Overview

overview

10

Static

static

3

90c5970f56...18.exe

windows7-x64

10

90c5970f56...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2024 21:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    90c5970f56673b5d52cf32f11096c130_JaffaCakes118.exe

  • Size

    1.2MB

  • MD5

    90c5970f56673b5d52cf32f11096c130

  • SHA1

    b28a516be658cfaf6846a7b2f2107c24a7583547

  • SHA256

    41c90ad0616b16fc303bd6603b286ac5e0a85e4daaeecf65e40608ab2592c807

  • SHA512

    e69796574fdefd075acfef86588f0964b5b0b750218d7477ce714ed5494e7e02b01b9c8cab3bfdc6521ca15a630a2831e0cdd8449112abfc5577bdf5d9c91b3d

  • SSDEEP

    24576:xbiugqOlMjQmxYIGWLREnemIMBdxdUrs/KUTZ4stkLNcsRgluoGhNj3:xbLgmjs8LRE9VdvUrC1TZXyvXD

Score
10/10
pandastealeradwarediscoveryspywarestealer

Malware Config

Signatures

  • Panda Stealer payload 1 IoCs
  • PandaStealer

    Panda Stealer is a fork of CollectorProject Stealer written in C++.

    stealerpandastealer
  • Pandastealer family
    pandastealer
  • Executes dropped EXE 6 IoCs
  • Loads dropped DLL 17 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Installs/modifies Browser Helper Object 2 TTPs 5 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 9 IoCs
  • Drops file in Windows directory 11 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • NSIS installer 4 IoCs
    installer
  • Kills process with taskkill 1 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 9 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 19 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 18 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 32 IoCs
  • System policy modification 1 TTPs 4 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\90c5970f56673b5d52cf32f11096c130_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\90c5970f56673b5d52cf32f11096c130_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2172
    • C:\Users\Admin\AppData\Local\Temp\dgrn.exe
      "C:\Users\Admin\AppData\Local\Temp\dgrn.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Installs/modifies Browser Helper Object
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2436
      • C:\ProgramData\youtubegizm\tytghn.exe
        "C:\ProgramData\youtubegizm\tytghn.exe" /closebr=1 /InstallOn=7 /active=24 /update=24 /interval=2880 /pubId=10005 /affId=100105 /uId={4D6C7F87-1211-4C28-87D4-0FE413A3CD19} /version=1.0.0.5 /Override=false /Firstime=1 /IEhome=0 /IEsearch=0 /FFhome=0 /FFsearch=0 /CHhome=0 /CHsearch=0 /FFaddon=1 /CHaddon=1 /AutoSP=0 /regAppName=youtubegizm /txx=1 -regAppName=youtubegizm -txx=2
        3⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2560
        • C:\Windows\SysWOW64\taskkill.exe
          "C:\Windows\System32\taskkill.exe" /F /IM IExplore.exe
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:2816
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {8CB8B0E0-DB55-445B-8D8A-E3801B1249FE} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2132
    • C:\ProgramData\youtubegizm\tytghn.exe
      C:\ProgramData\youtubegizm\tytghn.exe /task=0 /closebr=1 /InstallOn=7 /active=24 /update=24 /interval=2880 /pubId=10005 /affId=100105 /uId={4D6C7F87-1211-4C28-87D4-0FE413A3CD19} /version=1.0.0.5 /Override=false /IEhome=0 /IEsearch=0 /FFhome=0 /FFsearch=0 /CHhome=0 /CHsearch=0 /FFaddon=1 /CHaddon=1 /AutoSP=0 /regAppName=youtubegizm /txx=1 -regAppName=youtubegizm -txx=2
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • System policy modification
      PID:2464
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 360
        3⤵
        • Program crash
        PID:2540
    • C:\ProgramData\youtubegizm\tytghn.exe
      C:\ProgramData\youtubegizm\tytghn.exe /task=1 /closebr=1 /InstallOn=7 /active=24 /update=24 /interval=2880 /pubId=10005 /affId=100105 /uId={4D6C7F87-1211-4C28-87D4-0FE413A3CD19} /version=1.0.0.5 /Override=false /IEhome=0 /IEsearch=0 /FFhome=0 /FFsearch=0 /CHhome=0 /CHsearch=0 /FFaddon=1 /CHaddon=1 /AutoSP=0 /regAppName=youtubegizm /txx=1 -regAppName=youtubegizm -txx=2
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      • System policy modification
      PID:1916
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 368
        3⤵
        • Loads dropped DLL
        • Program crash
        PID:796
    • C:\ProgramData\youtubegizm\tytghn.exe
      C:\ProgramData\youtubegizm\tytghn.exe /task=2 /closebr=1 /InstallOn=7 /active=24 /update=24 /interval=2880 /pubId=10005 /affId=100105 /uId={4D6C7F87-1211-4C28-87D4-0FE413A3CD19} /version=1.0.0.5 /Override=false /IEhome=0 /IEsearch=0 /FFhome=0 /FFsearch=0 /CHhome=0 /CHsearch=0 /FFaddon=1 /CHaddon=1 /AutoSP=0 /regAppName=youtubegizm /txx=1 -regAppName=youtubegizm -txx=2
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      PID:1288
    • C:\ProgramData\youtubegizm\tytghn.exe
      C:\ProgramData\youtubegizm\tytghn.exe /task=4 /closebr=1 /InstallOn=7 /active=24 /update=24 /interval=2880 /pubId=10005 /affId=100105 /uId={4D6C7F87-1211-4C28-87D4-0FE413A3CD19} /version=1.0.0.5 /Override=false /IEhome=0 /IEsearch=0 /FFhome=0 /FFsearch=0 /CHhome=0 /CHsearch=0 /FFaddon=1 /CHaddon=1 /AutoSP=0 /regAppName=youtubegizm /txx=1 -regAppName=youtubegizm -txx=2
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:868

