a347e0709c0f0d266b7c2b6f6e4f453a3d18caac5a3a27242fe9112a011ed035

Analysis

max time kernel
144s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
11/01/2024, 18:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

543b6a87d336e84e3a2b53b8979d5d84.exe
Size

4.2MB
MD5

543b6a87d336e84e3a2b53b8979d5d84
SHA1

51e8f37a403af6716a0c205bf5eba2fce6ffa831
SHA256

a347e0709c0f0d266b7c2b6f6e4f453a3d18caac5a3a27242fe9112a011ed035
SHA512

cdb913d80ac3750c2e32ca24949271bdd6acccef4a3d8bc11bb61e30d719a1ce24782c30ba7479679d106a06fb3a4a6f6e7e363d58f47350de866b6efcb919ed
SSDEEP

98304:WM5BxOPh8w4XoCqi6XxingoXXSiQfCDOcDDeqh9nXAOhz+lGckyVDVJl:6PGwC6EnFSqScDeqh1QOhz+l7VDh

Score

7^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2236	MedicCop.exe
1900	mcReg.exe

Loads dropped DLL 52 IoCs

pid	Process
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
2236	MedicCop.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\MedicCopMain = "\"C:\\Program Files (x86)\\mediccop\\MedicCop.exe\" /Scan"	543b6a87d336e84e3a2b53b8979d5d84.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\avSubEngine.exe	543b6a87d336e84e3a2b53b8979d5d84.exe

Drops file in Program Files directory 28 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\mediccop\MCEngine.dll	543b6a87d336e84e3a2b53b8979d5d84.exe
File created	C:\Program Files (x86)\mediccop\db\adtc.dat	543b6a87d336e84e3a2b53b8979d5d84.exe
File created	C:\Program Files (x86)\mediccop\Lang\kr.xml	543b6a87d336e84e3a2b53b8979d5d84.exe
File created	C:\Program Files (x86)\mediccop\skin\default.avs	543b6a87d336e84e3a2b53b8979d5d84.exe
File created	C:\Program Files (x86)\mediccop\MCUpdateServer.dat	543b6a87d336e84e3a2b53b8979d5d84.exe
File created	C:\Program Files (x86)\mediccop\db\adsub.dat	543b6a87d336e84e3a2b53b8979d5d84.exe
File created	C:\Program Files (x86)\mediccop\db\pwdb.dat	543b6a87d336e84e3a2b53b8979d5d84.exe
File created	C:\Program Files (x86)\mediccop\etc\MCmonRemote.dll	543b6a87d336e84e3a2b53b8979d5d84.exe
File created	C:\Program Files (x86)\mediccop\etc\avsrvc.exe	543b6a87d336e84e3a2b53b8979d5d84.exe
File created	C:\Program Files (x86)\mediccop\etc\mcMon.exe	543b6a87d336e84e3a2b53b8979d5d84.exe
File created	C:\Program Files (x86)\mediccop\db\avmon.dat	543b6a87d336e84e3a2b53b8979d5d84.exe
File created	C:\Program Files (x86)\mediccop\db\vsdb.dat	543b6a87d336e84e3a2b53b8979d5d84.exe
File created	C:\Program Files (x86)\mediccop\etc\MCFilterDriver.SYS	543b6a87d336e84e3a2b53b8979d5d84.exe
File created	C:\Program Files (x86)\mediccop\db\filter.dll	543b6a87d336e84e3a2b53b8979d5d84.exe
File created	C:\Program Files (x86)\mediccop\etc\MCreport.exe	543b6a87d336e84e3a2b53b8979d5d84.exe
File created	C:\Program Files (x86)\mediccop\Uninstall.exe	543b6a87d336e84e3a2b53b8979d5d84.exe
File created	C:\Program Files (x86)\mediccop\MedicCop.exe	543b6a87d336e84e3a2b53b8979d5d84.exe
File created	C:\Program Files (x86)\mediccop\SoMCUpdateServer.dat	543b6a87d336e84e3a2b53b8979d5d84.exe
File created	C:\Program Files (x86)\mediccop\conf.ini	543b6a87d336e84e3a2b53b8979d5d84.exe
File created	C:\Program Files (x86)\mediccop\db\inter.dll	543b6a87d336e84e3a2b53b8979d5d84.exe
File created	C:\Program Files (x86)\mediccop\etc\mcAssist.exe	543b6a87d336e84e3a2b53b8979d5d84.exe
File created	C:\Program Files (x86)\mediccop\etc\mcReg.exe	543b6a87d336e84e3a2b53b8979d5d84.exe
File created	C:\Program Files (x86)\mediccop\db\addb.dat	543b6a87d336e84e3a2b53b8979d5d84.exe
File opened for modification	C:\Program Files (x86)\mediccop\partner.ini	543b6a87d336e84e3a2b53b8979d5d84.exe
File created	C:\Program Files (x86)\mediccop\MCAutoUpdate.exe	543b6a87d336e84e3a2b53b8979d5d84.exe
File created	C:\Program Files (x86)\mediccop\etc\UpdateMgr.exe	543b6a87d336e84e3a2b53b8979d5d84.exe
File created	C:\Program Files (x86)\mediccop\etc\avSubEngine.exe	543b6a87d336e84e3a2b53b8979d5d84.exe
File created	C:\Program Files (x86)\mediccop\etc\avsrv.exe	543b6a87d336e84e3a2b53b8979d5d84.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Creates scheduled task(s) 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
3752	schtasks.exe

