Analysis
-
max time kernel
30s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
30-12-2024 16:57
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
8dd7421e4132520ea7a5055e0ccfb7050e1255e2f117ac393242804eb0685d9aN.dll
Resource
win7-20240903-en
windows7-x64
17 signatures
120 seconds
General
-
Target
8dd7421e4132520ea7a5055e0ccfb7050e1255e2f117ac393242804eb0685d9aN.dll
-
Size
120KB
-
MD5
481003003903f4847cf68640eefb9af0
-
SHA1
f1fa71b857aadef84cda592d75ad719e34b355d3
-
SHA256
8dd7421e4132520ea7a5055e0ccfb7050e1255e2f117ac393242804eb0685d9a
-
SHA512
13066331883d1a83a14c69941c82fb8199c3774632728549f2add92bfad9d86590905f3cf4698c5a8bbfd8d9330189b026ce8aab7fa2a2033d604584029d4595
-
SSDEEP
3072:IhnMttJyxvM2+7Haak5XpaTcs423ox3ppB:IWfJyxvML7HwHkcA3MB
Malware Config
Extracted
Family
sality
C2
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Signatures
-
Modifies firewall policy service 3 TTPs 9 IoCs
description ioc Process Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DisableNotifications = "1" f76c5fd.exe Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions = "0" f76e080.exe Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DisableNotifications = "1" f76e080.exe Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall = "0" f76c497.exe Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions = "0" f76c497.exe Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall = "0" f76c5fd.exe Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions = "0" f76c5fd.exe Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DisableNotifications = "1" f76c497.exe Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall = "0" f76e080.exe -
Sality family
-
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" f76c5fd.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" f76e080.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" f76c497.exe -
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UacDisableNotify = "1" f76c497.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusOverride = "1" f76c5fd.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallOverride = "1" f76c5fd.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1" f76e080.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1" f76c497.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallDisableNotify = "1" f76c497.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallOverride = "1" f76c497.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1" f76c5fd.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1" f76c5fd.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusOverride = "1" f76e080.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallDisableNotify = "1" f76e080.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallOverride = "1" f76e080.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1" f76e080.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UacDisableNotify = "1" f76e080.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusOverride = "1" f76c497.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1" f76c497.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallDisableNotify = "1" f76c5fd.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UacDisableNotify = "1" f76c5fd.exe -
Executes dropped EXE 3 IoCs
pid Process 2148 f76c497.exe 2896 f76c5fd.exe 2736 f76e080.exe -
Loads dropped DLL 6 IoCs
pid Process 2372 rundll32.exe 2372 rundll32.exe 2372 rundll32.exe 2372 rundll32.exe 2372 rundll32.exe 2372 rundll32.exe -
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallOverride = "1" f76e080.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallOverride = "1" f76c497.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UacDisableNotify = "1" f76c497.exe Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\Svc f76c497.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusOverride = "1" f76c5fd.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UacDisableNotify = "1" f76c5fd.exe Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\Svc f76c5fd.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1" f76c497.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallDisableNotify = "1" f76c497.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1" f76c497.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1" f76c5fd.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallOverride = "1" f76c5fd.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1" f76c5fd.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusOverride = "1" f76c497.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusOverride = "1" f76e080.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UacDisableNotify = "1" f76e080.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallDisableNotify = "1" f76c5fd.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1" f76e080.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\FirewallDisableNotify = "1" f76e080.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1" f76e080.exe Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\Svc f76e080.exe -
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" f76c497.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" f76c5fd.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" f76e080.exe -
Enumerates connected drives 3 TTPs 17 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\K: f76c497.exe File opened (read-only) \??\M: f76c497.exe File opened (read-only) \??\Q: f76c497.exe File opened (read-only) \??\R: f76c497.exe File opened (read-only) \??\T: f76c497.exe File opened (read-only) \??\G: f76c497.exe File opened (read-only) \??\I: f76c497.exe File opened (read-only) \??\N: f76c497.exe File opened (read-only) \??\S: f76c497.exe File opened (read-only) \??\G: f76e080.exe File opened (read-only) \??\E: f76e080.exe File opened (read-only) \??\E: f76c497.exe File opened (read-only) \??\H: f76c497.exe File opened (read-only) \??\J: f76c497.exe File opened (read-only) \??\L: f76c497.exe File opened (read-only) \??\P: f76c497.exe File opened (read-only) \??\O: f76c497.exe -
resource yara_rule behavioral1/memory/2148-13-0x00000000005F0000-0x00000000016AA000-memory.dmp upx behavioral1/memory/2148-17-0x00000000005F0000-0x00000000016AA000-memory.dmp upx behavioral1/memory/2148-11-0x00000000005F0000-0x00000000016AA000-memory.dmp upx behavioral1/memory/2148-14-0x00000000005F0000-0x00000000016AA000-memory.dmp upx behavioral1/memory/2148-19-0x00000000005F0000-0x00000000016AA000-memory.dmp upx behavioral1/memory/2148-18-0x00000000005F0000-0x00000000016AA000-memory.dmp upx behavioral1/memory/2148-16-0x00000000005F0000-0x00000000016AA000-memory.dmp upx behavioral1/memory/2148-20-0x00000000005F0000-0x00000000016AA000-memory.dmp upx behavioral1/memory/2148-21-0x00000000005F0000-0x00000000016AA000-memory.dmp upx behavioral1/memory/2148-15-0x00000000005F0000-0x00000000016AA000-memory.dmp upx behavioral1/memory/2148-61-0x00000000005F0000-0x00000000016AA000-memory.dmp upx behavioral1/memory/2148-62-0x00000000005F0000-0x00000000016AA000-memory.dmp upx behavioral1/memory/2148-63-0x00000000005F0000-0x00000000016AA000-memory.dmp upx behavioral1/memory/2148-65-0x00000000005F0000-0x00000000016AA000-memory.dmp upx behavioral1/memory/2148-64-0x00000000005F0000-0x00000000016AA000-memory.dmp upx behavioral1/memory/2148-67-0x00000000005F0000-0x00000000016AA000-memory.dmp upx behavioral1/memory/2148-68-0x00000000005F0000-0x00000000016AA000-memory.dmp upx behavioral1/memory/2148-82-0x00000000005F0000-0x00000000016AA000-memory.dmp upx behavioral1/memory/2148-84-0x00000000005F0000-0x00000000016AA000-memory.dmp upx behavioral1/memory/2148-87-0x00000000005F0000-0x00000000016AA000-memory.dmp upx behavioral1/memory/2148-156-0x00000000005F0000-0x00000000016AA000-memory.dmp upx behavioral1/memory/2896-179-0x0000000000910000-0x00000000019CA000-memory.dmp upx behavioral1/memory/2736-203-0x0000000000900000-0x00000000019BA000-memory.dmp upx behavioral1/memory/2736-231-0x0000000000900000-0x00000000019BA000-memory.dmp upx -
Drops file in Windows directory 4 IoCs
description ioc Process File created C:\Windows\f77147a f76c5fd.exe File created C:\Windows\f7715d2 f76e080.exe File created C:\Windows\f76c4d5 f76c497.exe File opened for modification C:\Windows\SYSTEM.INI f76c497.exe -
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language f76c497.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language f76e080.exe -
Suspicious behavior: EnumeratesProcesses 3 IoCs
pid Process 2148 f76c497.exe 2148 f76c497.exe 2736 f76e080.exe -
Suspicious use of AdjustPrivilegeToken 46 IoCs
description pid Process Token: SeDebugPrivilege 2148 f76c497.exe Token: SeDebugPrivilege 2148 f76c497.exe Token: SeDebugPrivilege 2148 f76c497.exe Token: SeDebugPrivilege 2148 f76c497.exe Token: SeDebugPrivilege 2148 f76c497.exe Token: SeDebugPrivilege 2148 f76c497.exe Token: SeDebugPrivilege 2148 f76c497.exe Token: SeDebugPrivilege 2148 f76c497.exe Token: SeDebugPrivilege 2148 f76c497.exe Token: SeDebugPrivilege 2148 f76c497.exe Token: SeDebugPrivilege 2148 f76c497.exe Token: SeDebugPrivilege 2148 f76c497.exe Token: SeDebugPrivilege 2148 f76c497.exe Token: SeDebugPrivilege 2148 f76c497.exe Token: SeDebugPrivilege 2148 f76c497.exe Token: SeDebugPrivilege 2148 f76c497.exe Token: SeDebugPrivilege 2148 f76c497.exe Token: SeDebugPrivilege 2148 f76c497.exe Token: SeDebugPrivilege 2148 f76c497.exe Token: SeDebugPrivilege 2148 f76c497.exe Token: SeDebugPrivilege 2148 f76c497.exe Token: SeDebugPrivilege 2148 f76c497.exe Token: SeDebugPrivilege 2148 f76c497.exe Token: SeDebugPrivilege 2148 f76c497.exe Token: SeDebugPrivilege 2736 f76e080.exe Token: SeDebugPrivilege 2736 f76e080.exe Token: SeDebugPrivilege 2736 f76e080.exe Token: SeDebugPrivilege 2736 f76e080.exe Token: SeDebugPrivilege 2736 f76e080.exe Token: SeDebugPrivilege 2736 f76e080.exe Token: SeDebugPrivilege 2736 f76e080.exe Token: SeDebugPrivilege 2736 f76e080.exe Token: SeDebugPrivilege 2736 f76e080.exe Token: SeDebugPrivilege 2736 f76e080.exe Token: SeDebugPrivilege 2736 f76e080.exe Token: SeDebugPrivilege 2736 f76e080.exe Token: SeDebugPrivilege 2736 f76e080.exe Token: SeDebugPrivilege 2736 f76e080.exe Token: SeDebugPrivilege 2736 f76e080.exe Token: SeDebugPrivilege 2736 f76e080.exe Token: SeDebugPrivilege 2736 f76e080.exe Token: SeDebugPrivilege 2736 f76e080.exe Token: SeDebugPrivilege 2736 f76e080.exe Token: SeDebugPrivilege 2736 f76e080.exe Token: SeDebugPrivilege 2736 f76e080.exe Token: SeDebugPrivilege 2736 f76e080.exe -
Suspicious use of WriteProcessMemory 38 IoCs
description pid Process procid_target PID 2380 wrote to memory of 2372 2380 rundll32.exe 30 PID 2380 wrote to memory of 2372 2380 rundll32.exe 30 PID 2380 wrote to memory of 2372 2380 rundll32.exe 30 PID 2380 wrote to memory of 2372 2380 rundll32.exe 30 PID 2380 wrote to memory of 2372 2380 rundll32.exe 30 PID 2380 wrote to memory of 2372 2380 rundll32.exe 30 PID 2380 wrote to memory of 2372 2380 rundll32.exe 30 PID 2372 wrote to memory of 2148 2372 rundll32.exe 31 PID 2372 wrote to memory of 2148 2372 rundll32.exe 31 PID 2372 wrote to memory of 2148 2372 rundll32.exe 31 PID 2372 wrote to memory of 2148 2372 rundll32.exe 31 PID 2148 wrote to memory of 1116 2148 f76c497.exe 19 PID 2148 wrote to memory of 1172 2148 f76c497.exe 20 PID 2148 wrote to memory of 1236 2148 f76c497.exe 21 PID 2148 wrote to memory of 500 2148 f76c497.exe 23 PID 2148 wrote to memory of 2380 2148 f76c497.exe 29 PID 2148 wrote to memory of 2372 2148 f76c497.exe 30 PID 2148 wrote to memory of 2372 2148 f76c497.exe 30 PID 2372 wrote to memory of 2896 2372 rundll32.exe 32 PID 2372 wrote to memory of 2896 2372 rundll32.exe 32 PID 2372 wrote to memory of 2896 2372 rundll32.exe 32 PID 2372 wrote to memory of 2896 2372 rundll32.exe 32 PID 2372 wrote to memory of 2736 2372 rundll32.exe 34 PID 2372 wrote to memory of 2736 2372 rundll32.exe 34 PID 2372 wrote to memory of 2736 2372 rundll32.exe 34 PID 2372 wrote to memory of 2736 2372 rundll32.exe 34 PID 2148 wrote to memory of 1116 2148 f76c497.exe 19 PID 2148 wrote to memory of 1172 2148 f76c497.exe 20 PID 2148 wrote to memory of 1236 2148 f76c497.exe 21 PID 2148 wrote to memory of 500 2148 f76c497.exe 23 PID 2148 wrote to memory of 2896 2148 f76c497.exe 32 PID 2148 wrote to memory of 2896 2148 f76c497.exe 32 PID 2148 wrote to memory of 2736 2148 f76c497.exe 34 PID 2148 wrote to memory of 2736 2148 f76c497.exe 34 PID 2736 wrote to memory of 1116 2736 f76e080.exe 19 PID 2736 wrote to memory of 1172 2736 f76e080.exe 20 PID 2736 wrote to memory of 1236 2736 f76e080.exe 21 PID 2736 wrote to memory of 500 2736 f76e080.exe 23 -
System policy modification 1 TTPs 3 IoCs
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" f76c497.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" f76c5fd.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" f76e080.exe
Processes
-
C:\Windows\system32\taskhost.exe"taskhost.exe"1⤵PID:1116
-
C:\Windows\system32\Dwm.exe"C:\Windows\system32\Dwm.exe"1⤵PID:1172
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:1236
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8dd7421e4132520ea7a5055e0ccfb7050e1255e2f117ac393242804eb0685d9aN.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:2380 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8dd7421e4132520ea7a5055e0ccfb7050e1255e2f117ac393242804eb0685d9aN.dll,#13⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2372 -
C:\Users\Admin\AppData\Local\Temp\f76c497.exeC:\Users\Admin\AppData\Local\Temp\f76c497.exe4⤵
- Modifies firewall policy service
- UAC bypass
- Windows security bypass
- Executes dropped EXE
- Windows security modification
- Checks whether UAC is enabled
- Enumerates connected drives
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
- System policy modification
PID:2148
-
-
C:\Users\Admin\AppData\Local\Temp\f76c5fd.exeC:\Users\Admin\AppData\Local\Temp\f76c5fd.exe4⤵
- Modifies firewall policy service
- UAC bypass
- Windows security bypass
- Executes dropped EXE
- Windows security modification
- Checks whether UAC is enabled
- Drops file in Windows directory
- System policy modification
PID:2896
-
-
C:\Users\Admin\AppData\Local\Temp\f76e080.exeC:\Users\Admin\AppData\Local\Temp\f76e080.exe4⤵
- Modifies firewall policy service
- UAC bypass
- Windows security bypass
- Executes dropped EXE
- Windows security modification
- Checks whether UAC is enabled
- Enumerates connected drives
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
- System policy modification
PID:2736
-
-
-
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}1⤵PID:500
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
5Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
257B
MD5d56518b61d06d40d65eb7f6e8a528b98
SHA1aa7d37ce022ec3f0e157b622aceddb5c8d59cb39
SHA256b226298c77516851fbd015caf1c56d6f7e1f2ed95b6238edb85f9045a06458c0
SHA5121adacc025bdf691250f0c21c6464f82226f03fc7f2165f2c8e4251acfca3a87562d94cb195d40bea5881b0036873c17255603fac09c5d134d3d13c45bb8e6638
-
Filesize
97KB
MD5eb8eba38d3ce21cd0feb14afcf9bbb7e
SHA130773e27df3ad3008dfcc19e57fdada0e9bf92a5
SHA2567fc93dfb7161fba289cd1f01c7973d364c05f4079aeb8cc6aba6a4199aa77f7d
SHA5126f35e07a7fba278dbbf1b64438ada4f2a6727fcb4c3835d84e5a82f962e815d6835f04076c0d02a4215c07dcc00df0ec553db89574bba98926ff6be43e74599c