2ca4803498d7d375a61bfab2a3a4cf7e0eec41d116e50a838791a55b164e0f8c

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
12-01-2025 15:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Malware-1-master/MEMZ-Destructive.exe
Size

14KB
MD5

19dbec50735b5f2a72d4199c4e184960
SHA1

6fed7732f7cb6f59743795b2ab154a3676f4c822
SHA256

a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d
SHA512

aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d
SSDEEP

192:sIvxdXSQeWSg9JJS/lcIEiwqZKBkDFR43xWTM3LHn8f26gyr6yfFCj3r:sMVSaSEglcIqq3agmLc+6gyWqFCj

Score

6^/10

bootkit discovery persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ-Destructive.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ-Destructive.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ-Destructive.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regedit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe

Modifies Internet Explorer settings 1 TTPs 50 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "442859167"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b228b0d73869494c98546cee9edbed9500000000020000000000106600000001000020000000a8b0d25dd1fa56c924e6f4fc458fd2831328384305fcef00139fd59ad8ec8978000000000e8000000002000020000000b82aa8cc532afbe97b9881be5fff057f65f706675d93579a2ddf8050d2aa0a0320000000557bf8f7b2ddd1837f88f84f27b9bdc36e2f3553553b3f36357e9ebc05edbc7f40000000bebab4161b9210cec0d8f646cc72d5f142e51d0120396e367ceadee86bc0b13728a2d81c36e3a544ea895ad684b993e16c385ccbd90f0b8c00e9a6437f4c7295	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 9051086a0a65db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "25"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\WarnOnClose = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{93DA4001-D0FD-11EF-9E5F-7A7F57CBBBB1} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "25"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "25"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b228b0d73869494c98546cee9edbed95000000000200000000001066000000010000200000003243835df7bc067ce1ff9bda68b9a86cb30a7e3833ab4022b5a451455b29c260000000000e8000000002000020000000ce48d37115f02c31b518982530b27af336e73eda8e6ac1f066bf3c81d569c8359000000076b1eff408da64760360f49d67efe3d2a51b536b3f245e3decb3fea610afc8ef873cbc31ee9c776635391fb09cabcf7c184d52d8aff361645eed404bd4aec886dcf563c5b75bcfacad70a7173ce56f758d459ff4e8c1b247e4d08bd4973f36585ffd1b555dd8c6a47ff7cbedd176c01dc9f562c6866b5c2d8a2bdbcfc2cc27203c220634a50ed8e985b9d0edbdc7600340000000a9d3365e38aab1c85a6052e08506091c71ffb6db2a7f2a83798f0287575943902577aba435cec9df157293fa7b4bccad54897aeba52aa0b2c30c175a253f47af	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe

Runs regedit.exe 1 IoCs

pid	Process
2716	regedit.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2704	MEMZ-Destructive.exe
2944	MEMZ-Destructive.exe
2940	MEMZ-Destructive.exe
2668	MEMZ-Destructive.exe
2556	MEMZ-Destructive.exe
2944	MEMZ-Destructive.exe
2940	MEMZ-Destructive.exe
2704	MEMZ-Destructive.exe
2556	MEMZ-Destructive.exe
2668	MEMZ-Destructive.exe
2944	MEMZ-Destructive.exe
2704	MEMZ-Destructive.exe
2556	MEMZ-Destructive.exe
2940	MEMZ-Destructive.exe
2668	MEMZ-Destructive.exe
2704	MEMZ-Destructive.exe
2940	MEMZ-Destructive.exe
2944	MEMZ-Destructive.exe
2556	MEMZ-Destructive.exe
2668	MEMZ-Destructive.exe
2940	MEMZ-Destructive.exe
2944	MEMZ-Destructive.exe
2704	MEMZ-Destructive.exe
2668	MEMZ-Destructive.exe
2556	MEMZ-Destructive.exe
2944	MEMZ-Destructive.exe
2704	MEMZ-Destructive.exe
2940	MEMZ-Destructive.exe
2556	MEMZ-Destructive.exe
2668	MEMZ-Destructive.exe
2944	MEMZ-Destructive.exe
2940	MEMZ-Destructive.exe
2704	MEMZ-Destructive.exe
2668	MEMZ-Destructive.exe
2556	MEMZ-Destructive.exe
2704	MEMZ-Destructive.exe
2556	MEMZ-Destructive.exe
2940	MEMZ-Destructive.exe
2944	MEMZ-Destructive.exe
2668	MEMZ-Destructive.exe
2704	MEMZ-Destructive.exe
2668	MEMZ-Destructive.exe
2940	MEMZ-Destructive.exe
2556	MEMZ-Destructive.exe
2944	MEMZ-Destructive.exe
2704	MEMZ-Destructive.exe
2940	MEMZ-Destructive.exe
2944	MEMZ-Destructive.exe
2668	MEMZ-Destructive.exe
2556	MEMZ-Destructive.exe
2944	MEMZ-Destructive.exe
2704	MEMZ-Destructive.exe
2556	MEMZ-Destructive.exe
2940	MEMZ-Destructive.exe
2668	MEMZ-Destructive.exe
2704	MEMZ-Destructive.exe
2940	MEMZ-Destructive.exe
2944	MEMZ-Destructive.exe
2668	MEMZ-Destructive.exe
2556	MEMZ-Destructive.exe
2556	MEMZ-Destructive.exe
2944	MEMZ-Destructive.exe
2668	MEMZ-Destructive.exe
2704	MEMZ-Destructive.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2716	regedit.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	448	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	448	AUDIODG.EXE
Token: 33	448	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	448	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2972	iexplore.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
2972	iexplore.exe
2972	iexplore.exe
792	IEXPLORE.EXE
792	IEXPLORE.EXE
792	IEXPLORE.EXE
792	IEXPLORE.EXE
1232	IEXPLORE.EXE
1232	IEXPLORE.EXE
1232	IEXPLORE.EXE
1232	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 52 IoCs

description	pid	Process	procid_target
PID 2236 wrote to memory of 2704	2236	MEMZ-Destructive.exe	30
PID 2236 wrote to memory of 2704	2236	MEMZ-Destructive.exe	30
PID 2236 wrote to memory of 2704	2236	MEMZ-Destructive.exe	30
PID 2236 wrote to memory of 2704	2236	MEMZ-Destructive.exe	30
PID 2236 wrote to memory of 2668	2236	MEMZ-Destructive.exe	31
PID 2236 wrote to memory of 2668	2236	MEMZ-Destructive.exe	31
PID 2236 wrote to memory of 2668	2236	MEMZ-Destructive.exe	31
PID 2236 wrote to memory of 2668	2236	MEMZ-Destructive.exe	31
PID 2236 wrote to memory of 2944	2236	MEMZ-Destructive.exe	32
PID 2236 wrote to memory of 2944	2236	MEMZ-Destructive.exe	32
PID 2236 wrote to memory of 2944	2236	MEMZ-Destructive.exe	32
PID 2236 wrote to memory of 2944	2236	MEMZ-Destructive.exe	32
PID 2236 wrote to memory of 2556	2236	MEMZ-Destructive.exe	33
PID 2236 wrote to memory of 2556	2236	MEMZ-Destructive.exe	33
PID 2236 wrote to memory of 2556	2236	MEMZ-Destructive.exe	33
PID 2236 wrote to memory of 2556	2236	MEMZ-Destructive.exe	33
PID 2236 wrote to memory of 2940	2236	MEMZ-Destructive.exe	34
PID 2236 wrote to memory of 2940	2236	MEMZ-Destructive.exe	34
PID 2236 wrote to memory of 2940	2236	MEMZ-Destructive.exe	34
PID 2236 wrote to memory of 2940	2236	MEMZ-Destructive.exe	34
PID 2236 wrote to memory of 2812	2236	MEMZ-Destructive.exe	35
PID 2236 wrote to memory of 2812	2236	MEMZ-Destructive.exe	35
PID 2236 wrote to memory of 2812	2236	MEMZ-Destructive.exe	35
PID 2236 wrote to memory of 2812	2236	MEMZ-Destructive.exe	35
PID 2812 wrote to memory of 2636	2812	MEMZ-Destructive.exe	36
PID 2812 wrote to memory of 2636	2812	MEMZ-Destructive.exe	36
PID 2812 wrote to memory of 2636	2812	MEMZ-Destructive.exe	36
PID 2812 wrote to memory of 2636	2812	MEMZ-Destructive.exe	36
PID 2812 wrote to memory of 2716	2812	MEMZ-Destructive.exe	37
PID 2812 wrote to memory of 2716	2812	MEMZ-Destructive.exe	37
PID 2812 wrote to memory of 2716	2812	MEMZ-Destructive.exe	37
PID 2812 wrote to memory of 2716	2812	MEMZ-Destructive.exe	37
PID 2812 wrote to memory of 2972	2812	MEMZ-Destructive.exe	38
PID 2812 wrote to memory of 2972	2812	MEMZ-Destructive.exe	38
PID 2812 wrote to memory of 2972	2812	MEMZ-Destructive.exe	38
PID 2812 wrote to memory of 2972	2812	MEMZ-Destructive.exe	38
PID 2972 wrote to memory of 792	2972	iexplore.exe	39
PID 2972 wrote to memory of 792	2972	iexplore.exe	39
PID 2972 wrote to memory of 792	2972	iexplore.exe	39
PID 2972 wrote to memory of 792	2972	iexplore.exe	39
PID 2812 wrote to memory of 924	2812	MEMZ-Destructive.exe	41
PID 2812 wrote to memory of 924	2812	MEMZ-Destructive.exe	41
PID 2812 wrote to memory of 924	2812	MEMZ-Destructive.exe	41
PID 2812 wrote to memory of 924	2812	MEMZ-Destructive.exe	41
PID 2972 wrote to memory of 1232	2972	iexplore.exe	43
PID 2972 wrote to memory of 1232	2972	iexplore.exe	43
PID 2972 wrote to memory of 1232	2972	iexplore.exe	43
PID 2972 wrote to memory of 1232	2972	iexplore.exe	43
PID 2812 wrote to memory of 2592	2812	MEMZ-Destructive.exe	44
PID 2812 wrote to memory of 2592	2812	MEMZ-Destructive.exe	44
PID 2812 wrote to memory of 2592	2812	MEMZ-Destructive.exe	44
PID 2812 wrote to memory of 2592	2812	MEMZ-Destructive.exe	44

