Malware Analysis Report

2025-01-02 07:28

Sample ID 240816-flzxza1ajr
Target 7df0dc2f54f12fac26335242b32dfa60N.exe
SHA256 d43a11afe04901455f8a2b7d239482092d89dcfa7326df9a4de4ab7e71021331
Tags
floxif backdoor discovery trojan upx evasion persistence privilege_escalation
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

d43a11afe04901455f8a2b7d239482092d89dcfa7326df9a4de4ab7e71021331

Threat Level: Known bad

The file 7df0dc2f54f12fac26335242b32dfa60N.exe was found to be: Known bad.

Malicious Activity Summary

floxif backdoor discovery trojan upx evasion persistence privilege_escalation

Floxif, Floodfix

Detects Floxif payload

Event Triggered Execution: AppInit DLLs

Identifies Wine through registry keys

Loads dropped DLL

Executes dropped EXE

ACProtect 1.3x - 1.4x DLL software

UPX packed file

Checks computer location settings

Enumerates connected drives

Drops file in Program Files directory

Enumerates physical storage devices

Unsigned PE

System Location Discovery: System Language Discovery

Modifies Internet Explorer settings

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious behavior: GetForegroundWindowSpam

Checks SCSI registry key(s)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-16 04:58

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-16 04:58

Reported

2024-08-16 05:00

Platform

win7-20240705-en

Max time kernel

118s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe"

Signatures

Floxif, Floodfix

backdoor trojan floxif

Detects Floxif payload

backdoor
Description Indicator Process Target
N/A N/A N/A N/A

ACProtect 1.3x - 1.4x DLL software

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\e: C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\System\symsrv.dll C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe N/A
File created \??\c:\program files\common files\system\symsrv.dll.000 C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe

"C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe"

C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe

"C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe" -sfxwaitall:0 "uTorrent.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 5isohu.com udp
US 8.8.8.8:53 www.aieov.com udp
US 173.255.194.134:80 www.aieov.com tcp

Files

\Program Files\Common Files\System\symsrv.dll

MD5 7574cf2c64f35161ab1292e2f532aabf
SHA1 14ba3fa927a06224dfe587014299e834def4644f
SHA256 de055a89de246e629a8694bde18af2b1605e4b9b493c7e4aef669dd67acf5085
SHA512 4db19f2d8d5bc1c7bbb812d3fa9c43b80fa22140b346d2760f090b73aed8a5177edb4bddc647a6ebd5a2db8565be5a1a36a602b0d759e38540d9a584ba5896ab

memory/2672-3-0x0000000010000000-0x0000000010030000-memory.dmp

memory/2672-5-0x0000000000413000-0x0000000000414000-memory.dmp

memory/2392-25-0x0000000010000000-0x0000000010030000-memory.dmp

memory/2392-26-0x0000000000400000-0x00000000004A3000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\uTorrent.exe

MD5 bfefeac4bc2447bfda3ab718200db2e9
SHA1 49aa1da5becb748d974c71673ec497d8e63ad6b6
SHA256 1f39d582ff6e6ab4af6c377670c9e8c2b1859f0c2484b1cd9c28629c652161dd
SHA512 8b9f30417d78f4c999c63932ea57ad12660dfd59d4fc1d0e323e7af99025761fcf1a072387d3c8b5ce61599a8f94611f8c8831fd180e7d426a3a0d36478b616a

memory/2392-33-0x0000000000400000-0x00000000004A3000-memory.dmp

memory/2392-32-0x0000000010000000-0x0000000010030000-memory.dmp

\Users\Admin\AppData\Local\Temp\7ZipSfx.000\uTorrent.exe.tmp

MD5 cfe11bbaa805096f9c929d82bafea2bf
SHA1 58e7e8fc84b5fd6f6edeb055f39b8a36bea54ad2
SHA256 0d552373e1aa3b38b946caf57443dd565750870ac7c4da1b8b3034ce428a6e5c
SHA512 0ec3e5cd649256f9d6b580d28e35c1359f855d096f446113f5fdda0c6b0388f02a52cc1a39c5bac099dbfb2093f31aa7cf553b1bad071ab216cf35d7c4154496

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\main.ico

MD5 b80acc761c7b6e79f07c025428ae1bba
SHA1 05644594a68db487be3f568737a34f72f6043ac9
SHA256 16084d4d50747faa7fd27d255fc10d6694e451cb57643fed369251930e09f618
SHA512 92c689f2121e59a19873ffb6be5bd96a6d33a0e36af8ee654d5524ea6bc750858c764df70e9c05b3c49f9dfaa5bd3064a24dd6c8adf387e74d2b3917b200d501

memory/2672-52-0x0000000010000000-0x0000000010030000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-16 04:58

Reported

2024-08-16 05:00

Platform

win10v2004-20240802-en

Max time kernel

116s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe"

Signatures

Floxif, Floodfix

backdoor trojan floxif

Detects Floxif payload

backdoor
Description Indicator Process Target
N/A N/A N/A N/A

Event Triggered Execution: AppInit DLLs

persistence privilege_escalation

ACProtect 1.3x - 1.4x DLL software

Description Indicator Process Target
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\uTorrent.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Software\WOW6432Node\Wine C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\uTorrent.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Software\Wine C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\uTorrent.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\e: C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created \??\c:\program files\common files\system\symsrv.dll.000 C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe N/A
File created C:\Program Files\Common Files\System\symsrv.dll C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\uTorrent.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\DllHost.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\uTorrent.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\uTorrent.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\uTorrent.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\uTorrent.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\utorrentie.exe = "11000" C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\uTorrent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\uTorrent.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION\utorrentie.exe = "1" C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\uTorrent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CROSS_DOMAIN_REDIRECT_MITIGATION C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\uTorrent.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CROSS_DOMAIN_REDIRECT_MITIGATION\utorrentie.exe = "0" C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\uTorrent.exe N/A
Key created \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\uTorrent.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\uTorrent.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\uTorrent.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\uTorrent.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\DllHost.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe

"C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe"

C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe

"C:\Users\Admin\AppData\Local\Temp\7df0dc2f54f12fac26335242b32dfa60N.exe" -sfxwaitall:0 "uTorrent.exe"

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\uTorrent.exe

"C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\uTorrent.exe"

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 router.bittorrent.com udp
US 8.8.8.8:53 router.utorrent.com udp
US 8.8.8.8:53 5isohu.com udp
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
US 8.8.8.8:53 www.aieov.com udp
US 198.58.118.167:80 www.aieov.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 167.118.58.198.in-addr.arpa udp
US 8.8.8.8:53 i-21.b-46036.ut.bench.utorrent.com udp
US 52.3.106.130:80 i-21.b-46036.ut.bench.utorrent.com tcp
N/A 10.127.0.1:5351 udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 130.106.3.52.in-addr.arpa udp
US 8.8.8.8:53 rutor.info udp
US 67.215.246.10:6881 router.bittorrent.com udp
IS 82.221.103.244:6881 router.utorrent.com udp
RO 193.46.255.29:80 rutor.info tcp
US 8.8.8.8:53 nnm-club.me udp
US 8.8.8.8:53 i-67.b-46036.ut.bench.utorrent.com udp
US 44.220.102.186:80 i-67.b-46036.ut.bench.utorrent.com tcp
US 8.8.8.8:53 i-29.b-46036.ut.bench.utorrent.com udp
US 44.220.102.186:80 i-29.b-46036.ut.bench.utorrent.com tcp
US 8.8.8.8:53 10.246.215.67.in-addr.arpa udp
US 8.8.8.8:53 244.103.221.82.in-addr.arpa udp
US 8.8.8.8:53 29.255.46.193.in-addr.arpa udp
US 8.8.8.8:53 186.102.220.44.in-addr.arpa udp
US 44.220.102.186:80 i-29.b-46036.ut.bench.utorrent.com tcp
US 8.8.8.8:53 i-32.b-46036.ut.bench.utorrent.com udp
US 44.220.102.186:80 i-32.b-46036.ut.bench.utorrent.com tcp
US 8.8.8.8:53 i-49.b-46036.ut.bench.utorrent.com udp
US 44.212.239.146:80 i-49.b-46036.ut.bench.utorrent.com tcp
US 198.58.118.167:80 www.aieov.com tcp
US 8.8.8.8:53 146.239.212.44.in-addr.arpa udp
N/A 10.127.0.170:31768 tcp
US 8.8.8.8:53 5isohu.com udp
US 8.8.8.8:53 nnm-club.me udp
US 198.58.118.167:80 www.aieov.com tcp
US 8.8.8.8:53 rutracker.org udp
US 8.8.8.8:53 5isohu.com udp
US 104.21.32.39:443 rutracker.org tcp
US 8.8.8.8:53 rustorka.com udp
US 104.21.52.252:443 rustorka.com tcp
US 8.8.8.8:53 www.lostfilm.tv udp
US 172.67.161.94:80 www.lostfilm.tv tcp
US 104.21.9.225:443 www.lostfilm.tv tcp
US 172.67.161.94:443 www.lostfilm.tv tcp
US 8.8.8.8:53 39.32.21.104.in-addr.arpa udp
US 8.8.8.8:53 252.52.21.104.in-addr.arpa udp
US 8.8.8.8:53 94.161.67.172.in-addr.arpa udp
US 8.8.8.8:53 225.9.21.104.in-addr.arpa udp
US 198.58.118.167:80 www.aieov.com tcp
US 8.8.8.8:53 5isohu.com udp
US 198.58.118.167:80 www.aieov.com tcp
US 104.21.9.225:443 www.lostfilm.tv tcp
US 8.8.8.8:53 5isohu.com udp
US 198.58.118.167:80 www.aieov.com tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 i-29.b-46036.ut.bench.utorrent.com udp
US 52.6.182.227:80 i-29.b-46036.ut.bench.utorrent.com tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 i-139.b-46036.ut.bench.utorrent.com udp
US 52.71.66.144:80 i-139.b-46036.ut.bench.utorrent.com tcp
US 44.220.102.186:80 i-29.b-46036.ut.bench.utorrent.com tcp
US 8.8.8.8:53 i-43.b-46036.ut.bench.utorrent.com udp
US 44.212.239.146:80 i-43.b-46036.ut.bench.utorrent.com tcp
US 8.8.8.8:53 227.182.6.52.in-addr.arpa udp
US 44.212.239.146:80 i-43.b-46036.ut.bench.utorrent.com tcp
US 44.212.239.146:80 i-43.b-46036.ut.bench.utorrent.com tcp
US 44.212.239.146:80 i-43.b-46036.ut.bench.utorrent.com tcp
US 8.8.8.8:53 144.66.71.52.in-addr.arpa udp
US 44.212.239.146:80 i-43.b-46036.ut.bench.utorrent.com tcp
US 172.67.161.94:443 www.lostfilm.tv tcp
US 104.21.9.225:443 www.lostfilm.tv tcp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 172.67.161.94:443 www.lostfilm.tv tcp
US 104.21.9.225:443 www.lostfilm.tv tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 172.67.161.94:443 www.lostfilm.tv tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 172.67.161.94:443 www.lostfilm.tv tcp

Files

C:\Program Files\Common Files\System\symsrv.dll

MD5 7574cf2c64f35161ab1292e2f532aabf
SHA1 14ba3fa927a06224dfe587014299e834def4644f
SHA256 de055a89de246e629a8694bde18af2b1605e4b9b493c7e4aef669dd67acf5085
SHA512 4db19f2d8d5bc1c7bbb812d3fa9c43b80fa22140b346d2760f090b73aed8a5177edb4bddc647a6ebd5a2db8565be5a1a36a602b0d759e38540d9a584ba5896ab

memory/2464-3-0x0000000010000000-0x0000000010030000-memory.dmp

memory/2464-5-0x0000000000413000-0x0000000000414000-memory.dmp

memory/1220-25-0x0000000010000000-0x0000000010030000-memory.dmp

memory/1220-26-0x0000000000400000-0x00000000004A3000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\uTorrent.exe

MD5 bfefeac4bc2447bfda3ab718200db2e9
SHA1 49aa1da5becb748d974c71673ec497d8e63ad6b6
SHA256 1f39d582ff6e6ab4af6c377670c9e8c2b1859f0c2484b1cd9c28629c652161dd
SHA512 8b9f30417d78f4c999c63932ea57ad12660dfd59d4fc1d0e323e7af99025761fcf1a072387d3c8b5ce61599a8f94611f8c8831fd180e7d426a3a0d36478b616a

memory/2468-29-0x0000000000400000-0x00000000008C5000-memory.dmp

memory/2468-31-0x0000000010000000-0x0000000010030000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\utorrent.lng

MD5 80e85e634b7772686655f1be930da07d
SHA1 33327e9006450eac668bb72653f886ac304b1fed
SHA256 7b879aa4253676a4d7cb3f5d5dd1af93f8d2756276de72130aec06fe96828ed5
SHA512 e2df3e2f41c5410642f0cc91052b9e016ffde7755a5fca6f2b17640446260e5f4953f564e6b2de20e74632078d87de47b3d4fec34e3ecca7fa1475cec8ae3270

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\settings.dat

MD5 f00cf69026cdd8814dcf5ebd6bf98e61
SHA1 d289c2c572365bedfa65a0b2353fde62a7d0b992
SHA256 06c24a74717ec408eb31bf2093a6464b705e98f1612be94d7190f689a4c2a5d6
SHA512 934356a38f75947efa9676aa62af8f18a7a9af933745503abfd00e23c25c929ccd21a05220e50e3df9c01e449f2f0876f451cb183e862048a1cf509608261372

memory/2464-42-0x0000000000400000-0x00000000004A3000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\main.ico

MD5 b80acc761c7b6e79f07c025428ae1bba
SHA1 05644594a68db487be3f568737a34f72f6043ac9
SHA256 16084d4d50747faa7fd27d255fc10d6694e451cb57643fed369251930e09f618
SHA512 92c689f2121e59a19873ffb6be5bd96a6d33a0e36af8ee654d5524ea6bc750858c764df70e9c05b3c49f9dfaa5bd3064a24dd6c8adf387e74d2b3917b200d501

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\settings.dat.old

MD5 a00887193f782ab83b95932ec9619a2b
SHA1 f72d94132457fcce698cdacb0d4b5a8c65ad58c3
SHA256 a859f113d96260ff49a11116100d0fbdd94c42a10d55edb97a3e5416692873c3
SHA512 87cf951bed3b8f7a228465757245e0278f86d7cebef43025049d6e21ec219063a46e5bbc818dc87a06bbada5601552f4224059a02c9c9df1633434a310809dcb

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\settings.dat.old

MD5 811f95788c2adf81550993112462bd12
SHA1 0b43783f1f16108380e07b149b2867154f9527ff
SHA256 d3f91a5d1ff104d11589267052bf9e2e99a1ca3cb46be2e8386b609be3998a20
SHA512 b1570c7c8baaec83071652229de07924bf8a853aa85b76e5a41151e885b2cb941526067b6db0722245268cd245e66c9fb769231808516e104c18e5b735584cc3

memory/1436-56-0x0000000010000000-0x0000000010030000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\flags.conf

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\uTorrent.exe.tmp

MD5 80c9538a4006b339d2c06f88e694375a
SHA1 8b860d10e831bde2a080fe625fe86cf2587f1c38
SHA256 206cf28be24450802a5ebdabca75356a8e77fed45e84574adb1f515ebe7abb63
SHA512 47f386a3cfb5c7d876038d6e968593d58193d3d3c6136c7740ab2de9e540efe068d6d0431c862ed2f7805a688fac2b7acdecd51d663748f85bc4f57b677f3434

memory/2464-69-0x0000000010000000-0x0000000010030000-memory.dmp

memory/1436-72-0x0000000010000000-0x0000000010030000-memory.dmp

memory/1220-73-0x0000000010000000-0x0000000010030000-memory.dmp

memory/1220-74-0x0000000000400000-0x00000000004A3000-memory.dmp

memory/2464-75-0x0000000010000000-0x0000000010030000-memory.dmp

memory/2468-76-0x0000000010000000-0x0000000010030000-memory.dmp

memory/2464-85-0x0000000010000000-0x0000000010030000-memory.dmp

C:\Program Files\Common Files\System\symsrv.dll.000

MD5 1130c911bf5db4b8f7cf9b6f4b457623
SHA1 48e734c4bc1a8b5399bff4954e54b268bde9d54c
SHA256 eba08cc8182f379392a97f542b350ea0dbbe5e4009472f35af20e3d857eafdf1
SHA512 94e2511ef2c53494c2aff0960266491ffc0e54e75185427d1ccedae27c286992c754ca94cbb0c9ea36e3f04cd4eb7f032c551cf2d4b309f292906303f1a75fa0

memory/2464-93-0x0000000010000000-0x0000000010030000-memory.dmp

memory/2464-112-0x0000000010000000-0x0000000010030000-memory.dmp