Overview

overview

10

Static

static

3

852d4f447f...18.exe

windows7-x64

10

852d4f447f...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-11-2024 11:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    852d4f447f4aac4f61063ef5849e68b8_JaffaCakes118.exe

  • Size

    6.3MB

  • MD5

    852d4f447f4aac4f61063ef5849e68b8

  • SHA1

    8529bba312dd85254ac2240e1f57d98c0fed1766

  • SHA256

    9ef8406742a277c694c6e454c16c95528377f0ba8cb56f37a7dfdd53d803c6ec

  • SHA512

    19586186fa50405d2b972bd25344833db52076451e68dac985156e8bc96beea6469e9f1fae1cc7afd3f8eeef3b4d24d2b844af93888df56b927b7a266e794c59

  • SSDEEP

    98304:qOKFSYln3X0qnvbXEsBc4i3dxgkVRdgjh5Fn4zj0IBTGFJZkdk3AgWcxHE9hDgPf:ynBDEsBqtxgkVRdETnooFOk3bW2k9E

Score
10/10
ardamaxdefense_evasiondiscoverykeyloggerpersistencestealer

Malware Config

Signatures

  • Ardamax

    A keylogger first seen in 2013.

    keyloggerstealerardamax
  • Ardamax family
    ardamax
  • Ardamax main executable 1 IoCs
  • Drops file in Drivers directory 5 IoCs
  • Checks computer location settings 2 TTPs 4 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 6 IoCs
  • Loads dropped DLL 27 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Blocklisted process makes network request 5 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Indicator Removal: File Deletion 1 TTPs

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion
  • Drops file in System32 directory 39 IoCs
  • Drops file in Program Files directory 30 IoCs
  • Drops file in Windows directory 24 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 11 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 33 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 38 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\852d4f447f4aac4f61063ef5849e68b8_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\852d4f447f4aac4f61063ef5849e68b8_JaffaCakes118.exe"
    1⤵
    • Checks computer location settings
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2876
    • C:\Windows\SysWOW64\VBCQJU\FNO.exe
      "C:\Windows\system32\VBCQJU\FNO.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Loads dropped DLL
      • Adds Run key to start application
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2356
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\VBCQJU\FNO.exe > nul
        3⤵
        • System Location Discovery: System Language Discovery
        PID:864
    • C:\Users\Admin\AppData\Local\Temp\MorphVOXPro4_Install-1.exe
      "C:\Users\Admin\AppData\Local\Temp\MorphVOXPro4_Install-1.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2040
      • C:\Users\Admin\AppData\Local\Temp\lui804C.tmp\setup.exe
        "C:\Users\Admin\AppData\Local\Temp\lui804C.tmp\setup.exe"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:4580
        • C:\Users\Admin\AppData\Local\Temp\VSD8359.tmp\DotNetFX\dotnetchk.exe
          "C:\Users\Admin\AppData\Local\Temp\VSD8359.tmp\DotNetFX\dotnetchk.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:700
        • C:\Windows\SysWOW64\msiexec.exe
          "C:\Windows\SysWOW64\msiexec.exe" -I "C:\Users\Admin\AppData\Local\Temp\lui804C.tmp\MorphVOXPro.msi"
          4⤵
          • Loads dropped DLL
          • Blocklisted process makes network request
          • Enumerates connected drives
          • System Location Discovery: System Language Discovery
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          PID:3104
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3356
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 614C00FCCB76C53C74C373CE482CF2CF C
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:1392
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      2⤵
        PID:4596
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding 5A40B9A65073928609156C4A25E3A2CF
        2⤵
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:1604
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding 56547624B2BD80D4F2FE33C6C00704E0 E Global\MSI0000
        2⤵
        • Loads dropped DLL
        • Blocklisted process makes network request
        • Drops file in System32 directory
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Modifies data under HKEY_USERS
        • Suspicious use of WriteProcessMemory
        PID:244
        • C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\SBAudioInstallx64.exe
          "C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\SBAudioInstallx64.exe" i "C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\SBAudio-x64.inf" "*ScreamingBAudio"
          3⤵
          • Executes dropped EXE
          • Drops file in System32 directory
          • Drops file in Windows directory
          • Checks SCSI registry key(s)
          • Modifies data under HKEY_USERS
          PID:3160
        • C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\MorphVOXPro.exe
          "C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\MorphVOXPro.exe"
          3⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Drops file in System32 directory
          • System Location Discovery: System Language Discovery
          • Modifies data under HKEY_USERS
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of SetWindowsHookEx
          PID:4320
    • C:\Windows\system32\vssvc.exe
      C:\Windows\system32\vssvc.exe
      1⤵
      • Checks SCSI registry key(s)
      PID:5012
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
      1⤵
      • Drops file in Windows directory
      • Checks SCSI registry key(s)
      • Suspicious use of WriteProcessMemory
      PID:2492
      • C:\Windows\system32\DrvInst.exe
        DrvInst.exe "4" "1" "c:\program files (x86)\screaming bee\morphvox pro\sbaudio-x64.inf" "9" "4892a7cef" "0000000000000144" "WinSta0\Default" "0000000000000158" "208" "c:\program files (x86)\screaming bee\morphvox pro"
        2⤵
        • Drops file in System32 directory
        • Drops file in Windows directory
        • Checks SCSI registry key(s)
        • Modifies data under HKEY_USERS
        PID:936
      • C:\Windows\system32\DrvInst.exe
        DrvInst.exe "2" "211" "ROOT\MEDIA\0000" "C:\Windows\INF\oem3.inf" "oem3.inf:ed86ca1187927c7b:SBEE_Audio:2.0.3.0:*screamingbaudio," "4892a7cef" "0000000000000144"
        2⤵
        • Drops file in Drivers directory
        • Drops file in Windows directory
        • Checks SCSI registry key(s)
        PID:2116

