Analysis Overview
SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff
Threat Level: Shows suspicious behavior
The file MEMZ.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Checks computer location settings
Writes to the Master Boot Record (MBR)
Drops file in System32 directory
Drops file in Windows directory
Unsigned PE
Enumerates physical storage devices
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Runs regedit.exe
Suspicious use of WriteProcessMemory
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-15 06:53
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-15 06:53
Reported
2024-06-15 08:01
Platform
win7-20231129-en
Max time kernel
599s
Max time network
595s
Command Line
Signatures
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\MEMZ.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\devmgmt.msc | C:\Windows\system32\mmc.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\SysWOW64\mspaint.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\SysWOW64\mspaint.exe | N/A |
Enumerates physical storage devices
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "25" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "25" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30219809f9beda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006310fe0cf215c44386800cfbf8dc5974000000000200000000001066000000010000200000005cfec0f1e80929b2f100ac437de9f7ea2c0f5dfd40f5e7abc749ad0aaf9bdbe6000000000e80000000020000200000004360fb5e5c9a2237a8fe531d5afbe3921f6d04f96b0e65f94d34088ecce42d6b200000004d3798c567daf83abcc2f9ddaa10024f078139e7cbb98cb81e2054783ec4bcdd40000000dd04e4f27dac2675a840e6837aa9eb7c55a856591ab0a69be4bf4df73a2647c4957e2c41944c250506f79682c2f9ebba568f52a080bb463e1ddf132317652900 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006310fe0cf215c44386800cfbf8dc59740000000002000000000010660000000100002000000055a6cff8c059ad63a21cd57e9db3ca042920283f5e8a5203d53a5b7605c9396f000000000e80000000020000200000001089c47f753edca9b15e7c8fbfe15b520f7762b1e547959253364367ed1f5cf290000000564f5e445544b5aa37bae78ccdf846cd04979b91ff4460f08756de34d00b35de7f14bd34ca81e7bfc094855b8cbb8da5e614026ec45b68489e9717445aa67bc8a5c7bb58c5ba89e59bb9b35dc4f4e49b9bc8ad561aa851de0dd057b3be40da56fa72c4ee6cc53753af4be9ca58155803f7e7b9ef0d12546dcb0a35a02ebca25aa4d234c333dd8191428f34192941ddce40000000818b72f3ecffb09664c18c231ba1c59fd2ebf9e2b3170922c1f6475afcc5c3695ae1285062d0ec3a9efb0c7905db3669e35f3456830eef71847ce4f30072825b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Runs regedit.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\regedit.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regedit.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regedit.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regedit.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\MEMZ.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\mmc.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskmgr.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /main
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2440 CREDAT:275457 /prefetch:2
C:\Windows\SysWOW64\calc.exe
"C:\Windows\System32\calc.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2440 CREDAT:406547 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2440 CREDAT:734227 /prefetch:2
C:\Windows\SysWOW64\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
C:\Windows\system32\mmc.exe
"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4ec
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2440 CREDAT:930834 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2440 CREDAT:603186 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2440 CREDAT:668743 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2440 CREDAT:603225 /prefetch:2
C:\Windows\SysWOW64\calc.exe
"C:\Windows\System32\calc.exe"
C:\Windows\SysWOW64\mspaint.exe
"C:\Windows\System32\mspaint.exe"
C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
C:\Windows\splwow64.exe
C:\Windows\splwow64.exe 12288
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2440 CREDAT:3879986 /prefetch:2
C:\Windows\SysWOW64\mspaint.exe
"C:\Windows\System32\mspaint.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2440 CREDAT:3945539 /prefetch:2
C:\Windows\SysWOW64\control.exe
"C:\Windows\System32\control.exe"
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2440 CREDAT:2307136 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2440 CREDAT:3093585 /prefetch:2
C:\Windows\SysWOW64\explorer.exe
"C:\Windows\System32\explorer.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2440 CREDAT:1324145 /prefetch:2
C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
C:\Windows\SysWOW64\regedit.exe
"C:\Windows\System32\regedit.exe"
C:\Windows\SysWOW64\regedit.exe
"C:\Windows\System32\regedit.exe"
C:\Windows\SysWOW64\calc.exe
"C:\Windows\System32\calc.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2440 CREDAT:3093665 /prefetch:2
C:\Windows\SysWOW64\explorer.exe
"C:\Windows\System32\explorer.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2440 CREDAT:3093700 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2440 CREDAT:2962594 /prefetch:2
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Windows\SysWOW64\control.exe
"C:\Windows\System32\control.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2440 CREDAT:3224776 /prefetch:2
C:\Windows\SysWOW64\regedit.exe
"C:\Windows\System32\regedit.exe"
C:\Windows\SysWOW64\calc.exe
"C:\Windows\System32\calc.exe"
C:\Windows\SysWOW64\control.exe
"C:\Windows\System32\control.exe"
C:\Windows\SysWOW64\taskmgr.exe
"C:\Windows\System32\taskmgr.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Windows\SysWOW64\mmc.exe
"C:\Windows\System32\mmc.exe"
C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | google.co.ck | udp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 88.221.83.208:80 | www.bing.com | tcp |
| BE | 88.221.83.208:80 | www.bing.com | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | pcoptimizerpro.com | udp |
| US | 8.8.8.8:53 | pcoptimizerpro.com | udp |
| US | 50.63.8.124:80 | pcoptimizerpro.com | tcp |
| US | 50.63.8.124:80 | pcoptimizerpro.com | tcp |
| US | 50.63.8.124:443 | pcoptimizerpro.com | tcp |
| US | 8.8.8.8:53 | www.pcoptimizerpro.com | udp |
| US | 50.63.8.124:443 | www.pcoptimizerpro.com | tcp |
| US | 50.63.8.124:443 | www.pcoptimizerpro.com | tcp |
| US | 50.63.8.124:443 | www.pcoptimizerpro.com | tcp |
| US | 50.63.8.124:443 | www.pcoptimizerpro.com | tcp |
| US | 50.63.8.124:443 | www.pcoptimizerpro.com | tcp |
| US | 8.8.8.8:53 | www.jqueryscript.net | udp |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| US | 172.67.75.171:443 | www.jqueryscript.net | tcp |
| US | 172.67.75.171:443 | www.jqueryscript.net | tcp |
| US | 104.18.11.207:443 | maxcdn.bootstrapcdn.com | tcp |
| US | 104.18.11.207:443 | maxcdn.bootstrapcdn.com | tcp |
| US | 50.63.8.124:443 | www.pcoptimizerpro.com | tcp |
| US | 50.63.8.124:443 | www.pcoptimizerpro.com | tcp |
| US | 50.63.8.124:443 | www.pcoptimizerpro.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| BE | 2.17.107.226:80 | apps.identrust.com | tcp |
| BE | 2.17.107.226:80 | apps.identrust.com | tcp |
| US | 50.63.8.124:443 | www.pcoptimizerpro.com | tcp |
| US | 50.63.8.124:443 | www.pcoptimizerpro.com | tcp |
| US | 8.8.8.8:53 | cdn.jquery.app | udp |
| US | 104.21.66.214:443 | cdn.jquery.app | tcp |
| US | 104.21.66.214:443 | cdn.jquery.app | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| GB | 13.224.245.27:443 | static.hotjar.com | tcp |
| GB | 13.224.245.27:443 | static.hotjar.com | tcp |
| GB | 13.224.245.27:443 | static.hotjar.com | tcp |
| GB | 13.224.245.27:443 | static.hotjar.com | tcp |
| GB | 13.224.245.27:443 | static.hotjar.com | tcp |
| GB | 13.224.245.27:443 | static.hotjar.com | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| GB | 13.224.245.27:443 | static.hotjar.com | tcp |
| GB | 13.224.245.27:443 | static.hotjar.com | tcp |
| BE | 108.177.15.154:443 | stats.g.doubleclick.net | tcp |
| BE | 108.177.15.154:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| IE | 68.219.88.97:443 | c.clarity.ms | tcp |
| IE | 68.219.88.97:443 | c.clarity.ms | tcp |
| IE | 68.219.88.97:443 | c.clarity.ms | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 50.63.8.124:443 | www.pcoptimizerpro.com | tcp |
| US | 50.63.8.124:443 | www.pcoptimizerpro.com | tcp |
| US | 172.67.75.171:443 | www.jqueryscript.net | tcp |
| US | 172.67.75.171:443 | www.jqueryscript.net | tcp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| BE | 108.177.15.154:443 | stats.g.doubleclick.net | tcp |
| BE | 108.177.15.154:443 | stats.g.doubleclick.net | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| GB | 13.224.245.89:443 | static.hotjar.com | tcp |
| GB | 13.224.245.89:443 | static.hotjar.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| GB | 13.224.245.89:443 | static.hotjar.com | tcp |
| GB | 13.224.245.89:443 | static.hotjar.com | tcp |
| GB | 13.224.245.89:443 | static.hotjar.com | tcp |
| GB | 13.224.245.89:443 | static.hotjar.com | tcp |
| GB | 13.224.245.89:443 | static.hotjar.com | tcp |
| GB | 13.224.245.89:443 | static.hotjar.com | tcp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| IE | 68.219.88.97:443 | c.clarity.ms | tcp |
| IE | 68.219.88.97:443 | c.clarity.ms | tcp |
| IE | 68.219.88.97:443 | c.clarity.ms | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | softonic.com | udp |
| US | 8.8.8.8:53 | softonic.com | udp |
| US | 199.232.209.91:80 | softonic.com | tcp |
| US | 199.232.209.91:80 | softonic.com | tcp |
| US | 199.232.209.91:443 | softonic.com | tcp |
| US | 199.232.209.91:443 | softonic.com | tcp |
| US | 199.232.209.91:443 | softonic.com | tcp |
| US | 199.232.209.91:443 | softonic.com | tcp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | answers.microsoft.com | udp |
| US | 8.8.8.8:53 | answers.microsoft.com | udp |
| CZ | 104.64.172.89:80 | answers.microsoft.com | tcp |
| CZ | 104.64.172.89:80 | answers.microsoft.com | tcp |
| CZ | 104.64.172.89:443 | answers.microsoft.com | tcp |
| CZ | 104.64.172.89:443 | answers.microsoft.com | tcp |
| CZ | 104.64.172.89:443 | answers.microsoft.com | tcp |
| CZ | 104.64.172.89:443 | answers.microsoft.com | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | answers.microsoft.com | udp |
| US | 8.8.8.8:53 | answers.microsoft.com | udp |
| CZ | 104.64.172.89:80 | answers.microsoft.com | tcp |
| CZ | 104.64.172.89:443 | answers.microsoft.com | tcp |
| CZ | 104.64.172.89:443 | answers.microsoft.com | tcp |
| CZ | 104.64.172.89:443 | answers.microsoft.com | tcp |
| CZ | 104.64.172.89:443 | answers.microsoft.com | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
Files
C:\note.txt
| MD5 | afa6955439b8d516721231029fb9ca1b |
| SHA1 | 087a043cc123c0c0df2ffadcf8e71e3ac86bbae9 |
| SHA256 | 8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270 |
| SHA512 | 5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTCUYJBV\favicon[1].ico
| MD5 | f3418a443e7d841097c714d69ec4bcb8 |
| SHA1 | 49263695f6b0cdd72f45cf1b775e660fdc36c606 |
| SHA256 | 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770 |
| SHA512 | 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\s8rbov0\imagestore.dat
| MD5 | 9a031a29947a869d10a4f072e814504a |
| SHA1 | 98135edee7fd716ac406164a021d090b8aa3c077 |
| SHA256 | 809ec03bad4affae6fe506efa6b0db6330d05d1bb3b671e58e05bc7badbfb96b |
| SHA512 | cac1aa027669f7502615c67da997b12e5016b6a1d47110eb7da0dfae5fb7e659686ef46029dec2ffb89e905a2e797ddb1c93179178cbce6a850ac4f9a17f03c0 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UIC05TTQ\recaptcha__en[1].js
| MD5 | 38e25c4634858aaf2fc6125b7a8a1205 |
| SHA1 | ee075d53e8668a2267610b05df51416d1912de63 |
| SHA256 | 3be69375a428a615caa7c5307c15298a41a4f272c77ff19051a462462d1af5a3 |
| SHA512 | ec8cca0137d29dc8eaa217a6d923a8c49c89a6bf9bca01748f09a2d4cb8d7863b7393f15eaf096591933373fdc96ca6fff0f1097e7505e5a699738a61498c066 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\2O2RULM5\www.google[1].xml
| MD5 | ab823223f2f833bc2325d5b4de66e0cb |
| SHA1 | df7e74f6539cf240e90eabf325da622d7dd7baf7 |
| SHA256 | 791de5e18969297a222850352406842d3e014dcca7ef22efb7a0850565849d2e |
| SHA512 | 736fbec183c22d2765f2402db10a016bf8ed948e9e9cca437ef5688e49372adbe1e65290e6f159aec2b10b61b13f97dc1b0471120c6e3501a83e97d3a6ca2398 |
C:\Users\Admin\AppData\Local\Temp\TarDECD.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | f699e8e7d80af37787be74de41abe9d9 |
| SHA1 | c13076ef4f083d847eb68a53d5d7c7c1630b224a |
| SHA256 | 29ef9ec08ee7256e1ac678be8902bccab2673869fc02691180affd07b22e7161 |
| SHA512 | 91b2a39cff36afdd0db3866fedf1cf206c1330985fa0e1f6f79e3465c9682af83d7b997fb89747f19c89da712a42ba9d6be79e0f7be94681080e7232c41c5a09 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 25507fd158fed3b26d8d3a4aea5ce38a |
| SHA1 | 213e14fe0f64198464ba3f2f32069bae5dc76bda |
| SHA256 | 1f39eeaac855d54c99a677aae124ba9949c65cc22b4209ccd6177fa8f7aaa62d |
| SHA512 | 1e3a9abb6b425f3e1522cc850522b8b43508098025a22fedc5c2beac85dcd6b260e28dec048f191f7969ff4e92e187d1a7e092c846a69f1cf3532e5f38338e16 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e93039cd6c0fdf23dc55a2ec6797d867 |
| SHA1 | 6bcda764436dde4248470b9fbb490335d93f4a36 |
| SHA256 | 09ebcfd32989960cbf96959d509a89f8c1f5badf502664023a2463a110be1676 |
| SHA512 | bcf338e991720d57910f09dc9f1fda5e41e7b289ba31b1b9022e36e98ed770448400693ecd203e8be7265be3b1d70926392d0f480bbec05afb92490723ed68fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c56ddc5055cdff13ab8b486cf4409411 |
| SHA1 | 142ffdbd217a4d4fe9a91f5404b62a127cc1479e |
| SHA256 | 559c6f5a7ed0550da6cb9043abac258cc1cd2ececa3a156a08011c598871f619 |
| SHA512 | 6e59825939008c6681ebb3024075a2157ca67d769ffc01d72a653ef62293414c6f340e55eb2dd9308913f5d088ce0c991249e3432110022de05d08d177c8820a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WCBNI5KW\styles__ltr[1].css
| MD5 | 5208f5e6c617977a89cf80522b53a899 |
| SHA1 | 6869036a2ed590aaeeeeab433be01967549a44d0 |
| SHA256 | 487d9c5def62bc08f6c5d65273f9aaece71f070134169a6a6bc365055be5a92d |
| SHA512 | bdd95d8b4c260959c1010a724f8251b88ed62f4eb4f435bde7f85923c67f20fe9c038257bb59a5bb6107abdf0d053f75761211870ca537e1a28d73093f07198b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d84eae79ec1aa55fde2643724b66050c |
| SHA1 | 52adb658744f5fee503e9139cdf7cc53b0b8cf78 |
| SHA256 | 67569882f55d6c2cb28def628778b6a03a51991b9ba0820fd5fc3524b3ef1918 |
| SHA512 | 0cfb4bb895451c3191555e1f55b8584b60149b5c24c740b499d7b27fb4b77f52204d1e45baaf602eeefbe66acb1aa109e860f3ef9b5ddc5ebcd71e79f09ac774 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 368fb55ab1e570a7523415c27c83572c |
| SHA1 | 6f4f1264280037f819cc1c06e2c6b43ed9bbb1ee |
| SHA256 | 2a13becaeced6299a35acea17d6f971e9dae1e419a3911c89c543b8b81aec4e5 |
| SHA512 | be2b84f0c321634b0250b06002413d0348d1e5a97eb19c268838aa87cebd66ca1b1755961be70ab43c7da61f4e98d96d831355e3ad2be7eef281c8a4aa7a88c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9a5134199159a73abee019414ceb7105 |
| SHA1 | 461c467a30e9195fcf48b9be222f82ec6dc380a4 |
| SHA256 | f155b21ccc1bf8aa31534a631ae1f7c304c9b3b56f3d58680ed1c96cf71e6a44 |
| SHA512 | 38b4e28471853ce4dbc5bd0983f3413d84136aeaacc696b34012959cedf341e721f7fedea1f9c521ffe71ed3cfb7c384fbb1ee455fd056eb43cace2ebdee2466 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 272c67b2459a7bef0c3a05937217d125 |
| SHA1 | af4fbc678375b00accbf519beb9cd0f75221dae2 |
| SHA256 | 02f9c6744d99be2d2a3b5c105c2b5c00b3d22b8df7bbe25fdd36343c0d27c97b |
| SHA512 | 51ebd5a600b49fe564dfe185c4b05ccb01bf5ec74a42f1c85eb1b50c58e352d8ef877c0fed012a737b964e40f255ff496fb59b98dd270a1f32fde212309c80d8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 67c877b9c82805cd1b0508f7cd6787a5 |
| SHA1 | a820a074c241772bbb47774863948c928cbe1b3d |
| SHA256 | 5eebd670cef5b780874860c12b3ce09a9840866c46237665192df0e764d8fd8d |
| SHA512 | f18e4a6dd0586deec0215ae29cfe3b5e95d074e74c97d01c2f17300f3ce393d70c6d010505b42657c445ac6c58abbc786505b775c475a36d928a34f0b55a0955 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ebc175d3e4704e262cef794cca50de19 |
| SHA1 | ac2703e2d681d832cc5d1e9086d1c80b268d545b |
| SHA256 | 10311ab54b11fbec799e5e7d2f34591f91092863795c8e15d3a7b04af38fcb43 |
| SHA512 | 4b238fbe921ae2f2ec04a04a11e9912736a9903cc1f64b3b4b1f9ddaee0a3bd68269f1461511adb2fdfec25278c3cbf7766c489f74314052e3be63e354e48fa8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f05b110912a6dd2c638063e84ccee6bd |
| SHA1 | 29d3ba44dfce680ec5ed250e41563e460859ae7e |
| SHA256 | 1aec607508d924bba070754a6566ea00f61b8e3a606cb4fae3c7c923939bfe48 |
| SHA512 | cd84c41eeebb3352d800e16ee1eab2d812e29b0fa8ecb15ae66fd6e153bf4680594daaf395ac154e5d896af604231a66f38b44ab1f847ef43669c8ac8fe23ef6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\SCRMVPXT.txt
| MD5 | f1689d1b1cabec074cbfb95ed3c43478 |
| SHA1 | b66ee5db0ef9eb80144ae26aa9ba3760cc22bd48 |
| SHA256 | a1cad5dd59836fcaaa9b42654468611a1b73e3457f732f0f3bcc0c2c2dc8d98f |
| SHA512 | 2a8156c36e97afe06246ba4fb2bde8c4154e10859e14afbbcdbb99f899d1d19a0b85757a4957508b3d7fdc472330ea7b3602d97fdfe35ae73345d26c40f6f029 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L7PG4A0G\api[1].js
| MD5 | 43777d56ff985ce00b69a9f8ecf4550c |
| SHA1 | 563a28ec5261287060ad78334860463a410306d9 |
| SHA256 | d2f33b09cd1f4a2a14c0498a973167281909656c84a24093775f9957413c7ba7 |
| SHA512 | 5bb6f9c7364601bc0218af632e85e3158c87f0f91dc5f53b54643cc215bd0c32c94871eb456825de5de4d47881d653bf4a812071ec845c2a9577a404a0a1c553 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | ac5336f1f174cbec803904fce0e8256b |
| SHA1 | c3f4bf7a2f88953e56db56275921a2695269503f |
| SHA256 | e26d49105fc12539a2bafdf47186ccf74046c5da69b2f4e8f8656da386118b93 |
| SHA512 | 3b05ee314e3d041efa9ba89a458850bcf544e576aed810034490e3219605a1407b625d031481970f87b7b934a0a83756122f93043cccec71fd3a6a1494981f0e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 27f142ff61de3a6d971e29f28b972cf9 |
| SHA1 | 609227e28f940a24d743b8f0b8973a4236aa39eb |
| SHA256 | e31b77cdd942790fe2a6ef7c156e08656f11225afb89ff7424f909eb5af63bb2 |
| SHA512 | 32d2d6e6ff55d5348ad89ccc55850c93921a2030412aa54c5875ebe704ba57973702d2ed3617c32dfb10d4474024537971eb0600935d293eb4963006f71ca943 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | cad33a58ed83272ebb1e35b3baa17424 |
| SHA1 | 2c43a51db81956cf1499c130aed086706ab6031f |
| SHA256 | c56c0cb6233fa287e6ec555f3bcc9dc30cc1df3ce9f21d15cdee7b510133f7f2 |
| SHA512 | 6b36a402d6a529638216b0c2f13ed136e6605a5991d73d74fce0d33c48c72650cfae7397110dff0c30159c2d03c9a7ac4852c087cd6e3ae6f44cab77db4ca0ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_47A43067FD26B14BE12C55F112579786
| MD5 | f474c87e4fe17ec6e274d4ce1207ed37 |
| SHA1 | 94ab4a865455282384687444355f6599922158c7 |
| SHA256 | 642f6fec22b157141c7140d494f322ed23cf6e99768648f1ff792436c4f19472 |
| SHA512 | 8c956a46a55c5bfdc66899b9e0c2d3a64ccf6f71b05704d4eadd8281c5b5c1fffd986d8a4275dead02f18f17c2601ecf58e8bca1f27df364b17b950ecdc8295d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_47A43067FD26B14BE12C55F112579786
| MD5 | d87608a38de42b7fdb06a691d591c036 |
| SHA1 | 126afc6493abcd6abdf0276014d347020d436520 |
| SHA256 | c63896b1158e029313ac6040bdeb1ebbb93b07e33e67a8cb10ffc96417dd9434 |
| SHA512 | 0674b2fcf5f8d63453f1eaa9ceeec964842eeb997e5adea109b50407fd01b73362be662b1ef7694d065dccb9833ac1c9a90fc2e1275c705334a3fbe0f942d5fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6e7996c8f5260d5a40de3ccb8c972089 |
| SHA1 | de3fe333016399a818eb4fb41c2d36a8785620d2 |
| SHA256 | 8b69a69f0fb253a886682de0ca16b973fcb461748aed20eb7f8aa76eeb550997 |
| SHA512 | 1fa79e016ae793bcc3f940ae037489ffa59941275c1496b94e02fe36d0f1cdbf35491315bada5d67124f7cb4eed8202a0f0f804af5269e4b9e3ef5bafe76de5f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WCBNI5KW\KFOmCnqEu92Fr1Mu4mxP[1].ttf
| MD5 | 372d0cc3288fe8e97df49742baefce90 |
| SHA1 | 754d9eaa4a009c42e8d6d40c632a1dad6d44ec21 |
| SHA256 | 466989fd178ca6ed13641893b7003e5d6ec36e42c2a816dee71f87b775ea097f |
| SHA512 | 8447bc59795b16877974cd77c52729f6ff08a1e741f68ff445c087ecc09c8c4822b83e8907d156a00be81cb2c0259081926e758c12b3aea023ac574e4a6c9885 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WCBNI5KW\KFOlCnqEu92Fr1MmEU9fBBc9[1].ttf
| MD5 | 4d88404f733741eaacfda2e318840a98 |
| SHA1 | 49e0f3d32666ac36205f84ac7457030ca0a9d95f |
| SHA256 | b464107219af95400af44c949574d9617de760e100712d4dec8f51a76c50dda1 |
| SHA512 | 2e5d3280d5f7e70ca3ea29e7c01f47feb57fe93fc55fd0ea63641e99e5d699bb4b1f1f686da25c91ba4f64833f9946070f7546558cbd68249b0d853949ff85c5 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WCBNI5KW\KFOlCnqEu92Fr1MmYUtfBBc9[1].ttf
| MD5 | 4d99b85fa964307056c1410f78f51439 |
| SHA1 | f8e30a1a61011f1ee42435d7e18ba7e21d4ee894 |
| SHA256 | 01027695832f4a3850663c9e798eb03eadfd1462d0b76e7c5ac6465d2d77dbd0 |
| SHA512 | 13d93544b16453fe9ac9fc025c3d4320c1c83a2eca4cd01132ce5c68b12e150bc7d96341f10cbaa2777526cf72b2ca0cd64458b3df1875a184bbb907c5e3d731 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L7PG4A0G\XVS3LyjBK-lASMPd26lduin_hcOQQT6JA1sEiPtbJyA[1].js
| MD5 | 3138a2d90af4d6f6c1ebef7fbb29e918 |
| SHA1 | ccddc3e08d2481ffc52485106a9f64ef5a6162ea |
| SHA256 | 5d54b72f28c12be94048c3dddba95dba29ff85c390413e89035b0488fb5b2720 |
| SHA512 | b273431e3de89ada4ac7b87e73700fffc293dc3357d3356b28ef2243ae9e55ed6051cd35db7e4f2a699f9438d5fe8bf897000e321d56d6b61adf6d7c8a3d9604 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UIC05TTQ\logo_48[1].png
| MD5 | ef9941290c50cd3866e2ba6b793f010d |
| SHA1 | 4736508c795667dcea21f8d864233031223b7832 |
| SHA256 | 1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a |
| SHA512 | a0c69c70117c5713caf8b12f3b6e8bbb9cdaf72768e5db9db5831a3c37541b87613c6b020dd2f9b8760064a8c7337f175e7234bfe776eee5e3588dc5662419d9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTCUYJBV\webworker[1].js
| MD5 | 94f719ac8a712acf01ae4c4b97ec3ce8 |
| SHA1 | 4f01cc4913362743c1d0bf57b95f18f9d59b51e4 |
| SHA256 | aaacb25a6d0228ec65f79f3428ec76ef7d383e0e81e16f0a0c35a629da5e8378 |
| SHA512 | 1f44d70be4f4e5f77a6fdee2df42031625dcf25e174f392934b7175a5e40957bc8877eae9d57f1fa03204e56a1e8f384bd156eeccc3a461a8af863992e87712e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 99239b81cef56a91b4ff05c3ffc69476 |
| SHA1 | b2b2767f198a256ffc1264d568650300488394d0 |
| SHA256 | a92b3d623a70a0314bb8523bb422c73743ed3549979925845bfcdffc60254ee5 |
| SHA512 | e2e6f61a7c77e828e2e393fca923c5c1d4237c69fbb0418881850bac2072bf73db3d8c5a0c9b668a0ff34a081d47a628f3a4aff6d842ba3f609074a69368ae2e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 28c94ab6ce6b53f3e65e849a1a5312b3 |
| SHA1 | c0c80e240e7674cb160265eb9a02358e498085e4 |
| SHA256 | 6fa7440969a846ddfb144083399f3287313930fca4d040497865405406eda041 |
| SHA512 | 41542ec7a141c16bd70ec950b5fa36749617d018f1f7ff8a4102c1f65c5770eb981ae391ff561f18cb75190a9432972915cbe1e1a1b99dc29856acb449d7f0ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f512a2b7ae64a683cb5143fe4d9d7026 |
| SHA1 | 57995298ee84f2257d26a8641a02a4e67f72e6e3 |
| SHA256 | eb8a7c1c3117842f449d369e4f4824d5d8748c717480d67b93013646765974d8 |
| SHA512 | b3ae93f28c56a2dd44f0a8a718f1f0a2929a2f087ab657daa4b4c27652165c33bdd2a28a878bfc20d172a9b36c60ee4fc617928b721759de716c824943f437b5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cf8d850547f5d1de05299c5576b478fd |
| SHA1 | a7aa3ff732f9efb8188eea911bae190270777d77 |
| SHA256 | ed533b1d41f1cc77b1cd471777d671c9c0657a058be7be8e14ff5bb364576bb2 |
| SHA512 | 7a074b93ed913c74a89a59595d0d5e2260c38cc77eaf4043cfc321d3eaa2451f419c0f585409bf46891dbed0b54e46b84b3b3cf7b2b18557ba88f671be49fcef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b9ffbc358e01c964ad3d75659fd5c9f0 |
| SHA1 | 314addd66636ae1ba6da5f9f7db5a775383f9edb |
| SHA256 | 921f580325349c9b1389731248e854368d59509ba5877c3b490f72e11ba5bd0f |
| SHA512 | 0dc29990e2c6123f55b52b0713eb479ed01d738e922bca1821795a4030788c3a31dce27bfccb91172948509b9a2a23f2a060395081bddef66cc0f05cbc6832a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 99fba059879f92186ea774d70f35d235 |
| SHA1 | 6859e14258d91c4d82ada6674a73ceeae7f8cb87 |
| SHA256 | 4625254f947d077a6d61950c03292b3162598a93686e83317171f845dbe6cfed |
| SHA512 | 558d853c5278de8b04cafef44404a6b961c6ddcb29c13c7ab677f2403d59b626f691421926dc4d15e016f0315280963507c834fdcb4148394d8f6800177c1dda |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7415bf0c55c66b60f3bf86481db3cb09 |
| SHA1 | ded57f4ae922eb791d73f7b37ff11cc96e09ac64 |
| SHA256 | 8879698c46786af897540b9844f030ecce96605e1955adec9e0e0843bc9e85bb |
| SHA512 | 67dac155d9f48a8d5a51ace3dfb96db740e28d5c9a30f42e84f69baa5b030b1d3f5ae6a364829d9ae840345b5c32ecad498e86cc4f13322e7d4eb66b63a113c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f58dd0218905ca17ef3290368ef91923 |
| SHA1 | 24fe44e117bfa44f653e93df299f0565423c0e01 |
| SHA256 | f3b960074938d6f2a2376ec5bb84b7a572daf758f7015b161456972eb10cb902 |
| SHA512 | 776ddc33341d2d95430826ae27966f85013c692341539879afd0239b38dc108654f3b2d254170b6ee8a087db3329b286d9acb797857603182eecd36613f5765e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fd05f1ac6b9154b5062ccbf65c6b1220 |
| SHA1 | 52afa7a93a3b90c48729c7446abb743c8b25f8a5 |
| SHA256 | e4d7ef6a02db043db1b05026da8bf71ea5ec9656d5e10b419375a04120299b95 |
| SHA512 | b5280035a27a16f967733ef00829ad33b45a732ca1105f2185055db4df0c4b9532b9d1c2db2b074a46654b3b84301e10bbe6762874d861816d9062fdcab1e4c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9a26cc396daf3c3086190a722fee51cc |
| SHA1 | caaf2ef889ae2d5bb951ae7090a5dfcd9fc9b75b |
| SHA256 | 5d93e6949e1c69f7d2c005523f91bb17d75cf99794007d00c1988da961a7e688 |
| SHA512 | 27b548fae4c2403fcb220ef92e7779fcd1d5f8682b0ab781b7f9d55f6c0bd7109792762627fbc0487f0a8cf6bd63f856ad96bfbd64cb9180c8a2308f93aff966 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\VI8235ZP.txt
| MD5 | 6c9e9fc7b25b7ced742d35c16f5f9e1f |
| SHA1 | 83f284d352c8dab1304f717e0f71e21bec985f4c |
| SHA256 | d02d347d114641dad149cb626b2798f2fa9028cc421dcb807a468c49f2605e59 |
| SHA512 | dc40cb0548c6b052187c7f46873f79398e3560ab48ab909eb12d5d9a390b68fdccae8731b22b0ef3113a917a77e3fadc03e06b02be00e534f391e31f91165617 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d6e409de745a4a93ba88c650391fee9 |
| SHA1 | 5198a8bf7f75a4751e30ffe276cd586a0dfdac8b |
| SHA256 | 89a8793eec7afd9cf28b56b6c5a5e2285cf54e64ed03e086603f0cf4f03c3863 |
| SHA512 | f8c1f665c8efa59e2f919ac5c669605d774d39f3feb10eb07c82e10abb6a8821e02ddad02d5056b21d5517a064a57088ddeee2cecc140bbec024981d1bcc6b6b |
memory/2496-1045-0x000007FEF5FE0000-0x000007FEF601A000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\IM0TLH6U.txt
| MD5 | 880bce639ecaed6f1f8200f9670d0bca |
| SHA1 | aef48ea907cf217158008a5e47d1707f8b2dfaf8 |
| SHA256 | 4d2221aefe23a6037fdef99863bfebcbae1ab3e5cf5d93f5ee9e12ecabd7ee1d |
| SHA512 | f2f80e22ee291324f77312b92dda0d74c660772e6547fcc77e46cf92f9926a1ed6983e9e1cab582c02cf28c0f6a9102ce87972751cfce1f12aca626d0169dd10 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 844c0234f499df948de40b0382bda62d |
| SHA1 | 777d9fa5c72fb80bf3e7b7e9926afa4672bb71e0 |
| SHA256 | 181ba645484281a9f8cc34b9175ed7900d4ced53594025c60d593f7e71bb9233 |
| SHA512 | 3dfd59a818813fef61aa28af46deff5a1aaf1a4a5cc9756f0bdfc742872da5b922ccc37f0eecb82fa937cb162ca8d877907333606f6b24015505ae9c3eba017a |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\I2M6JVF9.txt
| MD5 | cecf9e85ad8f580732fac7f53517a7a7 |
| SHA1 | 29ab88f3f4cc87ef57db54532f4dd05ab5cb9db2 |
| SHA256 | 018dface9e3777742264d5d1c01c79ed3760e9414e673792c2ab6156913321db |
| SHA512 | 0abc53c4586404339b4d3aeebf909bfa7ee9af02091ff26b585aef44416855f3af2081e1e1819175d58510b3f5aff0c70661ceeb42f8d397a1d1a5e26f052805 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\6P06WNLN.txt
| MD5 | 494b21e5801cfbea145d9207ef260ba6 |
| SHA1 | 4e6e8bdc5855ee6d502b99ec02a8a462be19ac92 |
| SHA256 | dfa9ceb3b6a2d5c382e8ec69c4bd96125bc346f3e685b4c894023ede6b2b347c |
| SHA512 | 2e914cce97736e9c069e921b826a6e1c3c8ede6e3c1d4334f00157bf05d858444fee1c7b04df05beadb30084d9a6f1b01c4cf0057c1ea0c8068726273fb1fe4f |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\9K43J72Q.txt
| MD5 | ac148f2c1e1b64bd98e4d8c0557294a6 |
| SHA1 | 00bd3cf9a26d47e8278af5f6dc099cfccc787a3a |
| SHA256 | c52569ecbd190e43e78d78130df3b7f57b96a8792b1ee284fce42b4bb1f0bf90 |
| SHA512 | 8b5fb62003a4052813b3d1b0c1f1552d64a96c054759c8ed758adcff4e71e3bc399cab58f1d9788e1607222748a3e38ccd157a5cd3830ae21685460767377cc4 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\ZCRXMUK7.txt
| MD5 | 0a2ea0480d12a2d90f604a9685d5b309 |
| SHA1 | 2c6c42cdd180bb017274c575c2d3133217c439bb |
| SHA256 | 937f81e60f89ff357e5e80f47297a0a7ba68fcbf99a3fe567189d851f547d0f0 |
| SHA512 | 749e33dba1f83f63a9dc7880e6f70aee44294def7055373c5f3657bffcd14e8fcc14c561399490a70c2ee92caa39a54540a3825c1f6a406280ea92094bacc57d |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\JIYB1OX1.txt
| MD5 | e7360689d7ae54fdee1466ec51a39aef |
| SHA1 | b41abe2bbb8c0ee1090002f303b3248280963e47 |
| SHA256 | 22af350d8bf13c27ea4cfc00cd667df6c6c1fcb7dc93dc688cd5d3e2f76dcca6 |
| SHA512 | d97a76ddc8b61f3aa0660d0250164fda326fe989661ac7b02162fe3c39f3835e51947ba5ba2fd2b951ad3365539eb902445fe324dcee34f5a533f8939720737c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2b2e5357d65201f6fe50f9361df0b83a |
| SHA1 | 7232b71585fc336a0d8d2d8092bddb8cd4db8855 |
| SHA256 | 0572dc5d6b735368489543a456cd96e3f59361b6d1ae3cb7530358d3931e444a |
| SHA512 | cb68815111e2fe086f661aa4eb5a0bc89b418e3acb51293a57cfc77430087630176419b61d992dd7c1639d3be89eeb486eb75b49c1ae6c7c8c02b6380e3d88c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1e4e598b596dcef00a605cc0f7b1247e |
| SHA1 | ef96717002d97391dc0ee8422c2dda842ed4282f |
| SHA256 | 8983fb021613ad86cadf42d80dba2ee1713415da00544131adafbe57aa4987d3 |
| SHA512 | 6b7bed4a893253947757f525067d1701bf4c18c54313576c2fb82e681774a1e9383e2668f840bd42eca0744aeed8fd7a85a73f09c0ba9dd95f781b33c6e8e1c8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 776674c70db87b0947a83c320cc09971 |
| SHA1 | 0b5459176bf361f8d94c38374e87ada14ac21a8e |
| SHA256 | ac02a024cb20dcb50c9d0c575aa24e2b14816da2e842868b69a5c9fb2f187f1e |
| SHA512 | 2e34264f2806b5b0b0841be3afccdb4c2082f62b18b3a0af1813ddf9d5b033f5bf23a91f51b88e6a046c4ad03e7a080a9ab815027db6bba2b0cb2731a8554343 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 370deff3dc9b00f91db01c5315855c3a |
| SHA1 | 984baf91409545189ba8c262718fbf9c88bb411e |
| SHA256 | 05b0e8f74c92e8dc18594621146455b37d061d76ad33215f7e87572da76f6790 |
| SHA512 | 3b469ca5cb5809675a6f341a89403adbc33bcbd48e02d7b4f5e0bbd7068234b1d7bd167757850fcee3bb895d4a5c8d6963ec449efbfb7209e4ebae2c2ebcaaec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_5E390E1CA50E646B1021D6CAA485D322
| MD5 | 4182f0e25fba923f1901b9de3bb14a40 |
| SHA1 | 73403b5efe56d62ff1ea5520e937bbcf2eec269a |
| SHA256 | 8cac4921af175e3c1c904d8494edfcc6bb289881aaa5a6892006dc2a32a34844 |
| SHA512 | a64d067384cedecc443e34874c9d2b599a9002f6110e5a1b866f18ef89fb3133c9add2f26824b4e5b2e4f65cf2b6adcddf325ec3eef905a9b543746a50519d54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_5E390E1CA50E646B1021D6CAA485D322
| MD5 | 0f1ed0db12059f7b222f8a74b31b129b |
| SHA1 | 44be908854b1b1cac7bab2c59a8115022e318a29 |
| SHA256 | 6c09009ad595fcb7c095a5e061cb5a92dde03000c197da6da02a853d3048f2f4 |
| SHA512 | d64b184d1da973643d4645f42527ffbbbdf29a0827018f6cec6fa852901ccec47bee7b78926f30d441e4267e1dff3ab0d600d21e4d4205e9faed98c2230b9c4d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 06247137f9226c31560ace5991e60892 |
| SHA1 | 0f063db3f35ccdced0bba494bf6ce5621156f31e |
| SHA256 | ec3391bbb90435a0293d580f439502df129c23ad11a4c62ac4e132df654b0486 |
| SHA512 | 858c0476c41733d28650b0406098b2785cfcf0c5ec512b3f23f071ad53cce5dcb2ae6d9b99e93a98d18a8416fda47259461145916c76490c9ee2b593fdb02d9f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L7PG4A0G\js[1].js
| MD5 | 0f9fc24592621a359eda9135695c5a1c |
| SHA1 | cd2c602a7fa3c735f47e19e57476ac52a87eeeb6 |
| SHA256 | eebb1ead403d3efd21e58ed41dbed2e502b0b4226d9e3a84ea7cb8dafa318aff |
| SHA512 | adca03e7eb12630efe0b6c3d5e1946f2801dae2c11a50c65e0c6b1b900044984dde32813856ff17c40c79c77f77fc9934a7ca8f1f21f1a3e99cc5b738cc3f452 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UIC05TTQ\PCOP[1].ico
| MD5 | 6303f12d8874cff180eecf8f113f75e9 |
| SHA1 | f68c3b96b039a05a77657a76f4330482877dc047 |
| SHA256 | cd2756b9a2e47b55a7e8e6b6ab2ca63392ed8b6ff400b8d2c99d061b9a4a615e |
| SHA512 | 6c0c234b9249ed2d755faf2d568c88e6f3db3665df59f4817684b78aaa03edaf1adc72a589d7168e0d706ddf4db2d6e69c6b25a317648bdedf5b1b4ab2ab92c5 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\s8rbov0\imagestore.dat
| MD5 | acc7a00db0011f753b8c4237d7332986 |
| SHA1 | a0cec54df1960c883db16140a20dcf124167ea65 |
| SHA256 | 09d00758bdb7ad8b76d3e1c75f7225697c2aeec9e97abf6819fbd8413a3a78b7 |
| SHA512 | 597fdcd0a1e306e6eafa2e20d9792c34394f7610c22517250148caf7579a5c9f0e2acb9a87fe73c48028c10306ee112273e49b4bfb3e221b593be79c304bdd15 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 95272da11d11ec352f594f5ad446b681 |
| SHA1 | f3d655a222b4d9a7e3240f1f890bc232fe49775d |
| SHA256 | 596307817413541d8ac2d76c65a74dd51c6a82fb7ec6cb7b3a921a09b4de11be |
| SHA512 | 6c5b5f860558f0b0e4688bab569b636530222b6a180ff6233c693c7e89e3d8737f83675a03c87ffa7a18fbd70a84494239a457c28ba5377c58a80bb3e8e2837f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | adbf37bf3697b335d4015731113295d5 |
| SHA1 | fb02c75797cb57e9b3e1570258b1027fe57e18eb |
| SHA256 | 8acd47530597144afef4f6e4ed47b3e59c1284f33c796798d87c145aa50d5060 |
| SHA512 | 7e94bd5abb83383584f1474129e58ecea3fd7b82f4d5ab4fd75a32805c0762162069da358cad3632bf7f1f22eee193082d9c271f3ffdd2d1df0da5df301d5504 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f180e4a9cd1f6f263feb042cac83dcfc |
| SHA1 | 6a3181ffcd7f1864a32be98a0954701a203bf338 |
| SHA256 | bbc97967a26b20f345efb39fbc54b319b62e73b2478989a092aabcf73d812c4f |
| SHA512 | 00699184cabcdb3e6abc6b877b0df7552f688c504ef3f6b708c6c115581405de33bc62a8955f8a78cc5e57d2b18ebaee24612db23ab50499ba6a91a0356d095e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | efbe7bf1d9d1c95273ec7f3f1935afa0 |
| SHA1 | 2fab4f9a65e5a43b3d259e6fcc7b1dfd2e86548d |
| SHA256 | 94a6fd70a5ce6c91830c7ff23ce75284e10abf53c908e4b935091c5e817360d1 |
| SHA512 | be85e78e0792eb0aa21655005dec02d5506e27f4f662408e807160605bfb84b689732cac0e007ae73093868fe9a1f11fbdb2bc05ad7cebcb78ad59e5c8062adb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8ee5da871f0200382b549e7975c418e6 |
| SHA1 | 0730833c9368b08721c7240bbaa65aa74d5281d8 |
| SHA256 | 3ee71aac73ee59dd0cbc6eeb71d1765b76fdb059f706462002303b415117a761 |
| SHA512 | c298f9414d45dce9257743b7fa88926da3de44a6d9ab01a207632ed889ade67a2b30f25d8d38a008fc61a98d8305585c661af83ea34ca4be54096bbeeec21fb9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8157b067b3743d774d830f303137219b |
| SHA1 | 452193027cb29fe9aaaf49bad8e3f677a3353ad6 |
| SHA256 | 8f34f232e5996f9770022c597dcb7beb0c7984bb504d1853656a2875a0633c86 |
| SHA512 | a422ab091e474803342f0e6a102bb72c4f744f22b6569199c3fd6320dbd68f0d07e2b0b6ebc3bdc5ad4a23792e366960416d3f2a9b7246de9313105fe6e1cb76 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f3624010eac1a5d47b5bc6dbd1bca832 |
| SHA1 | cf3f97077192d3abe4a071e57b15da0932893895 |
| SHA256 | ebbe3caccae2389cc6cebe5de4f45cced6655bb6a2d84ca16a66b9ac1eba67c8 |
| SHA512 | 0abaf734c7848421cd14746736ac01ca37505afd321e30eeb107162d0e2e390bf087a58a7a89716f98499c49840cd308e9323ae6fcdf2ea96d0a43d203bd1323 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e2577de77fd1e18e547dafceecf3fe4a |
| SHA1 | 552feae8c8559c65fd499dfa60904b9bf1e0a3c5 |
| SHA256 | 9b4021178a13ce9e69e469d4707891000f2d25211c6fb976cfe8bb1eda03a0fb |
| SHA512 | c439b63863d6ed78203844531959396f49a3e08634473e8fc76ec4f62ed3addfefa9fa62d3dc892e87a2422d3e8de5e335424a898fc7ed71b7ef2f63e19cd8b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 77110095b7d16b4cf69b63c5c5cce583 |
| SHA1 | cc5eb30b970fd139d5467b434ffffb9aea9fbeb9 |
| SHA256 | 0b523bef042d9e8813cb80b5e07a24ed1909740458280672eebcc9d1f7f0c0cc |
| SHA512 | b9973d8bdb937f135604d7ef9d74cf0be0464790f40a1d8d415a4c14daaaef77271b947b7eb38dc88b6fb04a5d775400abd53baf5f1a57a29a847faf7e9ecce1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 52a9082c436ddeb6572b8345f489c514 |
| SHA1 | 042904595e49d6bd4fa4c3817123012159c098e1 |
| SHA256 | 974cfcbff7860134cd63e3728e37477dab33220381663680e0983d148b4d448e |
| SHA512 | 864f6deff675e3c222affc9a3b3d64b853a7ec8fc3b89650988a64c76acd2cfafe2959a981e2e265bdd5dda2ce1d6ca9733aff28a556676333441800227e62f8 |
C:\Users\Admin\AppData\Local\Temp\~DF07C6FBEBF7252D4A.TMP
| MD5 | bffb89c96db3deab3cfeb37d36e336ad |
| SHA1 | 570a87e0fc8225d43c4d74068ff20f11d04cff45 |
| SHA256 | 003c0b36b60b5c2432bb52ca3e8e17cd7ce2120d8c425d75162b8be025eacdd3 |
| SHA512 | f6a0a4a5d29d185365e7261fa9332b7def66332a3afeed3a59449d15d9f7540a1716fbb111f1e9d9f674815d6aaa830307fd73b7bdf41ee2a3d3e3045c7b2edd |
memory/2496-1939-0x000007FEF5FE0000-0x000007FEF601A000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\VDQ0Y8PE.txt
| MD5 | 00bb261ca6a66fcc7e6311935389c269 |
| SHA1 | 4f54e7d5ccd9db0eee606bc49db1f122a34c0f75 |
| SHA256 | 8fd551fb9eb5c104e02f1128d50483843f431d60a11a5caaf434e0941e530f81 |
| SHA512 | c81da4156fad09fee2fc4977c689969f28eaa324877c6c977cd449edf9676d1c068d5de5dc46398faee8172869d5f9e9998ebfc54533d81d02f15ab0808613a8 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\RPHMX61J.txt
| MD5 | 8fa272f67fecdb375ce6584458571177 |
| SHA1 | dfe80350f8060688e5d705a9f716da37f40161b1 |
| SHA256 | b998af18be96721f0cacce7c22d77f9a8b0d1057b39919708e96102a122a8165 |
| SHA512 | d346be39f07c449c1d9a282ce10d01dfd977212a9565f35537aae644fee727e65ff63b8b6e245b1db2be86802f7d00fff5f9ec53f1b0da8c390bafd2caefcd18 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e5808192f9c2fcb8dd9c551dbb7c0d15 |
| SHA1 | 7b427d0dbc777617b896c7c6341450bddbb3b620 |
| SHA256 | 7b476f4a30fc1dfca0a11283ff46553b09bdcc2017bc41dd1540d98ea4ec7fdf |
| SHA512 | c65a160a5e5fba38bfe59acdee95fdb32ec29953237ad9082269d32afd396ceba1ff89902b9c4992e02af6a793f383945c8f2d963b67836a616fd829ea173d17 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\DJC53OYI.txt
| MD5 | a4ed64c5160867e9b995c54b4f46d8f0 |
| SHA1 | d77a273aff5e429e91eb942c79206d89c4e942f7 |
| SHA256 | 3f5b9d842c2f8ead61b2a568bc6dddf5c1fd4e6137831fdfb1559bddcdb14b7e |
| SHA512 | f15190b3ec6c4e538f0128784e98df752cb740f8edacab6ef85cf9555ee1f84d126aa8feff56b2148ffc3a5c93adcde8d18f10543dba3276cbbea4aade8e5929 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\084920IP.txt
| MD5 | a87121b6471873d0411a90f552481b5d |
| SHA1 | 2293a7f50e5fe67a2d9b4ad4c9c2a6fbe74e4d14 |
| SHA256 | 85bfb939bc70131d434f2b4595df28a159915f3ad7e3290bbd0da794cd4e6ec5 |
| SHA512 | 825c2fbfa2b50790c406467fb09d7c2054d02f8d100872765559c72ec1113f0efdb43aa425f9d908a87e6143f94fa3a8efd40f60b58bdfa911a863f69e79626e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f7478f03c2d3019802be27db6e11ecc4 |
| SHA1 | 21583dd8594d6cc329006d50a1c6a1e5d662cc65 |
| SHA256 | ddb5d41f82716582911c3ffc3a0f3d0db244f577fe3c694346e5ed39a4a0dc39 |
| SHA512 | 0c7db370d199ea9f61383e94648eadce3cc2abde1afcd6003c2de84521cc05116b31f11f63d89fb4658f86910ff5637c861db2c676eb6f23c53b7d257d23fb9a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UIC05TTQ\9IZQARHP.htm
| MD5 | 2eeb2e0202b1bf9daf39ac6eb1466b42 |
| SHA1 | 26abaa251ff391b4311c5cfa927be41b09ced5d3 |
| SHA256 | 66f963290dda5adc89f8ce4e16676df4540d5b8f600e0fecf86e03a4fcfc1c02 |
| SHA512 | 101659d11d34d4d38aeeb181917a7ab7630dd6909699a018166a9cbbb4346eeb9801c75c57fb67b63f330bd363b7367ba99ab604bdd9f097127474207b871e16 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTCUYJBV\5QQ1C024.htm
| MD5 | e05012443aa649971375a48f0437971e |
| SHA1 | 8963810380df775d316e9b40dcf353fb920843ba |
| SHA256 | d4f01930da07190997c68b9f673e023f823e97eca74e80807f1b640203a54628 |
| SHA512 | 7dd6804619da60736b8649df0b219ce4f2ca80080b22222d935c4fd21c51d9f0b448bd98ce8ae5593061e16c73569503c174611523113fe6ed39f53a2873f6be |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\TRUSGEO5.txt
| MD5 | b82a456585e2a155aaaabe57ee13e1cc |
| SHA1 | 7d46a1bbf6c3bbc5815ef2122c3f8f457ee94ab6 |
| SHA256 | 74dc7cadaef201adbb2d9993fcef17e082e0d43e0f787c9ac876bd84b4d29028 |
| SHA512 | 3424d86d99416f78cc97ee6d142a4341ef0398fefa34c90e362cddef8b247e934de385680b36da3c3497311d0b802549b1f5ccbbee49edf960d4636b6391581f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
| MD5 | 2e2231443cb7ae1eb6893fd2c348071d |
| SHA1 | f42c8ed36b7533765f49386ede30bfa16fd4b8c6 |
| SHA256 | 8771d0dd41d115c03c9db99a3afd8dde40764531109ed5d77a810c5fd1ffc5fe |
| SHA512 | 2a5df718114dbcffd833ea8b8e0defdfae0d47a3898787e2dbc592025c738713e49c02fe18b360ad8481c401969d54a53761600895f92e2a1afb948d522098dc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_34D61B4A2A4AE0D3DDAB879224BCA77B
| MD5 | 4d890f6620b53b7f83b04c6f5a4e90d3 |
| SHA1 | 3e8ad9afa861245a3f7e8f5a597c2a8a5e436716 |
| SHA256 | b62431f6f5228f21dd76c34d0a22e5eb5f8dd8e0dcaf525619ae1dafd13c6a9d |
| SHA512 | 79ffee44a5317301a595c47fb904914c6aef3441db1015a35f80bb61f94c78aa57fa0eb3f58feaae14faee946253b840705401fa8fa9960d972cecb6f85fe0be |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_34D61B4A2A4AE0D3DDAB879224BCA77B
| MD5 | ee4b2611310960bcde2ff9e0586c8678 |
| SHA1 | 9d09777308f01e40ed2a5df3ad0b1bd334cd3d95 |
| SHA256 | ac4290cc18c0989f229787c3f59501be7cbe6e7992792d413e719c0f8fcef9b7 |
| SHA512 | 318bb3bae75e7155d0eab23a9819e74bb00f16b9f412f7aff3ebc8b79689a329875e1a4599878c2ac095240c9afb8c0a6d70fa3f02dcf4b63da1d079f109239a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
| MD5 | 1df1c6030194987125bacb30321a8085 |
| SHA1 | c88c71a88dff496892a763b5b4f19cf7901ede45 |
| SHA256 | 194bdefc31a58c2cc8a34d854f7ccb81cbeb62e548d4923139146c3b5236b0ae |
| SHA512 | 2fddd4dba740615eff3eecfa73fd21d83d74121d6d767820673d7a8124f313f99701a55c75e94fe462d4718ca31120b82ed81d57a319787eb807a47d49be0bb0 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WCBNI5KW\marquee[1].js
| MD5 | 5f597d4d1b993365c8c9c97e6c7d352d |
| SHA1 | 2612a4c82b38bbeebac3f39f4e65562ca42afe71 |
| SHA256 | 11d0527ff372454bb4f6cb9170e93c245df8cdd10ab335b29a0d05b206e8f456 |
| SHA512 | 4de5e8d43a813c5894c54ffd88003389de64d003d2d47bdf105d0c31167bf69d83b32c37d15345f4449c7054daa58a94e8a1f6ee14a4832190da7ea76714e2da |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTCUYJBV\css[1].css
| MD5 | e6a4936f58c9af5c00ddaab17f2be1ad |
| SHA1 | dce4ee3ad98d30c7069384e00f1a1f4d9779a6be |
| SHA256 | 7bead969194c58f0e5cd444cf2e15e2689db50fd8b425bf63344f52a5aefdb02 |
| SHA512 | 18de86aeaad8e1536b2c8a3a83576fb4882c7e554ca0e24384fe744d8c94914d6a3ccfa66f81a8dbdc3b8fb473790c191b96bc4efea0c7916ba721dad7e92c73 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTCUYJBV\css[2].css
| MD5 | 595a29fef2fa0d2f5d90d1ea5e26f374 |
| SHA1 | d398978a326d7405a66d8eaef5d5d495020eb749 |
| SHA256 | 2e756d91811f849ce554abc778e52ed47d23d531a2e540829c27f2af69a2445e |
| SHA512 | 34ea1ecc2ae5a36b9986952f9d11aa0877a6095c71acf098f28c085e94faf886c90c017c447718bbd93d32fc7c28a5d95e017af40d5c28e00c545e4f6515c968 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L7PG4A0G\PCPRO[1].css
| MD5 | 88b7c6da19faa99cae52c46212cf078d |
| SHA1 | 37d7811fb05436cc0976fab9c6cbad9de3e218a0 |
| SHA256 | 3a82c01b2096f24a9a8c6761994f00f3302ff4c0f0ec2c77bd440ff821afbc7e |
| SHA512 | 1055ab6f36668a8589ae94eb30a38a21b07889423e9a58fb5f8a05542bba0c365ff32d50e1c68ee46b0b012da180eddd6bd15b6f518318943e9d16767bc37fa5 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UIC05TTQ\tabcontent[1].js
| MD5 | f1645e882491b8e9b66b6704c290358f |
| SHA1 | 800bdf76515c5a3d7a87079fd2c018b30c1e5ed8 |
| SHA256 | 4bf48103b3886ec0f395b1085b9fd27cdbb7eeb3ab272b4269ffe91bbe6c9a77 |
| SHA512 | 1dc0572dd4092d8857dabe1b000c4baabe7d5bccf58af4a09948740a0140ae3b380f97be53d08f2f15a6b74bee5d920bb35dc726c2bb30aa12996c601e2cad5f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTCUYJBV\tab[1].css
| MD5 | e7ea0df6e57d25b257c9ce904589f0d3 |
| SHA1 | 57d7d657bac6d17897bd114f2db77736e6228e0d |
| SHA256 | 7b9764da2d8c28d3b0432ed0ffd11101ef20e3be7356ae4a6b1e58a3967e430d |
| SHA512 | e718017f623d246c0302d3ab9adcd2e7c0c1d578ca8b2b26ac9e766133fff9f95a4f3dc2b3b35d521da4d534a40f2650170178346f7e1d5fba733fed0857c7ed |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UIC05TTQ\supportlicense[1].js
| MD5 | cd2ff195838e035c52599c44fc9e4150 |
| SHA1 | a82a4f5cefe7e20ba0d293f72788d33a428d78b9 |
| SHA256 | 247c79b820e0c6f172ec56a6a0eda7953e2860d165f8778e53de5d7c711e3c30 |
| SHA512 | 2b5efc35e987b4c734134e4486ac26414e29bbd7457715eabefc9c14bd103ac2e9289f2fe47403a28af6d6eb1c869d145341eb55eaf13f417a9c30c26a690d16 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L7PG4A0G\faq[1].js
| MD5 | 506aeb1f4147e9da132cf745d8e9c258 |
| SHA1 | 7702bc8743e96dab589de1fb5276acb46aed522d |
| SHA256 | 4de550096ce0b95effa7331fa701efc6261af28e9c3754c33938ca9bbb459948 |
| SHA512 | d559a5f619960640b2e51e8a8a93b6a3501a443343d0c0507eedbf352e8a33726fc10b04955f74c55647b1c48fafad0509e728099d7aa8f17a64a8286b1b16f9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WCBNI5KW\media[1].css
| MD5 | cf7ebf08c98702246680452eeccc93b2 |
| SHA1 | c88799ca63168f8d953f419a28ca7eb486808f43 |
| SHA256 | 590741b58751d5333a29b1bfe948c3269a27f85424f7c7bf0e86337c87a80a96 |
| SHA512 | 2d5ed86ff065494f24f4f5123e69a9ebb4a4aa075525fadf2fe834106bf39a1fea7e458efb34371a3131e4dc9fc56f56816ffd616536944a00fb653c70e10792 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L7PG4A0G\style[1].css
| MD5 | 6a899616d18af91f7707109eafcb19d3 |
| SHA1 | 3179b45780ed7dacc49d9fc09b079d6a893e0bcf |
| SHA256 | 478cb919a1614c86930cdf7e7607e713ea721a488fbb0b150f5ced5a67fbf40a |
| SHA512 | 103319b3ef9180a224689f4650c431fe4cc3b6989925938317cd49c9a6d720ffdba639ea1e67a7a9bc96a24e4e8c134b7d480ec934f2f03365219f68521020e5 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L7PG4A0G\bootstrap.min[1].css
| MD5 | 0d9ad1c31f08421ab3e17bddeec2f0f5 |
| SHA1 | 56b081079b6a00fd3ac7c7fae826f1e54edf92bf |
| SHA256 | 6971181fcbd5975a75b1b9062f5ea652faccbca4bbb995f7f3351697471383d6 |
| SHA512 | ad4b6badea519c2120744254926d151804b6ef3a2cf7a8a0ab34c2517a547687e76c9a769043042440f6f7954202b7c09c4a4d1e44ab17d0f27e97bfdcfc7147 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3efcbe47e87a3089f25fa624360f2fcc |
| SHA1 | 3b6667c192e457244fd256e91a0c175446242265 |
| SHA256 | 548805c78fd565bca52fcedb3f5e88b9bf6b599bcc602de04e33245d413aa544 |
| SHA512 | 06c7c7f5b928c43d58b92bd86369624f6472d0f8f4d3ad566bbc7c204926cf9e387099e7b3b3bfcc839986b95d59f769b94f609aabfd4b71766f477041d995ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d4d4c16802e0d3254f8f970f3137d03e |
| SHA1 | d55c64069506e5d10b01983840e424eb485f5834 |
| SHA256 | f97b8df9bf9f32049461286ae875a8f6c1dc16628ab8fec1e19a8fe1a954508f |
| SHA512 | af74b9c23a3d12407ba2aa23f275636c46c5e380270f609c10b93c282fd0864127ddf4c57ff7ea1d0f6cf8c88a48d1dafa722f0a584a49dec48ba897298fa8c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 488f888695000d1f70a88efeebb802bf |
| SHA1 | e270c8798dfbe438e74239176cdbc2ff4807b761 |
| SHA256 | 180ae978faaaefc1e981c76b38659aae05c451ce5051c98939d3f2173ef9edbf |
| SHA512 | 9e4dc66aec344248a18b519359247070668fc3a7b7aa2e16604ccf70f3e72d381ec44162bda0b5c5847cc17b905fec6e7dc5ddde9e2569cd16b039b28e711175 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5081ef8a61c51ae5beae547c0d602ed7 |
| SHA1 | 3e50c26f37ba25f82111f17bd4cbea1b7aa8e68d |
| SHA256 | baa3a3f7c95eaf3d06a6f979ef06b32126145415aed7a55cb6180502b20258c1 |
| SHA512 | d724ea6e002b9e4aa31349346d3e3ab0583fd379c9e85a2bdb8c90111eed23db7981f45c49163c13cf138d41c5a679b4b56f47d2a8112e0c0388c42530203046 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 38ea420cdb6167af98c9453ada051427 |
| SHA1 | 7115885e56561d0f45bbe6e5a1613ccfbc9ee51b |
| SHA256 | a314942f91892dddbfb7c15d62455bea5630c62ea0785f24cede88b1cb08e1b9 |
| SHA512 | dca2565209e4b76963dcd6a42a419f012606eab3ea02bcaa1d9ae4d0a0136c3a8bd05eae46c430968e435e8aaaea73de53b6ad33924f96e63996d8ed3b129901 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d320f38c52e09db6a4b384f381ce4ff1 |
| SHA1 | 66cc1870ba149355cf1663a188ec2e8f57a33c76 |
| SHA256 | 039f6633081f8c78db57d0188c4770d960fa5aec1b7eb06f17d979ec86e039cc |
| SHA512 | 4150af2570d3416b646cbf64b77eaeba6c837b27781fb5a2a4016c3d31ac235cf363462f78c5f6c7f71e6479c3055d0da6b6a0373b2ebc9849c23a74a9d6810f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c3a41ddbfd001487208514a406069ef1 |
| SHA1 | 04e43b958fe5609d26af7bc17bb5741b89197fe4 |
| SHA256 | a0371ced60a9ec26b472e59c8087edda60b076f722a294f364e2493ef2f3bb3f |
| SHA512 | f70705d28981e658a02779fd3031ae56d9cdf2efff6fb669d04e588901974c4bba6e0d14d616cc0b4be11809d75351a57ca5b235659127de55b988d5d0eb8e4e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b74aa8fde4a167c19f5b7af765c8c24b |
| SHA1 | f24ae8af82a1e5cb8680db444cf30e42803bc577 |
| SHA256 | 01d2c06d8b7e4eb65d72cfc849efce8f7bcebf89047cd8c61c80c560c3df1008 |
| SHA512 | 51237e938c273a9827e187ae19b10c0f3dbcebb78357cc8904d9a1ac2e5cf3076d720465b25e4ecde8fb1092957ca608f26f3ae9010b53e025387b86b97b6225 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2c53367134bd474d2433dda73a68358a |
| SHA1 | ab453b0457fe3e2f7b066a335a2d6fbaffd4dfe0 |
| SHA256 | 4fe124357c6ea92692d5f5330c5fee5829373ea1251be364f32819a023372676 |
| SHA512 | c7664fbe653f4f70df11ec76525bb08075a5307b8243d7734999b9a750d299e6a88e48f0c966a12ba81a5561d23959227b90018d41d299d2e67f3a74612067dd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f4d16d2f67b6970ad7befcd46eedf3e3 |
| SHA1 | 1c9bea632902073cf17f49bc3c7b9767f5671e16 |
| SHA256 | 233e30a1359d5dec7067b1be5f69cda0b181d375637f8d06443bbeab475f6c45 |
| SHA512 | 39b510fa7d7a178012ef05f5d5f599fdc88eadb73913f774e751e47047f3aebfa230a42bc05395e7421645b6904509f2ce014d9bb1607299e5c071712ff330ad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3343e14c1b6cdbd982b1723e67fee93c |
| SHA1 | 8360e814bba26ac94918eab74818aaf5b9fc20d8 |
| SHA256 | 6e79ddf0dd3ef0ffacd5871f61d1699a64c568ceee3c66ccef086c35baac7930 |
| SHA512 | 8e79c9dc87dd59ac1d5c48d1ec0fea45b448a6e68ac0145f75d6c940f8ed2b7845577cc55bb9a65afba08521b8c9ebf4b4e1951c5d1839ad57e4df2ecab373c2 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-15 06:53
Reported
2024-06-15 08:02
Platform
win10v2004-20240226-en
Max time kernel
25s
Max time network
37s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\MEMZ.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\MEMZ.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /main
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| GB | 172.217.169.74:443 | tcp | |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |