2baebeb6802f17e4516ac852fa61541166f4f298ef00a4c5de918ae1906c1578

Analysis

max time kernel
149s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21/11/2024, 01:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

malwaredestroyersetup.exe
Size

13.5MB
MD5

3cb29faef815a9f68dd3b4ffc1805e17
SHA1

a0e5123678403306f761bf18ae15990213526d69
SHA256

2baebeb6802f17e4516ac852fa61541166f4f298ef00a4c5de918ae1906c1578
SHA512

881bac62c7110c4cddd52443a550bdac5f0bb1ce566376dec6fde90f68a15c0684183d28c015379ff0ee8f2e57a113fd4a6ba8250bfc4b8fe2b7178ef3dc3893
SSDEEP

196608:I2Yo329sx/IjSICyFVL7nmt+F9UxdaKkjoQlOa5mOCAQqPGjHVYPbYHSAvPp:9vislVyFVW8oeKkhU9qujHViYH7

Score

10^/10

discovery

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
emcosoftware.com
Port:
21
Username:
maldupload
Password:
malaccess90

Extracted

Credentials

Protocol: ftp
Host:
emcosoftware.com
Port:
21
Username:
malwaresign
Password:
3549msign

Signatures

Executes dropped EXE 2 IoCs

pid	Process
616	malwaredestroyersetup.tmp
2064	MalwareDestroyer.exe

Loads dropped DLL 4 IoCs

pid	Process
2120	malwaredestroyersetup.exe
616	malwaredestroyersetup.tmp
616	malwaredestroyersetup.tmp
616	malwaredestroyersetup.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 5 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\EMCO\Malware Destroyer 8\is-GO59T.tmp	malwaredestroyersetup.tmp
File created	C:\Program Files (x86)\EMCO\Malware Destroyer 8\is-QAHFO.tmp	malwaredestroyersetup.tmp
File opened for modification	C:\Program Files (x86)\EMCO\Malware Destroyer 8\unins000.dat	malwaredestroyersetup.tmp
File opened for modification	C:\Program Files (x86)\EMCO\Malware Destroyer 8\MalwareDestroyer.exe	malwaredestroyersetup.tmp
File created	C:\Program Files (x86)\EMCO\Malware Destroyer 8\unins000.dat	malwaredestroyersetup.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	malwaredestroyersetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	malwaredestroyersetup.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MalwareDestroyer.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
616	malwaredestroyersetup.tmp
616	malwaredestroyersetup.tmp

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
616	malwaredestroyersetup.tmp

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2064	MalwareDestroyer.exe
2064	MalwareDestroyer.exe
2064	MalwareDestroyer.exe
2064	MalwareDestroyer.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2120 wrote to memory of 616	2120	malwaredestroyersetup.exe	31
PID 2120 wrote to memory of 616	2120	malwaredestroyersetup.exe	31
PID 2120 wrote to memory of 616	2120	malwaredestroyersetup.exe	31
PID 2120 wrote to memory of 616	2120	malwaredestroyersetup.exe	31
PID 2120 wrote to memory of 616	2120	malwaredestroyersetup.exe	31
PID 2120 wrote to memory of 616	2120	malwaredestroyersetup.exe	31
PID 2120 wrote to memory of 616	2120	malwaredestroyersetup.exe	31
PID 616 wrote to memory of 2064	616	malwaredestroyersetup.tmp	32
PID 616 wrote to memory of 2064	616	malwaredestroyersetup.tmp	32
PID 616 wrote to memory of 2064	616	malwaredestroyersetup.tmp	32
PID 616 wrote to memory of 2064	616	malwaredestroyersetup.tmp	32

C:\Users\Admin\AppData\Local\Temp\malwaredestroyersetup.exe
"C:\Users\Admin\AppData\Local\Temp\malwaredestroyersetup.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2120
- C:\Users\Admin\AppData\Local\Temp\is-9VKT5.tmp\malwaredestroyersetup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-9VKT5.tmp\malwaredestroyersetup.tmp" /SL5="$400F8,13878380,56832,C:\Users\Admin\AppData\Local\Temp\malwaredestroyersetup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:616
- - C:\Program Files (x86)\EMCO\Malware Destroyer 8\MalwareDestroyer.exe
    "C:\Program Files (x86)\EMCO\Malware Destroyer 8\MalwareDestroyer.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\EMCO\Malware Destroyer 8\MalwareDestroyer.exe

Filesize
11.6MB

MD5
48118f3df61419348c3bddd43f92d2cd

SHA1
d028a6160e8d86f0ba3b2d63ebf38882df1a994c

SHA256
70d0c131603f4ac87ba5fc5930bfda1c88348eea9fe6088ae9576cdf31f32a27

SHA512
b110d393e34898639c3c8157731050159ecda274c43fea343c3550041dc5659b883cdde03d89e0151b8eb21b2a2608db7947993ac2b4ec035d532c0b2616edf3

Download Submit
C:\ProgramData\EMCO\Malware Destroyer 8\Databases\tbDetectedThreats.txt

Filesize
1KB

MD5
a5bdf88b8db2446d5ae1aa594b16415d

SHA1
6afc7c8195ad54f2757190417ffccb78192e505b

SHA256
30a115a3bc94d4e067e45efd1b6d434cfff821d7ea38ecb1dc24959514ecef2d

SHA512
840032699c9bab73a834d0bb280443caa0d08da9edab907d309919d2e9f5df6e60960b5abaafb94672645786b8cbb0381498dcfa77b9581dfb9b5df19c926682

Download Submit
C:\ProgramData\EMCO\Malware Destroyer 8\Databases\tbKnownObjectsFileSystem.txt

Filesize
481B

MD5
08e2ff11aeec2cf98b30f16f37701c1e

SHA1
a4355af05c3017c06c32d9a6adca28407fbeef8e

SHA256
0e11e9255e2586805e2ad4a1ed8829aa06e6d304446949aa72ab15573628e8fa

SHA512
fff1a5b8039f3525d238eb237b128e5206c0f03bf56f59ee8dc64d2dcf3f2d60916c85e05d0ab932932567fb61f1f9a4d6d6b4840edfd239df0298ec3618c0f8

Download Submit
C:\ProgramData\EMCO\Malware Destroyer 8\Databases\tbMachineQueue.txt

Filesize
1KB

MD5
de07755cb08ec8ea2ae9e95b218471a6

SHA1
c19d19e548ca71508431a1faf750c027911e4d1a

SHA256
9e0ca22d00b73863b249899dd4ec3585cee1872e0bce183619d04d91f0e5a882

SHA512
31343cc7a5011b2579ef142a8e8e86b6e42e7e1c79cf7c9a2db93fea9725aa31656b9318e1d686dcfcfcc95b8ec065a33a572134e26f6964884247d78c62a9dc

Download Submit
C:\ProgramData\EMCO\Malware Destroyer 8\Databases\tbQuarantinedThreats.txt

Filesize
739B

MD5
0cf4360c1b29a14dd40c9b73f4008f5e

SHA1
8f873a8825d973cb8dc33fa310d5a0d91d2beb6b

SHA256
e49289eca5f7f2f6a1c801ce9a0c6ea56d38573481c67b1be19ca1d7aa012b3c

SHA512
608ba2f9496edd6e73fced623d94bb9832e93af68b8c294892a29f9f1a00631803c2a5bd3aaaf2c86022ae509fb95e309702e5c1056d88022ce61b798c4738b8

Download Submit
C:\ProgramData\EMCO\Malware Destroyer 8\Databases\tbScanStatistics.txt

Filesize
817B

MD5
45be46ac02fd3e4ec872befcf40a3c6a

SHA1
02aa5d502e733e6984c6dee5f4273f8cbf0ffc30

SHA256
5d967d4f041234c953af9db65a231c11443229a99e695fa793b53d275b53d6d1

SHA512
a11ff55567bdcf5f15ed7d56f0fddf771ca9302ad3239b30ec642085cffc65d0cac883922c71740bddd921e496da0fffbaba03260e4b2e1dbbe7733df00a0bbc

Download Submit
C:\ProgramData\EMCO\Malware Destroyer 8\Databases\tbShieldProductsSearchCriteria.txt

Filesize
1KB

MD5
6a601abcdde82c88e984b0553f703984

SHA1
ae70a0ef39730c923d349a00794717812baf9161

SHA256
c228f13280a82e05858d0e8ad012fc2bf560433bd81d35b07341d93785401e15

SHA512
7786b7b8ea4676755ddf1919ba0e8b957defbecc606141d6047845b57d93fece263a661488e85cb81ade3fd1060159c27a08a0954d48962999671a31da5001ca

Download Submit
C:\ProgramData\EMCO\Malware Destroyer 8\Databases\tbSuspiciousFilesScannedPaths.txt

Filesize
267B

MD5
aa3556e5ca12285723bf1557670dd9a5

SHA1
db0615d9e8c409b5f6f60e978b8e5d2ae729fb82

SHA256
c09202188fb907456ab5dbc1fa6973173c77d696068f9b805fcb3d03c2a5e247

SHA512
1293a70273961c21b35e5e278ebe13c6a17a75d82d90ebb8b6a864accc8ae86a3f408a185e3002ddeacf1defe17351608ec0f527da8a1b815c9511008678d449

Download Submit
C:\ProgramData\EMCO\Malware Destroyer 8\Databases\tbSuspiciousHash.txt

Filesize
367KB

MD5
010e72f2cdf99ebec5d7539cc2df0cab

SHA1
da7110d13694af26ee8a23a7724db75488ebbe02

SHA256
dcf974717a6a39115854e74689e4abc257e284c3d0216e943e130d16a7570ad3

SHA512
93bf0102092d69a285e31ac2fc4d18c7704ca8d102c9f4c8e877412da17a0a4f39c23d5aa68710b6e873a4afb673503c1ef6a8cd7b218c0ef45ee54702aa3e2d

Download Submit
C:\ProgramData\EMCO\Malware Destroyer 8\Databases\tbSuspiciousServices.txt

Filesize
214KB

MD5
5623dbe24e73763a02016c37e7f83b18

SHA1
dc48f92c32cd2dd8a2850cb6d194b9b7c616e86b

SHA256
e14fba4be7003728b5cccbfe35a984ef25dcc18b81d76d64ecf931909a9aea69

SHA512
d79a7f1d4aa5a0f1167262d6bb0780dc921e18c566fecce0141b8a4811e2bebff8063b0c7b5828f6aaf5e5e1520410ddb9c68c7cd67f35e57c4f37d7773f53b0