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Config.Msi\e582ecc.rbs
      Filesize

      16KB

      MD5

      25c4c9c72abc529346c3012dc9a0e8ad

      SHA1

      fb1200ed0caa1b6d030a28bdc4467abd21a8a184

      SHA256

      8fdcdd042e5f09854362a663ed6679cbee8d602c33b61a04e4c477cbbe0e826f

      SHA512

      2b27ac1e9b59ceff706f37246811cd6485ead904ee13b5df3c215eb19b92b729639176cb7a1cfb6326b0332d98034fd52d58e378289d2aabe52f807cd8aaa9d8

      Download Submit

    • C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\Interop.IWshRuntimeLibrary.dll
      Filesize

      53KB

      MD5

      94890b280164e74bacac5f0cca722957

      SHA1

      6f3821343e06174a5ca1ad1ca87007d04582c0ba

      SHA256

      61bc5b6cb3f3653cf36790cdb1caa6112716ce8062f595cfc4ced655c0ac5e75

      SHA512

      8231e18b065507a330856bc4ee9646bc927803c585ce552f71ef2394131e119062cdbc91427527b5a5e92cd9fd400beb30c5c7cb9e88cdd7b50d2d3664413c8a

      Download Submit

    • C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\MorphDriverInstallClass.dll
      Filesize

      14KB

      MD5

      81e8fc57bda495ce4cbf7347ce8b6431

      SHA1

      83b1b3c86a3064c1c70b39f102231f61398fb784

      SHA256

      e042103c1bce5ce0a1af8308a17ae79ef3c415dffca4980f61b914cda71161bb

      SHA512

      9adc66acc19bf9936c7543d1a0baf7524fcc9d4b65220b848a4a7009bf25aaa1eb62a28f750f6cc3720e7669edafba309415a9e8ab232afb6aacb43f4076df36

      Download Submit

    • C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\MorphDriverInstallHelper.dll
      Filesize

      70KB

      MD5

      f3f8bf4e2ed2b7363dcf9c45d748d328

      SHA1

      2dc013bf257b10eb7bb3538cc2c11b87276ce561

      SHA256

      fb5ea5469d1e61fa199dad6bfa30e17b26f8fc29df6e65c03532017700990bac

      SHA512

      843b09bcebe03b7971fe1f9ec2cfaadc198d7a9996db05ee0b787ea49630d37c9fb57fb335ed3d79cf0950f279aa3a06ff213c9988b39a12722f5929b7305884

      Download Submit

    • C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\MorphVOXPro.exe
      Filesize

      5.4MB

      MD5

      3eddcfa9d7d3496b9bd3cc5876eed4a5

      SHA1

      f6d95a0876293947b86941ebc8ccab5b841b027b

      SHA256

      29e368872a7a6e2235ff97450d3b6231c3c363f8025ff753b570a969791e21ff

      SHA512

      e79fe726fac1593019b7bb49ff2941e461b953274ac5d59a97fa39c0a30a17d328c3948a1848917a99cae8b9d12299e172129d5e9ab90bdc4c9a39493fa18535

      Download Submit

    • C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\SBAudio-x64.inf
      Filesize

      3KB

      MD5

      24b34f2a52988e4e4a60120647353cfa

      SHA1

      3fb81ff5aacaf1fc6ffa970aca5fe26dc4828603

      SHA256

      8fa1f1f58bccbed09bbd41f354bd3981731a8e4a749dd0c9b81537cea87af9a8

      SHA512

      901b9258c1aeb22cf4bba823f47190775cb97cf5a79c47306a364f13de167de606472ce4127a168603f948ab97c51bda014ee1c3acb75d24ac21b4c6329c57dc

      Download Submit

    • C:\Program Files (x86)\Screaming Bee\MorphVOX Pro\SBAudioInstallx64.exe
      Filesize

      55KB

      MD5

      f6fe452fca855571d55c0540c2210cc7

      SHA1

      e9ceef78724e91c764324268e0f41beab18a39d6

      SHA256

      2f02a87aec74ffbe2d77132a2ece3fc6b47c604f694cfc2fd18d127790b6e874

      SHA512

      9b6ffe1ec72c6313ce410bf795b029da408839338d8f5a8d0124f5ed816cd5a36a877bca1eed10a148f3e11813b6eb14448ff815a3a12b9a387e092915dc8ec7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4DD39726D4B55AC3B4119B35A893323C_B3A886FA3C8164A3F02FCB44EE73FFCA
      Filesize

      5B

      MD5

      5bfa51f3a417b98e7443eca90fc94703

      SHA1

      8c015d80b8a23f780bdd215dc842b0f5551f63bd

      SHA256

      bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128

      SHA512

      4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5
      Filesize

      1KB

      MD5

      1ba25895dc793e6826cbe8d61ddd8293

      SHA1

      6387cc55cbe9f71ae41b2425192b900a1eb3a54f

      SHA256

      cc4c5c999ca59e5a62bc3ffe172a61f8cf13cc18c89fe48f628ff2a75bdc508a

      SHA512

      1ff9b34fdbeae98fa8b534ba12501eb6df983cc67ce4f8ffc4c1ff12631aa8ed36ff349c39a2186e0ac8d9809437106578a746eec3854b54fef38a3cc0adb957

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4DD39726D4B55AC3B4119B35A893323C_B3A886FA3C8164A3F02FCB44EE73FFCA
      Filesize

      404B

      MD5

      d54a652624e493fdc05ba3665a2fcfbf

      SHA1

      7ebceb11efa7f25b06e060011aec3b3605b9d9b1

      SHA256

      484663145d12acd19a6118a3a41511a12d651de57e42c5e69fb4cca093271ed0

      SHA512

      81fcc0f57ffcb30fa17ca9def8507815d134b21bfc3f7ddcd5b9b56183e66acf54be7a6cf4218e5aa368046c795e10f2fd1597e31e9f5a52ec680cecf6ea7cc9

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5
      Filesize

      182B

      MD5

      5324bc974eedd5f078ebbabd51d6fa63

      SHA1

      9106d0cc05adbb3ccb72298d118b739d13055815

      SHA256

      6897c064e2957f6b5f749c50fec90114d144c16266334529bd8cfff5f5907355

      SHA512

      fccccf79ed351368ebdadd343da6fce1b5ca3f8cb70e5c55dbfeddf46f4b51cea18c70ef522e3b16fde4a9ddbd3e1657ca2270bc0988db29531f319e08fc5023

