Analysis Overview
SHA256
bada63237016ce4e5bf28c2efa620430b4c0ac859f00f4996a6a4a166e3220f3
Threat Level: Known bad
The file Cutor.exe was found to be: Known bad.
Malicious Activity Summary
Lumma Stealer
Checks computer location settings
Executes dropped EXE
Enumerates physical storage devices
Enumerates processes with tasklist
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-20 01:09
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-20 01:08
Reported
2024-05-20 01:11
Platform
win10v2004-20240426-es
Max time kernel
104s
Max time network
106s
Command Line
Signatures
Lumma Stealer
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Cutor.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\223162\Journals.pif | N/A |
Enumerates physical storage devices
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\223162\Journals.pif | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\223162\Journals.pif | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\223162\Journals.pif | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\223162\Journals.pif | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\223162\Journals.pif | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\223162\Journals.pif | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\223162\Journals.pif | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\223162\Journals.pif | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\223162\Journals.pif | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\223162\Journals.pif | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\223162\Journals.pif | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\223162\Journals.pif | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Cutor.exe
"C:\Users\Admin\AppData\Local\Temp\Cutor.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /k copy Mountain Mountain.cmd & Mountain.cmd & exit
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "wrsa.exe opssvc.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c md 223162
C:\Windows\SysWOW64\findstr.exe
findstr /V "mjscheduledkindspsychology" Roulette
C:\Windows\SysWOW64\cmd.exe
cmd /c copy /b Bone + Personnel + Watson + Describes 223162\O
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\223162\Journals.pif
223162\Journals.pif 223162\O
C:\Windows\SysWOW64\PING.EXE
ping -n 5 127.0.0.1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | NQjeNdVADsUyMtAGmp.NQjeNdVADsUyMtAGmp | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | employeedscratshj.shop | udp |
| US | 172.67.186.163:443 | employeedscratshj.shop | tcp |
| US | 8.8.8.8:53 | sofaprivateawarderysj.shop | udp |
| US | 8.8.8.8:53 | lineagelasserytailsd.shop | udp |
| US | 8.8.8.8:53 | 163.186.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tendencyportionjsuk.shop | udp |
| US | 8.8.8.8:53 | headraisepresidensu.shop | udp |
| US | 8.8.8.8:53 | appetitesallooonsj.shop | udp |
| US | 8.8.8.8:53 | minorittyeffeoos.shop | udp |
| US | 8.8.8.8:53 | prideconstituiiosjk.shop | udp |
| US | 8.8.8.8:53 | smallelementyjdui.shop | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Mountain
| MD5 | 1f442fb73d09d937f6bcc25652658aa8 |
| SHA1 | 7d47f3e5573bf12843b9fb8df0a7ecdde10c9dc7 |
| SHA256 | 9b66a4edacc06979e23b7a267eb01e704710dcd2160ac6df16fa2823b1fdf459 |
| SHA512 | da8c9bbad6be295b3cde5f44db858d2b5a03c2acde0f9f9b582ecb7203b77853916d9d22ebb2056e53d96746e9f3dd7e89616d6cca01fb39744128e4fadac1d9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Roulette
| MD5 | b307bbe071e0eac1ef58ae91b18f9756 |
| SHA1 | 0ad6b3ec67d3393ccf7e2921273da467fb07748c |
| SHA256 | c016da1246b29af5e0b39e560c2ff04970aa5811daf59de3325457aa277f3b4e |
| SHA512 | e4c5739e03fc24abf1a3afa0852157809fb80e9d72732c3c7a2867470dd81cb41bad22249fa78a0dd6333bb2d8629d29490e3407f12c180684fc6a6be0496b54 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Oils
| MD5 | 073f9e2c594b99cfb7ba3880aa680f20 |
| SHA1 | 84e31597a55f99f7e9322353116c2168ddbf3e9f |
| SHA256 | e3446f9e24cdc1dade438588b8f6a82b5d66baace47736bfc21212f05d83254d |
| SHA512 | 7cca73ff39e3c24f281999a1f9c28609c18550af3db0ba5d0bea74aeaa6d570737d9bbc01f3a89de5d934cf8894e75fd81832ac39ae3d59659810e41f5113fa4 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Sperm
| MD5 | 8b7cd805746dd7d542f11521108000cf |
| SHA1 | 560df5a1f4cf97c1686235687082ca84dcc09238 |
| SHA256 | 7ea7b24c9a43fd3c499254e03b090d3ae9003f4ec7069519e2b88a79cca5e410 |
| SHA512 | 8a5225600e0dd9cb9a8d31d67379cd865a730b0802f83f336f30945bea42fc008ade55083b5ddd008d34343c5cb7bfcbdfd9bf8aba27f87865bac50d595b26c7 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Arrives
| MD5 | 473722f790596c4d6b159fcd8a4dadef |
| SHA1 | 20271a29dcab261fee279401cba6b0bab3dc2ef2 |
| SHA256 | a33baf56fe478318a92035b652b7a7a63721aa119b355fb07e4c2bc3c405cd54 |
| SHA512 | 338337b9d4645580816abb2a042e2698b2cd698d36475d66f88ba461a6d51bc0899fdb36acd3bb944fa35aeec4d3d816eb386e2bc87de771527da415fd89c194 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Price
| MD5 | 39418d72162b9df1140a89f2f76305a4 |
| SHA1 | 632d7ec32c9957e6ca6189dbc7336684c38c5c95 |
| SHA256 | 01fe66fbc940d38ed886c76d4ebf634b94a20f51c074dff3f79994fb0af5fda6 |
| SHA512 | d88a5ba614f49473bbc0a2fc4eb3d408a78396467c42a6d525304772266c8f01d0bdfa27fc9e0a8373d02e97d2b8662c1e26d9e5d0b98cdc2ffbf7ea4c5ec33a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Return
| MD5 | 8a1020709bd28304d685a6f2bd995f10 |
| SHA1 | f9d5fda4d34eee658b275b08ff33a82a4b29173a |
| SHA256 | b675e5376289d1b683b513d0dc51aef7441d29467f31ffa63f23c8ce7c0b530e |
| SHA512 | ba74fd5d9630d8b6a5177454025123c5c4e5fc486a73bb6734f2de01a308610b537ffa7a063642187dab68fec3a9908fc1859424cdf735007bbd8aa8687f462c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Immune
| MD5 | 45ceb552adc3a75aa55a5d7d78b8c0d7 |
| SHA1 | fc584a0cd566842eb236c9c3b2635d2d4b97a5a9 |
| SHA256 | dd816a6509a6845e44384860fda4dcad095fac1fb9fdd2e8cceb74fb224dcc91 |
| SHA512 | 39bfb1470e2cc31127f654a07a17827ba19d6aed1c6108a27dffb8d2bf00ccad8124417f662fe714a30461147d4f860ea97f3e45d26c3df5aa266774a73f82e5 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Corresponding
| MD5 | 24f764a45140ae61b291022b188cad50 |
| SHA1 | ff59085b23c849d589360dc19df2aa82c5032bd0 |
| SHA256 | eb85a752452828fe7e83d18dcaa80fdd81b416a3cef1429a8765228bf889738e |
| SHA512 | 3fd4f1e7c9214687c99400a951101c194067c01fb79107a3381d5c122900571b0a064548a4f9065b2dc14dbe01b8bf871afc860123408ade78a52a22c28bd122 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Spice
| MD5 | b06d471853c6da37b444d76be3b6ecfc |
| SHA1 | 8c2a438aa36f0d8f1cec0b31da0a29b14a812497 |
| SHA256 | a2bd59c5f2c04de8d9c33bdef220d6f4a187cd81079cf0b2c93a56fa941d707e |
| SHA512 | 654ec116606ed2c6d93a3b769efaab8abcf5510d9b8f3a72af127badebff4d5bee089ce4439cef37e8ec5cd758698978a9674d72b94a309a04096d8402223179 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Blond
| MD5 | 499020d7a6695730ade820ec473a7014 |
| SHA1 | 8dbe5dd49c6b527426c41eb8f75c66cc525e8d07 |
| SHA256 | 7b6044b2f019eb7161602f2b177ef387ea22a5fd498f2262e671e6bf1c0418d5 |
| SHA512 | 273c79a06188de53dfeeaad4ee682ffd6afdc255b28df77e867bef2ddfd44528035cd61732192d7cd76359ac71b9e08c4a3cb94368eed8dd07c5a208c74f54da |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Scientists
| MD5 | 0e5323e41231d475a85eb34008564de9 |
| SHA1 | e1200348bb64a087bca0a2dd98559455f506c1b7 |
| SHA256 | 586162f22f885c94ee84600d8f7682b71b0808473d8eaa43b3215ba110eea9d5 |
| SHA512 | 783a80bb025cde2c408cb70e84fe8795955fb6553b43c89f3c5915194e4890493aa1069f3bf055ae2a52837474c31eae08b7839d7b109b3d25012199efe8d647 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Principal
| MD5 | 0177f90b037f9f9ba5c331a8d7d7eb59 |
| SHA1 | ecb1458679725cd7c05c3bc7f2daf00970ffc44e |
| SHA256 | 7a75623c96b9700b77159cc729b105b127673cb326dc95d124d9e6da1049305e |
| SHA512 | a9907c2a3688974e595eb48b68e95b857450f1995852c08b322ae38f902cabced37ffb254d8b8dad6a301ccf50cc6bf7a8c9a0dea95213b1c728d6702bb14f46 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\K
| MD5 | f9596ddb1d9b538409e412b39569212e |
| SHA1 | 99de9993abb4c4480061a00e3b7a7e0ec9c18efa |
| SHA256 | 8c9328d2260c23517a1835f80946bf9e2e21db5265905484e0ac4d8b888a6162 |
| SHA512 | f2fea44814a21507108169f82222a8725fe464c28126edb6edac227f138b406af0d7a19a69738ed3dc7326a44432d93be5124eaad2410c44c54b1e61dbef1afb |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Coverage
| MD5 | d51d5baf2c9751a080d23ca1d67fc877 |
| SHA1 | 4e03ddd85f9a93d666093fff94296a1e8119b492 |
| SHA256 | e66104a1f8fa1926811e2c82f16a415584732d80c984bc95472d26663355130f |
| SHA512 | 048eabdff052549ea0005096109a155e3cbb3cb55e45e7a6b4813637b7390f56f605083c352ad01171c275e1e8a1305d1ed4bc3dd62af15bda2e68bfcceeef85 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Spots
| MD5 | 6534ef16cc3db989801dab27ce49df95 |
| SHA1 | e2df162e54d2a601ce6af9af1ffe7e0b8dfd5fd6 |
| SHA256 | 3152a116e9ad00bbd28af33f9f90c18e7703b9df822fa6af720397c3f8ae6e79 |
| SHA512 | 17174c0412df108cce6efdf944ccc334d699cee8ffc1c42023d25b235e1460a7e329cc453c35b78e19a827a13e4b62ae121aba7dcd71bf6c5d1fd4e3716642be |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Quotations
| MD5 | 2d7d4d7423acbccfce375010af3bfe95 |
| SHA1 | 7164bc8fa3a08eaccb1441ee00dc0df595e79e35 |
| SHA256 | 5098e9326c80f53dcafba899fa500a68823d33df64c9641d2b7b4b3551af1b32 |
| SHA512 | 1c50f366c452dc84aa42b0c69e90b4de97942869da4f465b267a81af2fc37ab6815d2c454038861d38105890fb3962f0f50365cd77dc298c1609377e5349aaec |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Aspect
| MD5 | 156462caf2897d681dad8fe61d1c7279 |
| SHA1 | a7ed61c1abf6256a339247d5212624d06497051d |
| SHA256 | a4d6fcc99632d1ede57a38043e46f4a0e6d60edc10d388acf47de7f186810d6d |
| SHA512 | c09be41bdd19d22dc9d7d8259116a1c98f5a37819ac4ea45b4230ca093b34784f397d523fc5ae5f644aa3a35750e0c570af01ef94d34b060da5d18c19a30fd67 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Walls
| MD5 | 84d1975124695d39a9ed377145e65ef7 |
| SHA1 | 5cfb122165e5030b6f42442f4d843017de51ebd6 |
| SHA256 | 910a7915baf6b38abcc2346b6d9aca1967c62d6fe6276474e779c376984bebda |
| SHA512 | f658e2aad732bfd898252029ad928e623a2944f38ed4d2a9f24babc6f6c977c44d168477e51b9b5d9cd4fa5be962b516c7f9b71551759791774a700355f4879e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Kay
| MD5 | 9e77f9fc5c1bbae0ade16a1dd8effb21 |
| SHA1 | dd769a5be09309f4f21e06d04d68185d624195ac |
| SHA256 | e3e1f7fb978a9ed404525039fafaf519f0d414a44ddae7e3acd92ad3d3bc11fa |
| SHA512 | d04227ffddb76b7ef4e311096ea192252c53be5dfcac97441cddd7be52d056a6dcab4be594ef4d40ed10b45dc50c0f8ac6b0db8dad4a375baa7296e2c15b13d6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Wedding
| MD5 | a6916adaee9f6cd664646c133fe21adc |
| SHA1 | eec52f456e83c3e1bd3cb44078fd626f1595285d |
| SHA256 | 921695f853705f15c057ee9bcb88163143430f5218eadd65ffa685974bc239ba |
| SHA512 | 89c27fab7e1fb34deff313fcdeb3071cf38c3122217fbf2f7adc85c1a6ace34736c50cdaeb8d39e1addebc534456ad346a3892c6c2d63ced2ef53284790c79b9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Demonstrates
| MD5 | e08e5bf768a64fe55414a7efe75bb98e |
| SHA1 | 1a4131e823a04c34bb877e1bd2da4747f88c36e6 |
| SHA256 | 5f9e851b902ead6c553929b0747a2e4038c0d47a1a9679b0e66186fcbdcf4145 |
| SHA512 | 920c6db4296d4384d9368313aa9d00d93da69305836cf497bfa864f5907f892b51d6917bd20cf881ed91ac08ad2f3d7768f6dcaf29a4c0c62c526a16eb1653d5 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Rich
| MD5 | 2c56890263ecb94d2205c8f3fbff85e4 |
| SHA1 | a76fa63a6705f9def165271e85360a44c9a30f76 |
| SHA256 | 7fccc2c8e04bcfeaf347efecb73db0f2d59ecc961e09b789f5e672148142a01b |
| SHA512 | 9268d4256566239e1bb557098cb5d00de1b7b4298d00bfe56bfccf3016c8f6ba42921bd182fe744619a6876a498117eceaf8a3c0db4bf6f90026b614e7f0b184 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Wed
| MD5 | 40b80c470cf945e5e6c9a00a42ee88e3 |
| SHA1 | 5fe2646ab8100f8beae82c5492d70665a912f1b5 |
| SHA256 | cb7045844af5ed931d7359025b91defd249491b9838ccfee52f8845d582d6076 |
| SHA512 | 678b0248cb9e676979dfb1b578d9e8cba412d9e10dcce5937df1c52340c549e2e8e4f3cca5f052d9538f1072c46e1a62628da3e6adc28f51818b6860f669d417 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Sale
| MD5 | f60ab8cf18169eb48aa133662c841964 |
| SHA1 | 7eb62ede0f1080f08455c4a3752eab265cf9cc8d |
| SHA256 | 438eb080850f59ad18a338d7d2a5e2d495c7f58370366819031831a6baf2d1e5 |
| SHA512 | 0f9c1c5921a58675a6502e148ba997d6852e479ca8690f274017e85cc91bb1a378bf53c4695a0237b003051e5cbe48fc6c611e8555e0970907d5925c18186349 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Provisions
| MD5 | be14b60d3523be659afe7c53a2a9aa49 |
| SHA1 | 299a05f78861186ee0c74855f790446d72a25c83 |
| SHA256 | 20415ec7bf6a4dcbd66a4b5cf66767adfcac2a59c8cb1327feee264ef6d683c3 |
| SHA512 | 296e5df4f94e3b7f02f6943fa80f35dda72951e64732e60f913d7560e6ffb3288c4c3f388c6fab505479114e163f5ef360828dfc66ba3510d6c576b2d71c4ffc |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Referral
| MD5 | 4cbdbdebd19893c381833152e5e19e56 |
| SHA1 | 2169c833e64ac99c3bfc03747b97e6a44dd55d8c |
| SHA256 | 03030ce5872c5919ebab051e61af997c80465f002678c50af377b016b65f2645 |
| SHA512 | 7779e03a9a1ef90134778a9df83229064c0fa6c912ebf62183d5e9af7d5d21767a90eef0495608d832f40fa098692d32d22243bbf4aa892d6e8ae2d3c0d6b74e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Following
| MD5 | 82d51a65bbe96f2f9e8e7b6cfb333282 |
| SHA1 | e8633d184ee93e8792c3ea8b4c1563a126d2dbfc |
| SHA256 | 654f10643984ab084893f728bf2e713a432a164d97b29e718dfd018d2acece7a |
| SHA512 | 782b892afbc79ccdfecec5072a96e209b6097d116401fe648dedfad06bd7117011af2fc4032976a0b3c6d5e97f29eb2c34e54020dc0bb8c60fdc9596d1abe46b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Sucking
| MD5 | 56938cf26450118dad55a15254f72f97 |
| SHA1 | ed5a4bb79709dac97dc477fa1d648349272aa7a5 |
| SHA256 | 6540e092e2faa60fe480d81d59e34dd88c13876bef37830e2206bfb59ce9132c |
| SHA512 | 5dcd81b1ce7c59cf02e0cc0981d39d4888da6a7ccb0c818a095a4ac9244fd01a78d513198b04b4be867f2574c26bd17b450da2bcdcc30dce9a3de4075f9bc682 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Bone
| MD5 | 124e240a6529b61f018b30adac17553d |
| SHA1 | 950077be632fde663aacf7636a0ece5c918d2f63 |
| SHA256 | 70e4f36876b997f504b67027be7bb02d9fb5faecf014f603cbe7d5e640631994 |
| SHA512 | c57ccf9cdcce52cc197fdba2586e9e924823b74cc8491e1cafdf9d74069aa13d4a5dcedaa80804456885bb9fca7ea8beb4a5ebe1ef15c0fb91f5fe127324ab8b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Personnel
| MD5 | 588fc6008acff48bb6638695bcf6f1b0 |
| SHA1 | 9292a8d099705f171df67fe90ee89bd856abf5df |
| SHA256 | 9c0eb0254a68fd60b04489af0bd9615d91a6c1c189af0c457c258c886afd8931 |
| SHA512 | 1068d494de53e441ee7e89c29062acaf6f966ec53541c0dca79f7660b13d0c7f40c04f17c23928eab548cb5700123f94b60f90f9b9ecc3e35780e3fb9877b804 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Watson
| MD5 | 7aa422834f47f989ad74fb8a87de4225 |
| SHA1 | 5b94537ea7df76b5b6a70aab1078623198ec2d2f |
| SHA256 | 79012da4bd552682d1635fa3fa33209f75bf059c7f63c0ab727ae72fa92f1332 |
| SHA512 | d1560c003880da5a030107030504cba01efd0829e5fbf24037145b131752b91c7b295999a0123a87094889cf086f0214fb6efe67bd27faa185b6a38a9b51efca |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Describes
| MD5 | dab205ef316a75b18e861f7a867e0989 |
| SHA1 | 650f9b788b6213225dc0f8d21236d1b06bde4fc9 |
| SHA256 | a14ab8b356d3d939c5b2283e3cda3af305d4107e7f178c852e0680457acc269e |
| SHA512 | 365fa6a6b20c940cee09294c5bfd35c52928874532a5b27e73891a498f1463d84fa0305b2d6a721f67bc39b828379eacfa092df664f73a8f863ae39ef7ae4d8b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\223162\Journals.pif
| MD5 | b06e67f9767e5023892d9698703ad098 |
| SHA1 | acc07666f4c1d4461d3e1c263cf6a194a8dd1544 |
| SHA256 | 8498900e57a490404e7ec4d8159bee29aed5852ae88bd484141780eaadb727bb |
| SHA512 | 7972c78acebdd86c57d879c12cb407120155a24a52fda23ddb7d9e181dd59dac1eb74f327817adbc364d37c8dc704f8236f3539b4d3ee5a022814924a1616943 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\223162\O
| MD5 | 46191d9919762445f6246396127d6d86 |
| SHA1 | 1387f35b5fe3f56402c89444f2e74b0f5d5b4e42 |
| SHA256 | 7bbe5eb8ffb88fc4e9872cfaa467cf8d41f37466c078fc403f163030abf7c507 |
| SHA512 | cc898c08a711d4e5163576d2737735d2f0cb042c87e9e09abe1d3c27751024f9f90314e9dc4d65821d18cf5da1fd592a14f216ba84ec24db119b380644cee736 |
memory/4932-667-0x0000000004720000-0x0000000004777000-memory.dmp
memory/4932-668-0x0000000004720000-0x0000000004777000-memory.dmp
memory/4932-669-0x0000000004720000-0x0000000004777000-memory.dmp
memory/4932-670-0x0000000004720000-0x0000000004777000-memory.dmp
memory/4932-671-0x0000000004720000-0x0000000004777000-memory.dmp