Download Submit
C:\ProgramData\EMCO\Malware Destroyer 8\Skins\Aacryl.asz

Filesize
136KB

MD5
000820dfb28bb3c1e2427472033966ee

SHA1
75b55c122e3e6d590a806e60e7f9e4e7c37d9480

SHA256
a4a39417c13978c65d5526c87e2171eede3df87df11515e329ff5a4e62f5c213

SHA512
fe6bd5c3c8fa14220c346153a556342c7530334faab54187057495915f6fe73c6d9c2fc814f77c57c0d579e15a6094f9f42bd7cb7a54e8d3f73716634ef1838d

Download Submit
C:\ProgramData\EMCO\Malware Destroyer 8\Skins\Afterburner.asz

Filesize
380KB

MD5
5662de241763f819cad76c0123e23812

SHA1
a757ff3dd8e61a37900edbef30f384ad76200224

SHA256
f6b90f91d2d2dbc1b54e3a8c47e716d8150c9a868a9f73e07890af876c303ac0

SHA512
60dc793bf8a643a48de8e92f957c0d4b3ffb48a12e68eee7ba194bf4121d70940721bb480d5433729b5a4f52bdcac210500a40a3eb47e4287e1a642d51cb7c78

Download Submit
C:\ProgramData\EMCO\Malware Destroyer 8\Skins\Air.asz

Filesize
142KB

MD5
61a5ab09a2e23b8683e4ea349277c47e

SHA1
d7e156e62976679573bbac7d4b47c3eb1fbfd7a9

SHA256
dab619475a823d175a7adc989db9efe5a19d8babf0dbfb8a2f8ae453a65b23ab

SHA512
bc8e28c3154c1ae7a9fb06012d9b0bcad7f5fb010a92272ff262c803a4faac7ddb8dce8afbc31258a31265a78cd20a9feb563c637422247c7363034030d6f29a

Download Submit
C:\ProgramData\EMCO\Malware Destroyer 8\Skins\Alter Metro 2016.asz

Filesize
99KB

MD5
6f199d319d0230f6ff5b1b68b2cdfcba

SHA1
70b10f10523135de83da7ed604a9342bc3eccace

SHA256
1b1935454d6f438974208a336b337797d5d50a11120acf8ad07527b32034fde6

SHA512
24ad127a7bab55d0d954d9591ee4c0e3a9adffc3b8951bb1be7fc3dcba6e38e96221585b318d9501e1231e1e1a29a1da21ad0b63cb973dea5e692c18f6df8946

Download Submit
C:\ProgramData\EMCO\Malware Destroyer 8\Skins\Altermetro.asz

Filesize
97KB

MD5
049c113a1a6aa4c3590cd354e8ada5c7

SHA1
43913d8db53735b9a624bdd4c2d1c757955320bb

SHA256
77644c571a3e1990053e0f9e1da992fcb295d94c56b6f145c5c3aede9f39dff7

SHA512
89ae2df4edb9a62ed2b3d99d2a77d87e085389a947bd384b98ac85ea1e45778cba5818cd226a0bc18f4f02b5217364343199350829171c951e0cb1fcc7992fc4

Download Submit
C:\ProgramData\EMCO\Malware Destroyer 8\Skins\Aluminium 2.0.asz

Filesize
153KB

MD5
ef1ae7ef75ce9a8fea0a7aa159490d35

SHA1
b3b120ad2ff4443893cec0d6d6bd9a0f75c81ed2

SHA256
3585a27589022cd26783a1babaee9b5561990d05515ae947aa634216999b0255

SHA512
c79fe39dd83880e7493e64324ac2117d5e38e3151c08553f4f1b1510ad7955d63305bb39be60b6bde85aa4b457cda416a80d84df624796796d17b16a8d3e699d

Download Submit
C:\ProgramData\EMCO\Malware Destroyer 8\Skins\Aluminium.asz

Filesize
107KB

MD5
00760ddc6c95169934f23f343f1002b8

SHA1
a342dbbfcc9c519b3d4924aeff1a784d53e24a37

SHA256
bd526072c5ff07df29d5edbac90f5c986edc29aaad2693eb625b5cff492b5392

SHA512
6d3f9139ee77cf884e501636d38a2558572a058c5ff356d14667622556a65062bf77951aaa69e1b4235a023305c8bcffcd6fad7c64452b908a3d2b90e2e34366

Download Submit
C:\ProgramData\EMCO\Malware Destroyer 8\Skins\Android OS.asz

Filesize
65KB

MD5
9aab1cb0a1ee502d0b8d37d006ea5012

SHA1
30d6478e117fce01b22d91ba8ac07dfb4b7c3c62

SHA256
8c9279395d97463b9fb78151d4dee4b6a8d5cfa44c3ee9339698e960f036e3f6

SHA512
14692a00643fb4deaab44dccadb41bfde11df22937d7d4e920e149aa67bcaf9c3127241e67a7a667772da75a96d4c9b28511692e987b42c9e3838b3bc2bcb9e9

Download Submit
C:\ProgramData\EMCO\Malware Destroyer 8\Skins\Autumn Sky.asz

Filesize
112KB

MD5
b4bb850ef696332aba3dfd7706623391

SHA1
5a2b7b98a9e7343e8354ce1be5a247b3fceae7ea

SHA256
670cfb20349ae09f937eeb5045879b1630b0a88449db00a022eaf2ba851a7dac

SHA512
e726139ea2811cf018c2da619c46dc6d2f553b4acef73e95de7b7b6f81f2f8ad469d725f6515b46ea177fe35ea580f27b41d610a831e5fb0f3983e1887a9bbf5

Download Submit
C:\ProgramData\EMCO\Malware Destroyer 8\Skins\Beijing Ext.asz

Filesize
235KB

MD5
c5b8a492851bd94705dc24d264c92290

SHA1
1b5d3a6aef98a766259aa29afb6c9c1287ca9bd7

SHA256
68c5c010dcea11684234e635001cb175844f149b2d86092124ac69a23802f2fb

SHA512
e00687eb5b67df8ba540b7bd3e1c15a66aaf73e681683a7df26087eb34e4d3957df4e27707d7108ac5d49e32efdcb82e5f197f455f6653e865b94eba18f40008

Download Submit
C:\ProgramData\EMCO\Malware Destroyer 8\Skins\Beijing.asz

Filesize
80KB

MD5
3830066f2a4795ca713be07c2e25c0f7

SHA1
bc3d5f259a1e14090a9a99d40663f3d80dd4e547

SHA256
0e75c777753c28284ff2be5e21f2325f8cbcbeea83972a39b627c75833cef8d9

SHA512
f644fb1d261691e90a0245ceb4629e64be593667fe8e2b34a4374ab6c07e997b27d202cf572aec1f416b6b7f37ea3a1d2134e78856e4896cb3902a443b10c423

Download Submit
C:\ProgramData\EMCO\Malware Destroyer 8\Skins\Black Box.asz

Filesize
78KB

MD5
e3212342ffde04f3e0982e7609c36dab

SHA1
245ba7eb2da9ca97d7c88588352c14067078557d

SHA256
b2cca0a9b9be193b06ac1a62337b9950cca90ce7ece750f623dea89a0eb95303

SHA512
d04ab18346a9d3053f78da94d00b59003b9d8788a012ddcc0c28512e25f9a6fb574172233519536f5fd515154eefa9b34cfa62307ec2bf233695975e56029025

Download Submit
C:\ProgramData\EMCO\Malware Destroyer 8\Skins\Blue Gauze.asz

Filesize
25KB

MD5
7d2919f8ac8669abd11aeba374383a3d

SHA1
5f17d4b0ea33e0ecb050ce9b8e4c54737f8f8a2c

SHA256
07ff60088bc074474c969bc4e6d948ab4afb45169410a80e1bcebee408ecf4e8

SHA512
34ad28791c503561ff9c5f47752fecfa95a89a358156c9fc9403ae6c510b4a9b3d8720a241e101e82179e8d3701e6d4279211e909d4a26f444ffb0a643ca9771

Download Submit
C:\ProgramData\EMCO\Malware Destroyer 8\Skins\Blue Glass.asz

Filesize
53KB

MD5
9952b87fad7c3a5e98a092ef673a4b53

SHA1
3a7c19c9a5934d1a1c7b2a9a2acf508c534a3302

SHA256
dbbc25704406ecc8564896e91179802d85c1871bc6430e551f2a7357e4f8c626

SHA512
71e08c9773966d73d8ad7b662d459fef5fd3afc09343e0b74d0d9c75d17ddc5fb69c17bf5e7c507843797704c4d4aafc9e52bb6e580814012fce91959538d1fd

Download Submit
C:\ProgramData\EMCO\Malware Destroyer 8\Skins\Blue Ice.asz

Filesize
39KB

MD5
7da3a50a7d83c481eafde0db3279ad88

SHA1
a685fb47642cf3bc3f9de61dc2931d88cd217b31

SHA256
523564e52317d0745c2bba0022e6cbbbb339af840c28be2950128df369f777a1

SHA512
a06f2e58fc2ce23c43a8deab1c5e3201798621c6017f829665d44338a7fd2bcf17b40da0e613bb512e4cfbb4a180ef96387295fa52a56a759dda470253535853

Download Submit
C:\ProgramData\EMCO\Malware Destroyer 8\Skins\Blue Plastic.asz

Filesize
85KB

MD5
8425341b8ff0821b815050be8864977c

SHA1
4c8121a58eefd4fa874c881d614ed0f35920fa84

SHA256
22258b6e08afba09921785d2d4da7d66f70670597b8bd3e6d1dde66425a5ca7b

SHA512
3f90222af6df32d66d3bd6f3b284e2dc6e3bd9b3848c84077c2c8fb8c257c95f3de286f24c8c0e897bdc9249b052d71f80050f4979443c838d9ff0feb7e52110

Download Submit
C:\ProgramData\EMCO\Malware Destroyer 8\Skins\Blue Shadows.asz

Filesize
58KB

MD5
03253d6d4e72506ee21085086befbef5

SHA1
7c6c530fcd68585d2ead0f3052c777c0168e983f

SHA256
fd1d05c281617eb86ebf992720e21e8d241e4b549fc0dfe0303e3c0ed9f62b5e

SHA512
dec7f222a1491cceed1cccd79618f78a032ee810354f4452666022e4305020dd62e3b008e385ba38dfa26ce7b10c4ba15a81dffaa118109abaf5bb68ccb3c7b2

Download Submit
C:\ProgramData\EMCO\Malware Destroyer 8\Skins\Blue Waves.asz

Filesize
38KB

MD5
176f43dada8b28b5263d0cfd4ac351ff

SHA1
96ff63f13161f7105559c0b0c15de2b8b296633d

SHA256
554c0646a57906408fc4eff73fff554705c9110b4243644acf74d30812dbf50e

SHA512
bdfa31bc2a258ab6cd07dac08686c3104acc03c946f8351aa50f9404de9ddbfa7f67595b0564e3afa8bddbcadcf3edebf1536b05a28825bc7eb942c8b156bcec

Download Submit
C:\ProgramData\EMCO\Malware Destroyer 8\Skins\Calcium.asz

Filesize
62KB

MD5
5e054078df67913d0ef09d75abd87dfb

SHA1
111c142a63f29f46b220ff958ba81ee964e6de09

SHA256
df516a46acb86e609378b17433d0f9e19f710d0419703d6e1b2ce947ed576bfe

SHA512
23f25a159b530acf6bab1aed8bf9b34fb8fe4a2bd3b87e3ac4d09190e295f358d8fc19d309a6ec07bc8d6a7597fcde142d8f529099388d5596b0c41a89dcd520

Download Submit
C:\ProgramData\EMCO\Malware Destroyer 8\Skins\Canvas Dark.asz

Filesize
359KB

MD5
ba7f560fcb3644bb01ba017170a62db5

SHA1
fb125d7b43ca686cc7533eee6db8f8891f799b2b

SHA256
3f92999e39f921e061c82c687278fa14257247686c718be3bd0264879254d4a9

SHA512
8c4737e326a437e121209a119267dc64e68f3d5b82b1ca107ba0e958d1834dd44339cc48f4de21ad0632e377e3286a4754a7109d69599616330b4b224f790c86

Download Submit
C:\ProgramData\EMCO\Malware Destroyer 8\Skins\Cappuccino.asz

Filesize
34KB

MD5
d85d9c69c2f9077c87f6985f7f0e20d2

SHA1
243c2a947b5b210f31c0f80e03a8ef7492e2fffc

SHA256
b4ff4160752f1478706ab143008c36e3d9611de9230816d049244fb312f2df12

SHA512
33015bba24ef14d79ccc2400d6b4018e552a8d53ce7244c7e560c513e88c11bbeb14b7771df665ecffae005555773e92f51e7299192b442d13d4ad8147478d7c

Download Submit
C:\ProgramData\EMCO\Malware Destroyer 8\Skins\Clear Sky.asz

Filesize
150KB

MD5
e66930434bb73ab3f7904f8887d8c96a

SHA1
4d832bb3a43f152cf8739ffa442322731401eb30

SHA256
b54b2eadea6ed684ef5a15208bf979074b0d4fb54bc458e31fdbb8bd2c60b6f9

SHA512
0b2ebff69ab768bae5cbec295750facc1cec51ef26b094f54db947cd8080f05d34c637cccde01358e6dcb375fd17332ff2b39a8d57a36a9bb231cbddf1aa61ed

Download Submit
C:\ProgramData\EMCO\Malware Destroyer 8\Skins\Cold.asz

Filesize
42KB

MD5
66a36cd27e0967d858b6d33a68d270bc

SHA1
da2dcd6100ab2d8e0a30730e1c0cefe3d5f4dcfb

SHA256
69f8b74c9e71900f55eba4ce055080c0c2b01409325bb6414dc4ea725e0e9197

SHA512
9e4ad58e6d147bb43299429fa353705d299f60d709fc44df4aec2c34e984961ad1d5339be63d3b5d8eb9cd658b69d9c9acc60ea75fc2faa6cf0c47582b8243fa

Download Submit
C:\ProgramData\EMCO\Malware Destroyer 8\Skins\Dark Glass.asz

Filesize
62KB

MD5
f313dbfb276f04aed4d41dfafbaf3d77

SHA1
a9b72dab181bda14b766bfa6fc64ce61e35a10cd

SHA256
038455276e3dfde208847812b5215f0dc06df58f57f87bdd247a083884ae6503

SHA512
fe3ed9f9ef545027092ab480ed0f9bda07bccff11c1d6a871022a4cfa26e8b6a254614da365871b9906a50a7c67806eb8d1b3e27a270a46f21cd9fa0a7cbab51

Download Submit
C:\ProgramData\EMCO\Malware Destroyer 8\Skins\Dark Metro.asz

Filesize
78KB

MD5
eb8537ecff5cffadafbbd32ce7755dbc

SHA1
777c2e65e1bae95d571d40d2c977d690b599c969

SHA256
e893af17c54bc809245ab48611b8d6d9f8da6888780cdf82b840a7ae5aeedc11

SHA512
5275bac1570046fe01c2ed1e34fd2a4acf7cf9afb463fe68b1dd0dc9496328b5b8d656cbfaaf4888564fb5c37f2e8e28f3c0a1bf7b0ffe4572757eb01467b729

Download Submit
C:\ProgramData\EMCO\Malware Destroyer 8\Skins\Deep Purple.asz

Filesize
142KB

MD5
691e75166c59e766c990a46f84ecb193

SHA1
ba4c0321f563dcab3b37e2d36e9ba703e03cc228

SHA256
af7a152dcef0dc9037714999bc22df6723dfa7add49a41f317f3e2a03f003cb1

SHA512
c149a296b41cc49654e86e21c04b384b3842decbad391b60998761ac63de74866acb7af4e6e2f7709ec64f975b82df8216480cdf996e0d8c7248e047139d8d8e

Download Submit
C:\ProgramData\EMCO\Malware Destroyer 8\Skins\Garnet.asz

Filesize
64KB

MD5
b95650ee1b15c417dc858abde93ea141

SHA1
39210e1b1ce0079d72b10ff8a646ee6751cc4d05

SHA256
915da78f70b84b328c13f2c341409215a660c971a400dbdfde2b398bf44cb696

SHA512
b711e4791a7d54b24583db445dca9f689b112624597869eeb014241ddb51f0a97f7144b5ba5026d3ac008bc4071bfa0481457a79720a478f7a8daa8e5a3046b8