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC
      Filesize

      404B

      MD5

      5070c6ff651c0025f2fc543d27184adf

      SHA1

      89af3339c94894c6378c0f14a93ca841916b0ff6

      SHA256

      6ed1afb4c88c8cc0fa4d0c0af8ff2167cad3e632a741b06a022a580514a493b7

      SHA512

      58f2449f93750c5b99b9be64f947efbb48c8afa2219d3823d79bff799dd3ae68792f0dee2e1b9abe8397717d7d921f686c787f2089f8c180155cd2447ced8e52

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CFG3227.tmp
      Filesize

      123B

      MD5

      17af548f88a3199aa8a63a72201f470f

      SHA1

      4e64bb20a2f54d778ed684aa21abebad63a5c2c0

      SHA256

      a558dbe555749cd3bdd62060fdbba72720c4f4a186d5870b977ed2acf9721d9e

      SHA512

      08bdbc75f5fd4d9ec85c53253e4030ce7245b20ecc95e032835609c7c43a07d6c9e7776f48c5494a788a543240c0649a9f1a34a0e514ebc4dda5730953647338

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MSI8CAF.tmp
      Filesize

      222KB

      MD5

      fb4ed24de182178cac3cd3870a4ba5b6

      SHA1

      38b168fbe97b72a5de5eaef16535ea1aed964e1b

      SHA256

      5070b4cdf7e2f95535f3340a3a0d9bce496478d0bd445b470dd67278a910c578

      SHA512

      03ffa685a28333cc7d8eb4a0fdd8c5dce85ca1126bcdefebda83a91586b98ae559d56074b943a6df0ec011eaa58b6841026ffb8b42e08b74351b0118011d3c9a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\MorphVOXPro4_Install-1.exe
      Filesize

      5.0MB

      MD5

      15b3a804efbf15a9aea2bc0be1de70d6

      SHA1

      b2209f7fa7940df3785701b10fb3a37efe114a3e

      SHA256

      2811da99c134a951686c8420869368b6d2413faebd445e33bb754b2ec3d3e349

      SHA512

      bb74e835ac5ca2933548e648654eb0a88c63eb364e554825715e57450a8b722543084a202a21337d52493ab58717f51c2a70c97e5b303a44e914dc7c5d8d0d80

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\VSD8359.tmp\DotNetFX\dotnetchk.exe
      Filesize

      86KB

      MD5

      289df668f70cd5cdfe36fea4b491fa28

      SHA1

      6d78099c40542b11771389fa38938724905167f2

      SHA256

      2e643745991bac3e5ec460b0bbbe2002f433c77a82514122b31708302ecc9306

      SHA512

      b7d115d34f9e4ad73f89c04221855b3f3c6dac4b009c7d5b268cfcf651ea4cbd9588ab7a690392b1d1a4afae3b47d3d20bf1ff4f98a2bbfefed1c4cef7d04499

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\lui804C.tmp\MorphVOXPro.msi
      Filesize

      5.1MB

      MD5

      b53e5e973c4eafe272f2a4bf53a0343b

      SHA1

      2fc88d6519789af0e7a75ba7b394bc26349cef55

      SHA256

      c0ca185450341bc714859cf24a85a9e6a2d31650427ab8101026a91ff455a6cf

      SHA512

      098044422bfd064ee96761e458e675a2454d41ae07bc55d294ece79e72b64c5199260ec98ff76f8c8827d3ad2a6483ac807267414f1dd52e845a62997a82c010

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\lui804C.tmp\setup.exe
      Filesize

      476KB

      MD5

      3481b4721a4d1a5797685619f3ba2b80

      SHA1

      8aa8e3fb49f7e73012f9e12f80b95f3ac72f3728

      SHA256

      38dbabae225d93cebde5087128a7376be4a0528dc8e60b22081fba71c9f18b92

      SHA512

      a95b4b4e9068f69d489291a302b7ab8fa255de646400a3ca315decbf5f89446bbba1e906b2d8493ebc474e7d06b869af363ba6ffa624218322e9ca30b775f998

