Analysis
-
max time kernel
17s -
max time network
147s -
platform
windows11-21h2_x64 -
resource
win11-20250610-en -
resource tags
arch:x64arch:x86image:win11-20250610-enlocale:en-usos:windows11-21h2-x64system -
submitted
02/07/2025, 18:50
Behavioral task
behavioral1
Sample
2025-07-02_e3b7f7180b4b4267673d143afd3565af_black-basta_darkgate_elex_gcleaner_luca-stealer.exe
Resource
win10v2004-20250619-en
General
-
Target
2025-07-02_e3b7f7180b4b4267673d143afd3565af_black-basta_darkgate_elex_gcleaner_luca-stealer.exe
-
Size
1.4MB
-
MD5
e3b7f7180b4b4267673d143afd3565af
-
SHA1
37f142706b7e25cea3b1cff296a370ff57eb6843
-
SHA256
b4abd8c9af8f4a1c2bcddd8ed5a52e31954b016f798f44844791bb1c9ad8a15f
-
SHA512
c5444ed51a236de4db561c620b93d69264a0b6ad3c43b119efda22d9e80cec278dc6ebf110c8c1df868938e8b0dcf1808b4f4c179b6a03cc496dcae275e8cfa5
-
SSDEEP
24576:cnsJ39LyjbJkQFMhmC+6GD9UW6VXRhP26zyxd5cb6h/1MPc:cnsHyjtk2MYC5GDv6ByGK/1P
Malware Config
Extracted
xred
xred.mooo.com
-
payload_url
http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1
http://xred.site50.net/syn/SUpdate.ini
https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download
https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1
http://xred.site50.net/syn/Synaptics.rar
https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download
https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1
http://xred.site50.net/syn/SSLLibrary.dll
Extracted
darkcomet
guest
mori.giize.com:1604
DCMIN_MUTEX-RE8T7MY
-
InstallPath
DCSCMIN\IMDCSC.exe
-
gencode
D2eMrnnPZXw7
-
install
true
-
offline_keylogger
true
-
persistence
false
-
reg_key
DarkComet RAT
Signatures
-
Darkcomet family
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Users\\Admin\\Documents\\DCSCMIN\\IMDCSC.exe" windowsupdate.exe -
Xred family
-
Executes dropped EXE 8 IoCs
pid Process 5896 ._cache_2025-07-02_e3b7f7180b4b4267673d143afd3565af_black-basta_darkgate_elex_gcleaner_luca-stealer.exe 4548 Synaptics.exe 3888 Synaptics.exe 5460 windowsupdate.exe 2292 IMDCSC.exe 2104 IMDCSC.exe 3680 ._cache_Synaptics.exe 6120 ._cache_Synaptics.exe -
Loads dropped DLL 2 IoCs
pid Process 3888 Synaptics.exe 3888 Synaptics.exe -
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe" 2025-07-02_e3b7f7180b4b4267673d143afd3565af_black-basta_darkgate_elex_gcleaner_luca-stealer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2340264150-4060318110-2688614100-1000\Software\Microsoft\Windows\CurrentVersion\Run\DarkComet RAT = "C:\\Users\\Admin\\Documents\\DCSCMIN\\IMDCSC.exe" windowsupdate.exe -
Drops file in System32 directory 2 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\._cache_Synaptics.exe Synaptics.exe File created C:\Windows\SysWOW64\._cache_Synaptics.exe Synaptics.exe -
resource yara_rule behavioral2/files/0x001900000002b0aa-167.dat upx behavioral2/memory/5460-168-0x0000000000400000-0x00000000004B7000-memory.dmp upx behavioral2/memory/2104-182-0x0000000000400000-0x00000000004B7000-memory.dmp upx behavioral2/memory/2292-184-0x0000000000400000-0x00000000004B7000-memory.dmp upx behavioral2/memory/5460-229-0x0000000000400000-0x00000000004B7000-memory.dmp upx behavioral2/memory/2104-273-0x0000000000400000-0x00000000004B7000-memory.dmp upx behavioral2/memory/2104-289-0x0000000000400000-0x00000000004B7000-memory.dmp upx behavioral2/memory/2104-295-0x0000000000400000-0x00000000004B7000-memory.dmp upx behavioral2/memory/2104-321-0x0000000000400000-0x00000000004B7000-memory.dmp upx behavioral2/memory/2104-327-0x0000000000400000-0x00000000004B7000-memory.dmp upx -
Drops file in Windows directory 18 IoCs
description ioc Process File opened for modification C:\Windows\back.exe ._cache_Synaptics.exe File created C:\Windows\back.exe ._cache_Synaptics.exe File opened for modification C:\Windows\VPSTOOL.bat ._cache_Synaptics.exe File created C:\Windows\windowsupdate.exe ._cache_2025-07-02_e3b7f7180b4b4267673d143afd3565af_black-basta_darkgate_elex_gcleaner_luca-stealer.exe File opened for modification C:\Windows\back.exe ._cache_2025-07-02_e3b7f7180b4b4267673d143afd3565af_black-basta_darkgate_elex_gcleaner_luca-stealer.exe File created C:\Windows\__tmp_rar_sfx_access_check_240609781 ._cache_Synaptics.exe File created C:\Windows\windowsupdate.exe ._cache_Synaptics.exe File opened for modification C:\Windows\windowsupdate.exe ._cache_Synaptics.exe File created C:\Windows\__tmp_rar_sfx_access_check_240608796 ._cache_2025-07-02_e3b7f7180b4b4267673d143afd3565af_black-basta_darkgate_elex_gcleaner_luca-stealer.exe File created C:\Windows\back.exe ._cache_2025-07-02_e3b7f7180b4b4267673d143afd3565af_black-basta_darkgate_elex_gcleaner_luca-stealer.exe File opened for modification C:\Windows\windowsupdate.exe ._cache_2025-07-02_e3b7f7180b4b4267673d143afd3565af_black-basta_darkgate_elex_gcleaner_luca-stealer.exe File opened for modification C:\Windows\windowsupdate.exe ._cache_Synaptics.exe File opened for modification C:\Windows\VPSTOOL.bat ._cache_Synaptics.exe File created C:\Windows\windowsupdate.exe ._cache_Synaptics.exe File created C:\Windows\VPSTOOL.bat ._cache_2025-07-02_e3b7f7180b4b4267673d143afd3565af_black-basta_darkgate_elex_gcleaner_luca-stealer.exe File opened for modification C:\Windows\VPSTOOL.bat ._cache_2025-07-02_e3b7f7180b4b4267673d143afd3565af_black-basta_darkgate_elex_gcleaner_luca-stealer.exe File opened for modification C:\Windows\back.exe ._cache_Synaptics.exe File created C:\Windows\__tmp_rar_sfx_access_check_240609828 ._cache_Synaptics.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 10 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Synaptics.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language windowsupdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IMDCSC.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IMDCSC.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ._cache_Synaptics.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2025-07-02_e3b7f7180b4b4267673d143afd3565af_black-basta_darkgate_elex_gcleaner_luca-stealer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ._cache_Synaptics.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ._cache_2025-07-02_e3b7f7180b4b4267673d143afd3565af_black-basta_darkgate_elex_gcleaner_luca-stealer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Synaptics.exe -
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE -
Modifies registry class 3 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ 2025-07-02_e3b7f7180b4b4267673d143afd3565af_black-basta_darkgate_elex_gcleaner_luca-stealer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ Synaptics.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ Synaptics.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 4572 EXCEL.EXE -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeIncreaseQuotaPrivilege 5460 windowsupdate.exe Token: SeSecurityPrivilege 5460 windowsupdate.exe Token: SeTakeOwnershipPrivilege 5460 windowsupdate.exe Token: SeLoadDriverPrivilege 5460 windowsupdate.exe Token: SeSystemProfilePrivilege 5460 windowsupdate.exe Token: SeSystemtimePrivilege 5460 windowsupdate.exe Token: SeProfSingleProcessPrivilege 5460 windowsupdate.exe Token: SeIncBasePriorityPrivilege 5460 windowsupdate.exe Token: SeCreatePagefilePrivilege 5460 windowsupdate.exe Token: SeBackupPrivilege 5460 windowsupdate.exe Token: SeRestorePrivilege 5460 windowsupdate.exe Token: SeShutdownPrivilege 5460 windowsupdate.exe Token: SeDebugPrivilege 5460 windowsupdate.exe Token: SeSystemEnvironmentPrivilege 5460 windowsupdate.exe Token: SeChangeNotifyPrivilege 5460 windowsupdate.exe Token: SeRemoteShutdownPrivilege 5460 windowsupdate.exe Token: SeUndockPrivilege 5460 windowsupdate.exe Token: SeManageVolumePrivilege 5460 windowsupdate.exe Token: SeImpersonatePrivilege 5460 windowsupdate.exe Token: SeCreateGlobalPrivilege 5460 windowsupdate.exe Token: 33 5460 windowsupdate.exe Token: 34 5460 windowsupdate.exe Token: 35 5460 windowsupdate.exe Token: 36 5460 windowsupdate.exe Token: SeIncreaseQuotaPrivilege 2104 IMDCSC.exe Token: SeSecurityPrivilege 2104 IMDCSC.exe Token: SeTakeOwnershipPrivilege 2104 IMDCSC.exe Token: SeLoadDriverPrivilege 2104 IMDCSC.exe Token: SeSystemProfilePrivilege 2104 IMDCSC.exe Token: SeSystemtimePrivilege 2104 IMDCSC.exe Token: SeProfSingleProcessPrivilege 2104 IMDCSC.exe Token: SeIncBasePriorityPrivilege 2104 IMDCSC.exe Token: SeCreatePagefilePrivilege 2104 IMDCSC.exe Token: SeBackupPrivilege 2104 IMDCSC.exe Token: SeRestorePrivilege 2104 IMDCSC.exe Token: SeShutdownPrivilege 2104 IMDCSC.exe Token: SeDebugPrivilege 2104 IMDCSC.exe Token: SeSystemEnvironmentPrivilege 2104 IMDCSC.exe Token: SeChangeNotifyPrivilege 2104 IMDCSC.exe Token: SeRemoteShutdownPrivilege 2104 IMDCSC.exe Token: SeUndockPrivilege 2104 IMDCSC.exe Token: SeManageVolumePrivilege 2104 IMDCSC.exe Token: SeImpersonatePrivilege 2104 IMDCSC.exe Token: SeCreateGlobalPrivilege 2104 IMDCSC.exe Token: 33 2104 IMDCSC.exe Token: 34 2104 IMDCSC.exe Token: 35 2104 IMDCSC.exe Token: 36 2104 IMDCSC.exe Token: SeIncreaseQuotaPrivilege 2292 IMDCSC.exe Token: SeSecurityPrivilege 2292 IMDCSC.exe Token: SeTakeOwnershipPrivilege 2292 IMDCSC.exe Token: SeLoadDriverPrivilege 2292 IMDCSC.exe Token: SeSystemProfilePrivilege 2292 IMDCSC.exe Token: SeSystemtimePrivilege 2292 IMDCSC.exe Token: SeProfSingleProcessPrivilege 2292 IMDCSC.exe Token: SeIncBasePriorityPrivilege 2292 IMDCSC.exe Token: SeCreatePagefilePrivilege 2292 IMDCSC.exe Token: SeBackupPrivilege 2292 IMDCSC.exe Token: SeRestorePrivilege 2292 IMDCSC.exe Token: SeShutdownPrivilege 2292 IMDCSC.exe Token: SeDebugPrivilege 2292 IMDCSC.exe Token: SeSystemEnvironmentPrivilege 2292 IMDCSC.exe Token: SeChangeNotifyPrivilege 2292 IMDCSC.exe Token: SeRemoteShutdownPrivilege 2292 IMDCSC.exe -
Suspicious use of SetWindowsHookEx 9 IoCs
pid Process 2104 IMDCSC.exe 4572 EXCEL.EXE 4572 EXCEL.EXE 4572 EXCEL.EXE 4572 EXCEL.EXE 4572 EXCEL.EXE 4572 EXCEL.EXE 4572 EXCEL.EXE 4572 EXCEL.EXE -
Suspicious use of WriteProcessMemory 27 IoCs
description pid Process procid_target PID 6016 wrote to memory of 5896 6016 2025-07-02_e3b7f7180b4b4267673d143afd3565af_black-basta_darkgate_elex_gcleaner_luca-stealer.exe 78 PID 6016 wrote to memory of 5896 6016 2025-07-02_e3b7f7180b4b4267673d143afd3565af_black-basta_darkgate_elex_gcleaner_luca-stealer.exe 78 PID 6016 wrote to memory of 5896 6016 2025-07-02_e3b7f7180b4b4267673d143afd3565af_black-basta_darkgate_elex_gcleaner_luca-stealer.exe 78 PID 6016 wrote to memory of 4548 6016 2025-07-02_e3b7f7180b4b4267673d143afd3565af_black-basta_darkgate_elex_gcleaner_luca-stealer.exe 82 PID 6016 wrote to memory of 4548 6016 2025-07-02_e3b7f7180b4b4267673d143afd3565af_black-basta_darkgate_elex_gcleaner_luca-stealer.exe 82 PID 6016 wrote to memory of 4548 6016 2025-07-02_e3b7f7180b4b4267673d143afd3565af_black-basta_darkgate_elex_gcleaner_luca-stealer.exe 82 PID 3116 wrote to memory of 3888 3116 cmd.exe 81 PID 3116 wrote to memory of 3888 3116 cmd.exe 81 PID 3116 wrote to memory of 3888 3116 cmd.exe 81 PID 5896 wrote to memory of 4652 5896 ._cache_2025-07-02_e3b7f7180b4b4267673d143afd3565af_black-basta_darkgate_elex_gcleaner_luca-stealer.exe 83 PID 5896 wrote to memory of 4652 5896 ._cache_2025-07-02_e3b7f7180b4b4267673d143afd3565af_black-basta_darkgate_elex_gcleaner_luca-stealer.exe 83 PID 5896 wrote to memory of 4652 5896 ._cache_2025-07-02_e3b7f7180b4b4267673d143afd3565af_black-basta_darkgate_elex_gcleaner_luca-stealer.exe 83 PID 4652 wrote to memory of 5460 4652 cmd.exe 85 PID 4652 wrote to memory of 5460 4652 cmd.exe 85 PID 4652 wrote to memory of 5460 4652 cmd.exe 85 PID 5460 wrote to memory of 2292 5460 windowsupdate.exe 88 PID 5460 wrote to memory of 2292 5460 windowsupdate.exe 88 PID 5460 wrote to memory of 2292 5460 windowsupdate.exe 88 PID 2768 wrote to memory of 2104 2768 cmd.exe 89 PID 2768 wrote to memory of 2104 2768 cmd.exe 89 PID 2768 wrote to memory of 2104 2768 cmd.exe 89 PID 3888 wrote to memory of 3680 3888 Synaptics.exe 90 PID 3888 wrote to memory of 3680 3888 Synaptics.exe 90 PID 3888 wrote to memory of 3680 3888 Synaptics.exe 90 PID 4548 wrote to memory of 6120 4548 Synaptics.exe 91 PID 4548 wrote to memory of 6120 4548 Synaptics.exe 91 PID 4548 wrote to memory of 6120 4548 Synaptics.exe 91
Processes
-
C:\Users\Admin\AppData\Local\Temp\2025-07-02_e3b7f7180b4b4267673d143afd3565af_black-basta_darkgate_elex_gcleaner_luca-stealer.exe"C:\Users\Admin\AppData\Local\Temp\2025-07-02_e3b7f7180b4b4267673d143afd3565af_black-basta_darkgate_elex_gcleaner_luca-stealer.exe"1⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:6016 -
C:\Users\Admin\AppData\Local\Temp\._cache_2025-07-02_e3b7f7180b4b4267673d143afd3565af_black-basta_darkgate_elex_gcleaner_luca-stealer.exe"C:\Users\Admin\AppData\Local\Temp\._cache_2025-07-02_e3b7f7180b4b4267673d143afd3565af_black-basta_darkgate_elex_gcleaner_luca-stealer.exe"2⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:5896 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Windows\VPSTOOL.bat" "3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4652 -
C:\Windows\windowsupdate.exeC:\Windows\windowsupdate.exe4⤵
- Modifies WinLogon for persistence
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5460 -
C:\Users\Admin\Documents\DCSCMIN\IMDCSC.exe"C:\Users\Admin\Documents\DCSCMIN\IMDCSC.exe"5⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:2292
-
-
-
-
-
C:\ProgramData\Synaptics\Synaptics.exe"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4548 -
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate3⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:6120
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\ProgramData\Synaptics\Synaptics.exe1⤵
- Suspicious use of WriteProcessMemory
PID:3116 -
C:\ProgramData\Synaptics\Synaptics.exeC:\ProgramData\Synaptics\Synaptics.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3888 -
C:\Windows\SysWOW64\._cache_Synaptics.exe"C:\Windows\system32\._cache_Synaptics.exe"3⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:3680
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\Documents\DCSCMIN\IMDCSC.exe1⤵
- Suspicious use of WriteProcessMemory
PID:2768 -
C:\Users\Admin\Documents\DCSCMIN\IMDCSC.exeC:\Users\Admin\Documents\DCSCMIN\IMDCSC.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2104
-
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4572
Network
MITRE ATT&CK Enterprise v16
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.4MB
MD5e3b7f7180b4b4267673d143afd3565af
SHA137f142706b7e25cea3b1cff296a370ff57eb6843
SHA256b4abd8c9af8f4a1c2bcddd8ed5a52e31954b016f798f44844791bb1c9ad8a15f
SHA512c5444ed51a236de4db561c620b93d69264a0b6ad3c43b119efda22d9e80cec278dc6ebf110c8c1df868938e8b0dcf1808b4f4c179b6a03cc496dcae275e8cfa5
-
C:\Users\Admin\AppData\Local\Temp\._cache_2025-07-02_e3b7f7180b4b4267673d143afd3565af_black-basta_darkgate_elex_gcleaner_luca-stealer.exe
Filesize680KB
MD5a1755b8c749b4e0fd0789ca9adbf91bd
SHA1f3ca65ce3e97af30e3395dff087f5d0036d5ea38
SHA25669a0b221da95d37de2507575352ebf748e238364129a9ddbbd0a44b106330d6d
SHA512f76e399f50b53aaceac44fd1f17430e0685fbd02a4d9849be5be94c81402345bf09de573a5adcc4a276aae1e9beb55b4b404bbbeca2f0d572a79ba66c8245914
-
Filesize
20KB
MD56f93bb2f65c1afd109f1b5e1bcae041a
SHA1d2bb86aec65967d869988c87d9ed2dcc42cee62c
SHA2560f3722653f09a5b11155c8c230f093abdeadd0fa39419339d84352119a28741e
SHA5125694641ae862796e86ba5c66214c6f167629afc8714aaa4a68ed77de5e52ae1ad05aaeb89d6e4da901f63fe94d128da591dbd6970371f5e30a599f7f6a455aab
-
Filesize
17KB
MD5e566fc53051035e1e6fd0ed1823de0f9
SHA100bc96c48b98676ecd67e81a6f1d7754e4156044
SHA2568e574b4ae6502230c0829e2319a6c146aebd51b7008bf5bbfb731424d7952c15
SHA512a12f56ff30ea35381c2b8f8af2446cf1daa21ee872e98cad4b863db060acd4c33c5760918c277dadb7a490cb4ca2f925d59c70dc5171e16601a11bc4a6542b04
-
Filesize
2KB
MD541ee125c368186c6d384209990d58acf
SHA1ce7c6593714d7f68c14e0e982f20fa79179262dc
SHA25611b03f007190de1639813eecf51ef17c7018763943b33f8cd86e17956004671c
SHA512030250c8fbf24172145afcb3eb06deaa009ecb52097e6ed97c35b840a851d3fccd4b201178db0a72e6ed821b12156754082ddab049753f964006fe5e5f9e64da
-
Filesize
294KB
MD5cbee84dba7cb855aff0ba5e977030b98
SHA1fbfa18e7fd6e8a9bbe812083808cd2b214d3ad15
SHA256e02983386ab9a22beb5f053103505f9e779abdf583baa2eb25cde42f94083329
SHA512bfe4ddefa05a4c9da93e71737249ed7cb9759dbcd7938b68fae23a29bab3c6246b5bee6b5529ef01ee582ca075b75c40ce18a76cdd4f0a1001a15d4a2fe4d235
-
Filesize
232KB
MD52cb91c11ad3e1e2fd299bf39e340b7ea
SHA1aa8b9e77344502bcf7e622f5afd384a30f1fd8b5
SHA256d036b55a6a557ea9ff5334c416d58f3375ee3cb73f6b0e40e89c793f47d6f506
SHA5129f3edd1d6f88ca0bb54702d5efc2b895eedf991794122346fb43b5deac77f6b9582fc8ff8e6cafc69dfe499b5031d360f4e126d80c427b9c9effeb1cc4ee9964