hxxps://www[.]youtube[.]com/redirect?event=video_description&redir_token=QUFFLUhqa3BGem9ramp0eTVmRE5pbUJxMHZIUkxDU250QXxBQ3Jtc0tsdXR1S1hqMVkwNzAwa1EwdjFPcEJlQjBBeWhjQmNyVkpaUWNCRFZSTlJsMEFXVndSMFlkZUhoRTM1S1V0VU9xRTEzTkJxU0ZCdjZyaEVBVm9pMmNLLW1IdVU0dHlPaUw5WW1iQml6OXZ1cjIyVWpuRQ&q=https%3A%2F%2Fdrive[.]google[.]com%2Fu%2F0%2Fuc%3Fid%3D18aAJa7SkqCwzUkpe3707IOYmCDkZmif6%26export%3Ddownload&v=whEfx2WmDRE

Analysis

max time kernel
150s
max time network
114s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
03-04-2023 09:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa3BGem9ramp0eTVmRE5pbUJxMHZIUkxDU250QXxBQ3Jtc0tsdXR1S1hqMVkwNzAwa1EwdjFPcEJlQjBBeWhjQmNyVkpaUWNCRFZSTlJsMEFXVndSMFlkZUhoRTM1S1V0VU9xRTEzTkJxU0ZCdjZyaEVBVm9pMmNLLW1IdVU0dHlPaUw5WW1iQml6OXZ1cjIyVWpuRQ&q=https%3A%2F%2Fdrive.google.com%2Fu%2F0%2Fuc%3Fid%3D18aAJa7SkqCwzUkpe3707IOYmCDkZmif6%26export%3Ddownload&v=whEfx2WmDRE

Score

7^/10

bootkit persistence

Malware Config

Signatures

Executes dropped EXE 7 IoCs

Processes:

MEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid process

1608 MEMZ.exe
996 MEMZ.exe
1008 MEMZ.exe
1920 MEMZ.exe
1832 MEMZ.exe
560 MEMZ.exe
1476 MEMZ.exe
Loads dropped DLL 1 IoCs

Processes:

MEMZ.exe

pid process

1608 MEMZ.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

MEMZ.exe

description ioc process

File opened for modification \??\PhysicalDrive0 MEMZ.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

pid	process
1608	MEMZ.exe
996	MEMZ.exe
1008	MEMZ.exe
1920	MEMZ.exe
1832	MEMZ.exe
560	MEMZ.exe
1476	MEMZ.exe

pid	process
1608	MEMZ.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs

Modify Registry

T1112

Processes:

iexplore.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\PhishingFilter	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = e0410d302366d901	iexplore.exe

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeiexplore.exeIEXPLORE.EXEIEXPLORE.EXE

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\DOMStorage\pcoptimizerpro.com\Total = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20595b3f2366d901	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6454B5A1-D216-11ED-89CC-52C255710AF6} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c8a3886e844ee04ca528537b5bc4589900000000020000000000106600000001000020000000eb977fc633e1a4466ff4518e14f7f48bdba8ac1a70915656e28fc3b4e7b88b43000000000e8000000002000020000000845a4ce759996d8a0f21804685d8e133ed1e41f1f2ef3dd6807182dee2d3244d9000000081583cfaae957307b43742613bc9cd889b9a097a258b2b14bf8c4cab248ef6e43ec419cb0da65cf3e180629a4d00ca708b291fe81f2de1fa73ad2b06d96c123080bcd6e2085e282f8c6d10cccf86f9f284041653e938f80241f036a4d4705e5f3b8eb0367ef81e808a305d7388fc4541fc14f6efa041be9504a08238ae388a68ea37d3ceb396c322bb82fbe8cea2ccde4000000038ac52869d8f02e91fbd83d8889097b873de480d67f095518c4c33eada0b7a4b44e9585bb9ad760405d244c155bc17e67121250c973a0d7805c53dba600b16d3	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\DOMStorage\pcoptimizerpro.com\ = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c8a3886e844ee04ca528537b5bc4589900000000020000000000106600000001000020000000b6369fb7d2587c3af91a1d20bbc4ad84487b803c19f8dd6a54e373c33fff0a15000000000e8000000002000020000000f9684247bcb46bc4208f874f81e5d845220497a7d00e0b6b81807d92979afcad20000000624b73bd4406b54cd4458a0e8a63e9990ff4bdaec2139ebf05625a76c5cf5b7540000000903e6ac35f23b1314a570dcd7175a715c9717ee18f271e74b1aeae09bb52221a7f50f2a602e13ad2fa84b6779990d83cf1f8522e00ce85215ea670aed678847e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\DOMStorage\pcoptimizerpro.com\Total = "20"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\DOMStorage\pcoptimizerpro.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\DOMStorage\pcoptimizerpro.com\ = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\DOMStorage\pcoptimizerpro.com	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Main\DownloadWindowPlacement = 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe

Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs

Processes:

MEMZ.exe

pid process

1608 MEMZ.exe

pid	process
1608	MEMZ.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

MEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid	process
996	MEMZ.exe
1920	MEMZ.exe
1832	MEMZ.exe
560	MEMZ.exe
996	MEMZ.exe
1920	MEMZ.exe
1832	MEMZ.exe
560	MEMZ.exe
996	MEMZ.exe
1920	MEMZ.exe
560	MEMZ.exe
1832	MEMZ.exe
996	MEMZ.exe
1920	MEMZ.exe
560	MEMZ.exe
1832	MEMZ.exe
996	MEMZ.exe
1920	MEMZ.exe
560	MEMZ.exe
1832	MEMZ.exe
996	MEMZ.exe
1920	MEMZ.exe
560	MEMZ.exe
1832	MEMZ.exe
996	MEMZ.exe
1920	MEMZ.exe
560	MEMZ.exe
1832	MEMZ.exe
996	MEMZ.exe
1920	MEMZ.exe
560	MEMZ.exe
1832	MEMZ.exe
996	MEMZ.exe
1920	MEMZ.exe
560	MEMZ.exe
1832	MEMZ.exe
996	MEMZ.exe
1920	MEMZ.exe
560	MEMZ.exe
1832	MEMZ.exe
996	MEMZ.exe
1920	MEMZ.exe
560	MEMZ.exe
1832	MEMZ.exe
996	MEMZ.exe
1920	MEMZ.exe
1832	MEMZ.exe
560	MEMZ.exe
996	MEMZ.exe
1920	MEMZ.exe
560	MEMZ.exe
1832	MEMZ.exe
996	MEMZ.exe
1920	MEMZ.exe
560	MEMZ.exe
1832	MEMZ.exe
996	MEMZ.exe
1920	MEMZ.exe
560	MEMZ.exe
1832	MEMZ.exe
996	MEMZ.exe
1920	MEMZ.exe
560	MEMZ.exe
1832	MEMZ.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