Download Submit
C:\ProgramData\EMCO\Malware Destroyer 8\Storage\Definitions Update\LatestUpdates.ini

Filesize
3KB

MD5
0c6b7a83382e1040bae7811bda85466a

SHA1
bf9435ad13476bbbade835836ccd8570aed3198d

SHA256
9c2cc9f5dc4e860e2058ef8eb1222a16d3bb3947de3e5a24fa631fe5548513bf

SHA512
5edaca697e919c8ffe4849ae0fb31927b397d56e28cfc82f28e171c203e65e9fbe06c9c30be52fe0b3bb1016ac24c7b649d42aea1946d278c1063ba6c37a885e

Download Submit
C:\ProgramData\EMCO\Malware Destroyer 8\Storage\Definitions Update\Temp\LatestUpdates.ini

Filesize
3KB

MD5
e7cebd88490ee8685f219fb5ed995d0c

SHA1
d9e1611c2f7f23652dfc70e32fd5ba41e8fc98a4

SHA256
b3e9269f10bcf5c33632689becbc9760a336ab2a77c3230dbd5984901dc025ad

SHA512
34ece3307e39c3676081bfc2ab731ff2abf295a60c9a10af8f0943bebae2c768ba795469350c79c40455eb274a905b9b390a45aed3649ae4dbc841b7f2d85ab5

Download Submit
C:\ProgramData\EMCO\Malware Destroyer 8\Storage\Exclude Engine\ExcludedCompanyAndProductNames.txt

Filesize
101KB

MD5
b3cd2a3c712eef96659bd3bc2e4d0306

SHA1
70779b39ee79751867348de2ef85f03d12a8d312

SHA256
6f1eaf8c8ed2f2ccf863638af8a68651ca18c9482f4e34971bb506aab9a91871

SHA512
f1a1c32e98113d2ab7779efd2885b989cc1138616bf783f1d5823db7c74d4402f0d0aa47280c3c85025db1cebfa3ce4384b219a6fb31d0d64197031a536bccd6

Download Submit
C:\ProgramData\EMCO\Malware Destroyer 8\Storage\Exclude Engine\ExcludedFileNames.txt

Filesize
278KB

MD5
71c2787a78956577b047ad83ae96ed64

SHA1
6105af98ef092915d57a7ad56d66ee2b2b73b433

SHA256
71efcae24e244b2243130dc3ba196c629490d0768737b8184fceace9237c83a5

SHA512
c8619081a691f76f1e1ded667be18b82368e22873fb01011aba1e3cf07220002b6d7347e91a587647a39388d386f24b0427730982a28c256a7f23c71f57dc38f

Download Submit
C:\ProgramData\EMCO\Malware Destroyer 8\Storage\Exclude Engine\ExcludedFileNamesDM.txt

Filesize
20B

MD5
16e4acfe2ab282a8ca3d5ada6bc9395d

SHA1
d5aa2477ef3bc50dbf4b53ccd71afbbafb47922e

SHA256
fe9224a483ab6b9c8ffb7bd31bdb6c40f3cf674ed1cadf74944f6512ada45036

SHA512
3e2b4306d3333677fbe6af89da69846ea51492a3f8a21229e0e7d23fa2c51ba77b48963270837709dfb3ca0e5250bcca69ad36ab579de426c1b0cbc1150765ad

Download Submit
C:\ProgramData\EMCO\Malware Destroyer 8\Storage\Exclude Engine\ExcludedParticipateFileNames.txt

Filesize
132KB

MD5
8ab0f0e8aa00c2e8a15236f3e479b22d

SHA1
6103530059816344a162aa94a9b8cda2a52b7d3a

SHA256
604db6fe34c872765836fb072879673506f1dcb2ef50131f85e46bb506fe72c7

SHA512
c6121f28ec1880a12852240ff572e08f6f9d055998228061a1824b19d698622b2fbad0080dccea44ad7005850c729b1e1f3ad2a6a065a641b85d8234c3184ebb

Download Submit
C:\ProgramData\EMCO\Malware Destroyer 8\Storage\Exclude Engine\ExcludedParticipateSHA1.txt

Filesize
356KB

MD5
8c78a7fa0529c45a9a67acef9da945a1

SHA1
1fbca94cc872aee826506a92b752f9a55acd354b

SHA256
cffdf1ef3c866c095eef7ee300c7e286b7c01daf9ae882837066a4c6757dd3db

SHA512
467401232d8737504ebaac925e4d872fc186147c6c8045bf695b05d4c3dc741d49b8ed9202effbc1d3ab8ae7e18972416b5ee698d37b53265d7b9891ac78ddc5

Download Submit
C:\ProgramData\EMCO\Malware Destroyer 8\Storage\Exclude Engine\ExcludedSHA1.txt

Filesize
92KB

MD5
b24aa21ee489bf6ed7e9063dd3aa7d83

SHA1
7b998340cea7d29252b220dead4a9c97eb0603f7

SHA256
050abc13954b8c7ceb83f9197c0a73bb12a36a5c1bcf8e6636bf972985f9778d

SHA512
1c830fae8641a147f4c7ef9e8d244c27ea9f2e29934b2b8d18118e4f99e5060c255474e4e633c80db6769be1a6cb087548db1db172e0be7bc5ee6c9e21ddc6dd

Download Submit
C:\ProgramData\EMCO\Malware Destroyer 8\Storage\Exclude Engine\SuspiciousCompanyAndProductNames.txt

