Overview

overview

10

Static

static

1

filecoder.dmg

macos_amd64

1

flawedammyy.exe

windows7_x64

10

flawedammyy.exe

windows10-2004_x64

10

qakbot.dll

windows7_x64

10

qakbot.dll

windows10-2004_x64

10

redline.exe

windows7_x64

10

redline.exe

windows10-2004_x64

10

seon.exe

windows7_x64

10

seon.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    147s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    24-06-2022 13:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    flawedammyy.exe

  • Size

    3.6MB

  • MD5

    743a6891999db5d7179091aba5f98fdb

  • SHA1

    eeca4b8f88fcae9db6f54304270699d459fb5722

  • SHA256

    fe9d72dd4b046bafdd144902ab570297629f83d06afb5a9ba7703382a29d588f

  • SHA512

    9edef033663c828536190332ec87ac0096ffddae934d17c51b255a55ecb05774211a0edb1915c19384641befa291cfdfd2e3f878bf3b827f8b203ec1bee9dd96

Score
10/10
ammyyadminflawedammyyevasionpersistencerattrojan

Malware Config

Signatures

  • Ammyy Admin

    Remote admin tool with various capabilities.

    ratammyyadmin
  • AmmyyAdmin Payload 5 IoCs
  • FlawedAmmyy RAT

    Remote-access trojan based on leaked code for the Ammyy remote admin software.

    trojanflawedammyy
  • Creates new service(s) 1 TTPs
    persistence
  • Executes dropped EXE 3 IoCs
  • Modifies Windows Firewall 1 TTPs 1 IoCs
    evasion
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 8 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious use of NtSetInformationThreadHideFromDebugger 7 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Launches sc.exe 2 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer Automatic Crash Recovery 1 TTPs 1 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 46 IoCs
    adwarespyware
  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 13 IoCs
  • Suspicious use of WriteProcessMemory 36 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\flawedammyy.exe
    "C:\Users\Admin\AppData\Local\Temp\flawedammyy.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in Program Files directory
    • Modifies Internet Explorer Automatic Crash Recovery
    • Modifies Internet Explorer Protected Mode Banner
    • Modifies Internet Explorer settings
    • Modifies system certificate store
    • Suspicious use of WriteProcessMemory
    PID:1100
    • C:\Program Files (x86)\SinTech\TextEdit.exe
      "C:\Program Files (x86)\SinTech\TextEdit.exe"
      2⤵
      • Executes dropped EXE
      PID:2040
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c sc create Wlanspeed binpath= "C:\ProgramData\Wlanspeed\wlanspeed.exe -service" start= auto displayname= "Wlanspeed" & sc description Wlanspeed "Wlanspeed service" && netsh advfirewall firewall add rule name="Wlanspeed" dir=in action=allow profile=any description="Wlanspeed service" program="C:\programdata\Wlanspeed\wlanspeed.exe" && netsh advfirewall firewall add rule name="Wlanspeed" dir=out action=allow profile=any description="Wlanspeed service" program="C:\programdata\Wlanspeed\wlanspeed.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1084
      • C:\Windows\SysWOW64\sc.exe
        sc create Wlanspeed binpath= "C:\ProgramData\Wlanspeed\wlanspeed.exe -service" start= auto displayname= "Wlanspeed"
        3⤵
        • Launches sc.exe
        PID:2000
      • C:\Windows\SysWOW64\sc.exe
        sc description Wlanspeed "Wlanspeed service"
        3⤵
        • Launches sc.exe
        PID:1308
      • C:\Windows\SysWOW64\netsh.exe
        netsh advfirewall firewall add rule name="Wlanspeed" dir=in action=allow profile=any description="Wlanspeed service" program="C:\programdata\Wlanspeed\wlanspeed.exe"
        3⤵
        • Modifies Windows Firewall
        PID:1984
    • C:\ProgramData\Wlanspeed\wlanspeed.exe
      "C:\ProgramData\Wlanspeed\wlanspeed.exe" -getid -nogui
      2⤵
      • Executes dropped EXE
      • Checks computer location settings
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious use of SetWindowsHookEx
      PID:1976
    • C:\ProgramData\Wlanspeed\outst.exe
      "C:\ProgramData\Wlanspeed\outst.exe" -outid
      2⤵
      • Executes dropped EXE
      PID:1752
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1700
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1700 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1936
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1700 CREDAT:209928 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1980

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\SinTech\TextEdit.exe
    Filesize