Processes:

7zG.exeAUDIODG.EXE

description	pid	process
Token: SeRestorePrivilege	1520	7zG.exe
Token: 35	1520	7zG.exe
Token: SeSecurityPrivilege	1520	7zG.exe
Token: SeSecurityPrivilege	1520	7zG.exe
Token: 33	1624	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1624	AUDIODG.EXE
Token: 33	1624	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1624	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 6 IoCs

Processes:

iexplore.exe7zG.execscript.exenotepad.exeiexplore.exe

pid process

1360 iexplore.exe
1360 iexplore.exe
1520 7zG.exe
1560 cscript.exe
324 notepad.exe
1752 iexplore.exe

Suspicious use of SetWindowsHookEx 12 IoCs

Processes:

iexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXE

pid	process
1360	iexplore.exe
1360	iexplore.exe
1488	IEXPLORE.EXE
1488	IEXPLORE.EXE
1488	IEXPLORE.EXE
1488	IEXPLORE.EXE
1752	iexplore.exe
1752	iexplore.exe
1164	IEXPLORE.EXE
1164	IEXPLORE.EXE
1164	IEXPLORE.EXE
1164	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 47 IoCs

Processes:

iexplore.execmd.exeMEMZ.exeMEMZ.exeiexplore.exe

description	pid	process	target process
PID 1360 wrote to memory of 1488	1360	iexplore.exe	IEXPLORE.EXE
PID 1360 wrote to memory of 1488	1360	iexplore.exe	IEXPLORE.EXE
PID 1360 wrote to memory of 1488	1360	iexplore.exe	IEXPLORE.EXE
PID 1360 wrote to memory of 1488	1360	iexplore.exe	IEXPLORE.EXE
PID 1996 wrote to memory of 1560	1996	cmd.exe	cscript.exe
PID 1996 wrote to memory of 1560	1996	cmd.exe	cscript.exe
PID 1996 wrote to memory of 1560	1996	cmd.exe	cscript.exe
PID 1996 wrote to memory of 1608	1996	cmd.exe	MEMZ.exe
PID 1996 wrote to memory of 1608	1996	cmd.exe	MEMZ.exe
PID 1996 wrote to memory of 1608	1996	cmd.exe	MEMZ.exe
PID 1996 wrote to memory of 1608	1996	cmd.exe	MEMZ.exe
PID 1608 wrote to memory of 996	1608	MEMZ.exe	MEMZ.exe
PID 1608 wrote to memory of 996	1608	MEMZ.exe	MEMZ.exe
PID 1608 wrote to memory of 996	1608	MEMZ.exe	MEMZ.exe
PID 1608 wrote to memory of 996	1608	MEMZ.exe	MEMZ.exe
PID 1608 wrote to memory of 1008	1608	MEMZ.exe	MEMZ.exe
PID 1608 wrote to memory of 1008	1608	MEMZ.exe	MEMZ.exe
PID 1608 wrote to memory of 1008	1608	MEMZ.exe	MEMZ.exe
PID 1608 wrote to memory of 1008	1608	MEMZ.exe	MEMZ.exe
PID 1608 wrote to memory of 1920	1608	MEMZ.exe	MEMZ.exe
PID 1608 wrote to memory of 1920	1608	MEMZ.exe	MEMZ.exe
PID 1608 wrote to memory of 1920	1608	MEMZ.exe	MEMZ.exe
PID 1608 wrote to memory of 1920	1608	MEMZ.exe	MEMZ.exe
PID 1608 wrote to memory of 1832	1608	MEMZ.exe	MEMZ.exe
PID 1608 wrote to memory of 1832	1608	MEMZ.exe	MEMZ.exe
PID 1608 wrote to memory of 1832	1608	MEMZ.exe	MEMZ.exe
PID 1608 wrote to memory of 1832	1608	MEMZ.exe	MEMZ.exe
PID 1608 wrote to memory of 560	1608	MEMZ.exe	MEMZ.exe
PID 1608 wrote to memory of 560	1608	MEMZ.exe	MEMZ.exe
PID 1608 wrote to memory of 560	1608	MEMZ.exe	MEMZ.exe
PID 1608 wrote to memory of 560	1608	MEMZ.exe	MEMZ.exe
PID 1608 wrote to memory of 1476	1608	MEMZ.exe	MEMZ.exe
PID 1608 wrote to memory of 1476	1608	MEMZ.exe	MEMZ.exe
PID 1608 wrote to memory of 1476	1608	MEMZ.exe	MEMZ.exe
PID 1608 wrote to memory of 1476	1608	MEMZ.exe	MEMZ.exe
PID 1476 wrote to memory of 324	1476	MEMZ.exe	notepad.exe
PID 1476 wrote to memory of 324	1476	MEMZ.exe	notepad.exe
PID 1476 wrote to memory of 324	1476	MEMZ.exe	notepad.exe
PID 1476 wrote to memory of 324	1476	MEMZ.exe	notepad.exe
PID 1476 wrote to memory of 1752	1476	MEMZ.exe	iexplore.exe
PID 1476 wrote to memory of 1752	1476	MEMZ.exe	iexplore.exe
PID 1476 wrote to memory of 1752	1476	MEMZ.exe	iexplore.exe
PID 1476 wrote to memory of 1752	1476	MEMZ.exe	iexplore.exe
PID 1752 wrote to memory of 1164	1752	iexplore.exe	IEXPLORE.EXE
PID 1752 wrote to memory of 1164	1752	iexplore.exe	IEXPLORE.EXE
PID 1752 wrote to memory of 1164	1752	iexplore.exe	IEXPLORE.EXE
PID 1752 wrote to memory of 1164	1752	iexplore.exe	IEXPLORE.EXE

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa3BGem9ramp0eTVmRE5pbUJxMHZIUkxDU250QXxBQ3Jtc0tsdXR1S1hqMVkwNzAwa1EwdjFPcEJlQjBBeWhjQmNyVkpaUWNCRFZSTlJsMEFXVndSMFlkZUhoRTM1S1V0VU9xRTEzTkJxU0ZCdjZyaEVBVm9pMmNLLW1IdVU0dHlPaUw5WW1iQml6OXZ1cjIyVWpuRQ&q=https%3A%2F%2Fdrive.google.com%2Fu%2F0%2Fuc%3Fid%3D18aAJa7SkqCwzUkpe3707IOYmCDkZmif6%26export%3Ddownload&v=whEfx2WmDRE
1⤵
- Modifies Internet Explorer Phishing Filter
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1360

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1360 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1488

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\MEMZ 3.0\" -spe -an -ai#7zMap24150:78:7zEvent15656
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1520

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x580
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1624

C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\Downloads\MEMZ 3.0\MEMZ.bat" "
1⤵
- Suspicious use of WriteProcessMemory
PID:1996

C:\Windows\system32\cscript.exe
cscript x.js
2⤵
- Suspicious use of FindShellTrayWindow
PID:1560

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: CmdExeWriteProcessMemorySpam
- Suspicious use of WriteProcessMemory
PID:1608

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:996

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
PID:1008

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1920

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1832

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:560

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /main
3⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- Suspicious use of WriteProcessMemory
PID:1476

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
4⤵
- Suspicious use of FindShellTrayWindow
PID:324

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://pcoptimizerpro.com/
4⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1752

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1752 CREDAT:275457 /prefetch:2
5⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1164

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize
1KB

MD5
9a432bd5fce8a499b857ea2ead0526e3

SHA1
ea74da66307df60e0154d57b22a98ed559f0669f

SHA256
aabbb6bbab4cf144fd70791e15091aa64f06af9c6fb6795cf8591c3293e7784d

SHA512
e577f175d78607e1578886426c334a25f6aa451c149e2ef497fea00a2ec3b4512bd0a736904851e9ada7c03b93869ec8f24955b0f42084fa8606a7e26e9bde43

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize
724B

MD5
f569e1d183b84e8078dc456192127536

SHA1
30c537463eed902925300dd07a87d820a713753f

SHA256
287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

SHA512
49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_1CB3B26D4404CE9B58DF976169FD358E
Filesize
471B

MD5
07650c102ebaa8a3eca8d5422aa4e7cd

SHA1
bfb531927ed614233bd3fe1584dbbe91335feef2

SHA256
d5f7ce305a837ebe292c2a80c95bb44069905239f00f28751e0085c177004fcd

SHA512
0099944116ff03619c63fd233029eece68a3f6607d94cda060d7035d3a5ae63a9d5c951fb9de1c4d8af5f135fc310141262eefc8f67b42706f8acc501949dde8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
Filesize
230B

MD5
39e24b09d6b1da4684d483d0fa300fb5

SHA1
0f7217c27294f16694c20eb718a7e5822759608b

SHA256
30bbcf43c7643cc516184aef027a800a2bb255a383c9f543949f88e2366e47df

SHA512
92bd43c277f572fb9c1ef8232f169ddae50aee00ed04329cfbf8be8a5103835d6e82b2c6c547b77d5c19d13612fa3f47415da7915d3fbef1c43dd583f26d2805

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize
410B

MD5
294a2f14caba5aa510504eb56776536f

SHA1
4c83a3123c4a3598dab0339276fe4e9c9fd7b161

SHA256
d0c9f7c236e5c7a665abecbf92c0a05240fece47b03717a936945394d5f22033

SHA512
b3f0bdb46d68957f9495b0ad508a9f30798b2e36847c07bfc2e32d42be43fc4fcf718bc299989aeb8e84c3890b2389c32732b3697303771f69b806da50af6286

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize
252B

MD5
178c3f2548d1a5f0f6d1614eeaf02bca

SHA1
cdafb95974c19df6a6c0aae877ef9516a6a06671

SHA256
1f4b8d630ebc41134d67284c46b070bfa7123e34897ec3fb2d7a5b4ba6cc56ba

SHA512
514c756a1f2dda821039c7e8b2499d06a55bc26ebd9e097e4c32a5eb8c5a0ec88a4fc7dd4b175962c354fcd1ad6d9da0770592cd2aa5e07256d72518a536e107

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize
252B

MD5
178c3f2548d1a5f0f6d1614eeaf02bca

SHA1
cdafb95974c19df6a6c0aae877ef9516a6a06671

SHA256
1f4b8d630ebc41134d67284c46b070bfa7123e34897ec3fb2d7a5b4ba6cc56ba

SHA512
514c756a1f2dda821039c7e8b2499d06a55bc26ebd9e097e4c32a5eb8c5a0ec88a4fc7dd4b175962c354fcd1ad6d9da0770592cd2aa5e07256d72518a536e107

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
Filesize
438B

MD5
dc51cc1903816603abd7f09988196c36

SHA1
14d6af403323660f3a5e2d9354e00173954709be

SHA256
51903f62fb5fa67f2e2d35ffb547dbd17871a11ab881526b277518dbda538d9f

SHA512
a6efe30a5fb4f60817764d0f9ce1d88340a6f364607157727a50d4c1316d1fe69f48a016204f62aabd7d51525e4abb285529265cb3db74378ab227bb06bbfaa1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
c11b23126d4cbd742643780648e24a1e

SHA1
fe3dc046ef725cb9576d59fc0ccf802143ad5688

SHA256
599db9b729ffd9441d10a32e3df273a161db49848cebcddecac5c4135dfa3bee

SHA512
b7bf4df6fc2e6785a702e97b2d23d9a4420ee6ce5d9aad1b7094cda2672dd0b45a70ce67672c00685b297d0d127ba7c041a217ac020aaa2c0046e043f27550eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
dcba47a4ddb0e8798eef7a124e8378d3

SHA1
55889b858f78ba4443f6271d046b08e5aa5bfdf0

SHA256
adbe358b27e4b13875885b207001bdf45f23a621181aa1204f28c82d73f34b76

SHA512
a2c1b07b3194ba31344436411d9cd21c14f806d2a6e47e10d076770fb09e59eca567d7f19a71ab5a95582cb98ee9043d6a8c34c6f97821ed3a622ef2c9784fbe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
440a523eef27573f11a7e3409050824f

SHA1
d9517195138ee8a1bb4f2ce8fe158e4b8e81ad1a

SHA256
22e0d9a3bc7e298478348a5088e30d25921b71a8f0dcfe33acec772a013d0759

SHA512
d2f1ba9fc590846c898f0a819943dd48797fd8e15eb701844927c4f151fcb3650e6c4460fd37be0734190429b1c7a74bdd7152b9cb91e34e3ad3d70482ecd27b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
e1cf648e06cd9e1eb6213911c4974990

SHA1
37a438d6e1c0942c1ce0b0fce7e31ff86ad1f3d0

SHA256
1a8dffd67964731582a4d004a5cfe24f78c065f92f8825d8b02a977ed7dd7df1

SHA512
e59512fc5f1aa5e57496d4e6b35ccf3f30bc4fa8926ead12513459ba861f3d86525b6fb8ddb2b3977138ed5de44b93e63dce6c676112c47435183aa545e9a28c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
4341030f8f3c9e00f1ff733f877e1512

SHA1
0bbb7573f614e2259d065dadad5acdec2f0066ed

SHA256
75e967b795e398eac87f524c328ebe74ce6cfd8d6459c8a607e4d6197c943b0e

SHA512
4c611c691d103c0814b4a121bb3b67fda57f4cba7d9372bce9154f156f8505bef323b9fae0ce0fda359c508fe780c1772f678d340f3a85b8c15502e58a71ee62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
f940c9b2d2b2e1fe4c6043d408e13222

SHA1
70dfe256ec5bd668512f76adfa3988ac52a9db62

SHA256
3de6473f8126957bf0a1c1559127b44f1dd2c7ccd5757eeeab18203463c80bc5

SHA512
ccb63a85df4e5b9f6cd4117a9298b1bc834a3b3f0408e9d294b599fcbd7f5652f43d4c8131be7ecbf0883638927a4bb01c6b24e00459b3b822883e80f4576b5a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
e4c434d07f1166472f6e68144cc6b729

SHA1
654a20e95b90c44bb0a9685182b02707ae76e95e

SHA256
c7d9e61162a80a04375c12cad73d8371989605138dbdac3ca4945d7b1ecf696a

SHA512
f06ab1feea5b0ca88ea8eec5b736e97395e800c4f3b27c6044799334210360cd588b3bc4133275fb58ea677817e40d454b6f30da54b6c9dccdba2b9614db7306

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
081a895c5f6e90c2c8408e95d0dcefc2

SHA1
4f74fd740f803359c4433162cc05244d70b13f31

SHA256
f8fef257184089767a6a0f64ad934cf95fe9b6ca85766d4e79ddb6eb960df4ea

SHA512
76d3e3742e0e05466151fd7b153848ff2b2fe770ea27a6c9a40a82640d0727fefc31076706521874ec5f84ef585fb1a6272b4cb4116e5589c1dc3701c458f22b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
4ce6a2a3684466895ffaa3604b8330f1

SHA1
515e39719abd2052786f461ea4d3d7dbac3782c5

SHA256
be9491b8dd7cf428cb1739e2fe8b2805db521fa4fabfbf876913417dfff5d944

SHA512
bd084062e8292cf4a542d15b8f3ccd49c1dffd204932f852bbc5084ae57aa4ca324d2b6c5e368f2e170aed667a8cfe60506ecab83ec6cd85fb638ecdf1c69b9f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
5ceb3e900b2cb63eddaf5d4f88c8c0c7

SHA1
97780634ad0806e1d221e8baefd1f26476973bb4

SHA256
14340179b4fca510d4480b36f4ab0207e669b465ebbda6abc0fd2c0339269a80

SHA512
bc91b6fbb44a8fd2bcc9a5ea3b3c21205ad34a070ecc978a0420e131e0d1d252461985cad2d81f55db91870004efc3c9699225d6dd16df7941f9ac0a3a79d021

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
114be091824d77866fde64fceb3ad06f

SHA1
5d5dfdf820f717f778636e396a4569cd808f06e8

SHA256
3ed67efda70777a664ee4534d161fc9c775f240d373184fc8cb9d121e7817713

SHA512
1dfa8a8d5aeae522c305dec9dea7a93405c43cc1b1df803df0006596b01923329eb10426a4f4aba93bddf087a4e1d7e05734bad4cd619cc38cbf493a1db2e815

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
e9ec2b5f946a937aed9ad751826560d6

SHA1
7847207005cede9bbbb1afb732a7114a53d0611e

SHA256
1d6f0d8e23f30a8b9f6877f337a23064d620c18973bbb2196db07751301c7cca

SHA512
cdb316e083a2ed69a701f2c3be80ebd9bb7c13b7513276a4891a5e412647edc553ee8dbe02b4b6dccae28542bc9601e2ca98bef21619aec1e58969fb64d5a945

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
d9d24fc6e15dc8215b17cf22701e4b04

SHA1
e32b17631c1e6ec96b7e072bacecd24f6da1af6c

SHA256
92194f44d1c08ea19406a6a6d6578e5b0add14c36ddc339c7d7157400d8e9bdc

SHA512
5f1cbba71fef71f7eb7f819d1034eae283f0060abcf1c581d99dcf72b0ad259d686810aef168ee4d078b201df706ded1f14141c01ad6596816b7d6bf8725fedc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
e8680f169fdb384615dbc3d6f7acfb46

SHA1
1079dd35707243cd02e5af35ace347600f35b35c

SHA256
9c3b1fe3741daf832bcf05aa826e33853d52a35b7e79e35fff835ff51a520c7e

SHA512
2c603843927c914930401660fc94740a354ed9e2ed624d72df59a24c1ea5d69d950778a36ddc9e30f63b64fa85ee13a492152f73d6d52bdcd00ec712d6f8d3c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
77a741ebd7a2c0a9728c0035d6007ae2

SHA1
153244833fff616dad0c25ec30edf778d07115e7

SHA256
9c64d319b1e7d8a5ad6a319756e30fa61ed38b0faa229c67fdbca5d9006faaab

SHA512
b90c9e965d8c1707872129eb79f35fad8674b0b8c837ca403938cc58ecc38f58968e91d0f49d9308419a2933aaaf450b258ff586fed88e6d2532acf059cb838c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
f34ca4c1c4e21639726c905e7b59c7dc

SHA1
00f207dbcf0c748458c006a53c118ebf151f1c79

SHA256
a52ede0d25823ef8b7f60946ef5d82046bb56426fad7ed8230244cd031acd3c6

SHA512
0d3b754e25495ede0a61f6483acd45dd2dbddf6c6145bafef5a75d6c75aacb51cd462b005c727e16c2b03e085b706764a92af84475c8029fa72e141e7ed794bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
ccb373ec0d19d919df965ad248334c9c

SHA1
868ed56929c4f9652d4cee9120556721cd279bd5

SHA256
18a5a8c61df739eaa890fe6dc7e1f29b32434b6dd09e5695ead1abff167f785f

SHA512
c1021fd7306e786881e8233d7291eaab8be4fc2cfcd49110457b40e898650f5d97cb264df826f6d71d712bef58af33c524bd80069da54f51764d5a4fa67b11ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
bec120975701c6737895e8c931c53be4

SHA1
1bef5a23c9418c35c2c500053d42e959aefb377a

SHA256
7bc171cd78737f631eb1154a0e993c8ecb9cea7b086a0181d828968d5de0ee96

SHA512
622b67d67dda98eff489ef17bf2267606752819966f95f2ffaa15febcdc986028c439ac4e7afedba3445c300ba30362c6e422b384445588470fd2dc618f6b4ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
addfeac1a08b74268baa8b229c2d56e3

SHA1
6c7de4b9caaa76cd7761ae54e91758afbf11a4e7

SHA256
41a596681af570a7902a234dbaa641ca0df4b8555a286f609070de76528f0e62

SHA512
3a1e6db71d2583b3336970051bea7a9cd0c56731f3daf984f764b4e8041d5cf3e185e84e032cad6fb6f94e67c96e8311a35b9707f08f8ed2e98abedfbe4fd81f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
7c30c5a703e28bbbda46e1264253b53e

SHA1
eeeb133823d546c0ea29336f0ec037ce2f4cb3b6

SHA256
20a5c36d158fe65636f3e5ccd443d944d8be446e099b065d5076477023e7f70b

SHA512
1be3cf011615247e64ae2f1f8433e969adc0a12b494c126e84a887451b387f35ef34b010ceb73a5a9610a65cb54dca93a89570d09bbd7e046d51fed3d985093d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
e2f3268d5772a680c58b339696b4d50b

SHA1
cb8ea12d84c83ce12d4e9fdf5df13aa06a4da1a2

SHA256
13959dff353fb3ca20e897c02fd37addd91b3dd8c200100bfbe28a81fa20d7f9

SHA512
0701504b79279c45a0d5b96492bd7c0f777b46249f699ed6ae14d883b2f772d1f152e29bb239519ef233d1523b6628cdb4cdd0127cbb7b2b070ff6097b6b83af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
6952da0989d759208b8eb320e0c886ed

SHA1
ccf8feb0f2aaf47bd6a9485ff90eadc05368bacd

SHA256
63410e275a5f9e3eb06683515195106085b00240f845d56caa6f1f592d1df85c

SHA512
296b61cc4c94edecbc1dcff01be3c88582d19ef7950dba3ce679f2190880f302c1e78380d07ebbced0c69cced1f07b64b1ba396114fce4493700537166d7d845

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
09015524696c6acc7908c030b91fb5e2

SHA1
fed2824418f393a3529964c018e86081d185620d

SHA256
56fd669528179a407d443201fe9ac07687580e678e6da365cf76c1576b15fb61

SHA512
01a21410ae6d9cd6eeefaefecf4fff6f788e2687e36fd89c59384d59c68a552aa69b931fe5abe51a6fc0e8aaba2517c36ccbe0e197576983645aec455ed297a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
45b5aad71306ae33746959ab26ae9532

SHA1
a4a8f903bc45c8e931ea0fdea03cd1b1a5c82ccf

SHA256
4dbac083cee2a0d31eda0cb6516c23e32a553919049815667b552c8069d041d0

SHA512
9f2d65f3f78fda8d1941291503bdf3f5ae96559142bf13c6d0e8cff8b8fedb5ea9bf69a408dfcfa7282d5e6d90f58b66062f00b9ae368ae66945bd54ca0714ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
e2f3a120bfe0ca7b381bf1a7e5f1e97f

SHA1
33495e65f1e7d285b024bac27c1224ddfc92fde8

SHA256
35b9eb3cc4febf7a9249e4302db12d5d0458b0abf4c5e7397c2d7fa3044d0253

SHA512
b9a1d3afd31c450255ae41c4b7e9f3cd7e5420fe34d157cf1088fb8912fb4b303304dd75db88d8fb53df9d060ce3c2fd119a979e1b06b6468b94bfc491efc3d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
aacae6fec8421208673d5614b02d0667

SHA1
b84d23ed268c03e9780f12130d90602dafb39978

SHA256
821ae28d61e92b950937ad06eb7cd770dc7f89eace6a316d84aa19877fb3973f

SHA512
8f34a6a65995142e3a9d49b8fac0b5198c1a7cf9835e07cdfa72ef0e20fa026c1df96b2baacb74a162308ce8be42bad7ec0d83fe67624729871a005203dd4676

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
e6b4ac3ca9ebd6a0cd367bd39d9871c4

SHA1
2349ca67affbd93faae757f8cb297608744f3642

SHA256
1eb99cfad6f7031f051ce90520ea646a1608c1f2c84adf47d5c61c6714d6d047

SHA512
80f764a0449f713fa15080944136e7f2e8d89295efd0b0d274422f21f0c8ce65f76e02a6a0673a13b01c6efeb38c16ccc1fbc2573ab073faecc108c0d333ec53

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
ffa55760178a4febbe9810ddd5390523

SHA1
3c4afd36a75832c408cc7554a52df16573e9a42f

SHA256
0e2afd93d6ecc3fa4760a22194d449753187d404dd0c2287e9b7eb6cc3c06dd3

SHA512
52a33817c59fb5cb8ebbc1787fdb7b63d9172e7df3ab94f4ca9c19b3f5d7fd25dbc9d489287a0ee56538bd842717d72d1f690b309ea89685ec2331a3208cad66

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
a82e4bafe391f465bb1366073c0136ab

SHA1
5e5d0ca5336b2aad39a0490664686f4504f5c6bb

SHA256
5c697de9135da4d3776ce0b70f9d667cbfa101da1eb8db030899b86996d45863

SHA512
cdfcda3602c8101ba73375c72f254688cd9a832c09f4ad6e79c4005bd5ff066d2bfe0764e18a44c7abb32792611674f8e4e68dd2074015a0609ef9cc1554d509

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
2a28d3f23596831bf32b32d4918a592b

SHA1
18c4848581a14eeaae3382a804ff4f3cfa627862

SHA256
21c0b2ba7c96623859db1e6e8abe9af93b89c215eeb86605c564a8facfa2caea

SHA512
ac3b5fb3b6479b6638a18f06f846f57575a54cdfe92d1cf3e1b6c4c07b4985192719ce0297b612fd6886c276702a7ea2d8360ff7d31cc23081fe03d3c78bbace

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
cd62ffd020bc93923d0861687222758d

SHA1
2f90c3afe9bfc6db8bc2c0fb2131896542ac805f

SHA256
d566640720e6121c36deb88620f0802bd772ceb6943d3d98dc311bd7b3561c3c

SHA512
5550ac7b0fc08d23af4a3cdcd15c73989fb3a74572b28efadcee764a0ad069a4077fcbb9f81f1cfedfc8c4241307c92552b77957dfadf731c9bbc94734cd9d4b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
13567287a2de6f77813db022137578a7

SHA1
54e03b0e843743d6aa6cb82bde4c1f2dc890858a

SHA256
85fe588c83522e2ae15c49ad7d9a7709317aad588895b71baa3b0a6807d9eb45

SHA512
1d01bb54622f57e855a337091a1ad9797c8fed738d89090efa50686c9f4cb526f39ef84fe8f608630806e3eed01cfc14cd1ef478e55afe72506482fad9372d85

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
02480dc36ef788d4676d81c352404299

SHA1
d21cc56dc9a6c87c656c07d4bbaff93731c5a4f4

SHA256
5b679ec275e6b027b8b656a0ee8eebde88e1b5ea262e8da75cb45a8e063deead

SHA512
a34b96b2ff42d87135552bee9a84f892c1c886133a2099875ca65215762ecadcb94f6496792732afef6e827c2a2c71eef509f5982311952b20f98dd277d45d6c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
63ecb2ef4e708857575b405bb66d9191

SHA1
48dcc6b93bb2a7ec758721b09d8c4148f608c6d8

SHA256
b963632410d79638363ba7eb5ceec7909a45579d50a288bc0bcf32213deed9bd

SHA512
44c475295cb3077f07c8d57365328c6453027959cf81fcd8ef65ae57a451ae3b58dd72eb0db62f63dcc0cb36f6f16a0e60338f8937e59ea2e7001c0b980a2b18

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
e223e3b0ccb62a7693bf2636561ceb0d

SHA1
65baa044a24b7ab5882f1cf92f73238b9d3b0e20

SHA256
52b630514e11f94289a4496649a6f6e14a7225bd40d92607f4040bb14b430c8b

SHA512
900856e853131f2b0052e9eaf9613d71ec7cdce478cd513fb5397638ae18e6766a3c741857a96cd751cd5e7366f0ece594c945c4d5d55a105c901a80226058fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
1c91168e9ef23207fefc95e8bcef63a2

SHA1
a3f9c9fa67490b17780610afb0678674ecaba5a0

SHA256
644386280a98164935ce17d800f651141ad145d2e24144b2b049cd177026c602

SHA512
9e19246cfe9f971f4339d4c60ac2e77d72356147193491b76b7aaa65663506149e7d404a0f502d39296d7ab47f402f6da232c6247ac7e63c4b4c07c26f986c33

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
068cc67dce396e64aefec764702d506a

SHA1
6b4def6aee917e24b1fe02ec53d09c105e575273

SHA256
8dc734214e4775416fb3e6d6dbbec806584d7f1ce7e20f445d0cc53c841d6edc

SHA512
b83e134bb1e0901e11580b585c0bcaeabfb03b4042b2708f149044c91b457c76f2a15a0ac4b364585d8e0e55e0c842dcfa38961e2084c71f38a66e23a9f0defd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize
392B

MD5
ff2291d46b0fa0eaaad6ca5df47032e0

SHA1
25baea140075fdadecf431e8249e74e939f87eb0

SHA256
febe34a39cf154fab228859c5e8a5095eba27a5bc340295ac7fdfed837caf2b9

SHA512
e89ec44bb3ac53fe88e390050f459382f68db47966cbdf54b39ff252035fce24bf354e3ffb0770fb67d870a4195cac9e3988178c334b5e0d69943ed94990eaf6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_1CB3B26D4404CE9B58DF976169FD358E
Filesize
410B

MD5
821627e7eb1e3527ea836cab4430f528

SHA1
051c681d8bd434154bced6f0f0b3dbb66ea2b846

SHA256
b308f07fff1c96afea6d539843ba99bd208f7719e92be4480df64e167784cd9a

SHA512
123246b9511ddaed61c8dd765a36eaaa40e85d04b1612ba612dae89d9484c43fa1fa3903d7a5a0d0a73609d7e851c4f5eaa1ccb301332b5319cf67c4ef110664

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize
242B

MD5
9aa395659ea65c68350706b9cfff3eb5

SHA1
f004a6727c8827bb1a1f4e6a4d4ccbdf0fb23d97

SHA256
9b17f98d548f7eb30161f51904ab92aaf022187ab90f66f94a66839e6236b1c5

SHA512
832dcabc789e3f31ac7bf4c5e6d175cd1c0855b4ee4f2837e3ad81595941bc9708fc1d2ff828b6c7d763337ec3e4d5e11546bee992e29192ca873d5a4c792e9b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize
242B

MD5
9aa395659ea65c68350706b9cfff3eb5

SHA1
f004a6727c8827bb1a1f4e6a4d4ccbdf0fb23d97

SHA256
9b17f98d548f7eb30161f51904ab92aaf022187ab90f66f94a66839e6236b1c5

SHA512
832dcabc789e3f31ac7bf4c5e6d175cd1c0855b4ee4f2837e3ad81595941bc9708fc1d2ff828b6c7d763337ec3e4d5e11546bee992e29192ca873d5a4c792e9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\W0I0MVUM\pcoptimizerpro[1].xml
Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{F8E2EC90-B151-11ED-8A93-CEE1C2FBB193}.dat
Filesize
5KB

MD5
737a6db05869c3199532e9a571c911fd

SHA1
2639c94c646a4379ab61c5bec6faeac1cc25d212

SHA256
9014f5c4ea02dacfc795e527e69848d173e702ed01d25a71459c7f8c24a73c23

SHA512
7a644f693902717d39fc3872123d49e44a3f651c506b48dd3b3b1f9f4a15b39a595f959ea6f9657ac895d372f34fa130fa3ff837292787be5c79462ed52da20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{6E7A9C21-D216-11ED-89CC-52C255710AF6}.dat
Filesize
10KB

MD5
f838d36d7d71eef61593a5341a144a29

SHA1
fe8ab7e5223ed07c061ce3cbce3f77e7b0b898ae

SHA256
5695fbb8f0870bf264c97e2146ee1a1436d3f25bf9cdd65b985463f89325f564

SHA512
88d4839b74c6317f33e73fe8907976b817dcb9a7f63a8d29f0449ee3cf7307699ee94a090e9ddb13961aa3c17dc6e96a3a31e5a54c8dd843bcbe776e5769fc54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\jo5ozfo\imagestore.dat
Filesize
5KB

MD5
7157c9b7e1df9707d2989077fc92c020

SHA1
1d5728483b6f84f9c0485496a59b923f02c50fbf

SHA256
4530e0632f6464f8479130b70482b293962fd96712a3520b599901efdcce5d61

SHA512
60095b4f5f5fa3c69b7e436d01875795c96052a4e69fd2ae5b237c2b7593525f00a61c884f61a68807da1ee8da29ebe61f1770358e7d82710e75c2ca745dca5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\jo5ozfo\imagestore.dat
Filesize
860B

MD5
433e62b0bc20c88fa88270da790f91af

SHA1
dd337da3339a0893de6b7a7e4d5a573728b083ad

SHA256
8dea27fb67bd7f1a13cc9e054371b0dde820059065885b3722acdd18cf0e308f

SHA512
ea79cdea2d1d756392ade7f88d949e607b0b1de54a79fdca3259e95287ac4293df4cfac11afba0504b8289557412707e43b4bc23bcf197cdc29a839fb82c73fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\jo5ozfo\imagestore.dat
Filesize
4KB

MD5
8df5640f3a20e93487d33d05d8fb58b7

SHA1
effeb2a65c3b9bb95cf8fc919994105799233b5e

SHA256
56b26e97d2d9c7e20d985ac56e17aa984e53e62450b0d753c9577338831784ed

SHA512
1c7252debea71ebc771192f08d64799c670ae32dc9307a225afbe952957eefd6eba4bfaf9537cfa1aeb6bc5b65197ec36288bc8b0284ccb4028f93b35a8bb4c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BA5D7P93\favicon_32[1].png
Filesize
348B

MD5
3a880420311ad60097059ffc0fc53393

SHA1
7644b902864c4ba3604f61e0880e05da15ab464f

SHA256
571c382651d6337cd5fa49c512d02f0f99d523a896b87175fb59c710e1fcbc7a

SHA512
c16652970d04b7b76f7e7ef5a8d091984a13406cf7f5475cc3cfa3ecae3278c19be5494be39a8e549978b0675d1c70f69cc1413de9240487943d91965aff17d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SKXYVKI3\MEMZ%203.0[1].zip
Filesize
16KB

MD5
1ef3ba090e941e51bbe0b8b3a2de4446

SHA1
72080fbcd5b076277503c1141b1e2225db03b290

SHA256
c7a5724e268a5e3da96377805d8bc4b86f659ca4f3a62cd1b866a9ca15846e50

SHA512
0146ec923b7e80b9d112b0ce5eec71d4d71fb9ab9de6f1ac4c07ec5e510e952ef1a4a84df78eb22a3914f761515b323dd799b330e944bc31eda5590ac513c740

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SKXYVKI3\PCOP[1].ico
Filesize
6KB

MD5
6303f12d8874cff180eecf8f113f75e9

SHA1
f68c3b96b039a05a77657a76f4330482877dc047

SHA256
cd2756b9a2e47b55a7e8e6b6ab2ca63392ed8b6ff400b8d2c99d061b9a4a615e

SHA512
6c0c234b9249ed2d755faf2d568c88e6f3db3665df59f4817684b78aaa03edaf1adc72a589d7168e0d706ddf4db2d6e69c6b25a317648bdedf5b1b4ab2ab92c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4646.tmp
Filesize
61KB

MD5
fc4666cbca561e864e7fdf883a9e6661

SHA1
2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

SHA256
10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

SHA512
c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4648.tmp
Filesize
161KB

MD5
73b4b714b42fc9a6aaefd0ae59adb009

SHA1
efdaffd5b0ad21913d22001d91bf6c19ecb4ac41

SHA256
c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd

SHA512
73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar49C8.tmp
Filesize
161KB

MD5
be2bec6e8c5653136d3e72fe53c98aa3

SHA1
a8182d6db17c14671c3d5766c72e58d87c0810de

SHA256
1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

SHA512
0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DF747B1C482FAA488D.TMP
Filesize
16KB

MD5
a33ff4c25032437dd89d908bc89cf013

SHA1
2de687548f40dee8a13ab18a85d9f8fd0b5720a7

SHA256
7e00b919e5ba96688225fc4ad9d7a79460a0c2be1f702062f669d726694eb5ad

SHA512
577ccb87dca2921403c6f7b764e4afaf8442c3f2758c641bb7d03d14872ce101c8a94a7ada82e8be6bfec417f3626d8762853f870ade4fe2f0deed9c7b37ba6f

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe
Filesize
12KB

MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91

SHA1
761168201520c199dba68add3a607922d8d4a86e

SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42

SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe
Filesize
12KB

MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91

SHA1
761168201520c199dba68add3a607922d8d4a86e

SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42

SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe
Filesize
12KB

MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91

SHA1
761168201520c199dba68add3a607922d8d4a86e

SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42

SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe
Filesize
12KB

MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91

SHA1
761168201520c199dba68add3a607922d8d4a86e

SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42

SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe
Filesize
12KB

MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91

SHA1
761168201520c199dba68add3a607922d8d4a86e

SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42

SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe
Filesize
12KB

MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91

SHA1
761168201520c199dba68add3a607922d8d4a86e

SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42

SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe
Filesize
12KB

MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91

SHA1
761168201520c199dba68add3a607922d8d4a86e

SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42

SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe
Filesize
12KB

MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91

SHA1
761168201520c199dba68add3a607922d8d4a86e

SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42

SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe
Filesize
12KB

MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91

SHA1
761168201520c199dba68add3a607922d8d4a86e

SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42

SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523

Download Submit
C:\Users\Admin\DOWNLO~1\MEMZ3~1.0\z.zip
Filesize
7KB

MD5
cf0c19ef6909e5c1f10c8460ba9299d8

SHA1
875b575c124acfc1a4a21c1e05acb9690e50b880

SHA256
abb834ebd4b7d7f8ddf545976818f41b3cb51d2b895038a56457616d3a2c6776

SHA512
d930a022a373c283f35d103e277487c2034a0b0814913b8f6ec695b45e20528667aa830eeab58e4483d523bd6a755a16a5379095cb137db6c91909a545a19a2f

Download Submit
C:\Users\Admin\Downloads\MEMZ 3.0.zip.38ku3ja.partial
Filesize
16KB

MD5
1ef3ba090e941e51bbe0b8b3a2de4446

SHA1
72080fbcd5b076277503c1141b1e2225db03b290

SHA256
c7a5724e268a5e3da96377805d8bc4b86f659ca4f3a62cd1b866a9ca15846e50

SHA512
0146ec923b7e80b9d112b0ce5eec71d4d71fb9ab9de6f1ac4c07ec5e510e952ef1a4a84df78eb22a3914f761515b323dd799b330e944bc31eda5590ac513c740

Download Submit
C:\Users\Admin\Downloads\MEMZ 3.0\MEMZ.bat
Filesize
12KB

MD5
13a43c26bb98449fd82d2a552877013a

SHA1
71eb7dc393ac1f204488e11f5c1eef56f1e746af

SHA256
5f52365accb76d679b2b3946870439a62eb8936b9a0595f0fb0198138106b513

SHA512
602518b238d80010fa88c2c88699f70645513963ef4f148a0345675738cf9b0c23b9aeb899d9f7830cc1e5c7e9c7147b2dc4a9222770b4a052ee0c879062cd5a

Download Submit
C:\Users\Admin\Downloads\MEMZ 3.0\x
Filesize
4KB

MD5
b6873c6cbfc8482c7f0e2dcb77fb7f12

SHA1
844b14037e1f90973a04593785dc88dfca517673

SHA256
0a0cad82d9284ccc3c07de323b76ee2d1c0b328bd2ce59073ed5ac4eb7609bd1

SHA512
f3aa3d46d970db574113f40f489ff8a5f041606e79c4ab02301b283c66ff05732be4c5edc1cf4a851da9fbaaa2f296b97fc1135210966a0e2dfc3763398dfcaf

Download Submit
C:\Users\Admin\Downloads\MEMZ 3.0\x
Filesize
10KB

MD5
fc59b7d2eb1edbb9c8cb9eb08115a98e

SHA1
90a6479ce14f8548df54c434c0a524e25efd9d17

SHA256
a05b9be9dd87492f265094146e18d628744c6b09c0e7efaabf228a9f1091a279

SHA512
3392cfc0dbddb37932e76da5a49f4e010a49aaa863c882b85cccab676cd458cfc8f880d8a0e0dc7581175f447e6b0a002da1591ecd14756650bb74996eacd2b1

Download Submit
C:\Users\Admin\Downloads\MEMZ 3.0\x.js
Filesize
448B

MD5
8eec8704d2a7bc80b95b7460c06f4854

SHA1
1b34585c1fa7ec0bd0505478ac9dbb8b8d19f326

SHA256
aa01b8864b43e92077a106ed3d4656a511f3ba1910fba40c78a32ee6a621d596

SHA512
e274b92810e9a30627a65f87448d784967a2fcfbf49858cbe6ccb841f09e0f53fde253ecc1ea0c7de491d8cc56a6cf8c79d1b7c657e72928cfb0479d11035210

Download Submit
C:\Users\Admin\Downloads\MEMZ 3.0\z.zip
Filesize
7KB

MD5
cf0c19ef6909e5c1f10c8460ba9299d8

SHA1
875b575c124acfc1a4a21c1e05acb9690e50b880

SHA256
abb834ebd4b7d7f8ddf545976818f41b3cb51d2b895038a56457616d3a2c6776

SHA512
d930a022a373c283f35d103e277487c2034a0b0814913b8f6ec695b45e20528667aa830eeab58e4483d523bd6a755a16a5379095cb137db6c91909a545a19a2f

Download Submit
C:\note.txt
Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
\Users\Admin\AppData\Roaming\MEMZ.exe
Filesize
12KB

MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91

SHA1
761168201520c199dba68add3a607922d8d4a86e

SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42

SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523

Download Submit