\DosPop\DospopToolbar\options.html
                                          Filesize

                                          6KB

                                          MD5

                                          adc6e16ce6e97bd1eb19d3a8dad7274f

                                          SHA1

                                          12b55eab3225b2250ba051803f7d791db59a46a1

                                          SHA256

                                          29e525a91d8ac4ec6bb2fa299a404d9f151b45400c7cab09675a23469373435b

                                          SHA512

                                          2c4bc233ae8741fe0a6995845aa88d707b347cfc78745fefac346ce27ddd5b799dd374bbba15516f6e61348f52720be3639cf0cd925a599250a9947a33ab7103

                                          Download Submit

                                        • C:\Program Files (x86)\DosPop\DospopToolbar\static_img.html
                                          Filesize

                                          503B

                                          MD5

                                          2caff3519f5be538757c467d4fec4756

                                          SHA1

                                          7e77344f049d9ee4d216b6f412c01ba28596773c

                                          SHA256

                                          e94503ad0ea2a4f7002ba70f57e12da9daabb5037b6bedc7725d1fc43a487415

                                          SHA512

                                          029814dd117053d03acc6c0cb1af2802256149c6a3588cd41334deeffad6095dc16386887e2053f288b13a5ebd3599cbf9c55c194fde81f3df77045d2609a467

                                          Download Submit

                                        • C:\Program Files (x86)\DosPop\DospopToolbar\static_pub.html
                                          Filesize

                                          599B

                                          MD5

                                          0bf3de7de6f6a9ece7674fb245c7e428

                                          SHA1

                                          a71d601820676d5741734e825c7347d59570bc98

                                          SHA256

                                          29101ddb9fc880b921c78a8aa0952310ccf0fe4eb03479425500fc2e779d4b2b

                                          SHA512

                                          30dc0cf67d772a79dec244882f24c4a6ad71a3139b1b92d6e059f1e677ef138596e71c7bf12c2283b591ad64744b9abd15895fa29c4a600f64c784423bc270b2

                                          Download Submit

                                        • C:\Program Files (x86)\DosPop\DospopToolbar\tbhelper.dll
                                          Filesize

                                          316KB

                                          MD5

                                          8285d06c80bb289d22d7c67c4df2d51c

                                          SHA1

                                          0aa83342fd5d23de18fb5da4c4405ddc5b13d75f

                                          SHA256

                                          d5df73f377bb5113a5e1c4f7872db6ec4753568a1dadf8d5d09798ac9038ad29

                                          SHA512

                                          8de26c47bbcf0ea1dcab869ac21eb6d13751a913903a179fbd3ad8f30f0429b15c60af53c68b2661a7adb34a310ba7d91281da34f0ddfe595c409e11c0f34775

                                          Download Submit

                                        • C:\Program Files (x86)\DosPop\DospopToolbar\tbs_include_script_008091.js
                                          Filesize

                                          2KB

                                          MD5

                                          b734be75b8963660abfa7412095c7a82

                                          SHA1

                                          6091ffb358b2596d53f4e74e09da01326258dce8

                                          SHA256

                                          078d1eadf0733de055e1ca4ff03bdab7203a66823e9cb4d5a8539d84276759a5

                                          SHA512

                                          1bd848ab95724bf8b7c6dc2e91a066a85c0d6239c16c3e548cfaa7a6e57c62e432b820b7503e998bc205d9153ec28c7e590610b8f4481e28b2ef6df35f14cf68

                                          Download Submit

                                        • C:\Program Files (x86)\DosPop\DospopToolbar\toolbar-logo-dospop.bmp
                                          Filesize

                                          2KB

                                          MD5

                                          de7f84d3713c0e55ee2f584345647504

                                          SHA1

                                          8903bf45c1993fc2df3313e89971b4cba2ba9239

                                          SHA256

                                          759282b69a5a1c30a01e0ef7c19a2eb59955e33f0caa0b066e418ef54f5c5884

                                          SHA512

                                          96c820d6caf2385faf18aaeaffe743846e158b1e2eabdeb53ec9dafda3fa86ee30f070f7c8e65bd1a0325e6d6fffcfafec175dad07f0dee0f6fcb2660133a193

                                          Download Submit

                                        • C:\Program Files (x86)\DosPop\DospopToolbar\uninstall.exe
                                          Filesize

                                          48KB

                                          MD5

                                          652d9d1fc071f90c3e0adb8d79d7ade2

                                          SHA1

                                          b63b34d5b3f2d5b75b0b5ff3290752ae1cf3a68a

                                          SHA256

                                          7c30673fde7090d6f74623d9bf99e1b2f9661ec94d21d3c2ffb80e1c56d60891

                                          SHA512

                                          410d3c2ce92e5db4c12c46d399e88dac97be784f2b50946e40ba1689a524542e6220864d35d625c3cbb104e20ee351362dbb100423224d319fa62add5c3fa1ae

                                          Download Submit

                                        • C:\Program Files (x86)\DosPop\DospopToolbar\update.exe
                                          Filesize

                                          76KB

                                          MD5

                                          c050609bcf90684099902c043661e739

                                          SHA1

                                          e471468f128e3f8899d53f54f0fd64561a297210

                                          SHA256

                                          3751b8982c25d16aee9bc7dd5e22c83f323c8c68780012773612778f20279af8

                                          SHA512

                                          2e199a074fbef486518949bd57da18b7b221eb1d9d391c30d7ee73817e2d514438d25ed46f2ab68f79f0645013df5fd35100eebc805bea3830aa7b1cfb8d9846

                                          Download Submit

                                        • C:\Program Files (x86)\DosPop\DospopToolbar\version.txt
                                          Filesize

                                          49B

                                          MD5

                                          f1610ba6a619c1703c4dd4ea1c8d71e5

                                          SHA1

                                          539d1b8b903d98bd9abaf232b4c2f370ac1e9e81

                                          SHA256

                                          0f85f776d85b5ee164a43c166dab525625655bd42b6c0503fa8d36fb702df666

                                          SHA512

                                          de5058badc73c1e267e24d7cd18e2c1207337d78185bcd17c4e1ab1131e30f4df5c051cceb748966fd4a8a6b8b2f1d11e2ced29bf5c5ca8404e3f5da5d2d438e

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                          Filesize

                                          152B

                                          MD5

                                          15e9c4b4eefb3e1c08a010e748e10f58

                                          SHA1

                                          3172378f2c7a00553ce086dbf53fcf3126c5a724

                                          SHA256

                                          07b56a769467e8b57f9b7acd9d32da266ca5000803758c18bb6818ac236c7000

                                          SHA512

                                          811058b539e914a812c88543bb6657de736f691d18d6dadb5e1f6ced286780fb334dc5f575babbcf4fd2dceda30d1bf4004b374c5775e7f278346b100b29eb7e

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\81cdba3a-4cdc-4b39-8cdc-1c1cf72ab308.tmp
                                          Filesize

                                          5KB

                                          MD5

                                          5564134a08dbdee5da35ba096bc240e3

                                          SHA1

                                          7b7b01f341f30e5cdf3cb02d7d4bf35b10674609

                                          SHA256

                                          b8d9b15d73d013d9ff8d8163318b0ced95cef1cc9e088f840b306c81d3bdb85a

                                          SHA512

                                          85db0711dac80459556013aeb124a18c802352bdcda53c7c050687ba858ed88e6248819e1d3611f1f7dc3f7fcc24b1f8ebfd8e9c9c64e6108ff8bbb4e1658268

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                          Filesize

                                          5KB

                                          MD5

                                          eaaa7fd250e564d3a438464ac4585757

                                          SHA1

                                          30f81e8a2c905a6482005651cfb5509df23c3069

                                          SHA256

                                          06e49d25fd43615f46b9c39bb10ca15c765227dddc9b0c55839a93c604d58e73

                                          SHA512

                                          0e7fddb3a073caa4c66907534412420f7a777262f8ec2942ff2a4e9bf9964c26001990b9c221a8fb7d8c54aec6ddd9c7c62f8c1f4b51d5c84db7c5f06496241d

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                          Filesize

                                          24KB

                                          MD5

                                          7915ba0545666aa5833cf9f9f86d45d6

                                          SHA1

                                          743ecc319bc2a54973582d4a5198042a48fbe8db

                                          SHA256

                                          f8fcc045da13bde0f5dec3ada86342105cbff34ebc2442bcf51e8ed509a95b20

                                          SHA512

                                          a53036251a22cdc95579ea8641c5574f1dc1f7dfd0390f00ebeafbbea0c1a2c0c3e6dba23bbbb8d8e2c77a3e1e816ccfaf84a97da1c334019c8df1414999d1f9

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                          Filesize

                                          16B

                                          MD5

                                          6752a1d65b201c13b62ea44016eb221f

                                          SHA1

                                          58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                          SHA256

                                          0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                          SHA512

                                          9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                          Filesize

                                          10KB

                                          MD5

                                          967fc884c7f723150924275a333acf40

                                          SHA1

                                          f9570254e4564ec395cbdfdf058d080436d8202d

                                          SHA256

                                          88ce172ed9ee385bc58c0ec4fd1b707e8289d527e73112f7fbac06fea857efba

                                          SHA512

                                          84a6d025429f861a4a8abf49e925e6e096bd42dfe5c12ba905aa530c667df517fe95bf072d39bac1aac129815f6a26180fb8d429afe7f525b7121c901ac357f6

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Themes\Custom.theme
                                          Filesize

                                          1KB

                                          MD5

                                          3c830dd3ba3eddf37b4194e676e56c14

                                          SHA1

                                          35d978a9b55563d4e5be6b94d8e79f9e31331fb9

                                          SHA256

                                          529a7fc41ffc04946cdde745b882f08e2b87a5fa32b13d80fca509bb64d4845b

                                          SHA512

                                          0444acc827fe761cd94244c7092c9cebfa29a34e9f763394ec0bfd567c89350c3b4be1bd4d9e91ae052ec928b8f7fc9e1985dcc264836c207c829daa4e6e14a7

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Themes\Custom.theme
                                          Filesize

                                          1KB

                                          MD5

                                          78bbbb18754cfc2943006d7d33058553

                                          SHA1

                                          74131b1cbc94a3fad68b89c13807f965942ebe45

                                          SHA256

                                          7eda5815d7cfa22d29b9fda71b8a6fc4b05a98eab5023c00edba2ac512b5d603

                                          SHA512

                                          5667a8dbe29537c695d76b1e5ae3a853f350df4480d33a55f1e526478c8b729b49fad24e25a56b22c73f390b7f0807cc57b2e837a725678c21c6089885f3e2ce

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Themes\Custom.theme
                                          Filesize

                                          1KB

                                          MD5

                                          52278647ef8b430bb2b605de37bd7d55

                                          SHA1

                                          8fb33bfad47ac5c85e7ec4bf5e498d3b53c8ad28

                                          SHA256

                                          4e7abf840a85368f35de29909d571df612ed152fde7e0c00d5d3f4d61aebd909

                                          SHA512

                                          a3a2cec415fdb2f517cc8d85d0710b926bb956a22fc178743b6fb87a42de0e79c5e22dd8a3f9cc1cfeaf3e3a1488e0d3e5b04994346ab71d28dc2036c139acf0

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Temp\dospop.exe
                                          Filesize

                                          806KB

                                          MD5

                                          067a003a0740da60aaa074f45d5266c5

                                          SHA1

                                          a5016ff1703d63c215da0f331003759f70f33659

                                          SHA256

                                          edb695897f58c9e5533136fa7836216e2463fcaafd1d82dd5e50fa0fd4be471e

                                          SHA512

                                          ae692fc8f5a71d4c189e91bf2d0dc0eea7e7636ebfa911dc76f6cbe69f6f7fb5ed2a497e92de39ad77aab166155a01a4b7ff6f493a63f1639b952431a16d007d

                                          Download Submit

                                        • C:\Windows\SysWOW64\Eminem_Screensaver.scr
                                          Filesize

                                          2.2MB

                                          MD5

                                          ea6e41e5ffef5e569461419b75c3010b

                                          SHA1

                                          1a3035985c6be3e9927f8c696554d60ccec748aa

                                          SHA256

                                          98b3af807800861fa54157e5d22fc01e6df9e7c50f925da9facf0df2807c7938

                                          SHA512

                                          fbfc95da35dea3fdaefeaa6de70afa02cb744760591dee86555960c56ec4af986de3a59e6caf1e1634d64d5146347ccac3f16c28bdf86d79471068d41b501138

                                          Download Submit

                                        • memory/5616-810-0x0000000002440000-0x0000000002493000-memory.dmp

                                          Filesize

                                          332KB

                                          Download