      Download Submit

    • C:\Windows\Installer\MSI3556.tmp
      Filesize

      60KB

      MD5

      46b24723e5126a6f7a3a7d6facee18a7

      SHA1

      1cbcaa27406d66115814231977b970a805726a2c

      SHA256

      d14b73d7a21be2a97dcea3e6a997fc846406bf2c699370acd769aa7f097aaec2

      SHA512

      f3ad9a1ae3f55058bfc256441d62b4110b38e1f2b3328e09ad47805f1c312cdf67b313e5f5a67d19fa128e0082d08dd79f1fff6ea3fc49bf544b733a827b626d

      Download Submit

    • C:\Windows\Installer\{588A57A4-4E74-427D-8D0C-AA18EBE439F7}\_782962480EF130D54240D3.exe
      Filesize

      102KB

      MD5

      b011a4a55df9c8d2f8113445c059ee0e

      SHA1

      e6e733724a3c3c45093feaaa9d0578a41b0b0d2b

      SHA256

      b0f73ec2b4eedc632cb1a314edcd855bf0ba50cdedae138746a606934a20eb0f

      SHA512

      df1dfb1edcc0f95ea819cc6dfe0da47e2294f249ad5a1a9cc7fc4520e35a6abf92b3b41681c44267373839fe2e36cbcd98474ec4b6cdaa31040f455ea3d0eadc

      Download Submit

    • C:\Windows\SysWOW64\VBCQJU\AKV.exe
      Filesize

      485KB

      MD5

      b905540561802896d1609a5709c38795

      SHA1

      a265f7c1d428ccece168d36ae1a5f50abfb69e37

      SHA256

      ce666ce776c30251bb1b465d47826c23efaa86ec5ee50b2a4d23a4ceb343ed53

      SHA512

      7663654f134f47a8092bae1f3f9d46732d2541ab955e7604d43a0def1e61e2bc039a6753e94d99f1d04b69f55a86f1fb937513671019f1bdf100edb97b24badc

      Download Submit

    • C:\Windows\SysWOW64\VBCQJU\FNO.001
      Filesize

      61KB

      MD5

      43a9733e89a458d638ffb6a2a475d557

      SHA1

      f19a7513a53208e6b9295acff974181b593675a4

      SHA256

      8d093cbce69e6d77abec376639a2814653873db3d49d270effc5536de51a5930

      SHA512

      5e5fa1e02deba80eb8098e6e2ed89ac29a7c5204a713ed6725a0ca070c5da19670171ba1e1fbe38aab5cc5f15061ca8c1a66060fdd633a3270d1609135d4052e

      Download Submit

    • C:\Windows\SysWOW64\VBCQJU\FNO.002
      Filesize

      43KB

      MD5

      f195701cf2c54d6ceadad943cf5135b8

      SHA1

      9beb03fc097fc58d7375b0511b87ced98a423a08

      SHA256

      177c1dcc7f13158445f0b99713e9cad205da86e764940a48d43dc375565b0dec

      SHA512

      f78def1ab431bb2b7b647ec76c063c30a87cabd22605f94cbe4fbb6f757fd54ddf7861d3842a0e369abfce94b68d41dec0fe2322a74f67d9875f561f92b20025

      Download Submit

    • C:\Windows\SysWOW64\VBCQJU\FNO.004
      Filesize

      1KB

      MD5

      a66cd6f8075ca7e165aa66d6a2cb6dc2

      SHA1

      d20e7735ee697e4c9a6e5babfbb7ea03a2b9c1fc

      SHA256

      b6db1985cfc190a3e8c9dbd67e83174000d396f5617a2204055a9d653b673dd4

      SHA512

      9b992c3cd4cace9cde7c036c040e3e97771cc6deb5a00dc7816e5f76039b257c2225166f5e634556d0d0a7b0749f98e8c0de46f15342aa82b7b3cad91efcc3e4