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\youtubegizm\uninstall.exe
    Filesize

    62KB

    MD5

    e9bfb4b02a1aaafcbf5a2ef6f91751c1

    SHA1

    c930d7fad8fa9e2a937d449bce5498fb303444f8

    SHA256

    6fd9d03718cc3dfb353e1daf2d35d4758a93fc8ef68ddbcc801f6cfdc27e1a6d

    SHA512

    e76d20cf5aad8f9ab05acb211212dff644f75039535fabfcf5542d76fd10f29d3508972ba20c3bb89f3f440d44c32ef485b7204b23e1faeb044ae420072048c8

    Download Submit

  • C:\ProgramData\youtubegizm\df-ch.crx
    Filesize

    126KB

    MD5

    a1704d581f799418db15df5e91dcff59

    SHA1

    6dae4dfa59e235c0f071d70678b4311ebb407cc5

    SHA256

    3e1c383d3fc1c4cab1995ee035b0f49236641a9d7cc391e563e88b5cd39f585f

    SHA512

    b7cab05d8b571a3fbf57ed07ef873a81a9ebfb9b143ad7473f740bbe4e9947c341e650cf531c609a48947f6434935ae30e04c476fd6d7e9f85bb8239bf80ec86

    Download Submit

  • C:\ProgramData\youtubegizm\df-le.xpi
    Filesize

    94KB

    MD5

    9b41c8cfd735e83a6ddde1b29be08e4e

    SHA1

    0db4358bba72b2c96e027f00f2368878ea9f4e35

    SHA256

    5fbdfd771cac9fe30121cb694f8dd98d9eb22f2923a9b91fd8fe69d89bf19b3b

    SHA512

    b29a204f23ffa0d7adeea5879821516b8b516d811c83fbfcc4c96d7dd1ed702f7398cf49c003331f14f4283cb5be8923d5d3b967d62c87a4bd8e2844153cf2dd

    Download Submit

  • C:\ProgramData\youtubegizm\tytghn.exe
    Filesize

    619KB

    MD5

    611619f98af4df3bbb077f474963c9da

    SHA1

    522144139ef78abce5cd25f34dae82f0a369f572

    SHA256

    20f035d90ef228b5a6a998cec13d7bddf00ef20c60a58167fe4230297cc25b54

    SHA512

    05a01f68ae299e22b08c9c3979064ae54483fda7104ebb6409f8e9939f9f76fca9f40a707d52e356575d9ac2c99f4bcd092e93aaf4391d96d12f15b1d70125cc

    Download Submit

  • C:\ProgramData\youtubegizm\valuese.xml
    Filesize

    1KB

    MD5

    227bdc41ed630efdb2061daa15859b68

    SHA1

    bedb6860595d0ec863bff16ac71337082a58aec2

    SHA256

    8dfb5773f05bad3c36db328cd2a352791d92c83a94f629360f9ab6ca6c719e6c

    SHA512

    64c09d8d887943b8b59f2cce210a70158b0720421a10503c29e67f134bbd690ce05572980cd3f813e31801df5aeef4c5b6b9a2d2ec2efaacbbd4a0b2c1299028

