Overview

overview

10

Static

static

7

0x7-Protec...in.rar

windows10-2004-x64

10

Analysis

  • max time kernel
    326s
  • max time network
    332s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-12-2024 17:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0x7-Protector-main.rar

  • Size

    73.1MB

  • MD5

    94736189d856595886f4ab6f8e963617

  • SHA1

    dd5b430e926280db3e6f0cf7d51d63df81928eb5

  • SHA256

    95028a2a9e05cb78b58f5775b7fc0c11b01e291baf57569669554217d3f087ee

  • SHA512

    585b94de4b09f63a56d4c53736acb6b6a1ca7943c868975594320b3c5ea4c352af22b06a245305372ea631593f17ab7bf8ee621f6638271036259c900c2436d9

  • SSDEEP

    1572864:DUKhpFXm/pNa3rbZPCGHnbLAw7nHoJPv8ScVcyEIOyBONyS/CCXfst:DUK/gra3paanI8rVBjOVCgst

Score
10/10
elysiumstealerdiscoveryevasionstealer

Malware Config

Signatures

  • ElysiumStealer

    ElysiumStealer (previously known as ZeromaxStealer) is an info stealer that can steal login credentials for various accounts.

    stealerelysiumstealer
  • ElysiumStealer Support DLL 1 IoCs
  • Elysiumstealer family
    elysiumstealer
  • Looks for VirtualBox Guest Additions in registry 2 TTPs 6 IoCs
    evasion
  • Looks for VMWare Tools registry key 2 TTPs 6 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 12 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE 11 IoCs
  • Loads dropped DLL 64 IoCs
  • Maps connected drives based on registry 3 TTPs 12 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 24 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 10 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\0x7-Protector-main.rar"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:3504
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:3756
    • C:\Users\Admin\Desktop\0x7-Protector-main\0x7-Protector-main\0x7 Protector.exe
      "C:\Users\Admin\Desktop\0x7-Protector-main\0x7-Protector-main\0x7 Protector.exe"
      1⤵
      • Executes dropped EXE
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:4156
    • C:\Users\Admin\Desktop\0x7-Protector-main\woofer-protected-VM.exe
      "C:\Users\Admin\Desktop\0x7-Protector-main\woofer-protected-VM.exe"
      1⤵
      • Looks for VirtualBox Guest Additions in registry
      • Looks for VMWare Tools registry key
      • Checks BIOS information in registry
      • Executes dropped EXE
      • Loads dropped DLL
      • Maps connected drives based on registry
      • System Location Discovery: System Language Discovery
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2680
    • C:\Users\Admin\Desktop\0x7-Protector-main\woofer-protected.exe
      "C:\Users\Admin\Desktop\0x7-Protector-main\woofer-protected.exe"
      1⤵
      • Looks for VirtualBox Guest Additions in registry
      • Looks for VMWare Tools registry key
      • Checks BIOS information in registry
      • Executes dropped EXE
      • Loads dropped DLL
      • Maps connected drives based on registry
      • System Location Discovery: System Language Discovery
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2916
    • C:\Users\Admin\Desktop\0x7-Protector-main\woofer-protected-VM.exe
      "C:\Users\Admin\Desktop\0x7-Protector-main\woofer-protected-VM.exe"
      1⤵
      • Looks for VirtualBox Guest Additions in registry
      • Looks for VMWare Tools registry key
      • Checks BIOS information in registry
      • Executes dropped EXE
      • Loads dropped DLL
      • Maps connected drives based on registry
      • System Location Discovery: System Language Discovery
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:4228
    • C:\Users\Admin\Desktop\0x7-Protector-main\woofer-protected-VM.exe
      "C:\Users\Admin\Desktop\0x7-Protector-main\woofer-protected-VM.exe"
      1⤵
      • Looks for VirtualBox Guest Additions in registry
      • Looks for VMWare Tools registry key
      • Checks BIOS information in registry
      • Executes dropped EXE
      • Loads dropped DLL
      • Maps connected drives based on registry
      • System Location Discovery: System Language Discovery
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2240
    • C:\Users\Admin\Desktop\0x7-Protector-main\woofer.exe
      "C:\Users\Admin\Desktop\0x7-Protector-main\woofer.exe"
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Enumerates system info in registry
      PID:2556
    • C:\Users\Admin\Desktop\0x7-Protector-main\woofer-protected.exe
      "C:\Users\Admin\Desktop\0x7-Protector-main\woofer-protected.exe"
      1⤵
      • Looks for VirtualBox Guest Additions in registry
      • Looks for VMWare Tools registry key
      • Checks BIOS information in registry
      • Executes dropped EXE
      • Loads dropped DLL
      • Maps connected drives based on registry
      • System Location Discovery: System Language Discovery
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:4068
    • C:\Users\Admin\Desktop\0x7-Protector-main\woofer-protected-VM.exe
      "C:\Users\Admin\Desktop\0x7-Protector-main\woofer-protected-VM.exe"
      1⤵
      • Looks for VirtualBox Guest Additions in registry
      • Looks for VMWare Tools registry key
      • Checks BIOS information in registry
      • Executes dropped EXE
      • Loads dropped DLL
      • Maps connected drives based on registry
      • System Location Discovery: System Language Discovery
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:3048
    • C:\Users\Admin\Desktop\0x7-Protector-main\0x7-Protector-main\0x7 Protector.exe
      "C:\Users\Admin\Desktop\0x7-Protector-main\0x7-Protector-main\0x7 Protector.exe"
      1⤵
      • Executes dropped EXE
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2424
    • C:\Users\Admin\Desktop\0x7-Protector-main\woofer-protected.exe
      "C:\Users\Admin\Desktop\0x7-Protector-main\woofer-protected.exe"
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Enumerates system info in registry
      • Suspicious use of AdjustPrivilegeToken
      PID:4432
    • C:\Users\Admin\Desktop\0x7-Protector-main\dnSpy.exe
      "C:\Users\Admin\Desktop\0x7-Protector-main\dnSpy.exe" C:\Users\Admin\Desktop\0x7-Protector-main\woofer-protected.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of FindShellTrayWindow
      PID:660

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
      Filesize

      854B

      MD5

      e935bc5762068caf3e24a2683b1b8a88

      SHA1

      82b70eb774c0756837fe8d7acbfeec05ecbf5463

      SHA256

      a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

      SHA512

      bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
      Filesize

      1KB

      MD5

      ff6dcc1f16831a379d21d21d25e8f3b2

      SHA1

      98800ba0be069de20fc5da9a4b0ede78dbfb8dcc

      SHA256

      d966876cf151284793b65c930229058485f5e1f8cb9f05606a20bcf7e880038c

      SHA512

      0a5bda125792128acf4cdcaeeb013d26ce0f8b006267a43f24b6ac837a7ef2699e15b4520d4c71e391686d65d48402c390ff9c3c6e727299f48326f9f0995186

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_16659210B029E2342348119FD8382C02
      Filesize

      472B

      MD5

      027f162302b21c4ef09f39a88415107a

      SHA1

      aa061641f12668736d92e30b6200889d54ca8035

      SHA256

      fc006338a7107028d4ff8dbb72954b25352e23a070e24f6eca985c5559fcaf08

      SHA512

      789bcb997f83cfa037ca5090651719c9abeb49434c96fc97eaa51e40b00069229e25d3a467870aa77db561f6865c8b6fb92b4783e48530ce05719ebc44f46897

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
      Filesize

      170B

      MD5

      73e397c4e5dd7f69a4f982c923163876

      SHA1

      73fa2297e4e877a5ad58ca34a8963d69baa92451

      SHA256

      6c3325ffacbe0805b01226b5d08d00c41eae675c6a2b1fbfaa5a6ff3110f162f

      SHA512

      c9f1905b454fa89544a3f4d643055a0874a0fc3770ce3fd3688b962b724e3136d59196ff0936a5d2667fdf10c9bb3528a78517921c6aac1603075125d3c518e6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
      Filesize

      410B

      MD5

      6c9d1cd9f7435314e814d041c9d598fb

      SHA1

      90d6df32d62ebc772337b170b26cd43a371bc0b5

      SHA256

      7f8c5a85149dfdce7f4813400742c8369db445d07c24c973d3e3f4080b649beb

      SHA512

      45109261b717886d4ff91cdc5f2c2ee45c0f5bd3488e09e7c090df1d6b27104efc797cbc6cf8496448c09b9ff4a846267b26f22afeb69ce7b78b44ed796e0083

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_16659210B029E2342348119FD8382C02
      Filesize

      398B

      MD5

      7824ce6886683016d8c2c0442d6d99b8

      SHA1

      3c7f076eaed7a6a38c9268b32e8db0591356d9a1

      SHA256

      d1d5418b02395db65dea81053498d85953ca4db41db80f9919c2cef72a26dc98

      SHA512

      6be7de8f6b57443138f7a3649b009e2018f9a0d91490420209d949b6eabf03f814430332ab0211426b80e5dc5a1349f564c3ee05ce1caed2cf6a398cda7c8708

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\0x7 Protector.exe.log
      Filesize

      1KB

      MD5

      baf55b95da4a601229647f25dad12878

      SHA1

      abc16954ebfd213733c4493fc1910164d825cac8

      SHA256

      ee954c5d8156fd8890e582c716e5758ed9b33721258f10e758bdc31ccbcb1924

      SHA512

      24f502fedb1a305d0d7b08857ffc1db9b2359ff34e06d5748ecc84e35c985f29a20d9f0a533bea32d234ab37097ec0481620c63b14ac89b280e75e14d19fd545

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\0x7RT.dll
      Filesize

      40KB

      MD5

      94173de2e35aa8d621fc1c4f54b2a082

      SHA1

      fbb2266ee47f88462560f0370edb329554cd5869

      SHA256

      7e2c70b7732fb1a9a61d7ce3d7290bc7b31ea28cbfb1dbc79d377835615b941f

      SHA512

      cadbf4db0417283a02febbabd337bf17b254a6eb6e771f8a553a140dd2b04efd0672b1f3175c044a3edd0a911ce59d6695f765555262560925f3159bb8f3b798

      Download Submit

    • C:\Users\Admin\Desktop\0x7-Protector-main\0x7-Protector-main\0x7 Protector.exe
      Filesize

      2.8MB

      MD5

      e34b5948933ea0548f12b73d56bd2b04

      SHA1

      b780265562cf9a63523f2f581927774d279b1c67

      SHA256

      fca7dc54850b213ab3d88fe1d829df63ab81a2b9656f745a79467434fb1febfd

      SHA512

      26de835f355d3d0054610ac36842a5a46044b3523a9d3504fafe7ccc928b86a598da3816aefb8e1c783464567a6d1cb567d7272a9e31f1700647653343e0416a

      Download Submit

    • C:\Users\Admin\Desktop\0x7-Protector-main\0x7-Protector-main\Core.dll
      Filesize

      360KB

      MD5

      2a11477810664c352ae969c80e6cd30b

      SHA1

      b8060851a7830bf7498c2112661c1f9ebaeed818

      SHA256

      6dbd74243931367582bbfd2f2f5cec209c602a5fda318b1c83a16f0e63509e73

      SHA512

      91c266d055ef764114308849c769632760eb9d3585f1124d987f9eaa6a9fbf422f4d6c0cb12b9d6296ebc195f84d72e505974925f5eccc092ec40b0dfbff432d

      Download Submit

    • C:\Users\Admin\Desktop\0x7-Protector-main\0x7-Protector-main\EM.dll
      Filesize

      15KB

      MD5

      f4dd346921933df4fe7b014b37a88d10

      SHA1

      1e22ee1093d6648577bd936d5a89dcba0e685191

      SHA256

      1dca3cdd23705693ccb23d7f7d36f6bb6394938026cf18b64f0b11eebb67bc24

      SHA512

      02ebb5fa9863551d56b9f2d520a5ff95cd88ea8faa84efce7fe8c5dcaed3e31afdc4718426a4dffc1cee7f7eea45239377815ca4844d3b5cdfc32afa7a84a63f

      Download Submit

    • C:\Users\Admin\Desktop\0x7-Protector-main\0x7-Protector-main\Hardening.dll
      Filesize

      12KB

      MD5

      abf484535eb6af659c89fb7d779be6d8

      SHA1

      5a01a1f1e4271c9a1b1b83ba3e980b4e47a4e5dc

      SHA256

      8cb0abe95c3a1130e7a51830ce968a6a003b6d083522b319f211fa4d015994d2

      SHA512

      657d1f99fccd2c48d048f23f8689ad8b3f4d2df1cee46b08131608439b577214ce924012756fc25199e92965ad340f289910484db5b804e31d2dd0bcb8636778

      Download Submit

    • C:\Users\Admin\Desktop\0x7-Protector-main\0x7-Protector-main\Runtime.dll
      Filesize

      55KB

      MD5

      3f7c5facb68a4240f91fe93bd3e62e3b

      SHA1

      b4bc2134377919d4865b30d7f0747a1115467d9e

      SHA256

      f0ae1deb100808dfdff076f019cff6fa7e0e2f3625ab2e14c87649b782f437b3

      SHA512

      8237c588f1b05491a697405332b59b1495f74a64ed9df9ee1eebbdf2f3f84a8add77c55c037a60aba9f3b5141a9107f0cd5a1d4acb22e493806f8888fb8f7297

      Download Submit

    • C:\Users\Admin\Desktop\0x7-Protector-main\0x7-Protector-main\Siticone.UI.dll
      Filesize

      771KB

      MD5

      fa842ffa299c794e57597aae857d9cb3

      SHA1

      154afdfd9bd80c1b512f516a8c187c6dd849161e

      SHA256

      b1d4cdc7891d51636c5e82a91b9bf20e6bb6e68ddf515ac6f51fbda7b199d07d

      SHA512

      04ee2bff2a9ff0cf89150bb73f0f6a0bda372a245f12c5772b7167821f54f3d1d43292e3ce3c9f2eca2202688c179d5f09248c0fe522bf028c221e07b2d34e4a

      Download Submit

    • C:\Users\Admin\Desktop\0x7-Protector-main\0x7-Protector-main\VMUtils.dll
      Filesize

      4KB

      MD5

      4ef63ef41ae0e259ffaab3bceacb37bf

      SHA1

      a7bb23edc4e7f8a4609cec3ae16890518f3cb062

      SHA256

      ce9d0b64202366ec26c45845140542a72fe56dab3ef16e5db283b1c233de7f21

      SHA512

      593eaa2e3873fee038ffae15f8754cb7f0defcacead3cf5ffef5e93598af63f9ee4de1f334b17c2b65d969752bbe6c0a50c3571c2917aca1c01a00d5f0b0871b

      Download Submit

    • C:\Users\Admin\Desktop\0x7-Protector-main\0x7-Protector-main\dnlib.dll
      Filesize

      1.1MB

      MD5

      5cc2bb48b5e8c8ac0b99669401d15456

      SHA1

      02e9ae08f3ec364834eb3ffc122f1c90e1b0e95e

      SHA256

      648950f725fb0320e09c52dcaf81764916df96dc62e7429ba67daea0acb784ea

      SHA512

      2867e94cee9f89f1cf85ad01083d75f4bc0bc0e551b2ffae05581828994f2b01a458ac7a7c94a45e8c40858ecce197f7ec23482ee13ef3f1bf82b33b89b3b420

      Download Submit

    • C:\Users\Admin\Desktop\0x7-Protector-main\Guna.UI2.dll
      Filesize

      2.1MB

      MD5

      c19e9e6a4bc1b668d19505a0437e7f7e

      SHA1

      73be712aef4baa6e9dabfc237b5c039f62a847fa

      SHA256

      9ac8b65e5c13292a8e564187c1e7446adc4230228b669383bd7b07035ab99a82

      SHA512

      b6cd0af436459f35a97db2d928120c53d3691533b01e4f0e8b382f2bd81d9a9a2c57e5e2aa6ade9d6a1746d5c4b2ef6c88d3a0cf519424b34445d0d30aab61de

      Download Submit

    • C:\Users\Admin\Desktop\0x7-Protector-main\bin\coreclr.dll
      Filesize

      4.9MB

      MD5

      27d49de876adc48752954f64f5db9da4

      SHA1

      2137a2a832fbb479bb2ae15297ca6d11a36cf68c

      SHA256

      f31d2089328db88ffd561f56db944cae79647478e2b72be201d95607b8ae1666

      SHA512

      d2bec99263f36fefe1760f22b656e8cdd27ba5c66d5df9e8509165a8f119f0ba63c6a766e25ed4895a927a089c816c59fdd0c2fc0b2b9f2a22db65abbb1d9fd0

      Download Submit

    • C:\Users\Admin\Desktop\0x7-Protector-main\bin\dnSpy.deps.json
      Filesize

      172KB

      MD5

      c5ebae728e2f6d81ebb2811311491990

      SHA1

      41b37ba7693bb8c9f9852a80d1752e39203ee878

      SHA256

      c30990252f79f8a94c56ce5af663acf1333c34a4dd2c8abd199c82c684a45408

      SHA512

      9acc4497bdcdb472cb7b59d257be5275803abfc358f56803b73cc11bd691cc4320135d534a47d00605610a7426db2115fe227adbc98b60aebb78d366f312e737

      Download Submit

    • C:\Users\Admin\Desktop\0x7-Protector-main\bin\dnSpy.runtimeconfig.json
      Filesize

      274B

      MD5

      c0bbae9a92c0004f0e48a1303834a4f1

      SHA1

      6254cc2e4595c272c88200a569ced499f82fb531

      SHA256

      d73d166ed2c36560e74ccd1067673bc17c881d570e09394ddd5ef0ffd3d9e8a4

      SHA512

      29a0025944bc65b708909a18e8d42723de52b5bf9fb191ab7936090f51edc4430791f341229f204e875d0673b046bc71e73842babc72312e19eb9c9019549272

      Download Submit

    • C:\Users\Admin\Desktop\0x7-Protector-main\bin\hostfxr.dll
      Filesize

      487KB

      MD5

      fa1ba429770bc8b64ce65511f29ff88f

      SHA1

      c9af6e053edc6f4ce1fcd165f1635cd15db98a9f

      SHA256

      48d9968db0001585b27c46c96d47952e86a42540b236a7d6877e8c67b7fa79a1

      SHA512

      c6dd92c56739e0b11dfeb496bbc14b24374e1910cb1a4c83edbb07d2565b2279fae0a9325d363ea7b2c548aea429ab6dcb875328ad48dcf2ef3256eb6c2778a3

      Download Submit

    • C:\Users\Admin\Desktop\0x7-Protector-main\bin\hostpolicy.dll
      Filesize

      494KB

      MD5

      af83b14c9628f161c980f69f7ae7b2be

      SHA1

      8b38008a74370379548a3accd259f43833b529ff

      SHA256

      fb249fed957ee658bfc20dbe18d1810aed29cd0b626374d147da5891a24b1b52

      SHA512

      a70d3f787b63345e7c2d6fcc50f66858d3c4bfccc952c637900067c1b59312d6c72febd04749fa36e027d65eaf07c5d7f6e90c1ed4b28767f6f5d36dded15712

      Download Submit

    • C:\Users\Admin\Desktop\0x7-Protector-main\dnSpy.exe
      Filesize

      207KB

      MD5

      5cf180fec9628c4df4267de3ed7a98a7

      SHA1

      edeaac9111d8f499378b67c983f7b7defbddb268

      SHA256

      bc1c4e0fc49c138bbfc223d3e94231cd4884439c663646d91e48fa005df6704a

      SHA512

      97149bb70657393965382a152f8dcdcd9bdca5a6914b788dcba6b92be1547a83fd2720afbd6b2deb9d20da524ee2bb85375d9ffd4b019157f0eef51d46539133

      Download Submit

    • C:\Users\Admin\Desktop\0x7-Protector-main\woofer-protected-VM.exe
      Filesize

      393KB

      MD5

      9b950bc987e3525a24dd34cae33255b2

      SHA1

      6cb3d3403685ef24e22e08cd9892a3b07e723b4a

      SHA256

      ea0e9e42e3f9c8af144ebe535501f2812038df8d123915698c86748cf2df4c0d

      SHA512

      000065483273fd39a803ff876af7ea7cd294caa2ce0b4477066cd04538162dc978264e1b9ad69d2d9d3965ad5eac738c3688cf2817482281e3c05f8875a8fed0

      Download Submit

    • C:\Users\Admin\Desktop\0x7-Protector-main\woofer-protected.exe
      Filesize

      143KB

      MD5

      200200f2d8c9da94942cdd36f23c4de7

      SHA1

      7d4d1b4a2d6552ea35b896384c9e36d7691c242c

      SHA256

      38587921ea47b5f8072d863fafdce88c1ab29882a584797da5afda9a21b67a6a

      SHA512

      42f4529345165632755c99d19bd1f0a1a3dd7c225e2876a918bf0cc80203dc3a2aae7ecebae88a739cb6981e048c920ea9a77348cc8c77db729d5df284b33ed0

      Download Submit

    • C:\Users\Admin\Desktop\0x7-Protector-main\woofer-protected.exe
      Filesize

      137KB

      MD5

      5d2745fb4b5b089d20a2b469d5e0f312

      SHA1

      ad182986dcb2d965eea1a2fd0da8a3db927c53d1

      SHA256

      aa618d7bc857c66c73027572548b2e622e68002df4e028de54539d5acecf66cf

      SHA512

      6896f46d3b997b4600cd910a3ade6c0b1c6929d92f86380bf3c306d20923b013094361a757894ebedc3d319b0ff2c237fe48d53d0d0785cc7daf00c95bf1ddc6

      Download Submit

    • C:\Users\Admin\Desktop\0x7-Protector-main\woofer.exe
      Filesize

      18KB

      MD5

      c24220f20c59491c7f0d52d4a4961689

      SHA1

      424fb09cb7c96f21e1931b1205dfcb0db7408cec

      SHA256

      f6a95a91763a2e4a92d4266be838fd99302a37816adb956cba7055fe8d4ce436

      SHA512

      6fc47dba4ef2564b11e8ebbd819ebeb5c5aa84274c007ff266f13c109da1a486995b1d5eac42f636f43b3b34091a80fbb4c948110182b8f9657b6467efd39d54

      Download Submit

    • memory/2240-1828-0x0000000001030000-0x0000000001044000-memory.dmp

      Filesize

      80KB

      Download

    • memory/2556-1833-0x0000000000910000-0x000000000091A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/2680-1789-0x0000000002D40000-0x0000000002D54000-memory.dmp

      Filesize

      80KB

      Download

    • memory/2680-1800-0x0000000006D00000-0x0000000006F14000-memory.dmp

      Filesize

      2.1MB

      Download

    • memory/2680-1795-0x00000000054F0000-0x0000000005582000-memory.dmp

      Filesize

      584KB

      Download

    • memory/2680-1794-0x0000000005BB0000-0x0000000006154000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/2680-1797-0x0000000006870000-0x000000000687A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/2680-1788-0x0000000000A20000-0x0000000000A88000-memory.dmp

      Filesize

      416KB

      Download

    • memory/2680-1796-0x0000000005600000-0x0000000005666000-memory.dmp

      Filesize

      408KB

      Download

    • memory/2916-1812-0x0000000000970000-0x000000000099A000-memory.dmp

      Filesize

      168KB

      Download

    • memory/3048-1841-0x0000000001510000-0x0000000001524000-memory.dmp

      Filesize

      80KB

      Download

    • memory/4156-1760-0x00007FFB24233000-0x00007FFB24235000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4156-1766-0x00007FFB24230000-0x00007FFB24CF1000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/4156-1785-0x00007FFB24230000-0x00007FFB24CF1000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/4156-1780-0x0000025C7CBE0000-0x0000025C7CBEA000-memory.dmp

      Filesize

      40KB

      Download

    • memory/4156-1776-0x0000025C7CD50000-0x0000025C7CDB0000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4156-1773-0x0000025C7CB80000-0x0000025C7CB88000-memory.dmp

      Filesize

      32KB

      Download

    • memory/4156-1770-0x0000025C7DF30000-0x0000025C7E054000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/4156-1782-0x0000025C18750000-0x0000025C18764000-memory.dmp

      Filesize

      80KB

      Download

    • memory/4156-1761-0x0000025C7ABF0000-0x0000025C7AEBE000-memory.dmp

      Filesize

      2.8MB

      Download

    • memory/4156-1765-0x00007FFB24233000-0x00007FFB24235000-memory.dmp

      Filesize

      8KB

      Download

    • memory/4156-1764-0x00007FFB24230000-0x00007FFB24CF1000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/4156-1763-0x0000025C7D510000-0x0000025C7D5D8000-memory.dmp

      Filesize

      800KB

      Download

    • memory/4228-1822-0x0000000002B80000-0x0000000002B94000-memory.dmp

      Filesize

      80KB

      Download

    • memory/4432-1855-0x00000000001B0000-0x00000000001DC000-memory.dmp

      Filesize

      176KB

      Download