Filesize
3KB

MD5
92fb1158150e2c1ad0f943075fa5b4c3

SHA1
9318150e5305b7c16917b674b7a02887793c6738

SHA256
b88ccaa1c435ebcccd5a6d1e40fd13e8f8541677bb3844db7f6209af1f1ebc07

SHA512
e414649b62bd098eb789f710a4953cff7329c396fb512565db40648c8125a22aabfb6df96a6c31cb475719b00a3e82f8d422bbfd68557e17a62fdc8f148af126

Download Submit
C:\ProgramData\EMCO\Malware Destroyer 8\Storage\Exclude Engine\SuspiciousCompanyAndProductNamesDoubleMatch.txt

Filesize
795B

MD5
da5bee8506ee9aef25ab4a754b077e5e

SHA1
14c46511242fe90b13639298b101f813e5cb7dc7

SHA256
ee4beb15d81fb56d3279a3ecad26b89d3caab88a0ab134c799964565d2f1dd8b

SHA512
55fbc36354a7a6ec682585d8771c2b82893ab9058dd4aa9b85e4ed946d2d560d4335e7c52355baec0f78db790f4c907b34ccefe13ce61dff03c9870cdb75c925

Download Submit
C:\ProgramData\EMCO\Malware Destroyer 8\Storage\Suspicious Engine\SuspiciousExcludedPaths.txt

Filesize
12B

MD5
a328a98457a6ee7af1c377b6422ee4d2

SHA1
76440225a61d655cc7ba2e4ed6d270c684411349

SHA256
4ece5a3fe1e1acd06980b0e8e9ac90385cc3cbb1189f3650f292c4951eb4a56a

SHA512
d91c03f08d322ce09acffeec9f060065dee9b5694e122150d9cf8d834924f6bee3ee4d379b87aa7f6caeb36d66e817a687d69741e98e9f1837d3ea9e3c3e0d9a

Download Submit
C:\ProgramData\EMCO\Malware Destroyer 8\Storage\Suspicious Engine\SuspiciousExcludedServiceNames.txt

Filesize
165KB

MD5
adefde95042c55eb590d9d85d7f55a10

SHA1
a4c02866eebbb1fe2013ad9de442e57ac55ed562

SHA256
d143b7d435c322fef77b61733a5e8b60e2be240325a911cdfda8c3a647a42f52

SHA512
7abaace6705ddc6c66051a25a3824baaf9b0d42d76f81115850993e14cb47e8b420e5f46422e6d9b1fcf5b6301ba20fb130a301ec1873fda0334216b00a789a6

Download Submit
C:\ProgramData\EMCO\Malware Destroyer 8\Storage\Suspicious Engine\SuspiciousFileFilters.txt

Filesize
7B

MD5
1ac0ee7e70797a39274ccf284e8e8908

SHA1
a8c2db4e5afb959e59dda47c584dc245f8e7e6d4

SHA256
fcd0201f66c61ddce08bac0239d29437269ec9b2a96b481dbaacc62f8eea8900

SHA512
15e13f309cf6d67dad0f88e567444ecae5ca38063a28369835e24dafa4106a0c9f78501269a3b515b4762b9c0b6ab3cd458c8938cdc3026b5fd3bd0d10f073f4

Download Submit
C:\ProgramData\EMCO\Malware Destroyer 8\Storage\Suspicious Engine\SuspiciousKnownMalwareNames.txt

Filesize
271B

MD5
4c46785ee55eed9b5a0518be620bb131

SHA1
cc9581df5857775da2d921dc0c889ada83dbf392

SHA256
cec4751efc829cbeabe9e195e972c7455937f636298a9b5c0f54169dd86554a9

SHA512
86284b8c691e8115eb1cbc5e00aa2e9cf8c45e9d21fb38de946a56023c84aa999568ba9845c50bcabd68df91b0cac8f609efe7d5fb9578004c51400a230b61fd

Download Submit
C:\ProgramData\EMCO\Malware Destroyer 8\Storage\Suspicious Engine\SuspiciousKnownMalwareWords.txt

Filesize
45B

MD5
0752c23eb08d341ded5035b7e49872d2

SHA1
d53c34a33cb6a1da0c5d4fdbbe7536204f8c7b24

SHA256
9674432c14984856df494960e2f77feb5f7854cf9519feed3093bbd81e5d5926

SHA512
8901bc59832746c91c71a916f76d5778150e4b40772b14ae5f14cff599bbc5c18e5b796f73bb0cbcdef3966ef85d37b3fdd8d01a5dc333afa27fd2e49a00d93e

Download Submit
C:\ProgramData\EMCO\Malware Destroyer 8\Storage\Suspicious Engine\SuspiciousKnownNamesFile.txt

Filesize
1KB

MD5
c974c9da9f20b10c11bf99bb54d45492

SHA1
de8e98a2dc2e3026fc9f8084ad7246f7cea6fc83

SHA256
7773b871af64abfa249c2f975d620b8c5cced5882b0904ef3c161caa83dbb532

SHA512
1bc66697abe50cc62d4c187394ae66edf75daa5d67fcb6608f4eb458e52bb3f1a1bae66631392258310a5fc4461bdaf47f95ecc7c2b3819eeca0bae81c16a1bf

Download Submit
C:\ProgramData\EMCO\Malware Destroyer 8\Storage\Suspicious Engine\SuspiciousKnownNamesRegistry.txt

Filesize
2KB

MD5
bed8faa5e27abcdd8f2d74427cab0d15

SHA1
b34a6d17ce8a3aef6245ace98d83d3e427da3d69

SHA256
f2c663922a8ed8a3e435afcb73c1546135487cb4c011cae088c463a345bde754

SHA512
a45891c9579b62bcbbffae006b35be718caf886e06592779d5a5191cba9b3d012d8630e1819fedd9bd4cc869c7e2d38cbe486609c4990257e972f5b7e3eae59d

Download Submit
C:\ProgramData\EMCO\Malware Destroyer 8\Storage\Suspicious Engine\SuspiciousPublicFilters.txt

Filesize
93B

MD5
688bd189249090aa84e24d0187ec8a4f

SHA1
8dfecdd2cdf4e27e50f84a59ef7ab32407552bc8

SHA256
9ad28eda99abf5626296fc26f0cc0d2eedfbe4fc724c3c1eba61c40117e95b9e

SHA512
6551cd8011a30402da58b08efb119099472b7bd206bb8cff718fcfdf676814ae9decb3e0a0fd4820d1043277f83e6a292ce13cdd590b083f34c49081cda395e8

Download Submit
C:\ProgramData\EMCO\Malware Destroyer 8\Storage\Suspicious Engine\SuspiciousScannedRegKeys.txt

Filesize
269B

MD5
1c06565def8c16f3618e52fa9b0d4b57

SHA1
368146da86228713209de1b8588468c6f557546d

SHA256
dcd5da3be0df5f5f13b78cb7c4e8f0d02e6de3c24da769dbc7636b9d976dd9c7

SHA512
ec51e14786ad4b00d95d1660ffa83530c6a122f008b1546fc7e1b009c3e8d48671ca114c78738e64856e343a55a8c4b3d0c5a7dbf927b6fbadc2509b3f59a5e8

Download Submit
C:\ProgramData\EMCO\Malware Destroyer 8\Storage\Suspicious Engine\SuspiciousServiceNames.txt

Filesize
18KB

MD5
d35f9ed4c629a9899cbf2447b9bb3c7b

SHA1
caeed1c785f0c96cd466afedf536b280bc861f3c

SHA256
ed8533af3f30c50224fda07006aa24abb3f047197a2de21624af9a8ea47de73e

SHA512
bb3dfedb055b93a9698ac44959b591183e04485d6dd6ed0be47c4bd9ca5f0b66cf91fe1469d8d9ec35c84b7d1d0818cd1c3fa64195fe35b6c7124481947d8eb1

Download Submit
C:\ProgramData\EMCO\Malware Destroyer 8\Storage\Suspicious Engine\SuspiciousUnExpectedLocationsPaths.txt

Filesize
238B

MD5
c464fe4432ef0ef082f89a54ed8189c4

SHA1
f9083fb40cd50328e10e73842bdf7e7be41ed161

SHA256
c0403f8a9b873d046703618f7f88e8f979e3f6e6d461cf7e03303adbe09e7fb1

SHA512
59f4a4fc87ab1c29d2a2b8d04751dff8d558dedafb9de0710925e7e7eddfa066da37f0fcdaf4dfb013720744c4eff9f617b6532ed6d1fe64201b2008ee8c636d

Download Submit
\Users\Admin\AppData\Local\Temp\is-9VKT5.tmp\malwaredestroyersetup.tmp

Filesize
691KB

MD5
9303156631ee2436db23827e27337be4

SHA1
018e0d5b6ccf7000e36af30cebeb8adc5667e5fa

SHA256
bae22f27c12bce1faeb64b6eb733302aff5867baa8eed832397a7ce284a86ff4

SHA512
9fe100fafb1c74728109667b5a2261a31e49c45723de748adaa1d9cb9f8daa389b871056c70066fa3a05be82a5017c8dd590ae149a56d824a9e250d31091a40f

Download Submit
\Users\Admin\AppData\Local\Temp\is-OE98P.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
memory/616-18-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download
memory/616-351-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download
memory/616-10-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download
memory/616-20-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download
memory/616-16-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download
memory/2064-590-0x0000000000400000-0x0000000001033000-memory.dmp

Filesize
12.2MB

Download
memory/2064-595-0x0000000000400000-0x0000000001033000-memory.dmp

Filesize
12.2MB

Download
memory/2064-614-0x0000000000400000-0x0000000001033000-memory.dmp

Filesize
12.2MB

Download
memory/2064-612-0x0000000000400000-0x0000000001033000-memory.dmp

Filesize
12.2MB

Download
memory/2064-587-0x0000000000400000-0x0000000001033000-memory.dmp

Filesize
12.2MB

Download
memory/2064-609-0x0000000000400000-0x0000000001033000-memory.dmp

Filesize
12.2MB

Download
memory/2064-592-0x0000000000400000-0x0000000001033000-memory.dmp

Filesize
12.2MB

Download
memory/2064-607-0x0000000000400000-0x0000000001033000-memory.dmp

Filesize
12.2MB

Download
memory/2064-598-0x0000000000400000-0x0000000001033000-memory.dmp

Filesize
12.2MB

Download
memory/2064-600-0x0000000000400000-0x0000000001033000-memory.dmp

Filesize
12.2MB

Download
memory/2064-604-0x0000000000400000-0x0000000001033000-memory.dmp

Filesize
12.2MB

Download
memory/2120-15-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2120-2-0x0000000000401000-0x000000000040B000-memory.dmp

Filesize
40KB

Download
memory/2120-352-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2120-0-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download