Malware Analysis Report

2025-03-14 23:45

Sample ID 240603-gmya7sdh7s
Target ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090
SHA256 ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090
Tags
persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090

Threat Level: Shows suspicious behavior

The file ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090 was found to be: Shows suspicious behavior.

Malicious Activity Summary

persistence

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 05:55

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 05:55

Reported

2024-06-03 05:58

Platform

win7-20240221-en

Max time kernel

149s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\UserDot99\xdobloc.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\UserDot99\\xdobloc.exe" C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\LabZFA\\bodxec.exe" C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\UserDot99\xdobloc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\UserDot99\xdobloc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\UserDot99\xdobloc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\UserDot99\xdobloc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\UserDot99\xdobloc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\UserDot99\xdobloc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\UserDot99\xdobloc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\UserDot99\xdobloc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\UserDot99\xdobloc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\UserDot99\xdobloc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\UserDot99\xdobloc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\UserDot99\xdobloc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\UserDot99\xdobloc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\UserDot99\xdobloc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\UserDot99\xdobloc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\UserDot99\xdobloc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\UserDot99\xdobloc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\UserDot99\xdobloc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\UserDot99\xdobloc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\UserDot99\xdobloc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\UserDot99\xdobloc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\UserDot99\xdobloc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\UserDot99\xdobloc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\UserDot99\xdobloc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\UserDot99\xdobloc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\UserDot99\xdobloc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\UserDot99\xdobloc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\UserDot99\xdobloc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\UserDot99\xdobloc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\UserDot99\xdobloc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\UserDot99\xdobloc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe

"C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe"

C:\UserDot99\xdobloc.exe

C:\UserDot99\xdobloc.exe

Network

N/A

Files

\UserDot99\xdobloc.exe

MD5 2c8f8a0c72c3265abdc75be2b5325687
SHA1 8fcc2cca041199ffe8220337d79968ef7bbe9437
SHA256 709cdbcfb1584162fa48393324ae30ef0df0b6960db4e05eeeb730b2c79adc6a
SHA512 50e2f416214a8c2d24b26b84b3d2a05cb3a99c6d1c4d617e15da1deb6a60ce80480ae7448e322653a485f946323c479c6816b283a2e00f62f28d00b60d3e4017

C:\Users\Admin\253086396416_6.1_Admin.ini

MD5 20c10c6c2fa39a936773b8c4edc782fe
SHA1 e3438ad1dfb554a69ffc51cafb2065d0d77dd54a
SHA256 393eb030f67935d37841708b4b0560e49cc5e0ca8e7abb3ad8d39c8878e1aec8
SHA512 1fe2864f68a5b8db13e9db9118ed4147d76b455b0cdbbaaf5eaed7f531731dac0f85f03dff2637422ba8163624050c3ac542a9a99154cfb76cbb1cf7bf15566a

C:\LabZFA\bodxec.exe

MD5 844eff828d127f6fb83ce0327edd98d1
SHA1 17e3ca9d608d5a4944cf5d4f37da3a62d5e49750
SHA256 896c8c67564b4c31df2514bd44692c141efebc612f3159ac43c054a8f6e96936
SHA512 c1fbb75a6e6a98ad343970975697d35a991f4e285d8be39579fb693a28305912e77516c44f228224dc9e9fdc712738e11acec7f6b6a3c31ac6ef1902803b61f4

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 05:55

Reported

2024-06-03 05:58

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Intelproc62\xoptiloc.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Parametr = "C:\\Intelproc62\\xoptiloc.exe" C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Parametr = "C:\\Mint5L\\bodxsys.exe" C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\Intelproc62\xoptiloc.exe N/A
N/A N/A C:\Intelproc62\xoptiloc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\Intelproc62\xoptiloc.exe N/A
N/A N/A C:\Intelproc62\xoptiloc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\Intelproc62\xoptiloc.exe N/A
N/A N/A C:\Intelproc62\xoptiloc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\Intelproc62\xoptiloc.exe N/A
N/A N/A C:\Intelproc62\xoptiloc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\Intelproc62\xoptiloc.exe N/A
N/A N/A C:\Intelproc62\xoptiloc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\Intelproc62\xoptiloc.exe N/A
N/A N/A C:\Intelproc62\xoptiloc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\Intelproc62\xoptiloc.exe N/A
N/A N/A C:\Intelproc62\xoptiloc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\Intelproc62\xoptiloc.exe N/A
N/A N/A C:\Intelproc62\xoptiloc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\Intelproc62\xoptiloc.exe N/A
N/A N/A C:\Intelproc62\xoptiloc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\Intelproc62\xoptiloc.exe N/A
N/A N/A C:\Intelproc62\xoptiloc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\Intelproc62\xoptiloc.exe N/A
N/A N/A C:\Intelproc62\xoptiloc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\Intelproc62\xoptiloc.exe N/A
N/A N/A C:\Intelproc62\xoptiloc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\Intelproc62\xoptiloc.exe N/A
N/A N/A C:\Intelproc62\xoptiloc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\Intelproc62\xoptiloc.exe N/A
N/A N/A C:\Intelproc62\xoptiloc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\Intelproc62\xoptiloc.exe N/A
N/A N/A C:\Intelproc62\xoptiloc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe

"C:\Users\Admin\AppData\Local\Temp\ff814a1e70a8fc29fe8489a06cbf9af604bb304add1f3d18703b7963502ea090.exe"

C:\Intelproc62\xoptiloc.exe

C:\Intelproc62\xoptiloc.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 25.140.123.92.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
NL 23.62.61.129:443 www.bing.com tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 129.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 134.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 41.173.79.40.in-addr.arpa udp

Files

C:\Intelproc62\xoptiloc.exe

MD5 0ddd81d3b4d1742f9573ee91e1130442
SHA1 7b01ecd01fe29f761212312ec4a98036057acd24
SHA256 34983836e2899179da750d6c733d7867c891f7d829d9e7a3f51f518cab998c57
SHA512 6a7e0bad180cf1f79b67f369fe2961bc0f8a97277b301824797b1217560663e6ec2e04736eac124b6bd3945b7cf3faad4dc5122c1b664c93df0246f1d5961a96

C:\Users\Admin\253086396416_10.0_Admin.ini

MD5 e78638da28ee0b4d8eae3e94ab67aee6
SHA1 48d54bba323dd7cd52d176568c6308490d79e344
SHA256 2bac45b8795b80ec3b89d9b8a55130c0e69fc88f4a123aecc5890b8fd57fbc9b
SHA512 563a5e9d4d3b1a1f629437a83ffeadb894190ca1e36709816d76651f512f23059c7cff8cb1e9d22c187a4f74b521126058743b2dd3748cd2ef113d109a30ab72

C:\Mint5L\bodxsys.exe

MD5 21846c413ffc618cea86694d92bb30eb
SHA1 a5bc459858502f0bb14d8280446e0cdecbc0772a
SHA256 028d380395ee36376a30ccf4e57782a68dfc42b1d191f4574c1d2528be46b6a2
SHA512 6c8f3bc2c7e33f923d85fdd2e84ddff86a7c1b25ac1ff2304b044c244033ff27c1ce94846b25ad0f5e0b6d7ba9d26cd970d6ae76b9e86ba09a1e390b27d8ed5a