      Download Submit

    • C:\Windows\SysWOW64\VBCQJU\FNO.exe
      Filesize

      1.7MB

      MD5

      d95623e481661c678a0546e02f10f24c

      SHA1

      b6949e68a19b270873764585eb1e82448d1e0717

      SHA256

      cecfadce6fb09b3977c20d15fb40f8f66a1d7e488a4794451d048a598c3417da

      SHA512

      dee02644d92ed30e88bb10e9dcdba97abd9949b230059ec20cf5d93061f9cdb77b1e793e5f69d0b51595c30077c3ddd093348d22b070ce898ccefe28b8062591

      Download Submit

    • C:\Windows\SysWOW64\VBCQJU\Nov_02_2024__11_20_19.008
      Filesize

      1KB

      MD5

      c4ce423f78d91105f57ecc6649a4f864

      SHA1

      332c823fc7e59089d1bc13c1978837f93f12a057

      SHA256

      5a788d43426a4a420a05dbbda86a5482269255b2f38cfb48baa871f44eb7f6f5

      SHA512

      198e9a83ee3818b99a2cd0c5b178c1e67a1dd9a6768f2505cd172f1def8412c9117b376d20b4f789ef6291a621429335fce4b6e666e02861f8c2211aa795b5d0

      Download Submit

    • C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5
      Filesize

      182B

      MD5

      cb14e516456de1e1c7ac3bd83ea8427e

      SHA1

      39aed6ebd58d7b5bbfa70cd575d5ca06b8f45c14

      SHA256

      634817adec2c7893592721958d80abdf85e510349587766825f0d6687b189e77

      SHA512

      5e6c4642cf6cd7c98028fab67fb848355952bbadc4f4fd5528453d7e5bf89fdd7fe17d27d8962fbad157a0c3c6bc53941a5d66055a3ae3c9b4a7d92361e1be83

      Download Submit

    • C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC
      Filesize

      404B

      MD5

      4217aa0a193f73a082426f85e17d3075

      SHA1

      12fd9a8e83e33ca87dba6c8ffc972a4f8c0e79a6

      SHA256

      2edeb21607058120d52b6fe30b689b9fbc8809085f9f3940c807c254007ddbeb

      SHA512

      941dd6f167842bf1be34a35d77f55a46aacf4cdfc29d651cd2b2f808fde455b084203233357eee0b598e484ccbf905a412b8c1cb8532cdfd426b776870159177

      Download Submit

    • \??\c:\PROGRA~2\SCREAM~1\MORPHV~1\ScreamingBAudio64.sys
      Filesize

      38KB

      MD5

      8b56bdce6a303dde63d63440d1cf9ad1

      SHA1

      c51b124eea04b6388b313bd3494891cff5b394cf

      SHA256

      66a4356c29d00a1b8a95975c073ae4e6d2a90cbf3b143fe9b83b96bec0805d46

      SHA512

      e02d9b221e3d94325b540eea2c0d35d089150f406e0ba35e37234644c1359880572abb7cfce61da64582129e7214a55f48a85bcc1352366b1844e497e22b2108

      Download Submit

    • \??\c:\program files (x86)\screaming bee\morphvox pro\SBAudio-x64.cat
      Filesize

      7KB

      MD5

      54edf263c49e02cd6b6794d7a8d312be

      SHA1

      30ccf63aa2b614263a4c38f9bfdba812d6d85996

      SHA256

      c9c37745986d6e1505ad6647aa4cfd0c2b258d54a6d402f2b9983f228c604c9d

      SHA512

      3eef4442a5b7e037eab909687158b75cee546a901748eede414cf1ea155bce7f3276a744d0d2c085e9d2b28978dab3c427587b80de96185ba0fe9d9696c0e5b9

      Download Submit

    • memory/244-283-0x0000000005B10000-0x0000000005B25000-memory.dmp

      Filesize

      84KB

      Download

    • memory/2356-17-0x0000000000B70000-0x0000000000B71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2356-97-0x0000000000B70000-0x0000000000B71000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4320-324-0x0000000009ED0000-0x000000000A003000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/4320-326-0x000000000A020000-0x000000000A574000-memory.dmp

      Filesize

      5.3MB

      Download