Modifies Internet Explorer settings 1 TTPs 18 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff3e0000003e000000c4040000a3020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{DCB1001A-A385-420A-8A87-475A66CFF101}\Compatibility Flags = "1024"	543b6a87d336e84e3a2b53b8979d5d84.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{95DC2F17-B0AD-11EE-8184-7672481B3261} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{DCB1001A-A385-420A-8A87-475A66CFF101}	543b6a87d336e84e3a2b53b8979d5d84.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	MedicCop.exe
Key created	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	MedicCop.exe

Suspicious behavior: EnumeratesProcesses 32 IoCs

pid	Process
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe
1648	543b6a87d336e84e3a2b53b8979d5d84.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
3492	iexplore.exe
3492	iexplore.exe
2236	MedicCop.exe
2236	MedicCop.exe
2236	MedicCop.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
2236	MedicCop.exe
2236	MedicCop.exe

Suspicious use of SetWindowsHookEx 14 IoCs

pid	Process
3492	iexplore.exe
3492	iexplore.exe
3484	IEXPLORE.EXE
3484	IEXPLORE.EXE
3492	iexplore.exe
3492	iexplore.exe
3412	IEXPLORE.EXE
3412	IEXPLORE.EXE
2236	MedicCop.exe
2236	MedicCop.exe
2236	MedicCop.exe
2236	MedicCop.exe
1900	mcReg.exe
1900	mcReg.exe

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 1648 wrote to memory of 3752	1648	543b6a87d336e84e3a2b53b8979d5d84.exe	102
PID 1648 wrote to memory of 3752	1648	543b6a87d336e84e3a2b53b8979d5d84.exe	102
PID 1648 wrote to memory of 3752	1648	543b6a87d336e84e3a2b53b8979d5d84.exe	102
PID 3492 wrote to memory of 3484	3492	iexplore.exe	105
PID 3492 wrote to memory of 3484	3492	iexplore.exe	105
PID 3492 wrote to memory of 3484	3492	iexplore.exe	105
PID 3492 wrote to memory of 3412	3492	iexplore.exe	107
PID 3492 wrote to memory of 3412	3492	iexplore.exe	107
PID 3492 wrote to memory of 3412	3492	iexplore.exe	107
PID 1648 wrote to memory of 2236	1648	543b6a87d336e84e3a2b53b8979d5d84.exe	110
PID 1648 wrote to memory of 2236	1648	543b6a87d336e84e3a2b53b8979d5d84.exe	110
PID 1648 wrote to memory of 2236	1648	543b6a87d336e84e3a2b53b8979d5d84.exe	110
PID 1648 wrote to memory of 4740	1648	543b6a87d336e84e3a2b53b8979d5d84.exe	109
PID 1648 wrote to memory of 4740	1648	543b6a87d336e84e3a2b53b8979d5d84.exe	109
PID 1648 wrote to memory of 4740	1648	543b6a87d336e84e3a2b53b8979d5d84.exe	109
PID 2236 wrote to memory of 1900	2236	MedicCop.exe	111
PID 2236 wrote to memory of 1900	2236	MedicCop.exe	111
PID 2236 wrote to memory of 1900	2236	MedicCop.exe	111

C:\Users\Admin\AppData\Local\Temp\543b6a87d336e84e3a2b53b8979d5d84.exe
"C:\Users\Admin\AppData\Local\Temp\543b6a87d336e84e3a2b53b8979d5d84.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1648
- C:\Windows\SysWOW64\schtasks.exe
  schtasks /create /tn:"Mediccop ½ÇÇà" /xml "C:\Users\Admin\AppData\Local\Temp\test_saved.xml"
  2⤵
  - Creates scheduled task(s)
  PID:3752
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c \DelUS.bat
  2⤵
  PID:4740
- C:\Program Files (x86)\mediccop\MedicCop.exe
  "C:\Program Files (x86)\mediccop\MedicCop.exe" /Scan
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2236
- - C:\Program Files (x86)\mediccop\etc\mcReg.exe
    "C:\Program Files (x86)\mediccop\etc\mcReg.exe" /avscanpro /chk
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1900

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3492
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3492 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3484
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3492 CREDAT:17414 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3412

C:\Program Files (x86)\Internet Explorer\ielowutil.exe
"C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
1⤵
PID:2572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\DelUS.bat

Filesize
200B

MD5
b3313d4d4fe0fa19de8a826ddf0d7cf5

SHA1
4f59d96c8d7328a86f80730b8ea766bce57e880d

SHA256
eacc46ba1bccf28e0f98a9991673fcde2366db213b87f36642d1d71f5ef2604a

SHA512
3cd110cf0f09bb42178c07c28de19ccf17e9ab3082ea5fbf100527dc329fc2068ee29f9b20978f8ee7698aee908ccddb76310c82cb6b3c90eb607296ab335722

Download Submit
C:\Program Files (x86)\mediccop\Lang\kr.xml

Filesize
8KB

MD5
2583cb1afe5469fd9df9a3836d2480f6

SHA1
450b74d409b6b24b1f72fc87481d7a11506e46f8

SHA256
4c94097e4d2d2f8872affcd276a31e848ff3c1d58166da9cbe583e2b0dd54b99

SHA512
17c85cea517d2f192fe77a07673338de57ad33a370b5945f4dcb6ea64ff2cb754a1ac8b125b999b1b71cb81b1fb6e969863a0cbb133c851e75ce2c71fd055418

Download Submit
C:\Program Files (x86)\mediccop\MCEngine.dll

Filesize
41KB

MD5
f57ad9ada9116a3f302fac78ccd60279

SHA1
7bec92ec8ed8715d6216eed768432d2fa4f92893

SHA256
34fba87e08487bd539408ed312a0821cd71176b8acbf6aab85c10417c7f495e9

SHA512
2d5b2a8682520a6007a01f676abe29f08330b2eb7dcb808eeb63c1e3e51f39b2ea1ce9a30ab87e8ec908ee2bbb3d853097ddadbf07682370afb07e4351b91033

Download Submit
C:\Program Files (x86)\mediccop\MCEngine.dll

Filesize
305KB

MD5
99ed4e8169f80fd8a17351829f0d7007

SHA1
67468da86fd36ce5545dd49bbae739eb440f468a

SHA256
a43f242d38200631162509bf3bca7f1069a816ffbee80c1485cfaecc423890b5

SHA512
54b9d9938dc4952564aa1c35923da0ad501587b41ba32aba3bd2aeb479f0cd0e83784c19c56a5037989bf2057d666755ac3693a1143f0abbfc3767554bd4317c

Download Submit
C:\Program Files (x86)\mediccop\MedicCop.exe

Filesize
32KB

MD5
407fc0936d3f9d5b2c69654772675cd6

SHA1
2e74125462dfe18f85bb04cfaf849717dbbad981

SHA256
e9987aa514cec19cd34c8fbd7e028c5f7057c8d3d4837bacb570616880bb5fa4

SHA512
dd7f547a7bcd2247e7a66ed66fb6a82a64524b3fca6ec782d55cfea3010f7ea6d3825b9840e6ae3406b43dc8828dd814742bc5bab6d7e03fc1ed3463e665a591

Download Submit
C:\Program Files (x86)\mediccop\MedicCop.exe

Filesize
181KB

MD5
232b01d03f989909d2649d68e2de23ef

SHA1
6d10876d654ff4c45d0585f33188e4d197eb0eb8

SHA256
bedb15bf11328714a61f43e6fb1b64f9952312efe945a9338a858646daabc6d9

SHA512
fc7db10f73e0104aec90e3fc98ff1cf5cb76a7a24b922cca1a71640caabacaf1bf76e501e1e9e0c47ed1005a08b440a296baa024536a4999d37ea2ea9fce6995

Download Submit
C:\Program Files (x86)\mediccop\MedicCop.exe

Filesize
408KB

MD5
fb98faaac132b5ef04d2219203e8b496

SHA1
16a1bc6f64b51db8797378f4e748e3fb6d5a5af9

SHA256
ba026aff9f8e7559633a8931ae3c8422bce44f9c6ef6b842f378ee0bf79ca10d

SHA512
a3b353885a55f3893c42fac212f7b7f97af69909c245bfac5769549c0661d0bcdbcb89f45d57bd69a7848c0de487c16c65bd8d949d33000b74fbdbfea74faeeb

Download Submit
C:\Program Files (x86)\mediccop\conf.ini

Filesize
171B

MD5
6c1faa0adcfd4ca202e182dee8768a22

SHA1
fe78c232214630dc7df9530419ca2f01e8c622f0

SHA256
3d3e73db94aea6650a1b314ffbcbb42a3422daf0a739e89fd053c6476c8e85c2

SHA512
df55122afef9fc0cf8bf2d747f3ce96a76efe1d8fa71270e2a6259918f5bf5025804b544c8ee2dad28ee0cf83f67d04683dcf64cdc4b70c5010864431ab8bf22

Download Submit
C:\Program Files (x86)\mediccop\etc\mcReg.exe

Filesize
35KB

MD5
b6c09722a89c32c5fc5cb28bdeeb2bf1

SHA1
0c9cae6fd9430b65999677a18d1056272e82d253

SHA256
4f0a86ace2a58c542a4b7fcc736df901e726aefb498d4d99fa8e08f4ba3382a8

SHA512
8646494506033134c976a13a0dcba53532b18cb9dfd86b96857b932ae2bfe3f8623241b2ec698847b4e21fc09499f2f70edbd59b77ae01e269ac511c742614cd

Download Submit
C:\Program Files (x86)\mediccop\etc\mcReg.exe

Filesize
85KB

MD5
41dc84eb56985820900e837abfda21d5

SHA1
15b873309cbb8eddf6538825511581513e2f60bd

SHA256
17d50f6c66e8cef2f7180c648789f5aa79b00ee33518ef62fa4ea3875985937e

SHA512
5723fd3c2bc617a49b74ce2fae55b7e1f5471fa35740e9263e558af94051a3298311ec5b6399795cd0f35810544eeb92a2b8c1444819ecdb3f05bac7ac15ff92

Download Submit
C:\Program Files (x86)\mediccop\skin\Default.avs

Filesize
272KB

MD5
92ef7a0c1f3bfdc49c58940e55552aa0

SHA1
c88ab9bd1122d43938e05ec21587db7fcbb42bca

SHA256
e4a49afab92918f9e3d02e97837cca0b4f1e9e7efb67457099ecdc13dc220b49

SHA512
ecf6a577fc2727a7b2c0c97c42989ab8047ce8e86709f9658b2ece0c1abbeb5f9c9886a940f5e698b3f8ff5ef11da111975ea7c538181769af1dbb47497d0e89

Download Submit
C:\Users\Admin\AppData\Local\Temp\MedicCop\list_control\HorizontalScrollBarLeftArrow.bmp

Filesize
728B

MD5
cce234a253b22709eeff1eb27627eb70

SHA1
9617f5523a1f0b1b439b689be38197e86a22c04f

SHA256
d35ba5bdfc8d4ab4dc1a92c436e29cd30ab66fd63fe970783daab7b177da9156

SHA512
f5fa6ec560e5090c5c90dd184de256dcdd3c27369e987d77027a40bc04e30070dc885dc2168beba01b6cc60f60e18b400655e400b24bbad1144fd8cb24f4d51f

Download Submit
C:\Users\Admin\AppData\Local\Temp\MedicCop\list_control\HorizontalScrollBarRightArrow.bmp

Filesize
728B

MD5
4b836f7ce1d00463de54cf6e41ea6f85

SHA1
d20223209db0fecb8b79808f2130d103172b77bf

SHA256
5d2a7d9dac987fae6c0d3e2716c5dce8cc06e0e8ba63d974a71c5c26e718cc30

SHA512
6dc99fb85febe6eb61699890401dcbf680aac339d85e421fa4fef695fa0e03173a011b67de3e3a6b6af30f45a475fc18b4845d992641c1e35bf268fea116317e

Download Submit
C:\Users\Admin\AppData\Local\Temp\MedicCop\list_control\HorizontalScrollBarSpan.bmp

Filesize
840B

MD5
ad9ed7eb38f1be915ee8dde928ee5507

SHA1
7d093c2037fbe2f2bf49a516aa499c0358ebda2f

SHA256
f27d2b11e462dec99d1feb1255c5af76f7f5627153008d64f0f354897d1d240a

SHA512
cacb5ca60557ce72bc953cc869628a47e67026991fed021bbf29e31fc8c1ff94ca057324f83f9ae7a8884ece5f3eea9d1b0d53536550d7bd2870f0de578221a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\MedicCop\list_control\HorizontalScrollBarThumb.bmp

Filesize
840B

MD5
b3df2057f35ff9bb6ce4e00ddc7e9faa

SHA1
cc31aa8e17eb99aa6017dd4da428b8529e9c0a95

SHA256
2fa4097cf3e6f92362264c7e463144b992e8ec1c25b97a94217782a2938c231d

SHA512
1133a4a9a3546cc273b3757bb999d9ff18bb46c9d38ade4ac5a940d2fa72cb20ca00409ca3a17a1ed19a23ca32f4dd04c360c209400ae8b6dcd422ee3a36e3dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\MedicCop\list_control\VerticleScrollBarDownArrow.bmp

Filesize
672B

MD5
87d9e9736eaeba05f5fa309f2c96a152

SHA1
e3c6ca90deb3a0f082ec640552f28153854ece9a

SHA256
c31e2c6efb7f32c0d9f525291acd7fe2ab5612c64f9b0bb6efd3f7819e8573d2

SHA512
305e5394dd3a1b5f74914dcce8417e12a7906a341a3c65a21975a8e9a0b8a06a79c7ce84df53f955e4f96f58eb594bdab54078785bc9d185225e8d30fbfb9550

Download Submit
C:\Users\Admin\AppData\Local\Temp\MedicCop\list_control\VerticleScrollBarSpan.bmp

Filesize
276B

MD5
e811c204c42e03e0349f9a6ef6f56df7

SHA1
f49b3f3f8fd85961ff5b81366b0075d672000a08

SHA256
40cb66ca15c55dae3ef084c3693d1d173fd849d1fa1809635f1ece3cff4ed934

SHA512
d52023793f2637becc402736c9b77c87a777bc0adb5bc0de7f2db136ee4b64317b70f9f437d0b031822c4ff056b6ef7cee7b1485ffa62eadb305117cc8613c6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\MedicCop\list_control\VerticleScrollBarThumb.bmp

Filesize
848B

MD5
8bac23ed8ad19acbf115336a29e08fcb

SHA1
291433de1a0b349f334579d9cf3fc90275daed1d

SHA256
8ff6355af6466c1ced23e38593e015061354d3cb915d3c7b58477968b9e14264

SHA512
d44f0a51c9dc345308fc5b2e4442ee2bfda15b6efc87cdee9ec2b9fb5c614115f9a74a6a62211e96dc221aa2aab75ce5919b9541151acc4b05a2c7a4bde02f6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\MedicCop\list_control\VerticleScrollBarUpArrow.bmp

Filesize
716B

MD5
3e8d74634f6a1f21103ecdb340b73821

SHA1
865b3eec97c1b1a2260fa9ec68583f2006a5b12a

SHA256
19b26a8d5e2d3a988cf87a5cb182d18ee960691650269935c84e1841e3a91fe2

SHA512
d99a92d9ea7d9a60f07e506f4ebbabb807fe87284931abab00875827207ba64476d4773ceb3243f5346f6e6348aafdb12e6e3ac15c63a675a290e6ab873a353d

Download Submit
C:\Users\Admin\AppData\Local\Temp\MedicCop\list_control\VerticleScrollbarBottom.bmp

Filesize
672B

MD5
893198a29458f9697dab732a40e93bba

SHA1
49a72ca331af9b3f04d68f9f4b408b619d435196

SHA256
46a609fb484cb0dd96ba17941baf155e192c0117954f38ac0a847c2c32bd9c63

SHA512
3da020cdc1dfcff95d1ddeda1f5facf4fa7184646aa7d4f6c75ce09207d743b4455e3024ec1a888f2daa8cc5f992b80bd86e17eda7998181ab8a08cbbdef3e95

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj44CA.tmp\ChkClient.dll

Filesize
140KB

MD5
3fe47e461bb686693cf440c8815f2a0b

SHA1
9a7d27d47a542b83d00f1e6027ba4c22d496f887

SHA256
5bdefe9a081e5e2f4af73891db6228a6b57e7dd320fac0ae233f5cd741db8a1f

SHA512
687c57e17c4f527b90e8eafa9929fa9ee0a1fa82b2c9ba9c6a6385cfcb1fcdd1e09305acbf357cf61e7dd7e061d581a378d2661ed7df7dbfd554514f04646e61

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj44CA.tmp\DLLWaitForKillProgram.dll

Filesize
10KB

MD5
6ee81a58d2f09cd5f927d68970a4bb53

SHA1
c172781fc388c9dd662b7d3006872ac8d629107b

SHA256
90ea8f99741fafc55f4695fdc4e2a7f1fbdb474d0545042854433db988337f09

SHA512
f84123e93baa539b257b58e8896aaf0b247c79e370a3fb5da02d5df80da0460ce138b34cca59b8d55dff79ab9854aef7f1ad4cf1f37c306fd8dbeb72557f0bc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj44CA.tmp\DLLWaitForKillProgram.dll

Filesize
28KB

MD5
9c4b8ec42d89f7557bfd90798ce52787

SHA1
2376dde426ea65aa27c30e304086310605382475

SHA256
ed52bdad7b383a179b9b0e21fefdda2d72695c5263a815d5e1e0bfac6c718548

SHA512
17c12a27a08746755868558c037376dd7e20f03f0f71888c1329903b70975a54f57786c3c32bf88aaf30119f11ed978a6830ba91949e11cfc94fbb5ad95305b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj44CA.tmp\DLLWebCount_new.dll

Filesize
28KB

MD5
f16f5feebd9b431a8bc63456c0ad267c

SHA1
acc75cfa3ed7888334aa2ccf305a6c6c58a08aaf

SHA256
5417af0fc8284e9745650a55803bb34217e314096dc7cedf113c960624ae08ad

SHA512
ed1e62d903b511a29abd5def4419b5afa63699ee2d1c91a9d884ffb01d7debe5981559574cac4885140d1f27f4275be56236f5c6f1c327147dcac8893f965512

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj44CA.tmp\IEFunctions.dll

Filesize
3KB

MD5
9701818d39318145dd164794ef3a3846

SHA1
7db701f8dc19163d46ba88e8b68d8dbf428a8152

SHA256
3122b0413f74e88518cfd1b9c6e18435dd326ca177a2374b6405df78f43e776a

SHA512
d92786630250e9eb6c47537b09684fa107f959b50d255c7f3952741eb438c3be47e171827d3a4407b049c33c12dad73f8ec381a7265b28a6d8ca101ff702e8a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj44CA.tmp\IsVista.dll

Filesize
44KB

MD5
344d13fd0fdd2d97e8d61960f40a8a30

SHA1
3f0f120203005eea3e8ed1652a6ea8a607ea934d

SHA256
17bb3331e2300aa01666fbee98b9552cec5e46212a4c5a340c0370b93df88f83

SHA512
b4e49c58503532e270cc369f1cbd14d85edd46da5ab034dad730bd4297887dd541d445d2fbf205820e6afbbdba7ab6d5b78b694467554320fd6db8e06fe4f719

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj44CA.tmp\Ischeck.dll

Filesize
120KB

MD5
6c1f65ce96712e05f64c7a26b7adee36

SHA1
6cea6c2618fb31902c52cb1d5fad04503bd34ed0

SHA256
544f3c2c03f7900539d4868437f8e08204c0b4c79357af666a1fb48d406c1ffd

SHA512
5244d26d013dc2c7083bd4c167cac99307985babcabc1806a898a2621fce6b73d256b21d549bce8744f3221a51017ea5f621d2f6f5cd5aae83ec21ae41e5d5a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj44CA.tmp\Kill.dll

Filesize
44KB

MD5
21dca3337d057710894909c4b709d65b

SHA1
9b7f9b4e203bbdf97df320d625e2569f99102289

SHA256
2827ef697ead9db2552f3a3fc597630727fc96f64ce3f71ae86230de4c9dcfe7

SHA512
ded36801e0566ba5c09baf70b2633f54e27d47103d7248f1e607acea82d0fd1aaa9bf1b82b7aa70572b2923e6b5bdaf85b8acb18f8df2e5300198047a57e3a8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj44CA.tmp\KillProcDLL.dll

Filesize
36KB

MD5
6958016193a066833556992077bad4fe

SHA1
5f564945936f99381d7e2408f034f97d069005a4

SHA256
f38c669c87f2a73768a27a01622690997e9d93d5ca3830b349bd24c3ff9f8d2e

SHA512
fd6ab5c341b331b80c940ba97a2cd14547c796933a2df26d3dd87ede1602b86d9f8c37baebd7dd4c68d811199fc96a27ad4cb995bb8889d51af91db9f43ba0a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj44CA.tmp\KillProcDLL.dll

Filesize
32KB

MD5
d83271a1819197754b6aa91094bc40dd

SHA1
0a7ff860ff3e677d54cc2de6b46c2e0cf1eebe25

SHA256
13e140f16fea2b0ee4ad2a39f1f52504da91fcc43b379f51f1559bfab5ab8bef

SHA512
49353c986c749a6bc43110e6cfd97e96b63d232d264d553053952e0f417201442a853469628c1fe13f1c4fd978b25fbf893725c6f001378605c21cb001f3ad9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj44CA.tmp\SelfDelete.dll

Filesize
24KB

MD5
7bf1bd7661385621c7908e36958f582e

SHA1
43242d7731c097e95fb96753c8262609ff929410

SHA256
c0ad2c13d48c9fe62f898da822a5f08be3bf6c4e2c1c7ffdf7634f2ca4a8859e

SHA512
8317af5cc3ac802eb095f3fa8cc71daa1265ca58fead031c07872f3d4bb07663a7002ae734fad392a7617f0923fe0caf1f54ed55afdf8516a6a08e202d86fa7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj44CA.tmp\SetHoldData.dll

Filesize
96KB

MD5
e86d36c5332858061cc519e7bb558f39

SHA1
8114e43152797296ec1919b1c713ebada661ca51

SHA256
4c8869ff8cbdd2f9a6a2d2876194869664d0e3f554886451224ff4e732136365

SHA512
46bf19a71fe2ae4d61084bcf406604e2f375c92f5de1a5e9a6eb857424eb4dc82e70ae7099aa3676c518960f78a17dafa05c23e5283954e43f44190391662ed1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj44CA.tmp\UserMgr.dll

Filesize
55KB

MD5
130f66c0161e6da46744abe3c0be4d9c

SHA1
d2a44a0cd07bc0c5d81fc0d056d6d45d200896ed

SHA256
955705c8c7188d06af16849e5cc3ceae79ea5d0808cc2851630a54d54bbc01f2

SHA512
915b9135da230ec8d3016ba83bd7102b3f8cb13050189a176f8d4d50363f13584fb971226458bc493cd2df27723c8ab7273effab7d6c6e14d49e735d24d7fac8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj44CA.tmp\nsExec.dll

Filesize
6KB

MD5
cdff6b8f9523b6ef9f20fb5f9e90f1a5

SHA1
b25f6e0a19b41ff0a12de8e98e3005bc119d34fa

SHA256
80b2740fb3a21ffab022a96ce6b420019072f8ef3a048fd9dea4a5b64498c0c8

SHA512
62585c6a6103aed10f9a79c016df8cb630c3e37715542b5f26aa1a910771540c9b323ddbba3329db0ecf524143f7a27b782e198ce944317f764be6b9d04b792e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj44CA.tmp\stack.dll

Filesize
10KB

MD5
0f61a81a543822de5fcb9a8a43f230dd

SHA1
d01d4a0f542f3c654637fdfe5a574fe1f150ece1

SHA256
46b4a72ae8590b0afb3304cc5c13db0502bc4c4cb02f64f37c79008c17db814f

SHA512
596b7a897ba64c32e26ba6168aa3628aad37b187a9814a286298307d8c42eabf8e8a679dbda558f8b2cdc8676c94ec819256432aa5ad7c05a5387759262a4402

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj44CA.tmp\xml.dll

Filesize
92KB

MD5
9fa874b1583a26ee16673620345c04cd

SHA1
d3bfd86acab08945e687f185be160b601f861b31

SHA256
2e28fde147296c554bf0b140157bd4f48a78d82836c249cdf6b2fd85de6cc4cc

SHA512
4e988f5d28694be8a316360e001a67f053c588ca5c0fd3478d6fd188d0fb20b96fd6dbd48e6b3a4f1446b20b88cf188c47059a66ab51850d29fad7b8f9197ed0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj44CA.tmp\xml.dll

Filesize
118KB

MD5
42df1fbaa87567adf2b4050805a1a545

SHA1
b892a6efbb39b7144248e0c0d79e53da474a9373

SHA256
e900fcb9d598643eb0ee3e4005da925e73e70dbaa010edc4473e99ea0638b845

SHA512
4537d408e2f54d07b018907c787da6c7340f909a1789416de33d090055eda8918f338d8571bc3b438dd89e5e03e0ded70c86702666f12adb98523a91cbb1de1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\test_saved.xml

Filesize
1KB

MD5
a348e0b3c1237f412d9f376a5cbe7455

SHA1
5a729ee42e88dc60730c5db730c48714155bb970

SHA256
4cf7b8811065904c766962e4f835ba12e30f30f07fbd810fe7255f8f38d2b714

SHA512
1ad5c803e92ca7dd876c295392082dfb362424b35cf27ffd1d731e958090c9a0f6802a94e25ef165443aa2f88c380d885fb17f8ec6912e3326a84dcf2ba1cc3a

Download Submit
memory/1648-76-0x00000000022E0000-0x00000000022EA000-memory.dmp

Filesize
40KB

Download
memory/1648-69-0x00000000022E0000-0x00000000022EC000-memory.dmp

Filesize
48KB

Download
memory/1648-62-0x0000000002F80000-0x0000000002FA2000-memory.dmp

Filesize
136KB

Download
memory/1648-190-0x0000000002FD0000-0x0000000002FF1000-memory.dmp

Filesize
132KB

Download
memory/1648-54-0x00000000022E0000-0x00000000022EC000-memory.dmp

Filesize
48KB

Download
memory/1648-157-0x00000000022E0000-0x00000000022FB000-memory.dmp

Filesize
108KB

Download
memory/1648-181-0x0000000002F80000-0x0000000002F9E000-memory.dmp

Filesize
120KB

Download