C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.exe
"C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2236
- C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.exe
  "C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2704
- C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.exe
  "C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2668
- C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.exe
  "C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2944
- C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.exe
  "C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2556
- C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.exe
  "C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2940
- C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.exe
  "C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Destructive.exe" /main
  2⤵
  - Writes to the Master Boot Record (MBR)
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2812
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe" \note.txt
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2636
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Runs regedit.exe
    - Suspicious behavior: GetForegroundWindowSpam
    PID:2716
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://google.co.ck/search?q=half+life+3+release+date
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2972
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2972 CREDAT:275457 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:792
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2972 CREDAT:472072 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:1232
- - C:\Windows\SysWOW64\explorer.exe
    "C:\Windows\System32\explorer.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:924
- - C:\Windows\SysWOW64\explorer.exe
    "C:\Windows\System32\explorer.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2592

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x510
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
e935bc5762068caf3e24a2683b1b8a88

SHA1
82b70eb774c0756837fe8d7acbfeec05ecbf5463

SHA256
a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

SHA512
bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
45debcf77962a19a50c87176ed685fae

SHA1
e92569d5cd00cdcbfc8a56c360e98996ea017e7e

SHA256
6038c6ab25a1fc6def1155efabb83500d3f9d7f040c2bb6c1b702a6af4d7711c

SHA512
cc6286aabf39d112790bc6c44a452cbc4ecceeda27a24e4518ecdb9726ac214823a0176bdcbabcea8ed98af3c1cf246abdd220373b1dbe35c01ba51e521f38b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4FA45AE1010E09657982D8D28B3BD38E_EB153A79B5AB80C6592F798A4A3667A5

Filesize
472B

MD5
5c9de39c384b4fec11fe164bd3b18fc7

SHA1
c68810a1297c4f3856205a4245bb7ad789560c7a

SHA256
2aa20a92b16630996215619142074d390285edc170e4cc8e734daba8aa85ecae

SHA512
29fcfdf1a6cf1c0a4ebe2fb4bfe81bf1b0a637ed19ad02580889612b56878dc764971ef9e37691045d11e88a49d51bc3aadc7c3cb80e2d9906cac3f85e2f1e0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
77e4c5fc0dc5ec36ed48eb92e5fefa15

SHA1
a608f61993869d78cc0277f1bb3401ef257023f9

SHA256
a6dc1dce6a20fe809c383bf6289bae2b4c19f4da53eb9e4e14b3f80a03e1e57a

SHA512
99487ff984ba6f27dee4a4e70c8aa61156d042e070686e21216ebb5eb4ce6b5c336e282e346f9735d378b382affb2ae4ba8b9f567d3066b629a3233a85f523ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
c7d4c0762913bdd7bc131740f765576d

SHA1
3ee103b0168ca19f955b28f7bec003df46b9449b

SHA256
c899d3ff7939778bc819b9f7ef8f36cfe793ad50cd69cc0c1f8e7083202fdacb

SHA512
2a59cfc893656018c5bb7b53b292ac618ff50b7e21060c754a6ff540ccab4483edc280debb6396aa9aedcee86e1a378fbef89459174f683947a0b0683b92c9f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
5f44b2f11f0bea9eb400511db067c92f

SHA1
cfbd24cf6e6d37a7c616959bb6c07cf3c3412d9e

SHA256
f16c51adf986d0899b902f2872daedcebd9f94d2807010ca1c9b3a638b565ad3

SHA512
299c73aa9a678426a9d0716219e58a3bcf9104354b74d3ea4e28c0833fa15e12c3b8c49d6e2402aacd5d01b4f033c962ac5f3d6105616aeab83874a038900960

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4FA45AE1010E09657982D8D28B3BD38E_EB153A79B5AB80C6592F798A4A3667A5

Filesize
398B

MD5
9106f4e8433f1eab9406a3d758a31c14

SHA1
be2a1b3f883ae7a452875b6a45f338a1a961c640

SHA256
55d0af8a7e6eef38b8434b1d5aaac9183c61581711ed62f98cbd6c3e1893ed67

SHA512
4d39da2fa029ed8c30d38429faff387237ed524dff49d586b338dd65e1a717ab3e95380772a0688f764ce1a788d5786f21b7c8b8d7f1cf1bccb3eb6e1eefed32

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
41b529b54c349e6ac7f4e41135df35c6

SHA1
da987d9900cd8b481c4529c15dbb63695c423e38

SHA256
22fc46f5d73877edde509c32010a2e06c86ad5a09ee3be1d8444463f5ceb109e

SHA512
791f5c4e76c3cf4baada89633e5650492ea091091d53a72df569d35320bfe73f321f17d92bc3d57cc174d402a0cebd90dc993a71beb10e31e92d3a3a68c612e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d3b13cf4a9329bf0835f69280036fe7b

SHA1
5128396c4beababc482b5910e95d94087b90f332

SHA256
10ef3002487019c6cc5d3b29717113f50311fed811893119a8584960312afe84

SHA512
f259989b08bfbfc8d05dfa8915ad6c79f51105a8e5e5e4bb8a5bc72438033a5217842d1ec0b11e463255b40f3a4f59bdaeb648119f4d8a4b7afb5ed67d9396da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
538d69bb166ba6edebe8915835505ce4

SHA1
58cbc2c9999268c031634f6ecefba04f070d0689

SHA256
bb673087aca234b2a8f8f76b0d25d8d518f9716fc3ea62089808740548816d77

SHA512
81cb944e89ddf27840e146f41cc5bcfe6b26b1c91828c5701b0d72feb6d492ce06254a44107b6680f23893e19753333be771025eac1622a9931e59f61ea9d505

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7d12e100af9ced006944211b1b479076

SHA1
c66c020e1bc7a7f33e32120253b6304df14ed64b

SHA256
e2212dcfb6a995d0f2ca264e12ef139656b5c9b92652e9aa7c409ac25da903d2

SHA512
831722bcf7bc2613030b9229f723cd4c205b4cd777565931ff99770c455a3430933c5ac233f0b04dadbe384bd6b4e6d833da0f45aa2ecc7cf1cfab5037e58de3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
06ccf13ca11097dd8bbb7108b3cf0b56