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\dgrn.exe
    Filesize

    1.0MB

    MD5

    90f0358fcd19f2b19ff62bca3f5e34e6

    SHA1

    91309ef459708ce170c4cf260db477c9ad46569b

    SHA256

    2c068552115abb5bd8ebee6ae6f9f9c4e876b06bc0f10307a33996eaa2e48cbb

    SHA512

    32657c7a1223d065230d91a7852b904d27d65ac5b08e6b533ea9781677ab8181971d81e817bf40adbf029fe5a9b194fda0fffb4721eaccc5bba12a9c1a718387

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.Admin\extensions\[email protected]\chrome.manifest
    Filesize

    192B

    MD5

    71a85ce537dcec64640fb478067e24c3

    SHA1

    42337f22368a2cd7cfedeb929f26222f2b2b7ae3

    SHA256

    5010be714b986edeb59eabca51c1296dd9e67138b9d965e9859d5553670a0823

    SHA512

    8cd49e8d1971623dcf83cbcca200de2296d82596f6fb96840face985c24c6d0a5c67d88d9f47a1b48f66972f4907643c3d5af344f732bfda70199b746d1cac91

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.Admin\extensions\[email protected]\chrome\content\bubble.js
    Filesize

    1KB

    MD5

    e3cf4b651109156221e2072f83be5aa2

    SHA1

    be06675125c178e3ff2fd78cf57f3d643bec5cc4

    SHA256

    73cde6a7691f5155a6ea9f8076dda8d00c3c62764331be13ec3ec6053d0c9f84

    SHA512

    976007787974080f6b30763f61b63c6212b4ca2a234e4f6d52a529c154a8325e7619160f108641e39ae7b405cfe203a092cf4fcdb72252cfa61e8a9afaf93dce

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.Admin\extensions\[email protected]\chrome\content\bubble.xul
    Filesize

    490B

    MD5

    75743b09194736b8fc79a6dd65db177d

    SHA1

    dbf38a26e0597697d0c6aad15e2515c398753e16

    SHA256

    f8ad9265fd61883ed00c3907f0f14478c8947b1ebaf1e34196efb5153cf040d6

    SHA512

    d151f8e97a213a59d3c41206c1aa606f179030c4ce1a24c5fb8aca17b7b783b46a9e1dc682366a3ddabe450d38b7b40cc714e23e0fced4e2a35b02ed20e1d30f

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.Admin\extensions\[email protected]\chrome\content\fix2.js
    Filesize

    20B

    MD5

    b5ce3889cdd24c2b2e9d540ba1aab48d

    SHA1

    30d6c76f244e7617c835b3769bfb1fd125e401f1

    SHA256

    03e704ae5142e05e367aaf51af30485eed881d0c5c581bea3b1752095e444cd0

    SHA512

    f5a4fb298b53017e212eb92859eb76b138255778cb3a44822e6d5c02791b9911be68bfc1f25eb90414f8adb5160086cae0c247278b1c288d7b0e3f75f21c3023

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.Admin\extensions\[email protected]\chrome\content\fix3.js
    Filesize

    20B

    MD5

    abdc04c0bb1bac8ee8962aa5e5fba9a8

    SHA1

    2689078d902bfa6d65483e26d122d0a30d2a6560

    SHA256

    3bb6e43e497c67e79fb3ac8520fbe07d6a43c9777c57be349a54caf9888ca482

    SHA512

    55fc2af28251c773c0def012f739e01a505867cdffb387d522f1c2fcabee4f2f8c33706c553b1ff5dc4a1dbee1bbf6926909dfb032ad813863ed2c773e0625cd

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.Admin\extensions\[email protected]\chrome\content\fix4.js
    Filesize

    20B

    MD5

    4b95306cdc01a9023a3ca1e8c7fcdd61

    SHA1

    f518c9d20ec181229d35089f685a9588a5b19e7d

    SHA256

    be576aea3b146bfc77237c2cd65911e05b987c0fc74c588b9ab07ba19ad1067d

    SHA512

    4733f3eb0f7002b49b6d448ed5f22ed6c13234df46d81014a7ffd008dc77c51e86cc49d7c49c63d7941a0f54cea8693244af0f339d0a5a864ef5a9e8bf47fca8

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.Admin\extensions\[email protected]\chrome\content\fix5.js
    Filesize

    20B

    MD5

    010d54d2fc0c7c7ae39324a6217030f2

    SHA1

    3d73cbe8cce886b2075b5cea17d136b344814992

    SHA256

    032f8af38f623f697712273292edb5268a0fa9eebd49f997450f97472794a751

    SHA512

    ae41156a78a60c472c27ebe5f45458836db8cf7850714f0ecf89414e12b21f0ec320ddc7d5a27db2aec5a6946dd7f436ff82f3d301998f8ae35eb8f979c6d59d

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.Admin\extensions\[email protected]\chrome\content\icon.png
    Filesize

    3KB

    MD5

    34d97d8507b37d0fd790c0489f102a6b

    SHA1

    89b5eba2d945d5b1bae4aa0464ca225ffad04ebf

    SHA256

    ac3717b581dd69d07a31c34fcdfbc600685ada80340ec6de2781ca30d5a869aa

    SHA512

    edfd5ec831b4aa5c379ea9e6fa6c058a04787c8d1ebc90aed1a86c7c9de23fd955baedd1929b1cde202ef4159afb9750d826668b92bcd9be166bae59b79cf3bc

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.Admin\extensions\[email protected]\chrome\content\jquery4toolbar.js
    Filesize

    92KB

    MD5

    432e6ce300e0604b682c612aa0de1c82

    SHA1

    c559ab91e420bdca977c4c4c3f7f5e8564a78fb2

    SHA256

    6dc68cfa752a170706a347a81ccb8fd5fadf8ff5837823eb9fd5486a6882e65a

    SHA512

    9a463a5a884c562cfea0afc2f9a22eca258f06c6a8ea79cf4e9612079906c5c44edd50b490c067d1f8456cb1a596636a28ac51e66a10a479302bad752c3b8dc2

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.Admin\extensions\[email protected]\chrome\content\jquery4toolbar.js_126
    Filesize

    167KB

    MD5

    224c257265b43f4b4e5ebe21e7575dbe

    SHA1

    4a7990cfea863655aca06e4c7ee708a0641d4e35

    SHA256

    a63ca336dd561218555d730194dae3b778212d41bc3c164232f5cf627702f90a

    SHA512

    9559e1c7db6402b2803d953ddadf49195785a642cd9849d8caf3333ee829d6a9e3ee3037234b83a8a2d4fd35eaec346bf313f22874a33d6bf5690fe1ec52cdec

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.Admin\extensions\[email protected]\chrome\content\lock.js
    Filesize

    27B

    MD5

    02469e8f69f26729bf7373aaf83e7687

    SHA1

    cee5b53a1b7f93986b9d336ea43e640da532eba6

    SHA256

    86b85ba075a4af0c0ba4496484f0dd335e4abcb6782495dd0fb936bcf26b5c4f

    SHA512

    45b75dd965ac95768aaed7bf7ac6e5317bd5ebbfdfde4920930e8258529b25979c0f335f335053538ad0d3940203694f8cde2dc71b57e0ad60adad65f5d763ec

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.Admin\extensions\[email protected]\chrome\content\style.xul
    Filesize

    812B

    MD5

    668dec8a49b6dc8575acc0e34ecd4284

    SHA1

    9fa09a256602a30dec25e2bb83e5ab8a1ec0bafe

    SHA256

    022636895ac1faa46a586e7e03e1c9d74b1ee78d48d622f95938800a02b71965

    SHA512

    94217e798b4258960949265d3ec7f4ba4dc4fb3c6a00fbe952975ba408bcd248e1b7e85f517ed67cee5d3d56cd110c2005d875f6b910e2e4f69bd58706a227ed

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.Admin\extensions\[email protected]\chrome\content\witapi.js
    Filesize

    37KB

    MD5

    c48275070dec1182b66f0932024c41d1

    SHA1

    3093164946b041dc4b13d1e251113da232e8bdeb

    SHA256

    577d9b9f3a4ee376f6863194ed322d5cfe3ab0afcb8a2b45520f0bc32e4c97e1

    SHA512

    f25688e437f0c23f3ac0a0e452613a23a1663813e6700740ca5049d6fb36adc26f66187b903f46aaa8ff455969d46f3026c4d126fb7adeddcf0f113c7dd7e5ab

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.Admin\extensions\[email protected]\chrome\content\witmain.js
    Filesize

    949B

    MD5

    290d4e5edfc05a9c619776b927eb1550

    SHA1

    83b2901baa226905eab2f5270f79cc2b4abc285e

    SHA256

    c55490b5a4a6d386fee087275d7b3515c61ac8fa63aa2a654fb1a4424f373c27

    SHA512

    ab90caf6c4e46c690eeef44c07dc3dbf92b40d9f311acba129cf7ed6f8ed9e3473537fcbdb9da851eb889c1adac101f003631ae25c2341aae571edb83ea40e61

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.Admin\extensions\[email protected]\chrome\content\wittoolbar.js
    Filesize

    2KB

    MD5

    cda5b2727e277b095e1c802930ab9a78

    SHA1

    16898837afad35f9ea3cdb203b3881a1f1cc14b0

    SHA256

    1f4f851573263382105e35dc1c32014357ea8a5d48a2d3f97e568393ac17307f

    SHA512

    353175636f3ae56ae97f0587c4f8b819e2ae290594982bbd2a514fe7f702570b506b9d774a7627de57f9c480f80d54a4c48f845330a7a1008fb03edb55f1bf3b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.Admin\extensions\[email protected]\chrome\content\witutils.js
    Filesize

    23KB

    MD5

    e98815b4088c11d052fce961ea863308

    SHA1

    0aa226ffcbc73b435f0bf19a4f658a111f572e3d

    SHA256

    aa7546f7a02f77a48f737644272ae18d1ec4e7fc51756d406af88e530cb8b489

    SHA512

    ee86a07cda4fc7cca9947dacadbf3d5d8eb63b7f0529c20d506bb75bd99de60c2dd7b354149d8ad2ba70f40fa133aa79fc619a410786d51f45f14a7a65a1d6c9

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.Admin\extensions\[email protected]\components\handleProtocol.js
    Filesize

    20KB

    MD5

    1f3402859b63193c40a54f466a8f7a46

    SHA1

    e4060e5def7dfe2c31123098f7e9f552a71ac993

    SHA256

    07afcbcddb1b2ee757d4e4d5367bf8f50bf7cbb0b815a83513d4a3bf1bbc2679

    SHA512

    cf3edf88d4d48905a1ba393452503142ec3e7031cd7d0645cba79a667d3642496e487d2e9d04fbec16dfd91e1fa35ca343754053a53185fe44820150e8e5eedd

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bhzluvd5.Admin\extensions\[email protected]\install.rdf
    Filesize

    737B

    MD5

    6bcfd61c0d36e87fc9adeeba4ce9138a

    SHA1

    7a4206246fa9373802c2c139447d1748ebd433e2

    SHA256

    3f005ae8abf159343a48aca821087f34a0c52897c3d2371904bc73668b1aa7e7

    SHA512

    7e01737e70e8f2d80d040e000b0345379251ff3d0b08b965c3eb79addad38fc20231ef62ed01c29b0befd2f5e185fc184d8a8207730f81aee8b84a57ab9f4e95

    Download Submit

  • C:\Windows\Tasks\youtubegizm Chrome Watcher.job
    Filesize

    944B

    MD5

    1baf6cbbbfa534980324972a0b5955dd

    SHA1

    74bdc3fbeafb396ae06200f82139ad138919977b

    SHA256

    3b9004ec03711701b66cbda6d0afcd4e336fea757aeb83d74dfd68bbe4e88fc0

    SHA512

    5743a2a425407fc7b50470c68edea343aba40d921b0a0152d1866c1ea79fd3a2bd6162f4347ccb4927fc8df91f37b8ac87eb2f62316962f79db52db132dbb191

    Download Submit

  • C:\Windows\Tasks\youtubegizm Chrome Watcher.job
    Filesize

    944B

    MD5

    b8121c001a6a47c3b3ae8a76c5cfe26d

    SHA1

    6b6dbe5dc95891b3472a05388a1413e811e83e91

    SHA256

    96c6e9cdd42744efaac9ef7eaf0fc650d468c78a7f5bf397b8b75ea735a7fd78

    SHA512

    fd8edac0c1b2cb5f7218e0227d6da75c3409aae4df81626b95ec3f9acb7647efe8e8e22cb30003739d1e7bfe7c9050566de921ed7ea0a2a9267f115c97c4f375

    Download Submit

  • C:\Windows\Tasks\youtubegizm Stats Report.job
    Filesize

    944B

    MD5

    e2d35bcc7e4551f7225b3bdd7135ed49

    SHA1

    da7d75af9e1642484089adadba7f9e51f337b50c

    SHA256

    de0061384b6ff8b29defdee772ef873cbc79c35d29c974ef43ac3982e1ed1832

    SHA512

    15c63e7bee00bb2933866e4ce62aadd3c7ae02020349bd3fe8c99d939e99183655dc968a00574da78914a528228fc105461d6349e4ac5cca98532d572a1f64fa

    Download Submit

  • \Program Files (x86)\youtubegizm\jsloader.dll
    Filesize

    215KB

    MD5

    51d72c5c44c3cadb21128c225ba7a569

    SHA1

    94da06230ffbbe9f4d22e9b0422a279004a7b848

    SHA256

    50c36830ca56b2a9ccbecd650767af742bd1a2fc4cc18ac9cd2d18d8da8259c1

    SHA512

    2ec980a01e8f237bc863686bba0f35ae291b3626356905c0889086bf71c3362411984ad2af6fbba893863105852fae36be8cdd34798f46128486eedb67b9569a

    Download Submit

  • \Program Files (x86)\youtubegizm\tdataprotocol.dll
    Filesize

    149KB

    MD5

    ffdc730ec5f8b90e4dda0c7685650c9d

    SHA1

    0f052108bcef14beffb6f325981b22fc40c7d047

    SHA256

    2373e11595d02e279ed64925233f802e03f8e68f3d85649e360b0db17e1e191e

    SHA512

    172914e1c1e69da1eb1844fc2a7c10de153e7ad1c97ad5bd9821ca82a0ab37838085cdc2ae9d3301a1d900662f4b9fc0c2737ff97e02566320d08630e4ac327c

    Download Submit

  • \Program Files (x86)\youtubegizm\toolbar.dll
    Filesize

    119KB

    MD5

    a4efaf7a21baac166810f9790f0c693d

    SHA1

    eebca444b31d79ad37aec6076ba487942b5df0ea

    SHA256

    a85bfacf0d2c2d5a6a4b62720a69e1e8fe0347653cf914fe82bb9c74d73bd3b1

    SHA512

    32ff2899e917c9ae3e959f1183967711067e30dfd5a2f90ab0f33f524710f137561a69c7c3d265336829b1cfe401809906acbfbc7d03dbcd1046ac517b134f40

    Download Submit

  • \Program Files (x86)\youtubegizm\updatebhoWin32.dll
    Filesize

    120KB

    MD5

    4ef3b332db3d6b45c47414e056d99ad3

    SHA1

    fdec55c9fc31e9e65a832407d0e843433d75bc14

    SHA256

    601e473f4f509ebb12b3b0a47f979819ddc64cd5aa768abacdf6e67a6cb3eeb7

    SHA512

    26f924340779b52683f660468974da5d42c9dc05f9d25764527ca343054bec7f42cc90e384c1316130af67399dc60bc2ca1000738a3f214a9a9aea492ddbdc4a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsoFC1B.tmp\KillProcDLL.dll
    Filesize

    32KB

    MD5

    83142eac84475f4ca889c73f10d9c179

    SHA1

    dbe43c0de8ef881466bd74861b2e5b17598b5ce8

    SHA256

    ae2f1658656e554f37e6eac896475a3862841a18ffc6fad2754e2d3525770729

    SHA512

    1c66eab21f0c9e0b99ecc3844516a6978f52e0c7f489405a427532ecbe78947c37dac5b4c8b722cc8bc1edfb74ba4824519d56099e587e754e5c668701e83bd1

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsoFC1B.tmp\System.dll
    Filesize

    11KB

    MD5

    c17103ae9072a06da581dec998343fc1

    SHA1

    b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    SHA256

    dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    SHA512

    d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    Download Submit

  • memory/2172-0-0x0000000000090000-0x0000000000091000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2436-61-0x00000000003C0000-0x00000000003E3000-memory.dmp

    Filesize

    140KB

    Download

  • memory/2560-77-0x0000000000440000-0x0000000000441000-memory.dmp

    Filesize

    4KB

    Download