Overview
overview
10Static
static
3000.exe
windows7-x64
000.exe
windows10-2004-x64
Ana.exe
windows7-x64
8Ana.exe
windows10-2004-x64
Bad Rabit.exe
windows7-x64
10Bad Rabit.exe
windows10-2004-x64
10Desktop Puzzle.exe
windows7-x64
1Desktop Puzzle.exe
windows10-2004-x64
1Memz.exe
windows7-x64
6Memz.exe
windows10-2004-x64
7NoEscape.exe
windows7-x64
NoEscape.exe
windows10-2004-x64
WannaCrypt0r.exe
windows7-x64
10WannaCrypt0r.exe
windows10-2004-x64
10Resubmissions
08-06-2024 08:50
240608-krvyesae91 1008-05-2024 16:15
240508-tqnx6ach3w 1008-05-2024 16:07
240508-tkr3mafa54 1001-05-2024 18:02
240501-wmf49acg3s 627-04-2024 08:46
240427-kpfeysff8s 1025-04-2024 21:25
240425-z9y55afb7v 1025-04-2024 21:16
240425-z4pphafa97 1025-04-2024 18:27
240425-w3929sde33 1025-04-2024 18:17
240425-ww4a5sdc8x 10Analysis
-
max time kernel
150s -
max time network
142s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
25-04-2024 17:57
Static task
static1
Behavioral task
behavioral1
Sample
000.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
000.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral3
Sample
Ana.exe
Resource
win7-20240220-en
Behavioral task
behavioral4
Sample
Ana.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral5
Sample
Bad Rabit.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
Bad Rabit.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral7
Sample
Desktop Puzzle.exe
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
Desktop Puzzle.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral9
Sample
Memz.exe
Resource
win7-20240220-en
Behavioral task
behavioral10
Sample
Memz.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral11
Sample
NoEscape.exe
Resource
win7-20231129-en
Behavioral task
behavioral12
Sample
NoEscape.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral13
Sample
WannaCrypt0r.exe
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
WannaCrypt0r.exe
Resource
win10v2004-20240412-en
General
-
Target
Memz.exe
-
Size
14KB
-
MD5
19dbec50735b5f2a72d4199c4e184960
-
SHA1
6fed7732f7cb6f59743795b2ab154a3676f4c822
-
SHA256
a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d
-
SHA512
aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d
-
SSDEEP
192:sIvxdXSQeWSg9JJS/lcIEiwqZKBkDFR43xWTM3LHn8f26gyr6yfFCj3r:sMVSaSEglcIqq3agmLc+6gyWqFCj
Malware Config
Signatures
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
description ioc Process File opened for modification \??\PhysicalDrive0 Memz.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000abb8596cc50c0546bfda6658dcffc233000000000200000000001066000000010000200000006714773e73105320169e8c030e7281f43d6d130a8432eb79b5ab0e704ce7f407000000000e8000000002000020000000500284ba4e6ce4f858e43f9f8461ed432ba605e292c72db562ed34771d76e5f4200000000a5b9a495c4251ff9b692fee45fb71f1c3714dec287764ad1c083772607666744000000085a1c08d9114a92cb529596148cca85db629ca07f6fe70c330927d9dd14d84dacb6824894c63dcb949ed50f62c2c00408397534905fcc480e312a5f696d9acd2 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "420229815" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8289A0A1-032D-11EF-AD12-DE87C8C490F0} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000abb8596cc50c0546bfda6658dcffc233000000000200000000001066000000010000200000007130231a39403c1eb138621ec3aa7b4f8dad1f74b7f2d77975d4cd93a93a937a000000000e8000000002000020000000456e7e105f0f2c77290e0747d0211b70e42086060bcf0e5d72b9b9326f35495790000000e6488899ca45a10e5cd122681d1efb290699204d52fe9bea3efc9fef2bc7968c0d1d0797e04a8cec76ed3d2f04444848c10dbadaebff28dbc56002e2d48753641fd2b03cbc1ca10f24bc5e50c514cb019382d5854efa1592bd418714a4e255dc482c484f2d326824ec0f453069a24fc183219d215cd423e460e2da2cf1239014417a0c57e76ca4509c6c145668961a5e40000000de81a12611bef64c352969bd0b14b92e726c961d978c3dd0c63fc46970dfda99d4bb6404575fae1c8e0f0a2e3eb1c097cedcf5ac811e0b61165b9c7fb007c9ac iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60c58c543a97da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1036 Memz.exe 1036 Memz.exe 2496 Memz.exe 1036 Memz.exe 2496 Memz.exe 2496 Memz.exe 2240 Memz.exe 1036 Memz.exe 2516 Memz.exe 1036 Memz.exe 2240 Memz.exe 2496 Memz.exe 2516 Memz.exe 2496 Memz.exe 2240 Memz.exe 1036 Memz.exe 2240 Memz.exe 2516 Memz.exe 2496 Memz.exe 1036 Memz.exe 2496 Memz.exe 2240 Memz.exe 2516 Memz.exe 2588 Memz.exe 1036 Memz.exe 2516 Memz.exe 1036 Memz.exe 2496 Memz.exe 2240 Memz.exe 2588 Memz.exe 2516 Memz.exe 2496 Memz.exe 2240 Memz.exe 1036 Memz.exe 2588 Memz.exe 1036 Memz.exe 2496 Memz.exe 2240 Memz.exe 2516 Memz.exe 2588 Memz.exe 2496 Memz.exe 2516 Memz.exe 1036 Memz.exe 2240 Memz.exe 2588 Memz.exe 2240 Memz.exe 2496 Memz.exe 2588 Memz.exe 2516 Memz.exe 1036 Memz.exe 2496 Memz.exe 2516 Memz.exe 2588 Memz.exe 2240 Memz.exe 1036 Memz.exe 2496 Memz.exe 2516 Memz.exe 2588 Memz.exe 1036 Memz.exe 2240 Memz.exe 2516 Memz.exe 1036 Memz.exe 2588 Memz.exe 2496 Memz.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: 33 1956 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1956 AUDIODG.EXE Token: 33 1956 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1956 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2396 iexplore.exe -
Suspicious use of SetWindowsHookEx 18 IoCs
pid Process 2396 iexplore.exe 2396 iexplore.exe 1516 IEXPLORE.EXE 1516 IEXPLORE.EXE 1516 IEXPLORE.EXE 1516 IEXPLORE.EXE 2500 IEXPLORE.EXE 2500 IEXPLORE.EXE 2500 IEXPLORE.EXE 2500 IEXPLORE.EXE 1684 IEXPLORE.EXE 1684 IEXPLORE.EXE 1684 IEXPLORE.EXE 1684 IEXPLORE.EXE 868 IEXPLORE.EXE 868 IEXPLORE.EXE 868 IEXPLORE.EXE 868 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 52 IoCs
description pid Process procid_target PID 1984 wrote to memory of 1036 1984 Memz.exe 29 PID 1984 wrote to memory of 1036 1984 Memz.exe 29 PID 1984 wrote to memory of 1036 1984 Memz.exe 29 PID 1984 wrote to memory of 1036 1984 Memz.exe 29 PID 1984 wrote to memory of 2496 1984 Memz.exe 30 PID 1984 wrote to memory of 2496 1984 Memz.exe 30 PID 1984 wrote to memory of 2496 1984 Memz.exe 30 PID 1984 wrote to memory of 2496 1984 Memz.exe 30 PID 1984 wrote to memory of 2240 1984 Memz.exe 31 PID 1984 wrote to memory of 2240 1984 Memz.exe 31 PID 1984 wrote to memory of 2240 1984 Memz.exe 31 PID 1984 wrote to memory of 2240 1984 Memz.exe 31 PID 1984 wrote to memory of 2516 1984 Memz.exe 32 PID 1984 wrote to memory of 2516 1984 Memz.exe 32 PID 1984 wrote to memory of 2516 1984 Memz.exe 32 PID 1984 wrote to memory of 2516 1984 Memz.exe 32 PID 1984 wrote to memory of 2588 1984 Memz.exe 33 PID 1984 wrote to memory of 2588 1984 Memz.exe 33 PID 1984 wrote to memory of 2588 1984 Memz.exe 33 PID 1984 wrote to memory of 2588 1984 Memz.exe 33 PID 1984 wrote to memory of 2600 1984 Memz.exe 34 PID 1984 wrote to memory of 2600 1984 Memz.exe 34 PID 1984 wrote to memory of 2600 1984 Memz.exe 34 PID 1984 wrote to memory of 2600 1984 Memz.exe 34 PID 2600 wrote to memory of 2536 2600 Memz.exe 35 PID 2600 wrote to memory of 2536 2600 Memz.exe 35 PID 2600 wrote to memory of 2536 2600 Memz.exe 35 PID 2600 wrote to memory of 2536 2600 Memz.exe 35 PID 2600 wrote to memory of 2396 2600 Memz.exe 36 PID 2600 wrote to memory of 2396 2600 Memz.exe 36 PID 2600 wrote to memory of 2396 2600 Memz.exe 36 PID 2600 wrote to memory of 2396 2600 Memz.exe 36 PID 2396 wrote to memory of 1516 2396 iexplore.exe 38 PID 2396 wrote to memory of 1516 2396 iexplore.exe 38 PID 2396 wrote to memory of 1516 2396 iexplore.exe 38 PID 2396 wrote to memory of 1516 2396 iexplore.exe 38 PID 2396 wrote to memory of 2500 2396 iexplore.exe 42 PID 2396 wrote to memory of 2500 2396 iexplore.exe 42 PID 2396 wrote to memory of 2500 2396 iexplore.exe 42 PID 2396 wrote to memory of 2500 2396 iexplore.exe 42 PID 2396 wrote to memory of 1684 2396 iexplore.exe 43 PID 2396 wrote to memory of 1684 2396 iexplore.exe 43 PID 2396 wrote to memory of 1684 2396 iexplore.exe 43 PID 2396 wrote to memory of 1684 2396 iexplore.exe 43 PID 2600 wrote to memory of 2408 2600 Memz.exe 44 PID 2600 wrote to memory of 2408 2600 Memz.exe 44 PID 2600 wrote to memory of 2408 2600 Memz.exe 44 PID 2600 wrote to memory of 2408 2600 Memz.exe 44 PID 2396 wrote to memory of 868 2396 iexplore.exe 45 PID 2396 wrote to memory of 868 2396 iexplore.exe 45 PID 2396 wrote to memory of 868 2396 iexplore.exe 45 PID 2396 wrote to memory of 868 2396 iexplore.exe 45
Processes
-
C:\Users\Admin\AppData\Local\Temp\Memz.exe"C:\Users\Admin\AppData\Local\Temp\Memz.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1984 -
C:\Users\Admin\AppData\Local\Temp\Memz.exe"C:\Users\Admin\AppData\Local\Temp\Memz.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1036
-
-
C:\Users\Admin\AppData\Local\Temp\Memz.exe"C:\Users\Admin\AppData\Local\Temp\Memz.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2496
-
-
C:\Users\Admin\AppData\Local\Temp\Memz.exe"C:\Users\Admin\AppData\Local\Temp\Memz.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2240
-
-
C:\Users\Admin\AppData\Local\Temp\Memz.exe"C:\Users\Admin\AppData\Local\Temp\Memz.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2516
-
-
C:\Users\Admin\AppData\Local\Temp\Memz.exe"C:\Users\Admin\AppData\Local\Temp\Memz.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2588
-
-
C:\Users\Admin\AppData\Local\Temp\Memz.exe"C:\Users\Admin\AppData\Local\Temp\Memz.exe" /main2⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of WriteProcessMemory
PID:2600 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\System32\notepad.exe" \note.txt3⤵PID:2536
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://google.co.ck/search?q=minecraft+hax+download+no+virus3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2396 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2396 CREDAT:275457 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1516
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2396 CREDAT:209943 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2500
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2396 CREDAT:209963 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1684
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2396 CREDAT:1127441 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:868
-
-
-
C:\Windows\SysWOW64\notepad.exe"C:\Windows\System32\notepad.exe"3⤵PID:2408
-
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4fc1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1956
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize1KB
MD54ec20346a7b5dd75cfde7b15df208cf0
SHA1517b437fc42dfc6e2f0d055dc678a0c080d47a0b
SHA2564e3ee32076baf8538d9b9473169229647c419aa92f4bef71fb12fb714ac4e77d
SHA512dff871a49c68eebb57eb5d21c197c5f47adc2444edde5f9da25c35a91519747cdb07aae26adfebcf0e48409f45ed8e040ec1c777910942aa7c18268bc6bcd7d1
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize724B
MD5ac89a852c2aaa3d389b2d2dd312ad367
SHA18f421dd6493c61dbda6b839e2debb7b50a20c930
SHA2560b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_58CE33FE794A546ABE22647AB5C8AA99
Filesize471B
MD5bc43f7d8588cb0093321be4a04a3037a
SHA19930e37d4c58310ea562a9403ee858c84ac870c5
SHA2563359165a3908d8576f6132b3e8b70dc0d08c6d4b3a6e4217c0adeb05dd1c4a7c
SHA512188559e47ffc97ea0fb2ea3b0aa3f771debd6fcf021c77711d2f213662043a43223d81f62af6aa5c89373a87a6b4e2ea50207f95045641e75360317bd56507b6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_E52F12F30DE193E10231A582710DFC46
Filesize472B
MD54df4254b42da108df7c1cb3a33cc8ddd
SHA1c35a314eec69da5b6e217d24885b8455cfc87bcd
SHA2561d143e54529f08ee7ddb8b081da329202d0fd7fd3ebbd707e5a4caebf40b1d84
SHA512a9f7addf795cfc4a91b61bdfec447ad555bd95389670be91bbafb96cf0c994e4cc6a26d37482497002a04f94b2d102df87da393358afdbb1fcc4e73cc1833fec
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize410B
MD5785f87c4d007c6fdc2fb3aa5eeabdd2a
SHA1459a67d6b2edbe6bdbea66add75f9e5c7299f07a
SHA256ac38e2c19e7e15765110c458d56f03313715c210842ddea4d2449263df91812a
SHA512fb3221eb41626ff8966a7794c6163e1d3b1073f2aac92c8fcd66150e6d6f37a512efb2b936758dd88bed40db2c470db06b7a48849dc442bb1cea99b2194dec28
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize252B
MD5a47c88ec1a1f724310d3ac4b1361a2b2
SHA1064744a959010e5c25a4a300ae3273747bf034fa
SHA25639ca9f250f70711a8456ce72ffeead94a69f7e8f448b30dba33f7d638db61f71
SHA512a1c7646c084649e0f631674b564a1c83675c11ef3276ce09a4ad15ca9f5f60ef6d7bcfcb93ef58992b101ecfa58807696c0359d24fbe01166c5463ade644f506
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e4aba5066664a1f897bf07137a333cd3
SHA18df64d774e5bd236ed8bc5082d9590c2c9508b07
SHA256ff44ed68e8e9da71a7fe8cd75ac6bf02150478ba82771b823b855421360d8e3b
SHA512f41c232c9a75dc5636dfc1e77b005dc9b608fef5594bea9de4ce779a265460b0c8e1955aa4ba1414770d616136312200511e5f85f7d3a1a5be7be66a30247d98
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e92c7a5df6e220ba5a3f795c021fc654
SHA165b97115f845dacab4823b4ebf18aac4e3c4a491
SHA2565d61d6797257a51380a2fcb6fd289aeecdb4687ed5f204e5857a4107939d1bce
SHA5121981880c610c5017edb39537aaca310dbf7b205ade3616c8493f427745a855f7f3cfc1203b5aef13178fa64128fcae86302d4255ee24c708ce75bebbdde6672b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5d41316c33d1ad2e420016219f8793fdc
SHA1a47af8fb9084157761555cce6b68fac1d72b73a2
SHA256b7aeaed471193d7fe4e2a0ffc6bc113c0b17cb09ee5edb171f5091247c3e7b3a
SHA512a7bdabcf84478905be641c9ef50daa1c7d2a6cce1f29748650f3a97578a58df14e0e7c002b1e71b3e698a136adb0ad2dc9b44892a4d10d7bc894aa9fca23bfe9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD56698f6874d71b37957a7825c61a64cfb
SHA12fed3de1032922f3cca82c25e657f00aacef5fd4
SHA256f07f3147560cc3d2e388683978c9adb14ab88f1acfb5008cc243f02cc4a93cf1
SHA512640d1c4cb472760f1436259e60df7566a981364e84c5b68eabd4c74ee5ae72889cc5ea83fa6f721d62d8b125c4c0b6de9bfdcfc009557d9591b6538e4dd9f1ae
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ff7fb96d1d6d931ca5e185a2c1c41942
SHA19d094ebc7dde4e67402181c1c992707b3aa6ad7e
SHA2564ab681e137ec913970fbac342676cdda50ede2ad908de267f847f45ae34b2a18
SHA5122ddfa555e0e0a7529896948ac816fcb0fd67a96db380c9a686f9da924d32bbbd7d97453967e9a134072068a6f2f81c8ede4f336df11f5b8abb7f84556ae43e62
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD514d6e3fbf77e3fd8d9fe01c964ede522
SHA1c2970d66cfd8814ad57b6e02c32afae75d30193b
SHA25603993676ebf8bcabd345351f532a2222540df05340c6892d537b3c996fc332f0
SHA512b753ec38d39683dc0d2292042bca99094b034d3372c6977bc095ecf977ab062cac0d806893a186b7ad8df94439dcc19790760ceceffe23f8e7a45f3582167cec
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD59d3442a3671eb921d76a365e12eaa11a
SHA1cb9fc056a18548dd0292ab8c88748c1632220c9e
SHA25696c51ee78c355a65fa00b92408e55082040b1c00e0b52a24c20a92ea607acb36
SHA512320c0be8318d884ef568bfa55a851f88853def59b9109da7dd4a568349086a6bd967948a8c4bc4347a2a29a9af0acbd71297e4f2321699cdbaae3177d21f6b82
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e3ca02d35cd00498ad0a6fa9bec34cfa
SHA12c87ef590db1f8a317f072b7dd0e10b7ea281661
SHA256247a34742bc79245d9ed08783e8fd9e8864c3f9017087086093abad2345c9fa2
SHA5122352149ef55625aefab6e0e2a5aa0e1cd0b2ae56b20103252ac95483add7e37f205e73d63e5c053c15a872082448843e595f3f51b91aef1e0a76dfcc43206ff9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD511b0eb7e95942fc4377da5aa431f67c1
SHA156c71c9113a6ba5af4be5656f508e65179f8c9db
SHA25613e6ae44748d8b1a3916d1f472ac09b638a4a79ebf2d7cb686ca6655c12eea12
SHA512c16495d2f9764f325cc36ee8569dc9ac8633f3f5197429249bbdbc686b3b773df8e3ae5a805996baf2614119538ad6307b1e62347059ce959e749e6fa295fbb8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a262ca7f7f7c3bf2456e2d5e86b11bef
SHA129e4d3de20606cb765b78a5a50d34a9ebfa1b3e3
SHA256b1bbf57ecd6a4845c7e178d2538a38ac20d6a911ff1abae58cbf07a8d092130a
SHA5127b607e735bb470e0c04fb2dd34f71e04961a276622a251df51969db969ef3698cf12f71f32bc5d6c7721b9262c3620a34c085d371b0ccb13879d28420cd23883
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ba27ab4947614a773ae04652a65372e4
SHA102edd065ec257c1472a7d88a0a9c088817f59c72
SHA2568a7796c0fff6b8748d713bcfe22a516efb9239a89c082ce0f86b87a933c36937
SHA5123afa22f520050d08bb041eecf5baebb712ddbf618fada2c802f3f2118cb54bcbeed9a686a2f615c113bc801321689119f85dc24a25e882b324b9f6ab3c178bb4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5067570b51eec18a5b8ec8cdd0795be6c
SHA128f8c001f32860f75450b1812150f184b2b0e86b
SHA256cda896d2706fbe196d794a8cee4eb53b2a1f61368ff2437ed27edaef8ad4f66d
SHA512500078e5bcb7d5868ff18d16a8c94e1317567772dd2f1204ca675028a922fc3f7b0672e415c82e14c6fad7ecdd1e7e0d73815fd0ef01a96b25aec51f2bbf0024
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52cdd13d98be7aca82518dad5f9cb542a
SHA1db8f94b558cd666de2636f07ea547c6be6a67795
SHA256ae740153cb2c8de2bdd7f11ddf3d3f7619bcd64a3eca9bd82ac559ab6d142703
SHA512d75a1526651e5321bd9b85101b0b79ca3f36c847df5afcbc2df873ba47774644a7993e9104f03eb3a044679c498dc616a90ac46f80d81c00eafeffbc0f7e6dac
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD577fe4280e9ae0c53ab1846635940a106
SHA107cc6ef8a8858b175f4f4ac28d44462a999dcb49
SHA256faff4d352aea693ef3405758cae7761dcc0c038016db1d280f2548b7031543ea
SHA5122494ebd179306a6f50c329e277f577bdfef9f379e95816c92f9d141dd7b52f680e6123b2e8d8fc1ff134159f52ca84b118bf8f3a5a0ceeba71917514d47117d4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD542a6c13e15ca52f04d647493a6d404b4
SHA12e33aef3d346f6dbb06d173158115ca95b6bbdde
SHA25612208591bb697b329b80e0aefb68eeb6bb9aa37da97e34622b3d04570e3625d2
SHA51250bd473880dcc8da1224614670a9f1648090bd1aa6af323078c49858fb8265f803720273332e669ddfdacccc27a16a2eea0808de941c7891053b4eec4c595dc9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55f6df75e728f566be670175105478e0e
SHA1d2ab0083d8f153fddde76f30c05d448707a756db
SHA25619ddec4b0654c7ff90abddf767672b1ae856fbf175b989cfcee82dc5ac6e9cde
SHA5120e4ff84e2f17e6e1bdd96407c49ebf8228a8ca865739ffcafc1f8d41277ed1570dab6e93a7eeff4b2f740e124ceff9172e72682d3731f6c31abe25dff440788b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD567d517ac9ef56cba51ce8fec854cc6fc
SHA16e1db6f041f5cb56c2e2134a90b3f9d0fb895036
SHA256e0d321e8b3cf5a4bc505c38dee057492834c7f288c9b2058ec5ab74c370cb158
SHA51262662e0f751030920f0a4979ac3e3d67b840b1f5505ebc42201f9ba51344ebf723b91ff19b95057a89240e8bd7370fb172271b9b5ac0d636410abd18681c7241
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5aecc67368af9020b2f613f543edbc309
SHA1240216ff0d126883230ec3ba5194e6f3957dae2d
SHA256db571beee217b64e966fc3d6c15efcb90f4e16eb311e20e2bb1f19700dc21a14
SHA512f0c042a66d441d6f831cc4d5d9db679eeb6f941c7c346be2e7f576d1e424e19528efab6760b625dbd696038d4504886025505a03592acf8818363fefae3af413
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize392B
MD5cbd19803117d2439883c5ed3507f404b
SHA1d10a44273ff23c305de879a820bf2a53633a09be
SHA256a918dcf17ee65608052f8e8486c0d29243aa93afbdff61990deb61da64b34282
SHA51229628eea66be8cb27ba262fbce8c4ff0704d23bfb256931f62f4323ec92f680681fb820376188518f3453425a5937965f9a4d3d71e24d73f674c1c0028934654
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_58CE33FE794A546ABE22647AB5C8AA99
Filesize410B
MD51fb9bb2abeae6cf161004f66b1336428
SHA1eb9a809ac2b9654b5f5165ee05f511f71e00e35e
SHA256b27d2fe5f769035d3b1680393ecae3698711d0a8bd26d24c6822bec8c0794098
SHA512c4fd192cbda7893a2a0347c19d2a0de6516cf27c2eaf0c9fc3ce67b25497d03b9feacd8eee882d744b74f785ab5694bb70407d8d0bf5c06656ea8edadb1e7a26
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_E52F12F30DE193E10231A582710DFC46
Filesize402B
MD59e6e92f99d6e8411bc6452de18c4cddb
SHA1efb64d5409649aa8682fa35b8464f4c51b25678e
SHA2563162c94acef8326d7d15a0484cde1dd88c5fabaaeeb8671e0f9658312aee9b6c
SHA5129f33ef7d0b32a46aad9418da531cec33d30ce40396a7d56882214847e2d447279b5646f7f259bf5fd238f3d36645aed6b24929635c0dcfa6c8d8d5c7728060dc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD569dcd3043dd906ae9168c81739aacfb4
SHA134c0b725fb609f989d77a0a37e3f2e2ed48716bf
SHA256359dad76b386096fa59e57be0517bb5c6afac4e892c7c66beadb66a6b5767913
SHA5128d64fd3675e3b5dac04be55b82ad36c4a43b80da59a911efb77b4a6cf7ad4d9b8525a03f81c3ab43abf3149499b80c34b19685a6562584ec4f1ed7b6650320aa
-
Filesize
5KB
MD5c16a7c94d048b7be9d00b35814f1f705
SHA107771a1fc80d346abfd68aca8306cfdf19e58454
SHA2560a153c1bbe1b78a0c999f00db3d0cf03460e51ccff90fbfef277e90b65f151b7
SHA5120537db183784807b20e8419a85a2f0fa9016bdb844288af84caefee0da1d81e4ef22acfe44c4f36ba3dc8c8ae3f6336fdffa32f92e1b31d51650d487cbbb8557
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYNL6UIN\favicon[1].ico
Filesize5KB
MD5f3418a443e7d841097c714d69ec4bcb8
SHA149263695f6b0cdd72f45cf1b775e660fdc36c606
SHA2566da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA51282d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a
-
Filesize
627B
MD5ba20e1fc7a67c925ea02f38f08823c5f
SHA1e7389289b4ce34e23b10e79c25b1c15569d5b127
SHA256a171867a517db151b308cc0563c7d5def4997203329eb755e81c914067c9cdac
SHA5127320a95bd1e9f752a6241e8b818092d9ddcd348e278b0554d28128ba851d60785240423db8bb8fc6fad7a44103f70ee4e7e3974d1e5cdd51b64f99e4aa8ad590
-
Filesize
621B
MD503ac9fa42aea214d3dcb228b97c8b857
SHA1fa55ea6b80f52d217d721d53be1ff1172300ee99
SHA25629365cd7d41ca5620a968af34f749a1225896cd8129464beaff0f055cfb33ea7
SHA51298910250b6c2a17a53b4a97aaa914e15d3b486a8b74a4f5cfff6817a0855e8598674bcdff4dfc8399dc6cfcbe0f4e4e4af64ffbbcc15ed033ebbc5df2fd4a8c7
-
Filesize
629B
MD57113f812e9f0680eb6a6294c75fc527c
SHA1aed81a8c1d106fdceae6f90e81a33dad923944ed
SHA256ffdbf83b549e5d984321a044b5df6044517e77682b411c55e88d767c45a01d08
SHA512b240175ce71cff7bb33a252fe76a1c5bf8d744ebb37794ea636bef2ceec8a3224ecdce26f56df60b924025a4d05795c311b13b282f91d9612e7509b95747a87e
-
Filesize
218B
MD5afa6955439b8d516721231029fb9ca1b
SHA1087a043cc123c0c0df2ffadcf8e71e3ac86bbae9
SHA2568e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270
SHA5125da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf