Analysis
-
max time kernel
145s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20250410-en -
resource tags
-
submitted
12/04/2025, 01:31
General
-
Target
JaffaCakes118_b0aa6aa0990db6f46b5796d0c4bc433b.exe
-
Size
320KB
-
MD5
b0aa6aa0990db6f46b5796d0c4bc433b
-
SHA1
00dde0cb48208f2dc16234e8e65337acd8fe83a8
-
SHA256
2b4b67b7dfb8a0ed2bed471ae69385d6a707f6dfc522c40b3baa9de55d9319fb
-
SHA512
84afa598eb8272df256c1eab11bd05f8f9c6c258cdc96bef717510296cfdb1077d0d8a5b07fffce91baf75ae55dd4bc126dbf415ecf98d6c41816bc8cd227c46
-
SSDEEP
6144:y7voib2AhwnojVWiFBdRKb3485SO5IgwDcqWgvZ:6nVp73KbI85FIJAK
Malware Config
Extracted
darkcomet
Guest16
alonelydmrist.no-ip.info:81
DC_MUTEX-7KLRLNK
-
InstallPath
System\taskhost.exe
-
gencode
mq7B669z*ATf
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
taskhost
Signatures
-
Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
-
Darkcomet family
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 4 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Suspicious use of SetThreadContext 5 IoCs
-
UPX packed file 8 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Program Files directory 13 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 8 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b0aa6aa0990db6f46b5796d0c4bc433b.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b0aa6aa0990db6f46b5796d0c4bc433b.exe"1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b0aa6aa0990db6f46b5796d0c4bc433b.exeC:\Users\Admin\AppData\Local\Temp\JaffaCakes118_b0aa6aa0990db6f46b5796d0c4bc433b.exe2⤵
- Modifies WinLogon for persistence
- Checks computer location settings
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\Desktop\System\taskhost.exe"C:\Users\Admin\Desktop\System\taskhost.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\Desktop\System\taskhost.exeC:\Users\Admin\Desktop\System\taskhost.exe4⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\iexplore.exe"C:\Program Files (x86)\Internet Explorer\iexplore.exe"5⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=iexplore.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.06⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2f4,0x7ffe1d8af208,0x7ffe1d8af214,0x7ffe1d8af2207⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1936,i,1821896157430582688,2825196735517844596,262144 --variations-seed-version --mojo-platform-channel-handle=2316 /prefetch:37⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2288,i,1821896157430582688,2825196735517844596,262144 --variations-seed-version --mojo-platform-channel-handle=2284 /prefetch:27⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2596,i,1821896157430582688,2825196735517844596,262144 --variations-seed-version --mojo-platform-channel-handle=2608 /prefetch:87⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3528,i,1821896157430582688,2825196735517844596,262144 --variations-seed-version --mojo-platform-channel-handle=3552 /prefetch:17⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3536,i,1821896157430582688,2825196735517844596,262144 --variations-seed-version --mojo-platform-channel-handle=3568 /prefetch:17⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4324,i,1821896157430582688,2825196735517844596,262144 --variations-seed-version --mojo-platform-channel-handle=4948 /prefetch:17⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3780,i,1821896157430582688,2825196735517844596,262144 --variations-seed-version --mojo-platform-channel-handle=5232 /prefetch:87⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3804,i,1821896157430582688,2825196735517844596,262144 --variations-seed-version --mojo-platform-channel-handle=4920 /prefetch:87⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5520,i,1821896157430582688,2825196735517844596,262144 --variations-seed-version --mojo-platform-channel-handle=5516 /prefetch:87⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5592,i,1821896157430582688,2825196735517844596,262144 --variations-seed-version --mojo-platform-channel-handle=5644 /prefetch:87⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5592,i,1821896157430582688,2825196735517844596,262144 --variations-seed-version --mojo-platform-channel-handle=5644 /prefetch:87⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=6016,i,1821896157430582688,2825196735517844596,262144 --variations-seed-version --mojo-platform-channel-handle=4344 /prefetch:17⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --always-read-main-dll --field-trial-handle=6352,i,1821896157430582688,2825196735517844596,262144 --variations-seed-version --mojo-platform-channel-handle=6100 /prefetch:17⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --always-read-main-dll --field-trial-handle=6520,i,1821896157430582688,2825196735517844596,262144 --variations-seed-version --mojo-platform-channel-handle=6548 /prefetch:17⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=5188,i,1821896157430582688,2825196735517844596,262144 --variations-seed-version --mojo-platform-channel-handle=6664 /prefetch:17⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --always-read-main-dll --field-trial-handle=6320,i,1821896157430582688,2825196735517844596,262144 --variations-seed-version --mojo-platform-channel-handle=6020 /prefetch:17⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=6508,i,1821896157430582688,2825196735517844596,262144 --variations-seed-version --mojo-platform-channel-handle=4052 /prefetch:17⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6828,i,1821896157430582688,2825196735517844596,262144 --variations-seed-version --mojo-platform-channel-handle=6788 /prefetch:87⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6800,i,1821896157430582688,2825196735517844596,262144 --variations-seed-version --mojo-platform-channel-handle=6264 /prefetch:87⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6736,i,1821896157430582688,2825196735517844596,262144 --variations-seed-version --mojo-platform-channel-handle=6792 /prefetch:87⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5308,i,1821896157430582688,2825196735517844596,262144 --variations-seed-version --mojo-platform-channel-handle=5300 /prefetch:87⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5844,i,1821896157430582688,2825196735517844596,262144 --variations-seed-version --mojo-platform-channel-handle=5276 /prefetch:87⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=868,i,1821896157430582688,2825196735517844596,262144 --variations-seed-version --mojo-platform-channel-handle=5284 /prefetch:87⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5852,i,1821896157430582688,2825196735517844596,262144 --variations-seed-version --mojo-platform-channel-handle=7092 /prefetch:87⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7076,i,1821896157430582688,2825196735517844596,262144 --variations-seed-version --mojo-platform-channel-handle=5264 /prefetch:87⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=iexplore.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.06⤵
-
-
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\Desktop\System\taskhost.exe1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\Desktop\System\taskhost.exeC:\Users\Admin\Desktop\System\taskhost.exe2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\Desktop\System\taskhost.exeC:\Users\Admin\Desktop\System\taskhost.exe3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\iexplore.exe"C:\Program Files (x86)\Internet Explorer\iexplore.exe"4⤵
- System Location Discovery: System Language Discovery
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=iexplore.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.05⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=iexplore.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.05⤵
-
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start2⤵
-
Network
MITRE ATT&CK Enterprise v16
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
176B
MD56607494855f7b5c0348eecd49ef7ce46
SHA12c844dd9ea648efec08776757bc376b5a6f9eb71
SHA25637c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd
SHA5128cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a
-
Filesize
238B
MD515b69964f6f79654cbf54953aad0513f
SHA1013fb9737790b034195cdeddaa620049484c53a7
SHA2561bdda4a8fc3e2b965fbb52c9b23a9a34871bc345abfb332a87ea878f4472efbd
SHA5127eeee58e06bba59b1ef874436035202416079617b7953593abf6d9af42a55088ab37f45fdee394166344f0186c0cb7092f55ed201c213737bb5d5318e9f47908
-
Filesize
1KB
MD5ee002cb9e51bb8dfa89640a406a1090a
SHA149ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2
SHA2563dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b
SHA512d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c
-
Filesize
85B
MD5c3419069a1c30140b77045aba38f12cf
SHA111920f0c1e55cadc7d2893d1eebb268b3459762a
SHA256db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f
SHA512c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1
-
Filesize
224B
MD5c19eb8c8e7a40e6b987f9d2ee952996e
SHA16fc3049855bc9100643e162511673c6df0f28bfb
SHA256677e9e30350df17e2bc20fa9f7d730e9f7cc6e870d6520a345f5f7dc5b31f58a
SHA512860713b4a787c2189ed12a47d4b68b60ac00c7a253cae52dd4eb9276dacafeae3a81906b6d0742c8ecfdfaa255777c445beb7c2a532f3c677a9903237ac97596
-
Filesize
280B
MD5cf3da7267cb6a35a74a4dceb3097a615
SHA1a1b06c52d03147a6adbad9d32436b3b497115584
SHA25618a6d652dd17544c9feb2e01621ed64b958b1a26bcee81e29ab29d5a409dc222
SHA5126238eb406a42dfdf3faf7b62c92c6c0993974617f2ff403f6cd0a23dd2d53893bd96e92e78bbe6ba35ff191cdbcb8ecd69318c76547df76341ce9f2d43aae71f
-
Filesize
43KB
MD5e776697ebfebc164ef589a7d2e64e81b
SHA19fffd53a23922e685da50f5ce22e7cc2edb004e0
SHA2561a4f0a54f85f1cb4a9b13e91623153d1c078960884fe04076aa6df012e4599cb
SHA512877d9f98cce36137433181d56baf3da201370cfea1b81fec74cb9f545c4d764e6440de3b1144f0046149faab0b024fd46f6f1930dae8bb0ac15eae2519a02ac4
-
Filesize
33KB
MD51478de9c94a368d7ed03d50bb6005cdf
SHA1afdcefbe26aa59c0e4ae668cf422adcf589461a8
SHA25681cf44a40792ce2cc46ea896bbf06a91687ca4c25faee4e67e470a7d61a77914
SHA512dc980bc3355ddd8096f8751c9bb51f1e296322eaa5d4a9f20588690c3e799eb9aaec823fdccb098c53f4be978614e7980c419bb9ce7cf6b66c3db9515d9bf80c
-
Filesize
34KB
MD5522037f008e03c9448ae0aaaf09e93cb
SHA18a32997eab79246beed5a37db0c92fbfb006bef2
SHA256983c35607c4fb0b529ca732be42115d3fcaac947cee9c9632f7cacdbdecaf5a7
SHA512643ec613b2e7bdbb2f61e1799c189b0e3392ea5ae10845eb0b1f1542a03569e886f4b54d5b38af10e78db49c71357108c94589474b181f6a4573b86cf2d6f0d8
-
Filesize
69KB
MD5938aba7aabbec04a0180a78f3213cf7f
SHA132af549e781ce0183da02afb98e27e476e129b96
SHA256f998860d950a9aa57a97f1d57378194153712be01683ff502c44b9f516ac36bc
SHA5122d8c2ffddb0bea4396817545f08184111ce614b897e3dc18b2f0639e9a8113a5450d396213bdf70c830b7b8217af7c4c7b8143d2e4a88964533216b9eae08ced
-
Filesize
17KB
MD5240c4cc15d9fd65405bb642ab81be615
SHA15a66783fe5dd932082f40811ae0769526874bfd3
SHA256030272ce6ba1beca700ec83fded9dbdc89296fbde0633a7f5943ef5831876c07
SHA512267fe31bc25944dd7b6071c2c2c271ccc188ae1f6a0d7e587dcf9198b81598da6b058d1b413f228df0cb37c8304329e808089388359651e81b5f3dec566d0ee0
-
Filesize
506KB
MD528ddff24e4ed12d19034048dd693e051
SHA1f53dd3dbdd4643273399051b9dd0f187992e606d
SHA256904402faa420609a73320f5b75f8f81826159f9bc20d67d56d5fad963091dd0c
SHA51278f5ce9a540e514a0618799f221de79e32aa903086f99a56e504b0a9f270e430f7a3963173181007fac718a601c6b10a70c6324132ce2b0f5552a52437ff91af
-
Filesize
89KB
MD57a6ebb3193c0c23eaf22c4df76dbf3f5
SHA18c782bad9eecf80387a61bff578bf5c20e70ed80
SHA256b78264730ff0cb3d2b2eec16a9b129a9b633c704f5178613ca7271be967fcecb
SHA51217aab5b91a271555fa983312156f2e99d0bff3ae02963b2e73a57b30c4fbb5faf482acac34b77d8dfc6daa28d2c1c2282eba921f7c32fd791b0a98a9e2532083
-
Filesize
272KB
MD55f524e20ce61f542125454baf867c47b
SHA17e9834fd30dcfd27532ce79165344a438c31d78b
SHA256c688d3f2135b6b51617a306a0b1a665324402a00a6bceba475881af281503ad9
SHA512224a6e2961c75be0236140fed3606507bca49eb10cb13f7df2bcfbb3b12ebeced7107de7aa8b2b2bb3fc2aa07cd4f057739735c040ef908381be5bc86e0479b2
-
Filesize
21KB
MD5caf225f7adbe3c2452a62dd3fde23661
SHA1cbf6ac9c6cf00094fc79e189096a6baa3ff40631
SHA256026b86f6177fe1eafc143d0bb1841929df81cded8df3894dbca28b940c9153c7
SHA512455c1f42bce6849e4065c84cf6368f828e2a8cc3f853129e0f2f019d36a54c1e282823283a6cf4b29ee792d29a99648e3a97a4e9290997263048e9fdeb56a57e
-
Filesize
259KB
MD534504ed4414852e907ecc19528c2a9f0
SHA10694ca8841b146adcaf21c84dedc1b14e0a70646
SHA256c5327ac879b833d7a4b68e7c5530b2040d31e1e17c7a139a1fdd3e33f6102810
SHA512173b454754862f7750eaef45d9acf41e9da855f4584663f42b67daed6f407f07497348efdfcf14feeeda773414081248fec361ac4d4206f1dcc283e6a399be2f
-
Filesize
28KB
MD5e35d41d29bcacc8474c96fec87ab3760
SHA104c4cd7c7b0efbe9a3831b1ed2db8fe0dc468818
SHA2562f0454db4dd937f7fe4f0b0d1969f4057c631ec5e102cb3209f79b08dfad40a1
SHA51212e19dba0a58f9e7a50f5bc55ebebf58fa9bddf8ea2f25e1c14ad15bc1ef65f4b087846ad8172d714dbc76995c9188abfad08bfaa650be08a5e8ca0de51ed619
-
Filesize
31KB
MD510a3bf6e6cac566e16d57d26835df69b
SHA1f12d0b459f4f1f5af1e227a074218bb6012eb0bc
SHA2561e7e4d23dc95b01cfc94093235553b37e9ffef82ed1f89f555541883a98c7f03
SHA51205e2769b63b6e48684edfeda80115c683de4647537abb4b76fa87799a914e2ae5825e6fb220ac8471db3d071d74c1ecbcdbef783abe2bb732530407a92b9c65c
-
Filesize
4KB
MD5558064a7f7fa24941753bcb5aa533143
SHA19cb755f657c6f44cdef2e609488daf281861f611
SHA256eac78a152d5b97280d0eecc9217568b4d41072d5102d6bda87e3459958d2fa32
SHA51288b3837191666efaa24865ccdff9d53cd6ea2fd52fa7f3dc5338cd23b298a82c689f2acdfde7421b393f59b41efb3dadae26cb46ac24f36294d35c47f170f11e
-
Filesize
4KB
MD5b88a5b6da59e3d3ab67b95578c0547b5
SHA1e30545c24a684726a83998e326d22a44bfa16665
SHA256adf63eb3820658fc1d0c2735ac6e0a306441361f4e667d87323f7b3daae120e5
SHA512b66eb64bf3af28f3158bd2b8ec51a8c68d5d5a40dd641f7099dbd76f28cc52430ec221baf6eb824a495a42e51970f0496fbde3669a08d02e6956cfc19bdeebff
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
107KB
MD52b66d93c82a06797cdfd9df96a09e74a
SHA15f7eb526ee8a0c519b5d86c845fea8afd15b0c28
SHA256d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954
SHA51295e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5
-
Filesize
2KB
MD51f9d03eb07772ef37e1a4164777ef704
SHA15c2d5000685d2200f0aceb14ec59db0607cf34ef
SHA2568418a6ec9d64d9914f6a1d4f7dd0dd722efefae249aed75c567f14b1716c126a
SHA512422cea6712869d84962668c93f0507e3d2152715bc1e1cb24f2553faa45c7f9ba51d688a214e6e736f23521b91293464b2bc284e640be86e0e45641a1d69520a
-
Filesize
2KB
MD50e57aa2fbc9a967a03901cb43d04fc3c
SHA165f2bbf8464b707cf6689b9c6869bbe3fd04e2c1
SHA256877fd1f2f990a56e96ab8acfcb4dcd252d0864ab13520e9202e84fd357950845
SHA512e5b9008a94c5dea79c1785ae8db9073e00569b84ab01c3b3d75b38edc1266041b51b52ff878caa3a2f961abfa0af552da91289b386b395f5b5596cc2f15d7c9a
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
Filesize
16KB
MD55e1ab862076572c6cf1e078bbc7edb1f
SHA1c333d59206072639b868e0fd84c9abb839c6b8c5
SHA25673b67b3895e814bc4a0031b16737c4a8039086db719b4d86334146240f6850e3
SHA5128656d884f5ffc27503d8c1a99d26d4e5152d3caad530f8a5502502c91d3aa34db99c76f9d4bf212fbc9a3185a3c1c900dad187df6ea7c82ae51403659300fb18
-
Filesize
16KB
MD5b24e793864453c70c91d05f33931dba2
SHA11e3cff0532a2ae2e0bc1268a874146da842a498a
SHA25650198dd3a1e9b4b19553f06967731015c3fe3a28c1d8f22dd076fce906427134
SHA512f0a61d3092535865f95c61bbba9f235a03cadf50518e43aeb2a3186edad0033637536af4433a8b7040730d4b661c4467508ec9c08f3480f7412a70a6b9c0fc15
-
Filesize
36KB
MD54475084dac32702a70314d5cd5fda948
SHA18c04386c2c0531f6822d990e620ea08ce0a1600f
SHA256d63ac00a87a465588ddfa0a09d5290280da7997389958986f1de550fd493f312
SHA51287a17c87b2671deb07cba1de765927310cada448688952bcefa2874765c404dcf11335132b5cc362ea473890caf8131d4c0986c1def33ef58da4a8ae88c8bc98
-
Filesize
22KB
MD5799be34bc768faaa774ca7373cd70d5d
SHA10f27c2de5e82456754fb6d1367339eb0631592e5
SHA256b45d9765fde6638ed45bf4ef2bec4f802d6c37595cd6b91cdb5ec067d9202402
SHA512f177f27f8d25aa65e9a17dd2ff859435ff031bb643fd03a8d8ce9c8c703121d0bd813589445c51b59480e1a00210b7e8e08229edfc1d5d45a53fdf07223385b1
-
Filesize
467B
MD5e81adacbeb293b024d081b1b49a7c766
SHA1ff1636eb038a4c13383c5a1fcd2f2852e3b30999
SHA25655f9771216899b710e0c281689165ec076bc7c6b91935d5335845ba1238b6eb3
SHA5122989087389b60905f7d9ac106ef01f442263ac9b09458d3047c2e7a947d63fbbca3e5d47f2be0863193e991e6f9b31764fbb9c652a9135c2f53e6c9069515151
-
Filesize
900B
MD5a91f3b8253c6b03f7aafd68c1278361c
SHA1c026ee26aa37940e8954abbe038999683547605a
SHA256d42847b2611399dc4793e0ef00d524d91cabc18dc28988c7f60eeec2eb5a5f08
SHA51293971086a0f0c88e7ea222d3ce2f6491ec74fb4cde328897648cd734fcb5395b93a75da2932287acfc33f9693b0dd96c10be7bb33480b4282c9660ba324505d3
-
Filesize
20KB
MD5d2198bb64faf261b60c034ce6c03f459
SHA19c02fbc35fad0325f2c727ec43265f5590b6f659
SHA2565d5a5faa726ac5176e39ac5ea43234928e89e360056d887177a74d0c30541b96
SHA51281d7186cc318a5994169366b04e0b5fef15c790590a50c5d544656df385509d7e880fc31b7442b4822e144eabf870aea46232c3039b6e0ba846013d3e5d7b272
-
Filesize
22KB
MD53f8927c365639daa9b2c270898e3cf9d
SHA1c8da31c97c56671c910d28010f754319f1d90fa6
SHA256fc80d48a732def35ab6168d8fd957a6f13f3c912d7f9baf960c17249e4a9a1f2
SHA512d75b93f30989428883cb5e76f6125b09f565414cf45d59053527db48c6cf2ac7f54ed9e8f6a713c855cd5d89531145592ef27048cf1c0f63d7434cfb669dbd72
-
Filesize
40KB
MD569204afca3443ca5d94a8b56dfb86600
SHA11632e3db2657c1713694c94da1c4b20b8d11eaf2
SHA25614bdeb221472dab6a9e3bccf87bee26ac17926df2399b2debd92465864967f4d
SHA512b1c8a36a608f00568c6dbc2ef0a7ca9a7bfb43d15c2bd2f77488dc5532e25fc3cea27f5137dc2800de901a330a39c6e9e8014d10cd9af85ea5f142170a0166d4
-
Filesize
45KB
MD5497755e0a3f5f3d6084c28badc619cef
SHA1789772f9aa4a246ffc39315bbbb4eb7ae120cbea
SHA256c85b6f0f1eacfeefd77f883e1d95a9582bc121f47512ee44e7886fb9b5bad48f
SHA512faf547800a35e8e5ff89c6283b54014c8ce9879918a4a25bd18ebc0525eaa447bcd6ee274a1519122faeb877ad9d744485d8b28020c5ac1284a3c8e42b6d4d07
-
Filesize
40KB
MD535d587b00f9ca532c833fe54146865f4
SHA150916dd991de79edc6f677a22de7de2c82903695
SHA256d9d30594e001b98c960fa29e50fe6ba30c7979a56b5e7a591ab54e9f66d385b6
SHA512944ff2f37d21af53a4a8f4ac8a9b073be1fa8bc5cc5f5b7c51cea7fa0e068a562f7d950c68d969948e5d8c48a5342c01097f2deaab7d04da669d284576d94aba
-
Filesize
40KB
MD58aaeb1a555f05e27cbc1623e1e48756c
SHA13bd75ad6c1319d1709e16dcf1938a02776e46383
SHA2567c3793b187ae85cf950ba4b57141b111979d22a0bd16a317aa35c176a18b979b
SHA51296c3dedde91e1297383de41f8f519382152f1949461b8d77eeade4c9f00c33c2e3508cdd16da545438403f7c58f80714658a883e8d49842fc13ee4f7460bdb6d
-
Filesize
40KB
MD56f42302c051a7600a34e7a98c14c0776
SHA10a69067aaa806bac0803a1f2379cb324ee8f929a
SHA256004536c85789bfd00d177a5e4325e259466f630066308661c9af17c3d3b6834b
SHA512d9744981eaf809fdbafdc09e60ebbf8d0d0e1af4b9abd55729a647127ce5b9c1a9fa46ca5605590b4c8001f9b565ab249981bfda14896bc1ce9b0374381730b4
-
Filesize
2KB
MD533a7d73d145df5ced5414a4878a8d7f3
SHA10f07036cb577c9e93f418a33d59b71d1efedc0f4
SHA2562a8f9ff018858fe8b27794d1fbd8c7a40c613d950e325610e6a3cca4629316e8
SHA5123bf23c363faf9e044ecbab42d244c7e11e54d48350ae7880b7b85522c3e86aa1015b2063c45daa2cf3ecc7c40c369aa163d3a97cc29eff760c3db158dffee8c8
-
Filesize
320KB
MD5b0aa6aa0990db6f46b5796d0c4bc433b
SHA100dde0cb48208f2dc16234e8e65337acd8fe83a8
SHA2562b4b67b7dfb8a0ed2bed471ae69385d6a707f6dfc522c40b3baa9de55d9319fb
SHA51284afa598eb8272df256c1eab11bd05f8f9c6c258cdc96bef717510296cfdb1077d0d8a5b07fffce91baf75ae55dd4bc126dbf415ecf98d6c41816bc8cd227c46
-
Filesize
724KB
-
Filesize
724KB
-
Filesize
724KB
-
Filesize
344KB
-
Filesize
5.7MB
-
Filesize
4KB
-
Filesize
5.7MB
-
Filesize
5.7MB
-
Filesize
724KB
-
Filesize
724KB
-
Filesize
4KB
-
Filesize
724KB
-
Filesize
724KB
-
Filesize
724KB
-
Filesize
4KB
-
Filesize
5.7MB
-
Filesize
5.7MB
-
Filesize
5.7MB