2ca4803498d7d375a61bfab2a3a4cf7e0eec41d116e50a838791a55b164e0f8c

Resubmissions

13-02-2025 01:26

250213-btppra1pcz 10

17-01-2025 20:14

17-01-2025 20:12

17-01-2025 17:25

17-01-2025 17:21

17-01-2025 14:16

17-01-2025 14:12

16-01-2025 12:52

Analysis

max time kernel
899s
max time network
849s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
13-02-2025 01:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Malware-1-master/MEMZ-Clean.bat
Size

9KB
MD5

bbae81b88416d8fba76dd3145a831d19
SHA1

42fa0e1b90ad49f66d4ab96c8cca02f81248da8b
SHA256

5c3fde60c178ed0306dd3e396032acdc9bc55c690e27a926923dd18238bbd64c
SHA512

f03ac63bbb504cb53dc896c2bec8666257034b1c4a5827a4ad75c434af05f1cd631a814cc8689e60210e4ca757e61390db8d222f05bf9f3a0fa7026bdf8c4368
SSDEEP

192:XBOTDzoOgdlf7MAdTyQuHq2b1vXei2SLca5icrLJlz3:ss/tDyQuHZddL5Jlz3

Score

7^/10

discovery execution

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1712	MEMZ.exe

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 45 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000010dad1b8489b8c46a5be8564bece1ab30000000002000000000010660000000100002000000075a17bc5383cee2ce0f6537225e98b74d7663df401f5f710fd3a2b98da708299000000000e80000000020000200000004670721d1442982d79d5913dffb93e8a164d93c845dcf63f4d05af79bdd7061c900000004635ad98e3deb7798fc6d393b8e61bd0cb55381b551e8809b877800f5cfd18c8cb0dd0c12bad9215298398e6d3b6868fc29abe3fe70adc20a284c13a2b30124b51e04239e15e7bf938b3531c824b804dbba252825f09f94376ee79bd94ea4093c4b2171dd3e533aa305af2e8b852efb6e1c155958c292c44256a55f6af10c2f1e97a1d6df93512da1a251c6abc6c1f3640000000c4ba8cf4c77099db35fab4defe565dfb8acb539363e6ac171ac8b6b5620bf30812cc8944c180388750841e895d67a16c0743844f1e2df29ea51028957647e8f1	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000010dad1b8489b8c46a5be8564bece1ab300000000020000000000106600000001000020000000da50163a644fd9f97f38cde856284e38ec9eb77a6bce6732313935e25a6ef366000000000e800000000200002000000077e7242ad668d14af296e93715988f97edb7cda039ee9fd6ae60599a7f62971f20000000ba8dfdf4cd9898794cef8470c6ec4f9d18812c3d530619e6e06cab09a9c087d040000000027f602f1018aad3e38ebb6b5b21632792be79fb5b179ffe78c3960826cdc00ffaeef10983e654a5c012ac4c59cd0fbda10e23459d7d6d151560f2ee5fc31717	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "445571947"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BE5B7B91-E9A9-11EF-98B1-E20EBDDD16B9} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0210f98b67ddb01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE

Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs

pid	Process
1712	MEMZ.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1628	iexplore.exe
1628	iexplore.exe
1628	iexplore.exe
1628	iexplore.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1712	MEMZ.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2680	cscript.exe
1628	iexplore.exe

Suspicious use of SetWindowsHookEx 18 IoCs

pid	Process
1628	iexplore.exe
1628	iexplore.exe
1908	IEXPLORE.EXE
1908	IEXPLORE.EXE
1908	IEXPLORE.EXE
1908	IEXPLORE.EXE
2780	IEXPLORE.EXE
2780	IEXPLORE.EXE
2780	IEXPLORE.EXE
2780	IEXPLORE.EXE
2332	IEXPLORE.EXE
2332	IEXPLORE.EXE
2332	IEXPLORE.EXE
2332	IEXPLORE.EXE
2772	IEXPLORE.EXE
2772	IEXPLORE.EXE
2772	IEXPLORE.EXE
2772	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 27 IoCs

description	pid	Process	procid_target
PID 1116 wrote to memory of 2680	1116	cmd.exe	32
PID 1116 wrote to memory of 2680	1116	cmd.exe	32
PID 1116 wrote to memory of 2680	1116	cmd.exe	32
PID 1116 wrote to memory of 1712	1116	cmd.exe	33
PID 1116 wrote to memory of 1712	1116	cmd.exe	33
PID 1116 wrote to memory of 1712	1116	cmd.exe	33
PID 1116 wrote to memory of 1712	1116	cmd.exe	33
PID 1712 wrote to memory of 1628	1712	MEMZ.exe	34
PID 1712 wrote to memory of 1628	1712	MEMZ.exe	34
PID 1712 wrote to memory of 1628	1712	MEMZ.exe	34
PID 1712 wrote to memory of 1628	1712	MEMZ.exe	34
PID 1628 wrote to memory of 1908	1628	iexplore.exe	35
PID 1628 wrote to memory of 1908	1628	iexplore.exe	35
PID 1628 wrote to memory of 1908	1628	iexplore.exe	35
PID 1628 wrote to memory of 1908	1628	iexplore.exe	35
PID 1628 wrote to memory of 2780	1628	iexplore.exe	38
PID 1628 wrote to memory of 2780	1628	iexplore.exe	38
PID 1628 wrote to memory of 2780	1628	iexplore.exe	38
PID 1628 wrote to memory of 2780	1628	iexplore.exe	38
PID 1628 wrote to memory of 2332	1628	iexplore.exe	39
PID 1628 wrote to memory of 2332	1628	iexplore.exe	39
PID 1628 wrote to memory of 2332	1628	iexplore.exe	39
PID 1628 wrote to memory of 2332	1628	iexplore.exe	39
PID 1628 wrote to memory of 2772	1628	iexplore.exe	40
PID 1628 wrote to memory of 2772	1628	iexplore.exe	40
PID 1628 wrote to memory of 2772	1628	iexplore.exe	40
PID 1628 wrote to memory of 2772	1628	iexplore.exe	40

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Clean.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1116
- C:\Windows\system32\cscript.exe
  cscript x.js
  2⤵
  - Suspicious use of FindShellTrayWindow
  PID:2680
- C:\Users\Admin\AppData\Roaming\MEMZ.exe
  "C:\Users\Admin\AppData\Roaming\MEMZ.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: CmdExeWriteProcessMemorySpam
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of WriteProcessMemory
  PID:1712
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://google.co.ck/search?q=the+memz+are+real
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1628
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1628 CREDAT:275457 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:1908
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1628 CREDAT:603147 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2780
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1628 CREDAT:930831 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2332
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1628 CREDAT:537625 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
e935bc5762068caf3e24a2683b1b8a88

SHA1
82b70eb774c0756837fe8d7acbfeec05ecbf5463

SHA256
a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

SHA512
bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
f8401f4104e93138f2c8bba0363369f8

SHA1
4336f4d023aaa785516578475e9b55af4d0f6dd8

SHA256
dada9f6fc4edebdfeca44e1488ee10fc247da336e01aa5ba4c6fdd9516865035

SHA512
7b723f6e614d5d6ec741f939cf4fd5e6ecb1a15f0d8d97d438bd206603283d3025415266fb6f9e74f9aa1682ffdaa6e1f4e377cf229cada28ff91b5fc3f4a99e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3513D73A177A2707D910183759B389B_DF7E0826E3998899AC6568DD2C34F18A

Filesize
472B

MD5
b8c5b8bc14f295df88567c881e46c4ce

SHA1
3787236f1aeea9a07d422ecd69a32020d5437c69

SHA256
de3fb78a4794780ac66dae288c46de61100c8c9a744012b5fc08545b32f8f7de

SHA512
673677e1d1255807adffe282af28fcf194e2f0f617f6738b87e3a9b5d66f4253a81542c2c618c73aed0033955833673afea0e1a6dea807a10f8ffda7b8450f11

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_4654F046C50FA3E6AFD0824D55A1E2F2

Filesize
471B

MD5
631f24603088ad998a860b05c8a9ebeb

SHA1
6ce70c57de3963f95749c6f31f43cd4b01b77d80

SHA256
294f0974892e58f2328c3e8e8a9f5fbf40febf4e77420c1672776a2b5c947a4a

SHA512
e1570674a35fc772b5b6b7cd01e46e407bb2ec542cf090d0793942a126f91563ab70c8f8406f052d38a064aefd83726deda98a348f1f2cc62bdc5247bcbaaccb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
10b08ea29811a33a550fc989d6bedea7

SHA1
e31609e73e259c27907c0eddedb12b5373e4bb07

SHA256
97f2c2cf6b9b4769b5a2df9904d9f126e5f9bf9bfe7ec671199806bd169267d5

SHA512
09b201d3097ec08dc5be8e0640b15a84250d4a443c144ae7e1039b13a193c439649075aa1a5ee5815b3755437c9fc3464a0ae60310c20caa739a945ce04d8f6f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
9080ddfa780350697ac539f37b3921a2

SHA1
af7e9eece3b4c4175f5b1c22d7caf21895388342

SHA256
a6c22869a657975b877b00b2aebb84b8b5b499b8c709ae8c1891b7ac1e2838d4

SHA512
3b65d483d72062f0021c25b292656da294db24b632a03eea35acc458180ed7c5e24a7a8a95edd3bce6ae062cc1915d7023568fa7152f35db354c87138beb9fcb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
6af281b13d30f261f302d5a49214d58a

SHA1
bf0cb704c09e12d69767cf8e31602d72cd67c497

SHA256
2cabcb238306483b57884df2d6000cdcde64a801c8fe0f18b5e8cc1fcdfa4bbb

SHA512
e372269b09a17154a14c9c25ac252f67bc146d7af92a0245790d0d17b7efac19e45ff68933938c4a7e8578d0b36b0034279515c4805b9568bb389a94a6af8974

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
453ab1e23b8ccb28968786a708ba366a

SHA1
52e0edd3366b7e980b9107f62fd7acb51843ca28

SHA256
fc3cef79c5b8ce6a4a8a22ab9f440771a99f035a9f0ef92df3b3f078653bd03d

SHA512
9b5148472d90714485f5715b6dfb974642715845351b398996297ed33eb922296f805107ea21b03a278da2a68a9971669b4ff70d40d926d3aba10af09fb05c04

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
af40e21e69748e170815f49646381240

SHA1
eb13d258463ffee3a3eef09d953faf96380ab3be

SHA256
4659f5e94776440ada19d92179ede260800b53271b058003d9972f69cc8419b6

SHA512
0254349c1188df4789af75bbaea13c52b1e139ece14cdf188f6336d09919dddf8398ad71df9a0f01f9cb7c7a239fbac9495d5711b12717957944ee83e0786685

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4848b521e975b90d0b37d1199f60d927

SHA1
2bfb20805513cd69f105fbbc5a4c246cc553cf82

SHA256
c31801ffa4b8ae2198d91a675509b85bad85c39483f9b52916d2fabc31c06e3c

SHA512
721e8a7c50926ffbacf1be3209f0fadd2177c0b260ffcaafce7378d804c0d36294efab60d6c9bc80ea4690815df9fc87f69dc83c77ef42c1eaeb6b4aeaab0547

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
98bc0089d820bd5f27988c9d12c576de

SHA1
87a4ac46081dbf4597ab9b8c3bff0601ecc8a646

SHA256
ec1e1709ad2273e2a2388e1972aa7eda256ba5c749583b04b498b763f4385907

SHA512
404505dd1cb12bd150b9490f63a12d35fa7a9ed5601a8cee73caf239107baf1bebf42579b5cde7e06824d00552a3d94503b97b049ebec49db8310e5a26e012ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d44feebcc8f0666f45f71a7e4813057f

SHA1
394a6762804f47a64770e5511886c3e65be66574

SHA256
916b426a4470345597468b88c996aad95bad54b33bcca5dee47629ee089fcb50

SHA512
9b5764392f6763fc7fe5c0d6dead1980305814a9de30baa011607349757fd9e7012b9129a2d2ea1ee1d39778f26f3d34113a4ea037a114c39fa24a1ffe7bc190

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bb286346ac17c60b95d675a359471b4c

SHA1
a4f99a2fd9fa6214cd03057111910cc9a24778cd

SHA256
927d0809ddc1f9d3989356f029c6fd66b6d01bedba9295a21d880d55d02cdbd7

SHA512
338a4a89437f577ad997680311548896aba7157a76441dc61dbbe72f32eadc0fed2b22c214a66299b115f71f2cb52a7101b27455c74802090ea309737beb7f6c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fe5f0b0817275ea6eaad5e42ce9914f7

SHA1
576ea278f4c448ac295ffd721bde67e01ec7bad0

SHA256
5e6e8f7b2e509ff50027a892deffc9f1d2310030679f9bb93d5d52dfdc6a91d9

SHA512
9e693f189900e0311ba0f1856a1f8da92cd341c388e7ef517004394ddcf4b694b51242486a0769a4b928043da2a0cd9e9a4735fa4fc6c21ec918ae64e579b029

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
54f02fdc0896aeea7da44858adc62d97

SHA1
0d98a9a12ab847eacaff88e9087b2189468b91c7

SHA256
cc331b3fb7945d7670a6a90249767a2e0d0a41905aecb786e67cc965bf26c354

SHA512
9a623fd22a220787742593941fb6fd6d4f042335233661b6a6007bc6ba3061dede2356a1a9a9e4561391967996f4eeef69346eb146594ffcf261ae9fc871b7f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d348207d90227d93cc8e01698f82c246

SHA1
6ccb10c4f927f5425b411ffb12c521423fb823cd

SHA256
48f20b72f40e584881afea5347819d2d3876ab67f8e4c509468a6ac3af7b2873

SHA512
c99b9dfcdbe08fc7a02cf7a600ff8b1b0bcd15b61790c54a9ad03ac445221437203f670be8152b8997bb9b0c94891e0a7f6bfa33f376314a42182c106a9ba7c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c5738e45f1797f258709d865b397dbb5

SHA1
52a4c5dc339252db41dec8696f1fb6c8a8893085

SHA256
bc7af98c02776b2d96d2a7cc8ba25d5dfc9178a02f7f44dc59a66f89cb6960b9

SHA512
cad8a2f05b59fe290486e45cfffffbb28a364ce5b13f2c6bd74011b4e54b93b290b21fe590e3a31ae1a2afb1acd776590f259f695d6c015a3b699d80e0fef287

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1c2f972887f579b1c6788fae546a2c7f

SHA1
fb6fc5b905c770aa4b09aa7dae8d3014067b3303

SHA256
70c4948e4c286edcc75233631f0549b37e204355bd593439cdb22403070d76c2

SHA512
411cf70b44087c54c17d4d756df7dd1799b2571725d5f93b959bcac946d08bbff595c51b6aff809b2ebf710d9b62b849312608eef0eafa156dd9908b8109b443

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
130cd7e7c6feef87bfb34821477a963b

SHA1
71dfac153ba6fea27760d598c57a3cc1837f11d8

SHA256
5cd1660f1659d55574b9e0d18500d57ac96cb11e98993bd0a576aa23cc8a1d36

SHA512
31274e8d02b2713e3f2a53beaf2a5d00d7e5a64900e6eaa618e9fadead27c732dbdda1adfc9b6a2d5121a389017f494a3382bdfb1791d932b289935ef7b9d39f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B3513D73A177A2707D910183759B389B_DF7E0826E3998899AC6568DD2C34F18A

Filesize
402B

MD5
ab7b06604c14e3f74adc39ee6c0b4089

SHA1
d9fe6655a3457980529c915cc9f985aa310767ab

SHA256
62212999ee834458c1a4a97be1727afd8531b4f505fd8ed6deb3bcf9851827c7

SHA512
07b523a933e52485026c73022ec80d09b79cc97517ec33ef38c1d66f1c9a26118bbe554fe7a4544339f3b38d4d38377823b197ed56450a54c7e4794dc1e41f98

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_4654F046C50FA3E6AFD0824D55A1E2F2

Filesize
402B

MD5
c1b523c2b1b314c310f7574a605406b8

SHA1
0006c2338d6fe4546ee750e779a08b7a517414d1

SHA256
fbede47daefa2e3f7f0a3db28d548dd5543a5031814d4dfae9ebfd2f46816d1d

SHA512
92634493d3c97a70214fc7e97f128a6107fa649dcefe859ca1e8a5df6cfea626edb42832696eec4c2c082ae9e74fa009a096d143fb84858a76d4465a665bff8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
6fa09fb65995154501dc7ebf483408d5

SHA1
4a3f51b4a6c1e3d79de9e2d98d0266c2c7492986

SHA256
de1adc117c46a64e6c82b57ee2dab84edb0c860fcddbda531af1d2db822042c8

SHA512
14cbc2a67e5926e03d69de4f37fb61c3a6a81e5b756fbba26022a153747f2bb377fb3f09e9cecfa0ade407a520df51d3dee22a67b28cb7fa797968826e4ae209

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\melo7gx\imagestore.dat

Filesize
5KB

MD5
9b63afe7692450b2c264bd8655d1e8a1

SHA1
d874a87e2be71d1dd56005c004e78d8985a81da6

SHA256
adedb5006c8aa95a3c20cd37803f5d5c91d897b2a7e805c1ef327987608f2fc0

SHA512
b4deb012a8b0e02bcde31eebc8c99914474efd360701ef0ced30c9170ec4cf590b6f9f45c41f1a3d4278712412c37523e96a42f189c33d70fce205ac13721ec8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8P9TO0C6\search[1].htm

Filesize
247B

MD5
a4d9ae83d488af6206c02058e591e1e9

SHA1
e92f3ca4db460708f1c6206d589dc0fc42ce5c1c

SHA256
385a004f309d9133f9822e32d86e2f19e164b7e55517e5b4f6080de4d689e733

SHA512
392edf77be9b500cf00c1d88efe907c15cc921897cbeabd933d2faac844f2b1e823f12bc802bffbc956b591ba6435f948308120a14d08300b6fdbe37f4adba6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUME8XYE\favicon[1].ico

Filesize
5KB

MD5
f3418a443e7d841097c714d69ec4bcb8

SHA1
49263695f6b0cdd72f45cf1b775e660fdc36c606

SHA256
6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

SHA512
82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab93E7.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\MALWAR~1\z.zip

Filesize
5KB

MD5
d2ea024b943caa1361833885b832d20b

SHA1
1e17c27a3260862645bdaff5cf82c44172d4df9a

SHA256
39df3364a3af6f7d360aa7e1345e27befc4be960e0e7e7e060b20f3389b80e76

SHA512
7b7cfb5e689feed6a52eedf36b89a7b5cc411191571c0af5e5d704b5f24bfa04afa62d1daab159a7e5702d80e56f3946bf32db0551d256419ca12cd3c57dcecb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Malware-1-master\x

Filesize
8KB

MD5
5ce1a2162bf5e16485f5e263b3cc5cf5

SHA1
e9ec3e06bef08fcf29be35c6a4b2217a8328133c

SHA256
0557ea4c5e309b16458ca32ac617b76d1a55f5f0103e368d05c0f0386b7a0a43

SHA512
ceb5e270bdbcab5be645e50705e3111a5c4751a7a865580d53fa86580025201264a49dd0ea9135b10cff28d7bb21b767ac5d4aff40e880a866ab35df273b5de1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Malware-1-master\x

Filesize
4KB

MD5
20e335859ff991575cf1ddf538e5817c

SHA1
1e81b804d67d6c0e22c0cef7e1cb9f86ce0ef5ee

SHA256
88339750431112ed60cdf9bdb7697434ba9b38e2d15ad604c4462705bc1bdfcf

SHA512
012251b342722cf35ebec2c7d071db505a992d81fc4b3492cd87640b5c955dc084825fc5e72edc821f4c481867183f21d26cd904fe7f0373d1156332f87b031d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Malware-1-master\x.js

Filesize
448B

MD5
8eec8704d2a7bc80b95b7460c06f4854

SHA1
1b34585c1fa7ec0bd0505478ac9dbb8b8d19f326

SHA256
aa01b8864b43e92077a106ed3d4656a511f3ba1910fba40c78a32ee6a621d596

SHA512
e274b92810e9a30627a65f87448d784967a2fcfbf49858cbe6ccb841f09e0f53fde253ecc1ea0c7de491d8cc56a6cf8c79d1b7c657e72928cfb0479d11035210

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9448.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe

Filesize
12KB

MD5
9c642c5b111ee85a6bccffc7af896a51

SHA1
eca8571b994fd40e2018f48c214fab6472a98bab

SHA256
4bbf7589615ebdb6c769d6d2e7bdcb26072bac0cda6e225a4133ba8819e688d5

SHA512
23cc74b5a7bdf70ba789d1730a0009414cfb9c780544e3d8d841be58782b9a9a089969c4295a0da25d07285505992386486d6ff0524e75605b96bb99cd3aaa1c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\8J3J3F1R.txt

Filesize
425B

MD5
49814df29dccdd3e4e76f696d9992814

SHA1
fedcf6448199e03ca09007d807fd49895653e443

SHA256
37a5cd509f8ad6be420f821ce2b5f8693beaa8c537e03dfad0e061a3eb108d62

SHA512
eb65a3af71c29e60fdcd42a1dc4b1cba769499677b6152e95910baa9253631c20034061ea25520d8bbf0c08a8c9f5853da1106fa6cabfe851a804d0b0f812db4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\GN23QWTJ.txt

Filesize
423B

MD5
2d2a24fe6590b1c9d41348c7171dcd7a

SHA1
2b42c63b4cf4a4e553fdc0230f2150a95b129013

SHA256
30eda2db73d34bbf7f69fc971cce1ab7418990873ed4baa5a363fe14c5212700

SHA512
7e339ce3be40a7cff6a0cf658fcfbc048117a3ea45d561dda8d0206bdf9d931a97e999fbb39134f9b0a4ea81f30c765bd8195ff31eb54bb3a4ee108f1e60fc2f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\LE9WEXAL.txt

Filesize
416B

MD5
0bbb3ec345d8cd7f1ba94d9a0b842df2

SHA1
3c54953680b192043857d710d5e72b74b2ce45e3

SHA256
3dc7fdb432732c06911142dc7264355534fa2b90e0c1782b5648457c3fd69274

SHA512
b9152da15cd7b56361489d50c7242d6bf1e734d70d533dbf9dc6cb614ea4970a876d63d672ab3bfc8a2af70e680f88de5114966bd1c51f165652e74a4a43f62c

Download Submit
memory/2680-120-0x0000000003920000-0x0000000003921000-memory.dmp

Filesize
4KB

Download