Malware Analysis Report

2025-05-28 18:48

Sample ID 241117-d92qcszkhw
Target 4ad1cc11410e486d132dce9716eebe6a2db0af0fcbf53ee87bc9c0af6a5aa1d4
SHA256 4ad1cc11410e486d132dce9716eebe6a2db0af0fcbf53ee87bc9c0af6a5aa1d4
Tags
collection discovery spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

4ad1cc11410e486d132dce9716eebe6a2db0af0fcbf53ee87bc9c0af6a5aa1d4

Threat Level: Shows suspicious behavior

The file 4ad1cc11410e486d132dce9716eebe6a2db0af0fcbf53ee87bc9c0af6a5aa1d4 was found to be: Shows suspicious behavior.

Malicious Activity Summary

collection discovery spyware stealer

Executes dropped EXE

Reads user/profile data of web browsers

Loads dropped DLL

Reads WinSCP keys stored on the system

Checks computer location settings

Accesses Microsoft Outlook accounts

Accesses Microsoft Outlook profiles

Checks installed software on the system

Enumerates physical storage devices

Embeds OpenSSL

Unsigned PE

System Location Discovery: System Language Discovery

Checks processor information in registry

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

outlook_win_path

Suspicious behavior: EnumeratesProcesses

outlook_office_path

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-17 03:43

Signatures

Embeds OpenSSL

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-17 03:43

Reported

2024-11-17 03:46

Platform

win7-20240903-en

Max time kernel

121s

Max time network

125s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4ad1cc11410e486d132dce9716eebe6a2db0af0fcbf53ee87bc9c0af6a5aa1d4.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\4ad1cc11410e486d132dce9716eebe6a2db0af0fcbf53ee87bc9c0af6a5aa1d4.exe

"C:\Users\Admin\AppData\Local\Temp\4ad1cc11410e486d132dce9716eebe6a2db0af0fcbf53ee87bc9c0af6a5aa1d4.exe"

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-17 03:43

Reported

2024-11-17 03:45

Platform

win10v2004-20241007-en

Max time kernel

135s

Max time network

140s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4ad1cc11410e486d132dce9716eebe6a2db0af0fcbf53ee87bc9c0af6a5aa1d4.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\4ad1cc11410e486d132dce9716eebe6a2db0af0fcbf53ee87bc9c0af6a5aa1d4.exe N/A

Reads WinSCP keys stored on the system

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Accesses Microsoft Outlook accounts

collection
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\PureSync.exe N/A

Accesses Microsoft Outlook profiles

collection
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\PureSync.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\PureSync.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\PureSync.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\PureSync.exe N/A

Checks installed software on the system

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\PureSync.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\PureSync.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\4ad1cc11410e486d132dce9716eebe6a2db0af0fcbf53ee87bc9c0af6a5aa1d4.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\PureSync.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\PureSync.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\FeatureSet C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\PureSync.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\FeatureSet C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\PureSync.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Configuration Data C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\PureSync.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\PureSync.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\PureSync.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\PureSync.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Identifier C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\PureSync.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\PureSync.exe N/A
Key value enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\PureSync.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\PureSync.exe N/A
Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\PureSync.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\PureSync.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\PureSync.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Update Revision C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\PureSync.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Configuration Data C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\PureSync.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\PureSync.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\PureSync.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2540 wrote to memory of 2276 N/A C:\Users\Admin\AppData\Local\Temp\4ad1cc11410e486d132dce9716eebe6a2db0af0fcbf53ee87bc9c0af6a5aa1d4.exe C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\PureSync.exe
PID 2540 wrote to memory of 2276 N/A C:\Users\Admin\AppData\Local\Temp\4ad1cc11410e486d132dce9716eebe6a2db0af0fcbf53ee87bc9c0af6a5aa1d4.exe C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\PureSync.exe
PID 2540 wrote to memory of 2276 N/A C:\Users\Admin\AppData\Local\Temp\4ad1cc11410e486d132dce9716eebe6a2db0af0fcbf53ee87bc9c0af6a5aa1d4.exe C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\PureSync.exe
PID 2276 wrote to memory of 4520 N/A C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\PureSync.exe C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\PureSync.exe
PID 2276 wrote to memory of 4520 N/A C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\PureSync.exe C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\PureSync.exe
PID 2276 wrote to memory of 4520 N/A C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\PureSync.exe C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\PureSync.exe
PID 4520 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\PureSync.exe C:\Windows\SysWOW64\cmd.exe
PID 4520 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\PureSync.exe C:\Windows\SysWOW64\cmd.exe
PID 4520 wrote to memory of 2412 N/A C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\PureSync.exe C:\Windows\SysWOW64\cmd.exe

outlook_office_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\PureSync.exe N/A

outlook_win_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\PureSync.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\4ad1cc11410e486d132dce9716eebe6a2db0af0fcbf53ee87bc9c0af6a5aa1d4.exe

"C:\Users\Admin\AppData\Local\Temp\4ad1cc11410e486d132dce9716eebe6a2db0af0fcbf53ee87bc9c0af6a5aa1d4.exe"

C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\PureSync.exe

"C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\PureSync.exe"

C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\PureSync.exe

"C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\PureSync.exe" restart

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c ver

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\PureSync.exe

MD5 9a994d678fb05bf73d7b61c76788f7eb
SHA1 3eb3769906efb6ff161555ebf04c78cb10d60501
SHA256 84ca892ab2410acef28721d58067fcba71f0de54ede62ef2fca9aeb845b5227f
SHA512 c7c846d6d8d2e43871c1c4471d26c6cfcee29a5b563eca69fef2f4e394767ef3e61a231626a1ff64aaf6a907d66a0cbe9db1c965128e3bab373e406ea891e6ce

C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\PureSync.dll

MD5 010908233328c294e5e5877e07285478
SHA1 18a560584c682b2dc21a1228228192c4baf47f6d
SHA256 a902df81dce5a9b84929c88a5d219df0a5a07206b0801a7a723c4548609b953c
SHA512 7d36f6c400271344ac91e33cac6045b3642ba59b730dd21b678bb1b9de42619766f9739bff51423f8fb4a8304fecf61f13a14987b59b098ff99062bdc795eda4

C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\VBCCR15.OCX

MD5 a00469043467b0ed571938679ab2e796
SHA1 68ae694ee41f86ee9240ac8abd516c668d3b907e
SHA256 83e48fb3b98f83c89a79d3d77698ae565a3f8ea09450d5a9dc5c4815d079e0fa
SHA512 e8986c0c100ee8edbab67febe0a4f6fa36d716fc2397fddd0df1b86a1eafb6d85ccab8f2f48c059fd0cc9aec1119caa5e4f6c387eb23bbc9aa876bf10a3218f3

memory/4520-44-0x00000000030F0000-0x00000000035FA000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\jb2.ocx

MD5 1396e7462eb8ce452b0f0e2540f2a0e6
SHA1 1a205c5a45e7fc0856db974605a1b01ad655b788
SHA256 83f5e5c8adc1ab0c701ec63a33e1ff3e114583116b04d31e3e6d6a37fb61defb
SHA512 2b00518d2e22d726aab3df67eaf468c49fca43d7ef2583092e04ad23b0f6085b4672fe9b1a6d80227461aafd97596e8fab176ef3f5ce2f94cda8bc3f9e6c5c04

C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\Model++Xs.dll

MD5 905a19d6f5e9856ebf1ebae8566f840e
SHA1 fe2fc3cf3af1a5b5de76793c64a32fdf95d7fb3a
SHA256 d8e8ec0f6c15c1165acefd3a2b88c9bafed45e777c71d24270d672111c2b822e
SHA512 bfbde612ce50082b66e23a080d436c7676c78200b4f5ecd61a68db9a56f6a3dbe8390789e2a45469e153fb449e09a17ea364dd19f8910e71634b7efa38928120

memory/4520-50-0x0000000003600000-0x000000000366D000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\VCOMP140.DLL

MD5 94950136ca0c9fde9d1dd02125420e42
SHA1 43ed4a5f1bf21202be48fae8244294824ea46815
SHA256 5474e4b5b012fa630adc969e049b35623ce8373e7d095ecfc8ba2f825350bab3
SHA512 6adbfe24b7e2c5596595ebf36843025b8305391154b8448cc738d358922f1d8175974120182b9fe9f3b6e190d2bc70569148466218f56e61ca8f3d49beded404

memory/4520-54-0x0000000002CB0000-0x0000000002CB1000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\ValueTransformers.dll

MD5 473fe371f857c6bc57bcc6e879abdce0
SHA1 6c9bba7026bd56ff7e01213126e82b58b6b0ab04
SHA256 d13f8cafe9ae83284ff0bebaee9fa72515bf7bde2251f94879e3eac302483a5c
SHA512 7ea6c95c8d6ce86fe12d348d1ff2ce664d10f4e0288c430cf353de136de9df2ec40e0a7c6772d524be523110b86abf7cbb4ecbd719f06210104091d0448b51e7

C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\soundeffects\review.wav

MD5 03f82642911d65bf9e055c1aef0468ef
SHA1 bfa726886ad082181b0bf8b8e99cfeb28c67c09b
SHA256 3c4e0d77225af8fe092d6d2ece9bfe916d99205999def1247fe4b6183224e5c8
SHA512 7fc17025892ec041ac90a728f07b7a922a5e24256e9f689afb5d799f1c8d65c3a45513dc695ade4727e409d61a687fc550bd9cdd5ecc0a485d6587e261f1f86c

C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\SE_CLSEditorX.dll

MD5 c2a51f02511eff6edf77bc99e50ad427
SHA1 a72700705c3fa64b5717ee30a4485b5299c7ac19
SHA256 dcfea0126e1c02aad0ea2fb6ef93d308fa20e67d4aa812487b4a5dc57e0ff16a
SHA512 1c7a0201e7b074f2dceba7e764eec261ecefd92a34741b4e152018aca41129ceb26d3a3cbe19ee7fc268820b1ff3b66e5b7e2523b076f45ad85b1d3cb11b12f0

memory/4520-65-0x00000000745D0000-0x000000007463E000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\comctl32.ocx

MD5 2640ad05ab39321e6c9d3c71236ca0df
SHA1 03d30b572f312c2b554e76b3a18fbbb4a38a9be4
SHA256 634d27df20591de4d9b44dfb7f1ef03284c1d120f61b0801d668c1076d72cb6d
SHA512 7ea1357dcb7c22870c4993df30b00a79e61731cbea87775d800b7ff7f435858167780b22fd5af6a2df59edc1c5d5fb0e184c5f7ed4436c70ea5f91b8be4a1e75

memory/4520-68-0x0000000005970000-0x0000000005AC9000-memory.dmp

C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\COMDLG32.OCX

MD5 ab412429f1e5fb9708a8cdea07479099
SHA1 eb49323be4384a0e7e36053f186b305636e82887
SHA256 e32d8bbe8e6985726742b496520fa47827f3b428648fa1bc34ecffdd9bdac240
SHA512 f3348dbc3b05d14482250d7c399c00533598973f8e9168b4082ee5cbb81089dfaefcfda5a6a3c9f05b4445d655051b7a5170c57ee32d7a783dc35a75fee41aa9

C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\Mscomct2.ocx

MD5 27ec2b0aebea97aa3f343dea1501ec3a
SHA1 c44b40baa25f257d874fee1c7b4ef9137f2ced51
SHA256 589e26a16d9171ce22b9a5eb95064cc96c866b1f08ab634d714231b35c2812a8
SHA512 25ac2951cb890a7747fab37ac1997e842800e71325c510122599dade0cf5bbb2cc490d87596bf8f5e9a16adc40ce1f2e19ffb0a5671597af6cb9e07ec7df9b96

C:\Users\Admin\AppData\Roaming\Jumping Bytes\PureSync\settings.psy

MD5 efc87472699854a8dc06148b239d4198
SHA1 25f942e70e419d016fa0083d933cf42b35e24ec8
SHA256 91edab2ed6515a1180519d0084e4cb615548177a7084668b5e18d8b2875ca56f
SHA512 6e2db0b1047a469b0268fae0686a18ac56b7fcb93621ca09abeb3986b30b1888c1e392201830fac28977378cdc9d562ed82e36078877594324abc0e85429c96d

C:\Users\Admin\AppData\Roaming\Jumping Bytes\PureSync\settings.psy

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Roaming\Jumping Bytes\PureSync\settings.psy

MD5 b14f1dc20713e52839142fffd56f21b7
SHA1 efe7e76e6a835b46d7034d143c4fea5bfaf90d6d
SHA256 de160943cff9979e82bc2875627e5bb2647696f30f08fef878a7d778561134e8
SHA512 f51e2492cbe0150163670777a5d0ecbe755e17b8d4d05c55db288b68e19b8a5146483aa4a9ebf4922a9897599c261cf0c5c9e896bcede78f3e8bcec2bcbef2c0

C:\Users\Admin\AppData\Roaming\Jumping Bytes\PureSync\settings.psy

MD5 c88e8818dde0a85db3df98d3809fd615
SHA1 d13dd2ade4666b20b20f557e8849c5367d40b455
SHA256 78cf40f38c501bec247cae219f76cbc458ef966040fafe42940bab4d27e6869b
SHA512 5d6f855bc1a32592b68cab680b8855be51efebb8712c9e73ceaba794e39f59166ab8826f8f44ce7e1fea20a1525f93c8491a959166254796883a5b6a54482104

C:\Users\Admin\AppData\Roaming\Jumping Bytes\PureSync\settings.psy

MD5 9debacff591e4a27e9401e0a0e1dd700
SHA1 8bcb2eb2851275a5565e8b658f1e142be9a4cec6
SHA256 fb3a9dcb463b275a4b9ffc6b14b3d8f5d81c942240eb51da8b78936dcf0d51d4
SHA512 428c3e1ccfcf63aaea989de3b403e649c9e3a3a545977864c592b2cb5b6a1cb5e8a2ca50ddadd160edc1769e7e1a75a69bc1bb5cf50faf6694484ec432e57e7c

C:\Users\Admin\AppData\Roaming\Jumping Bytes\PureSync\settings.psy

MD5 26bbbe93240b4f8692ec3d65e60ee15a
SHA1 d2ede6270688e32881e140e1b5aa4ab5b3200bb5
SHA256 ea7af08c89acfb9c7e8fd48e926d9a1de2ff86f97e2acc49f05ae0242427f247
SHA512 0ae927216aa56ce347fd69544cbe6e6fc7b8c6062bc18be6dc3f4446ce338cfdaca3808ae026f51726bf76014e6cbe0c20711e3eec27b389e18a33da1d3f93d0

C:\Users\Admin\AppData\Roaming\Jumping Bytes\PureSync\settings.psy

MD5 8de228e8a67516822cebda5da22709da
SHA1 613acb7a8d589a1e6cbd1937dc185b6d5b5f6c4d
SHA256 ddb7caf572ae4c5c0a2e41f9d0d741b2fd11642466dd3892ab30f32e5aa19d16
SHA512 0b6e06bc06ea33c6caba1b98764dc9130a7468be34433b2f2e5cb432bfe3a0ea6594fb86548137ee62bddcb8be6bc4b02fb0fc7d924f2a3d4edcbc1858ce5ecd

C:\Users\Admin\AppData\Roaming\Jumping Bytes\PureSync\settings.psy

MD5 5568dc4d9aebc1a21632f416909716cc
SHA1 5a5afdb5e3391a8ab3681a311b3f41adee2545d9
SHA256 c34c05c1789a5dfacb9e3b4ff62879d24809bd32c5b42623bb64c1a2763f3501
SHA512 10fb4c9d38a776f6a3b7e8bf8d61e3cf90b512171e2d8defa66ef03bd9d9d0b756b63a76a5da5b3d5c5ffd0ff090cb82f5d3a04c6e8847b7a4f5fd73af8398dc

C:\Users\Admin\AppData\Roaming\Jumping Bytes\PureSync\settings.psy

MD5 9e2d2a026451fb4497e4ff38721b4c68
SHA1 fc0c8678fa3ec394bed5e884d8c1edec3e71e1f4
SHA256 b53e9e4031b3ac6d5951beee79eb15829db648712a6370f77a4bf4425983cafa
SHA512 4862b77d27f5695ecd9439cacbd54b0b4ec7131bb38cac03b52309df57efd6dd8177141f1657f0c35b65fa6c91607586289c8a8b4e0a2ee608ecb609702cf7aa

C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\RICHTX32.OCX

MD5 045a16822822426c305ea7280270a3d6
SHA1 43075b6696bb2d2f298f263971d4d3e48aa4f561
SHA256 318cc48cbcfaba9592956e4298886823cc5f37626c770d6dadbcd224849680c5
SHA512 5a042ff0a05421fb01e0a95a8b62f3ce81f90330daed78f09c7d5d2abcb822a2fe99d00494c3ddd96226287fae51367e264b48b2831a8c080916ce18c0a675fa

C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\MSINET.OCX

MD5 90a39346e9b67f132ef133725c487ff6
SHA1 9cd22933f628465c863bed7895d99395acaa5d2a
SHA256 e55627932120be87c7950383a75a5712b0ff2c00b8d18169195ad35bc2502fc2
SHA512 0337817b9194a10b946d7381a84a2aeefd21445986afef1b9ae5a52921e598cdb0d1a576bdf8391f1ebf8be74950883a6f50ad1f61ff08678782c6b05a18adbf

C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\settings.ini

MD5 2d707a1b8f827b5a7f54d5cfaa8e81c4
SHA1 684f00ae0cf04506ae48132d9f5eb6b913df74ea
SHA256 fac3409a96f95fd417f8525eba7c26486b1cc219b2fb257a9501c990743dea51
SHA512 5eb6a57d6e040da3990d5e88c741df25730f5cb17cbd7c20df1ae58f7af6659891efbea93ecec499b761824ddf0d8d357fb2b3063a1d08be5f5c5dfab43dbc8b

C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\MSCOMCTL.OCX

MD5 273676426739b02a45a0fc9349500b65
SHA1 a23c709fae04feef87358abd59504940d0d0c806
SHA256 152121a5d1ac8f12002c18afc294bb1ebcecc1d61deec6211df586c11acde9b6
SHA512 8945d8a68c4ebb5845fb7f6abf3b4947eb6c37812c32d4ff2f30a0472489496c4506b3be358bb350df5c3d3be11c43c19ba6d3ca72449a7122bcec73cee181d2

C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\tssOfficeMenu1d.ocx

MD5 8f25663fc3d70f649cecf90fec0d5b4c
SHA1 7f77efb66aaf465c5b4a8ecc2bfe97ac5ba74801
SHA256 9ea2226c11465ca91fcda1761f3a9c0863ed47d33fc4c21df8084e59d9094e43
SHA512 38551de8779871471e4d7658cd100e2b6ffe522581463cee09a7743556e5ec8737c02db01dec001d57ffe573b75dd706f92a8750633232bb7ae0d4d169424aed

C:\Users\Admin\AppData\Local\Programs\Advanced Sync Tools\Source.dat

MD5 60147cda18bf6490afeeaa6635ea569c
SHA1 679d9c0923c71603c15a896d3485cbf26a289291
SHA256 7b668c5d6532b0e39afabc458426347c5e8f77566f608574e7d9c9a0dbccf290
SHA512 31465940d267af7e712372615837971903100702fa64a43edfe4a96a0988c685ccdaf8dee9e3a6bf5655ba5329040877da15fd4f3431dce34916d6fda9334a98

memory/4520-228-0x0000000005970000-0x0000000005AC9000-memory.dmp

memory/4520-230-0x0000000005970000-0x0000000005AC9000-memory.dmp

memory/4520-229-0x0000000005970000-0x0000000005AC9000-memory.dmp

memory/4520-267-0x0000000005970000-0x0000000005AC9000-memory.dmp

memory/4520-272-0x0000000005970000-0x0000000005AC9000-memory.dmp

memory/4520-270-0x000000000A2B0000-0x000000000A85D000-memory.dmp

memory/4520-271-0x0000000005970000-0x0000000005AC9000-memory.dmp

memory/4520-278-0x000000006E600000-0x000000006E69D000-memory.dmp

memory/4520-279-0x000000000A960000-0x000000000AF01000-memory.dmp

memory/4520-277-0x0000000063280000-0x00000000634BE000-memory.dmp

memory/4520-280-0x000000000A960000-0x000000000AF01000-memory.dmp

memory/4520-282-0x000000000A960000-0x000000000AF01000-memory.dmp

memory/4520-281-0x000000000A960000-0x000000000AF01000-memory.dmp

memory/4520-284-0x000000000A960000-0x000000000AF01000-memory.dmp

memory/4520-283-0x000000000A960000-0x000000000AF01000-memory.dmp

memory/4520-285-0x000000000A960000-0x000000000AF01000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Fssdsa

MD5 ab893875d697a3145af5eed5309bee26
SHA1 c90116149196cbf74ffb453ecb3b12945372ebfa
SHA256 02b1c2234680617802901a77eae606ad02e4ddb4282ccbc60061eac5b2d90bba
SHA512 6b65c0a1956ce18df2d271205f53274d2905c803d059a0801bf8331ccaa28a1d4842d3585dd9c2b01502a4be6664bde2e965b15fcfec981e85eed37c595cd6bc

memory/4520-326-0x0000000003600000-0x000000000366D000-memory.dmp

memory/4520-327-0x00000000745D0000-0x000000007463E000-memory.dmp