    72KB

    MD5

    00a6b8a6d0ad367a46961177f058d7a1

    SHA1

    1278c7e9243e1949d1b5b560c8a04397011e95d2

    SHA256

    49db59a95c30aa978362ca589699775932816a3a34732e398986e88fe2b779cb

    SHA512

    3aa77567476668df800fdae6bb36b75394e64a60e8d467ac0d3cb91de1738dda45fb817d913fdb6902c8c48a313b3ae2b68bb1449993c99f718bea2ae45af4ec

    Download Submit

  • C:\Program Files (x86)\SinTech\TextEdit.exe
    Filesize

    72KB

    MD5

    00a6b8a6d0ad367a46961177f058d7a1

    SHA1

    1278c7e9243e1949d1b5b560c8a04397011e95d2

    SHA256

    49db59a95c30aa978362ca589699775932816a3a34732e398986e88fe2b779cb

    SHA512

    3aa77567476668df800fdae6bb36b75394e64a60e8d467ac0d3cb91de1738dda45fb817d913fdb6902c8c48a313b3ae2b68bb1449993c99f718bea2ae45af4ec

    Download Submit

  • C:\Program Files (x86)\SinTech\TextEdit.exe.config
    Filesize

    178B

    MD5

    7818adbecb0e6c84d976415f661a031c

    SHA1

    7cd6f603c2e5a187525fb08b2e3c941d2395ec7b

    SHA256

    6185dbac8db6eea6e1c1a01782b1deaf3ae26d1cecc7614f02ee47907e346766

    SHA512

    a37602e09b24bb517768028d0721458bf345750bcef0e139326941b10b1fe298d3b59f423b16429e9755456850a0035f555d5d1ce45dfb57ff336f65b2d89b1b

    Download Submit

  • C:\ProgramData\Wlanspeed\outst.exe
    Filesize

    697KB

    MD5

    cfec1538a305af5ea524ce123aadb8d8

    SHA1

    651affabdf5920cfeb896da48f8adb8255f0d98a

    SHA256

    8c79aedd591d54c97a77cbb27a94bea74b2338ab4ba35695bd43d6a579b4be63

    SHA512

    36eacecb74687822e33d64fbf81a1ca08abc9ead4416df79f365a8b772f1d15c64a4fd7d589098f3766b07915837fbb4a46034a0a8b9984af5da8e228803842e

    Download Submit

  • C:\ProgramData\Wlanspeed\session.log
    Filesize

    93B

    MD5

    54e0ad4f5293d07698280650fc4bffcf

    SHA1

    e3909bdcaea05541b96b16a0cd904aad4554676e

    SHA256

    ff9dfa786492e447f2350f38ded2546922834acc3005637a3d2bb172bd5b9d2c

    SHA512

    7af0849f8df11cc72b6be4cf7a0fab442818d8ddf7a6c450f2042c46c4baea40108ec4d77cc54f247e5f0c99ab6d1f14b72ebcb84f5325079f5c116894b2d190

    Download Submit

  • C:\ProgramData\Wlanspeed\wlanspeed.exe
    Filesize

    3.2MB

    MD5

    7e055ac00553ce6dd611f15399b19b14

    SHA1

    e36a515e369f085ef731212d10b6d98ea506cff9

    SHA256

    ccb3eb4def241106ba92b6f476e18b529b8cd8253f25cae7cf4cfa2bb293156e

    SHA512

    7003c6ccad23d6c55edd31bf2550a0b1d6510f1b6e3ee59af8cea3e6abbfa91447ec5972c5337c4758051176b31cb58142b3393203f12dbe66ac0f1be5be3068

    Download Submit

  • C:\ProgramData\temp
    Filesize

    271B

    MD5

    714f2508d4227f74b6adacfef73815d8

    SHA1

    a35c8a796e4453c0c09d011284b806d25bdad04c

    SHA256

    a5579945f23747541c0e80b79e79375d4ca44feafcd425ee9bd9302e35312480

    SHA512

    1171a6eac6d237053815a40c2bcc2df9f4209902d6157777377228f3b618cad50c88a9519444ed5c447cf744e4655272fb42dabb567df85b4b19b1a2f1d086d8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    1KB

    MD5

    db9dfbc7b313304e74041dfd6a9684e8

    SHA1

    bc4be3195767f5f74214e812e1901265509bcf27

    SHA256

    d676105e17d3fa155f0222936bf2e6b5b395b1b089aed8f30c0f88d35ce6b253

    SHA512

    2e9c9bd9d1095ea1ef4512949e973feeb8a9b07b36c97da0a8b71a1c9f1c8a9ac22efabea83d061daaa691f14e07672505582b50512de8dd9d03dfd7a5cb9e95

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_612391CA048E24AFE88D97A30CD59312
    Filesize

    472B

    MD5

    132100119f62d81f43aa3def95a0cd84

    SHA1

    8dd708069b16901fc975f311547e2a8910812c44

    SHA256

    e55a3888f13bcd3811a8d88e3bd459838d9bdbef511ee00f6cbc42517bbc40e9

    SHA512

    8fd5a1b3e545ebe1ed143020d837ec1efa56efaa0ad1b0fe9b159f4736397fc3ca53dcbecf7ef3be8713e7b3ddd3fe598a0186b2e239ce7907c13a7a8611e95e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_C668445AACCF7A560A7B569C97BA4550
    Filesize

    471B

    MD5

    8b980e30580a0b79faa65818bd61a690

    SHA1

    3a9fe20f4d70736d7c231b40ab56d7ae23805463

    SHA256

    10af7bfce9f920cb1eb573f7ed6b990a4a076e2ab8d8d87140affd646d57f1c8

    SHA512

    3bbd09cb93203819b7323055aea09234cbfa4b998ca31c8ffd850eda3383170e56129f69c436911390f084d4b51ed1ed5ba303ea2ea8c03769b40ab28ac1855e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9096A354A7A3E42F3F619F51DB75C6B9
    Filesize

    891B

    MD5

    6c397da40e5559b23fd641b11250de43

    SHA1

    5f3b8cf2f810b37d78b4ceec1919c37334b9c774

    SHA256

    513b2cecb810d4cde5dd85391adfc6c2dd60d87bb736d2b521484aa47a0ebef6

    SHA512

    0f0369b90ef4930f59bd5c0091067200828bde84ea703c1029ec5603cf4bd1084f0e7e15f370dd5554a9e310d60bd01ba54492e2e6d6301e44609033ea9edbc3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    60KB

    MD5

    308336e7f515478969b24c13ded11ede

    SHA1

    8fb0cf42b77dbbef224a1e5fc38abc2486320775

    SHA256

    889b832323726a9f10ad03f85562048fdcfe20c9ff6f9d37412cf477b4e92ff9

    SHA512

    61ad97228cd6c3909ef3ac5e4940199971f293bdd0d5eb7916e60469573a44b6287c0fa1e0b6c1389df35eb6c9a7d2a61fdb318d4a886a3821ef5a9dab3ac24f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_A6B073BF0216E21AFC70413CC84E6A7A
    Filesize

    471B

    MD5

    2de0d27511bef33ab56547ffea1323fe

    SHA1

    c0924642b7fef69a424f129a8186d5ea1f41511b

    SHA256

    43e3a6ea9aba585ec88eed4723785948fb1b3eab452131146ee7901117c66f34

    SHA512

    08402ca7b1101b53fb96487c9bfc4edb007675bea4b3b7df20298e52c6528b5e1994fa90ea444f2c9c147a6b11e41887d4844824ae80cb84686b303f140b1c18

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    724B

    MD5

    5a11c6099b9e5808dfb08c5c9570c92f

    SHA1

    e5dc219641146d1839557973f348037fa589fd18

    SHA256

    91291a5edc4e10a225d3c23265d236ecc74473d9893be5bd07e202d95b3fb172

    SHA512

    c2435b6619464a14c65ab116ab83a6e0568bdf7abc5e5a5e19f3deaf56c70a46360965da8b60e1256e9c8656aef9751adb9e762731bb8dbab145f1c8224ac8f9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_12EDABE7F42D330012E99BF50004DBA7
    Filesize

    471B

    MD5

    afde0d5495cfdde334c1d25d647335d5

    SHA1

    5906cb825dc3b394eb0c7800bc4347325fbabcc2

    SHA256

    a4561abd8bf0fb50a895db72193fa66c7c700c09eef38f5dd105c332c61608bd

    SHA512

    03eb69a9cf092154ac593ed2b9273a43e66eb52517d81feef6aa5dee64e6ecd25a6d61efce8ab0ace1f737552aca83d92682ebebd56c63d17a570f78b566eebd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1
    Filesize

    867B

    MD5

    c5dfb849ca051355ee2dba1ac33eb028

    SHA1

    d69b561148f01c77c54578c10926df5b856976ad

    SHA256

    cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b

    SHA512

    88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    410B

    MD5

    92b6216c0c741152a92887980bda3426

    SHA1

    e609dca9b7e73e5dddb4a81d8235267b80b793b4

    SHA256

    1dfabc5c39a4e561b4afa692e7a228488eaf64f4388c3a9a7634c9e94ea3a769

    SHA512

    79363b2ce670312f67cff698ba9b8cba326fe32d213d92b0e9dc942daaf2112ee778af6a52e947be3c7c85febc38cba4d8779578d217e112042737455519a371

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_612391CA048E24AFE88D97A30CD59312
    Filesize

    406B

    MD5

    d7a912c0d51fc8954c9db7a148ffd372

    SHA1

    d164fcc942b7b43e0c609fb2f0beb78f44db2a23

    SHA256

    a1d5abc0b00ec8c0a55d1321d1ee40bb17b32696a52a02e611082a75cdaa4560

    SHA512

    9b737a00a7dcb3412338ffdfaecc20e33a737265cc7dd46983c09bb880e45b208d1001e958164295c45b5fabe36a10993a6256c9d296701e147a52c971cd839d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_C668445AACCF7A560A7B569C97BA4550
    Filesize

    406B

    MD5

    1d5f25f9d348f12a9770a014f7f4058a

    SHA1

    293631f5001da159309589741b1e0a154e1b4618

    SHA256

    4a005b3dae96eb7629e5c3bf448960b50c9f834e620a2e2e2d20874d2a7f669f

    SHA512

    60dbf8276f26226ba59bf5d32ddaf4372633f24b12f1b988fd2c818f031f1e7b3e9884bcb3d791e4add7f43900137f06512edf8a7f7d1b85ed204e91f6342940

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9096A354A7A3E42F3F619F51DB75C6B9
    Filesize

    282B

    MD5

    80663f3786c6e121351d1faa43d8e073

    SHA1

    13763dd7bde34cd65aff24f10e0c81b6583ecc29

    SHA256

    6f835966c14b620a4290137ee6e28f9b98e97896262d2fc1001422cfb33c34ec

    SHA512

    4b042ce640441635d593f89e26cab6dbf380e3640adc083c20ff6088fcab85abb13fa0af84a1a7313feee0b9a4ce16bae0a2de17ab05cb04b93bab70e20d6b59

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1d974e87c9db00f489bc016d811bb403

    SHA1

    ff4fa7f91fe17e44bce17121aff372d476d3afac

    SHA256

    91c2fb9561c58c9ef0400ee459d34407fb0a38e24d79ee6c683cd8f12835cb14

    SHA512

    5a3d814fc9f9beec41d54f7ac3d1e0e03289f95d4c77bbcd2136ca74000f9e93edb0bdc80321481d4de28624ef5b2366fdbf5392cdff725f40523137e8cf8e63

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0b2c955cad54ebc9f49665f50130c0d1

    SHA1

    2366d6d2089c329b59f9c91cdca84486d2c88d3b

    SHA256

    b6868da4e97b8b3c478d97e0073d7be8a777131d404985abfc59d623d0771dfa

    SHA512

    5ed0f03743eb30ce4535ead1709343eab88eefbdccf231b77df75af55d522b3eaee85145d27927928b717b1e7d9f1b40d095590c2275bfcb55a7ac4b36fd38cb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    248aa55bddd239a4f0740ad8a4ea4f04

    SHA1

    8abc6330075153a94842b9730e1c337a9a0fd25a

    SHA256

    758cac2e04858012957945b0f9efa2cb1e9e7b486f0c64667a1f5270d5412ea1

    SHA512

    6656d2fa51ed791cb85d1b8a58eacd21d0144e206a3c9d273b4cdf873b30f718d680c79c7ed1c1df358b003524c0b0971c6d9048b3408bda73c5ee1b76d32209

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c53b2dbeca4b49918c804f3bfb0e26b4

    SHA1

    7d7d39bc8b3c8aec61d8581595777b36d7095ed0

    SHA256

    8b32f5634ac277d8810945757a53c88423621f6caff143d695cf319f0819e5ec

    SHA512

    24d01bd2aa2d970221b62c0603f13bd039020b4a1e6281bb8c1e3e1ba6887b30b29257a48407575b717ae237796cd7da21e27375e4f580f5efa2c32f7ae5e65e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c53b2dbeca4b49918c804f3bfb0e26b4

    SHA1

    7d7d39bc8b3c8aec61d8581595777b36d7095ed0

    SHA256

    8b32f5634ac277d8810945757a53c88423621f6caff143d695cf319f0819e5ec

    SHA512

    24d01bd2aa2d970221b62c0603f13bd039020b4a1e6281bb8c1e3e1ba6887b30b29257a48407575b717ae237796cd7da21e27375e4f580f5efa2c32f7ae5e65e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a7efbeb0c2db419f2833578cb45b7c51

    SHA1

    d63d3dedc5d43e23a6a3f1bab9f47f374f4f3d6c

    SHA256

    0e751c9634a37842f833fde43cf47851114152dad36162f7c497d12b7fcd0133

    SHA512

    068bd5706a721443a2cfe20d27edd1ba0ab34fcb0a2089d65ff359d1636ab9832ec4e2b8a836153570e0552eb0d62baa53f5ac6865fd9c9070c1b7226a84e9c4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f3f2dad5121c0961ef2e755316ff8fc4

    SHA1

    39e0fdfd4cbaccdd070fa58de5a0cd92fd42b827

    SHA256

    ee113007c6b4a119ba3a5fd8668729969c8155396a66bfc4f81b8920c8f2c89f

    SHA512

    7df31d7297d8daede8a6aa5e980443d73ac326dac705abe123eafa7b731a2d67e2ac5e591f615cf3f35bd599b7e4e0d999d8331de8634d4d5eb2c52c2af121cb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f3f2dad5121c0961ef2e755316ff8fc4

    SHA1

    39e0fdfd4cbaccdd070fa58de5a0cd92fd42b827

    SHA256

    ee113007c6b4a119ba3a5fd8668729969c8155396a66bfc4f81b8920c8f2c89f

    SHA512

    7df31d7297d8daede8a6aa5e980443d73ac326dac705abe123eafa7b731a2d67e2ac5e591f615cf3f35bd599b7e4e0d999d8331de8634d4d5eb2c52c2af121cb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    533942ad4623a03b7524bb60be366a4d

    SHA1

    d55b163236dd986d001179dfc579b5d74a36874e

    SHA256

    23a5d352bfff926330d677854d6d66158e0c7926db646665522791216fee3df9

    SHA512

    301a75b430bdb9e36806d735797fa9a5304d3cfca20be60d4f2e6a3d7968d6666e03dba3136979b688980f16126fe915ee1d4fddf22d16f905cd41ef96458569

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cacd8397aca66f747fa2e167d6c26ee8

    SHA1

    2f25782390c2a9ce5e08747ad2119ccd81e64bdc

    SHA256

    9d9434349f73b209473663275adca7a341ce8a89452ad8cbecdc7bec8cf1ca42

    SHA512

    f03ee7e9e6548b5492476f52843a956754c9e81b03340c47387571e8a5313b0c2ccf41ee311c928d03b566f7efb9b66d0a75ce2aba0abdf2a18737d0dd966882

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_A6B073BF0216E21AFC70413CC84E6A7A
    Filesize

    410B

    MD5

    3ca5235358ec6662ec4fe64052610a08

    SHA1

    07fdad9ed364abd859f24b9e84bc7a9d36b0bf07

    SHA256

    2ad127d6c2ffdfbc9e50b27500187e8c07102b444464e21318fdc50e2e1262e3

    SHA512

    afbba580131f010158139c3d58809dad092ba1dd1b6a3954e500aa960ff402a6e54862dbd97d7f53b16c4c5fd930ae322da22357565d323cf2f7ff617252dfa6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    392B

    MD5

    b77c8b32e1cad11aff22b08a6d442393

    SHA1

    12be0c5050a7ce9abea8d0fc29568e0c07033246

    SHA256

    7b78186434ce5e171c922bba2d2f6dd48a188cd84b0bda2a3fe66c4b13be0953

    SHA512

    f5fba5f4dbbb5782f0d8e17fe2e090a242e82cac2abdb82a38d2aaf9c69bc19cea302496f991e9f9aa155f6f2d56df5d9a1cfd5b3e6aaeccd2ff8ab33aa74eb1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    933d18576a90cb65a0d829cd2b81c98f

    SHA1

    b4a9d49cb3be81a0c5185cb71c6fa5228daf7e82

    SHA256

    848f8e506950252d89d05e2d62bf3f0cab1066da4dc59b6e1ed2b23dedd5f2c4

    SHA512

    086c99b73fd417f95a2454902072597d9b928cc3b5a403b9d21065a438a13086cf897c065f1ee3cb0e8ca30b89addb978ea91dcba5157bace868836e6552aaab

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_12EDABE7F42D330012E99BF50004DBA7
    Filesize

    410B

    MD5

    fae4d46cedb976c48b831437acda7b6c

    SHA1

    e156794f6ea010b09b1f068f7081ee85b6b53c73

    SHA256

    c47200f7f4c5a6abcebabcb796beefe20277a8830078dd67660fc48690c5251c

    SHA512

    15540f7925211b080d863225babd8bd69556f8bcfab253c8b31c2f959e06929c8dd5598975dfb34ffac647e2e79f9f1568b4ac166ebde38e5d088c49c4eb2231

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1
    Filesize

    242B

    MD5

    bc6a21b8b747b34f284e68948579d3bf

    SHA1

    6cc4fa9e3c33fd52de2a093922b249f82923b3aa

    SHA256

    f64c5d594db1896c2b09c3d7c1679747f8ac4c5f36d49e74b9d02ab130d342ce

    SHA512

    d18b526566e2ddd3372ab232d0f7cb885127dde3b72d6eb4c9b4a761927935d9c9fcbdffc9bfcb77f77acd91687c315db84e0bd6d1db345293abd491085530d7

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0O8D7KIM\analytics[1].js
    Filesize

    49KB

    MD5

    d40531c5e99a6f84e42535859476fe35

    SHA1

    a901817d77b2fe5259c298c91bc65c54d7f8a1a9

    SHA256

    a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

    SHA512

    0a0272b56df74d6cad69f3c56392e0eefae0516839bc487c1dc9f7bba922c9e29f942e95bd280b14c2f21f1f264392b68b47fe379eec7375ddad3c107fcf9afb

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0O8D7KIM\jquery.min[1].js
    Filesize

    93KB

    MD5

    5790ead7ad3ba27397aedfa3d263b867

    SHA1

    8130544c215fe5d1ec081d83461bf4a711e74882

    SHA256

    2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0

    SHA512

    781acedc99de4ce8d53d9b43a158c645eab1b23dfdfd6b57b3c442b11acc4a344e0d5b0067d4b78bb173abbded75fb91c410f2b5a58f71d438aa6266d048d98a

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0O8D7KIM\qr[1].htm
    Filesize

    256B

    MD5

    fd292ee0391a4e2d73c0d9b36554b5e9

    SHA1

    e2508d95761a010101dbaba8646309bb61445d70

    SHA256

    85d9951334de9f50325844926b6d19ca75cb4fc19c0bafe5a05d9486a3b0ddad

    SHA512

    f839af40a8316c079c0285bc0fca957d2af877c6eaf9e5dc071b6a9b54873fa1cd2db50e5179d36bfc38004c981efee9c269ba5b4883b911fe6ddd36ea2b7b53

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F3SMCKIM\js[1].js
    Filesize

    191KB

    MD5

    d6cb30eb8b86c6b3cbe833b7dcf66c39

    SHA1

    56afd5e7d465b0482b1cc32a34700ac5b948fdf4

    SHA256

    ca47afa07fc371537df3e556b708eebabe81b31b64ec68554f69b49d48803ce8

    SHA512

    65c60ca215ef21bc00c38f3bab0ae5c6ece6bc10b658a811d41525c994223aeb1b445d33f0685d147ad7bf3dd6135c70a1f6bfc37a43a4d887992a96efdf4344

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F3SMCKIM\js[2].js
    Filesize

    196KB

    MD5

    48aa6ce3fbc7831cee81f499187f713d

    SHA1

    e835c4a2d9173765543d469dd45515b4c83114e0

    SHA256

    71d13dd58069080a48319d807c55d5e79165c671aa93925f5a37467053149e68

    SHA512

    dd773dd3b6aa54c6a6f712193ab3dd93900ec55539889a399235f369c35f75218db544383ab696cea21068547a1e0f240126ee69a80e18cbf0fed725da0326c3

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P3I7QXDO\gtm[1].js
    Filesize

    105KB

    MD5

    182dbf74ae5e262c7cc7a4e927cab6b4

    SHA1

    532eeec6dfcac5101710c38116cf52b6006c065a

    SHA256

    54d4a592f3a7fedc505c7a92d8c2a290bf0b1adf78e481b8e321a36002c7ccaf

    SHA512

    af4cfb31f381a6c26facc2c251796f5b50390f4282d23e56bd81085721b73f9859ebf18012932b6e5050bd24f8097f1fbe887f6f8101910b626018fc0ff3b81c

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P3I7QXDO\logo[1].htm
    Filesize

    258B

    MD5

    087db6fa7ba6e0a7246a9bbba6bd5222

    SHA1

    da6056925bd2b51fad922865edbbc8d081aff5a4

    SHA256

    87b21466ff0daf4de2e7a74dcc090dc8863fef291a6ab78283f0cea2b05a200d

    SHA512

    78544ed66f291ffeac39be832012401b748f529a550e134801e8a5b0bc0631820cd1385d28d6283185af4a88c2e1ed5966be6cb8a96421e61ea2c8779ed23bdb

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TGS3CERJ\style[1].css
    Filesize

    330B

    MD5

    0d8ec20c5a3758663b828801a3f0ab2c

    SHA1

    465f96c3d31bbdb9474a6290ed114aaf7d25293a

    SHA256

    2ea90d48b38e5ab9a4e9577f1a1133d3f6f8ee6d383fc19bf4d17279225ae62e

    SHA512

    4b5d4ee4b147a8c0b03c17712ab367d2e6660707819e0a1a9eff5b0dce06074a0a8835fe0c09dd744112d93d1984abf0537d56c8fd60ec3adacb0ff784145995

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TGS3CERJ\uh[1].js
    Filesize

    30KB

    MD5

    b27fc62d9a9a1b1704443d72e873bff4

    SHA1

    3e0e33233405eb42728da14efd7fa6b39ad64e17

    SHA256

    afef63348ef4e06b6da27547978472e008f7d4667f7036d50a6872bfc4da6bab

    SHA512

    6ea082f120fa00c951757b162ad756c2d1a4f6b3bea4cbd077bb02154ab0f47f709850e6f2379f583d5a75f781fb1ff6da7e8b882bcdf3e1064f2b6057d2acca

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\AM6JXTR7.txt
    Filesize

    606B

    MD5

    8e04977b2fc9879e23db3b807db59fb9

    SHA1

    ed70a10c5c3f3ac1596eb72dc0429d64992cab6a

    SHA256

    26dc738fffe96b2ec1d7ac403f1b11230526a5ecf81b306f0e656052422ecfce

    SHA512

    cd45242b0a163731d8a08168d61ca42de62a819129bb7551648c7d29e0d1f1fd0e6f17a3d26b7b480d9aa8b54b3a311c299ede6c6ee4eeb567ae692269d53938

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\MX6BYVF1.txt
    Filesize

    548B

    MD5

    5797685eb1b954aba8b833abde348965

    SHA1

    72d36714b645e56262958113bce5e5cc4555c958

    SHA256

    cd48e380f3493fa03bd4d3a614e63828fca21ffaa30bf512e263f0b6d3b677c9

    SHA512

    8e79cea474dbf6de842be6af3eae976523362165d6d938323bd2315ac7ad5f3b9b1043534dcdea1e00bc9274151ed28958e1e07bcafc7a9ab5b323604ecf0280

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\PKTOOHUT.txt
    Filesize

    548B

    MD5

    608de1bc6aa69ea8c27ec3029c6cf87a

    SHA1

    86b36b8b234378f4b7c955596e83c8173b80a477

    SHA256

    aed3171866ccf9512635cc1dbfdf9e861025c5345545f85245cbae1e5911884d

    SHA512

    4a405bfae06d576711ed7eff33a4845bf09ace0436fe619f21e318db78bc436eb0f0c52d538fe7bbf0f2a7e8d9e0d36e25597fc861156e776d3d359061684952

    Download Submit

  • \??\c:\programdata\wlanspeed\wlanspeed.exe
    Filesize

    3.2MB

    MD5

    7e055ac00553ce6dd611f15399b19b14

    SHA1

    e36a515e369f085ef731212d10b6d98ea506cff9

    SHA256

    ccb3eb4def241106ba92b6f476e18b529b8cd8253f25cae7cf4cfa2bb293156e

    SHA512

    7003c6ccad23d6c55edd31bf2550a0b1d6510f1b6e3ee59af8cea3e6abbfa91447ec5972c5337c4758051176b31cb58142b3393203f12dbe66ac0f1be5be3068

    Download Submit

  • \Program Files (x86)\SinTech\TextEdit.exe
    Filesize

    72KB

    MD5

    00a6b8a6d0ad367a46961177f058d7a1

    SHA1

    1278c7e9243e1949d1b5b560c8a04397011e95d2

    SHA256

    49db59a95c30aa978362ca589699775932816a3a34732e398986e88fe2b779cb

    SHA512

    3aa77567476668df800fdae6bb36b75394e64a60e8d467ac0d3cb91de1738dda45fb817d913fdb6902c8c48a313b3ae2b68bb1449993c99f718bea2ae45af4ec

    Download Submit

  • \ProgramData\Wlanspeed\outst.exe
    Filesize

    697KB

    MD5

    cfec1538a305af5ea524ce123aadb8d8

    SHA1

    651affabdf5920cfeb896da48f8adb8255f0d98a

    SHA256

    8c79aedd591d54c97a77cbb27a94bea74b2338ab4ba35695bd43d6a579b4be63

    SHA512

    36eacecb74687822e33d64fbf81a1ca08abc9ead4416df79f365a8b772f1d15c64a4fd7d589098f3766b07915837fbb4a46034a0a8b9984af5da8e228803842e

    Download Submit

  • \ProgramData\Wlanspeed\outst.exe
    Filesize

    697KB

    MD5

    cfec1538a305af5ea524ce123aadb8d8

    SHA1

    651affabdf5920cfeb896da48f8adb8255f0d98a

    SHA256

    8c79aedd591d54c97a77cbb27a94bea74b2338ab4ba35695bd43d6a579b4be63

    SHA512

    36eacecb74687822e33d64fbf81a1ca08abc9ead4416df79f365a8b772f1d15c64a4fd7d589098f3766b07915837fbb4a46034a0a8b9984af5da8e228803842e

    Download Submit

  • \ProgramData\Wlanspeed\wlanspeed.exe
    Filesize

    3.2MB

    MD5

    7e055ac00553ce6dd611f15399b19b14

    SHA1

    e36a515e369f085ef731212d10b6d98ea506cff9

    SHA256

    ccb3eb4def241106ba92b6f476e18b529b8cd8253f25cae7cf4cfa2bb293156e

    SHA512

    7003c6ccad23d6c55edd31bf2550a0b1d6510f1b6e3ee59af8cea3e6abbfa91447ec5972c5337c4758051176b31cb58142b3393203f12dbe66ac0f1be5be3068

    Download Submit

  • \ProgramData\Wlanspeed\wlanspeed.exe
    Filesize

    3.2MB

    MD5

    7e055ac00553ce6dd611f15399b19b14

    SHA1

    e36a515e369f085ef731212d10b6d98ea506cff9

    SHA256

    ccb3eb4def241106ba92b6f476e18b529b8cd8253f25cae7cf4cfa2bb293156e

    SHA512

    7003c6ccad23d6c55edd31bf2550a0b1d6510f1b6e3ee59af8cea3e6abbfa91447ec5972c5337c4758051176b31cb58142b3393203f12dbe66ac0f1be5be3068

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst85C.tmp\INetC.dll
    Filesize

    21KB

    MD5

    92ec4dd8c0ddd8c4305ae1684ab65fb0

    SHA1

    d850013d582a62e502942f0dd282cc0c29c4310e

    SHA256

    5520208a33e6409c129b4ea1270771f741d95afe5b048c2a1e6a2cc2ad829934

    SHA512

    581351aef694f2489e1a0977ebca55c4d7268ca167127cefb217ed0d2098136c7eb433058469449f75be82b8e5d484c9e7b6cf0b32535063709272d7810ec651

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst85C.tmp\System.dll
    Filesize

    11KB

    MD5

    2ae993a2ffec0c137eb51c8832691bcb

    SHA1

    98e0b37b7c14890f8a599f35678af5e9435906e1

    SHA256

    681382f3134de5c6272a49dd13651c8c201b89c247b471191496e7335702fa59

    SHA512

    2501371eb09c01746119305ba080f3b8c41e64535ff09cee4f51322530366d0bd5322ea5290a466356598027e6cda8ab360caef62dcaf560d630742e2dd9bcd9

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst85C.tmp\nsExec.dll
    Filesize

    6KB

    MD5

    b648c78981c02c434d6a04d4422a6198

    SHA1

    74d99eed1eae76c7f43454c01cdb7030e5772fc2

    SHA256

    3e3d516d4f28948a474704d5dc9907dbe39e3b3f98e7299f536337278c59c5c9

    SHA512

    219c88c0ef9fd6e3be34c56d8458443e695badd27861d74c486143306a94b8318e6593bf4da81421e88e4539b238557dd4fe1f5bedf3ecec59727917099e90d2

    Download Submit

  • memory/1100-77-0x0000000002530000-0x0000000003245000-memory.dmp

    Filesize

    13.1MB

    Download

  • memory/1100-76-0x0000000002530000-0x0000000003245000-memory.dmp

    Filesize

    13.1MB

    Download

  • memory/1100-54-0x0000000074B51000-0x0000000074B53000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1100-92-0x0000000002530000-0x0000000002532000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1976-78-0x0000000000400000-0x0000000001115000-memory.dmp

    Filesize

    13.1MB

    Download

  • memory/1976-79-0x000000007EBD0000-0x000000007EFA1000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/1976-80-0x0000000000400000-0x0000000001115000-memory.dmp

    Filesize

    13.1MB

    Download

  • memory/2040-67-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2040-66-0x00000000011D0000-0x00000000011EC000-memory.dmp

    Filesize

    112KB

    Download

  • memory/2040-69-0x000000001B1F0000-0x000000001B4D2000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2040-93-0x000000001CD80000-0x000000001D526000-memory.dmp

    Filesize

    7.6MB

    Download