SHA1
e5e47c10bef1d7aba524f2bd29b638ad26274d7f

SHA256
487a593af9d2f36b2c876bdd9fa8e2d31279685696eff5bb77cc9329e741fab0

SHA512
7c113200d6421171a7f433afdaf6301bc3831e89de890393f45d15433ec3233481ea6779b9805effc347417c36e808eb39af25e3bd9ecbc7566ed6d9c7ffb529

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
14f703566e8135128010fecde830f088

SHA1
12effc067ac903aa5f8eeaab1d9d54736ebbaa0a

SHA256
0d30dceb8ec4d0ef0a3df1d4727cafc69ea1fc034438926066c174e7fb0500c6

SHA512
5b9bc54834e0ccefe0ad70673983302764cd045955a19a4249a5cb10e9007dda1dfe7d8f3d21a709106b4c473f8b2fcff2288c94b752de8d7cb6f4277e94bcd8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
820130d865c65942e2cd6bafa94757a7

SHA1
5fc9d094a0b6e7a36f8c75cf4723ceaf508c72dc

SHA256
95f9bd803d0385f713589f4a112a3242fe617db30434a2b58246c626ff7d79f2

SHA512
677108dd1438e6d593044f61c10e96bec998f1f7d0582fd3aa0bac3a0612a644e3d9037922f131716891422f5dcb9a7a6f689556071cd4bccba4fc60b34e0982

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
71580ac25acd30d0fb10e0d78f72b446

SHA1
67d5f912c99c098c803984ac7fa77036ac4e00ba

SHA256
b1721b5ccb1b7e6cad05b190b4fb88b036999e41cdbc2b754d55e411c50d9009

SHA512
abfdc84af40f655cfea5f90916fdd200168d1030e97f05177aa5422ab364f186e63c2b8c8c9b646cc91488f242cb29b917233867aa62b5c5549a25eee0753b79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1b97748305388f239d11f3ffa1e819c0

SHA1
b9dec8cacb578a684d5036b233a6490deb76ba4b

SHA256
ad0bbf7182effe607ebb7afd1e5aa4c25456f7a1fb3a65e61923956ac913aa76

SHA512
f45e40336ccc5f0143aabe4813d57ed4d9a77867b1dffe6b5d44ef95e16fbddbff0879d49ae8b92a0bf0ad4675c2d5a9366d43c92dbed0b494e44a3d8c858e16

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f54182c132e6b60e6ee7b06366bbe7df

SHA1
40a031452a8d48fadfa124797c892b7df87d233b

SHA256
6d82727e5c19006001d5521f7a3a6b7714e4e05536b9358995a62a28993c4685

SHA512
ce3563eb85f20a612a20994bf289841fc537d5fb4f5aa08833a114da152e5202ddef0bcf757a9cc97ff0f330bd225eddbe199f4ac6ebfce76b131b3bcf2f91df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
864eebef99436ff7349b0c1c7b775ab8

SHA1
11a2a4b05c805dec7e9bfd5abc44fb6dc2719b39

SHA256
c27f96b383abc0c48996bbb31fde66557abffafa152d864c52acf6a5445b70e0

SHA512
e1d097b092e4fff638cb9e1b0aa28a7b64c1edd5f13fc1c68ea5110707a5ada66d6c22de6dc45e7771cbed84bf6d1eaffe0f7d904ca5c948886f4f9d8f079b99

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7de3614cfeb36fc2045217cad9041c04

SHA1
865df61c8cc9cab05f68ef976fae7cb78123b2bf

SHA256
5471242e55d55fe4579601411fb20c276475f9c4bdfdde37945a1b6b48a85ec5

SHA512
c3045339d5836aa23feb18ab01b9b32173cd79b21aaf013bce1a9a0216ef0c76ddb116d7e3b74471b9bac51e740d7b0087cba30e001500e0bd289a4b368fa59b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6006551c4b1c87f5d67bcefc0da0cd5d

SHA1
439668edc7f20a0794a9cd7dfbf41ea224d04259

SHA256
07e7ee8b88dd2ee4f1ca4418baac8d05babeb11a746510d54ae4ba353bb00a67

SHA512
caaa61aae1b76f3e13945b4bb5428b4c147b277dd66397f05be6b61f4cee06645c848a1e2b3a1977b6412683bdbef7dd4b34a0d4a9a56e6c4ba7c64e7eeb0650

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a1e5799810e304e4d37e715fec5c1dc8

SHA1
cb0f8c1f9301bf4d5c61dd8eb332b570d2ac9328

SHA256
ab15c76ef4b3e37ef50be106c9428cf6916c9d30870359e1e1264ca5b6d2dd61

SHA512
ed99387d155d64935374ccb7c01c75b87ed8f838fb85b5b7ff0452156feab96b49a64e83bf9ce27221e7be985b8ffea57b81d121f8917844a7925881db1789b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c43ed8043ad13d62bd8e0d646eaa4974

SHA1
83494d6284f352dd30cf79dcd6539662f92d29e1

SHA256
bb0f9ae1de0a0e1f742dfd570682bd97d425d6b96b1d0b1b0ccd1187f4197b7d

SHA512
0b8b2c289f1000bb5d4425a539bc0dee344f965e8a09451597b9a43bcdf224d59ee061cd1770248296ac67fb85c28e88c8602fe21f0c11541020d5d00525241c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ae6b5de3f15d14766d68745af46c16da

SHA1
093b4a65ca94bd2079d374ec0f22fc0a8214b772

SHA256
6d74a616fcd0a58f150456fd44d8d8ce95c9296851a11c35fef506b558ae49ec

SHA512
959806068e0c364c4e2336097d41fcf4e3e364f9f0905e6cf3b93aa05abd0a046c654ad29c0c27d6c6b770c13318611e8584fad68ea3cd262bfe77cd9d37f060

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
683a21fc281963e5335dd1a901f5c9e0

SHA1
39a0b03158079244ea46b3a838cb58ab18e3ec06

SHA256
ff9f2a8d074546820890eab7e5abc35f2afb69593113347592f7b04f53dc08a9

SHA512
80c6a78c52119e2ff27ba7aab4cde1c2ef771106b50c464963a681081807bea84782a90b5ecc54956961f19411ba59598e20f21a00dc83f4fd5af7f1474275ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
be58e8ca7c4c301dfe233f9b32f6e0b7

SHA1
b348073561edf9ada06aa4c329212b5b76db6c0b

SHA256
cc0bfb0cf48f835af69bbb9d08abc1dba70a33d39ade7d175edf52bb425bfe1a

SHA512
79b1d5250c70b1b7f99c4d9730f87f9c0dfd431ce36269ba930dad6b3d8efbe649f6c3a1d48acfcd3ee5e82b8165122fac37c12e805e5058fd3c2f13cafa464f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f142ce1adb2e236d7ef0851a1a31b0f7

SHA1
39c06a7f259cfd51cfec518645d6f3f2b379cfee

SHA256
05c6e3335761d8b175f3158e9043815abc1b6fa2e00c2ffcfab6d8acdc365697

SHA512
5dab2028a6887e54a5e7f6c8a33f62f1b8f7de37123689d09c1d106ee9f38145777144127d07a9740d2f1f56e0e9788e09f3bdbbac280e87acbf1eefe77736f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f871d5cf3f9553aa0cc519b89b0baee7

SHA1
99a27b7e582f3c54f73fc5c212b7981f6691cb01

SHA256
32540acb506e43adc766fbe64d5fde780501cf3c1ea773168311975f19a76e91

SHA512
eadc12e4ed0898c8be03616bdf3d6e5c9eb04d9e9362ef182c7bce8d3e0632a188697a735b8c0fe8e75ff888bb8d62e6bcb347c694f380a15858ea2975af0d3b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6598f450fcf147bb75f16c686d94f486

SHA1
016db695446182b7fefd01ef5ddbd0920e2bcb0f

SHA256
1b84bf547f709543558e3d628e8a4a12191c49183d8867e1ecff29e5115c4b00

SHA512
60fd8b8395b3c1f79bd408c93b90459c4d0655152d9e845a9dd9e323555c878231a1ca84c2e4353dede3f779a6c0999a3ffdc9d714d718f64df73a20499f8115

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1c45010ec2316599230670fe97530022

SHA1
b09498ed283781d13e2790d3f628a89c6ee1eb70

SHA256
e22520c0efcd9c045b2bf34a9d3b8e2c0acab2a2df560102309c6940679c7efe

SHA512
4f01532e8638a47a139978e8107625e984b4e0dab28d3a70916efff7bf7827a72b1b64d6fb4a8428b1d05f867596163ca234e0b8b2895b3b2edab184db288b3b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
cb52572af6395cc3be7beeab69007401

SHA1
2832be51546c05e65235bbfd8e8aaf0b6abcd11d

SHA256
b9268b3ddc334be86e7415a766aa8f984fec2138c72731923829a1b399f52175

SHA512
2519d33a0e62a1ce2a28f60bebc62262c1cb15f1dd2ea4259a5d53225045aa7ff03dd1870ef23892f74ff466dc456fdd22ab84b43a03c7b40af97155b4c7dba2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\D4DW6FN9\www.google[1].xml

Filesize
99B

MD5
8f3f3a86eb5798b67e32dfd0e91a7177

SHA1
ffb1b67e1e83b4513f5cb5e95f88b80cd9f1d714

SHA256
fee314c211ca8d8a202568b401735123100b50203a610c937d20316736acd29e

SHA512
ad70f6ce5cdbfb9dfc01a8e3f77d30150dc5b77d91657103918691a59b435d36a53c0472f7a1ab2c44e1b33397561a3c82c0aecd7bfa38abea7171d23e9a75ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\pzrzu69\imagestore.dat

Filesize
5KB

MD5
a23ccaa51af8049523ee016d3bc14fd8

SHA1
7a5fa7b6cbc809e14f4ac8307b37a085e2fe36d7

SHA256
f110838e334ad0ff32a15ee12197c2e79423de825157116b4d487c4b6105bfc0

SHA512
7cf126c521d528da4c3f6f80149fb6a279964fdce7c21716564b0cecdc7f0e01e8468e0c18ac211cc27a1471912f29d058d3082f636d38cda3dc1dd6b835d102

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\40WV1DY9\logo_48[1].png

Filesize
2KB

MD5
ef9941290c50cd3866e2ba6b793f010d

SHA1
4736508c795667dcea21f8d864233031223b7832

SHA256
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

SHA512
a0c69c70117c5713caf8b12f3b6e8bbb9cdaf72768e5db9db5831a3c37541b87613c6b020dd2f9b8760064a8c7337f175e7234bfe776eee5e3588dc5662419d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\40WV1DY9\recaptcha__en[1].js

Filesize
547KB

MD5
19ddac3be88eda2c8263c5d52fa7f6bd

SHA1
c81720778f57c56244c72ce6ef402bb4de5f9619

SHA256
b261530f05e272e18b5b5c86d860c4979c82b5b6c538e1643b3c94fc9ba76dd6

SHA512
393015b8c7f14d5d4bdb9cceed7cd1477a7db07bc7c40bae7d0a48a2adfa7d56f9d1c3e4ec05c92fde152e72ffa6b75d8bf724e1f63f9bc21421125667afb05c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8B420DKQ\KFOlCnqEu92Fr1MmEU9fBBc9[1].ttf

Filesize
34KB

MD5
4d88404f733741eaacfda2e318840a98

SHA1
49e0f3d32666ac36205f84ac7457030ca0a9d95f

SHA256
b464107219af95400af44c949574d9617de760e100712d4dec8f51a76c50dda1

SHA512
2e5d3280d5f7e70ca3ea29e7c01f47feb57fe93fc55fd0ea63641e99e5d699bb4b1f1f686da25c91ba4f64833f9946070f7546558cbd68249b0d853949ff85c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8B420DKQ\KFOlCnqEu92Fr1MmYUtfBBc9[1].ttf

Filesize
34KB

MD5
4d99b85fa964307056c1410f78f51439

SHA1
f8e30a1a61011f1ee42435d7e18ba7e21d4ee894

SHA256
01027695832f4a3850663c9e798eb03eadfd1462d0b76e7c5ac6465d2d77dbd0

SHA512
13d93544b16453fe9ac9fc025c3d4320c1c83a2eca4cd01132ce5c68b12e150bc7d96341f10cbaa2777526cf72b2ca0cd64458b3df1875a184bbb907c5e3d731

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8B420DKQ\KFOmCnqEu92Fr1Mu4mxP[1].ttf

Filesize
34KB

MD5
372d0cc3288fe8e97df49742baefce90

SHA1
754d9eaa4a009c42e8d6d40c632a1dad6d44ec21

SHA256
466989fd178ca6ed13641893b7003e5d6ec36e42c2a816dee71f87b775ea097f

SHA512
8447bc59795b16877974cd77c52729f6ff08a1e741f68ff445c087ecc09c8c4822b83e8907d156a00be81cb2c0259081926e758c12b3aea023ac574e4a6c9885

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8B420DKQ\styles__ltr[1].css

Filesize
76KB

MD5
6aec8cfd5d3a790339dc627f9f1229b5

SHA1
b6c8cffe38e1015dd8595f2dd1a92435e2795874

SHA256
80583fa3c83831a9e036eba0500d1b9c0d30892d0701f1617e0fafaf5aeaa2ca

SHA512
4279e479c860007d04cd6ff0b8c45131c18d87420cd5ceb5c727a7ddbfb4206d007069102d643da97c3bf01d0b756a2ef4662c8e39b6969fc154de3c763b1efc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BDDDRHWK\api[1].js

Filesize
870B

MD5
959fca740c230726e5a7cdf2b7603468

SHA1
1fa3eb9690cb728a4ba96846bd8eac87fa914073

SHA256
1a7a8da967879cf8c53e114c331242c5d44c39d4b4778a0824bc2f363504c3a5

SHA512
c493d157fdb40ca20752cd7419c3bf837c12831ef05d0d3e41844e17fc99096d1a7429adaa58ade3eb99aa5e5ce4ad91af8ef7c25f36c7e69f341ad0f2e88e86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LW44N8OS\favicon[1].ico

Filesize
5KB

MD5
f3418a443e7d841097c714d69ec4bcb8

SHA1
49263695f6b0cdd72f45cf1b775e660fdc36c606

SHA256
6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

SHA512
82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LW44N8OS\webworker[1].js

Filesize
102B

MD5
c206147c7cae99642a4f8a2c640a0019

SHA1
8c32b7b7e0807bbe85e5c8c94f87afea31eedc40

SHA256
6f55adbecce78b9c566f8dc830177dc91782702ff35f213f009fc2b902e25603

SHA512
0d94aa53b801ac69a9bb4a7df4fc0e00b6ffd1c5668a6fee4efc11986b7f516eb27a8a0197c0106a4295acd5f63c222ea2f1bd9431bf2d689672ac91c5528eb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7D6B.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7D6E.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DFB7F85B583D9E9041.TMP

Filesize
16KB

MD5
bdd9803d5ed64de9f02e2072a95e5026

SHA1
ec74b54457e12bfd849283f6d692e9fe8a537334

SHA256
6785a86738850e47a302aec0059542216c7d30920ecee2d90b8cc10effade603

SHA512
a3c03f096ad84854a98291445a6d84319149d25572471be2ac49703158712a7ec0f5c7b6124e0610ec76af4b5dd684fabb7e9c1066190f15bb98a7b49d11f08a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\14YMY2F5.txt

Filesize
124B

MD5
bd8c85aafd0f886c894646b55902d403

SHA1
a8495f58c3ddf07c11717f49e17baec17652ac6e

SHA256
daf534d9fa239df2b051ae318b0dd04682f2adaf0145a0815883286bc0de88e1

SHA512
bf76cca533273cc763089e4d687fe6609beb206ca3875a73c7ce3f271a326e6264fc8c510a3cd25b5e7556d661fd0bc40f5530bb66889004f4da375e949753b2

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit