Remarks
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
There are no files for this filter
There are no files in this analysis
|
Filename
|
Category
|
Type
|
Severity
|
Actions
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\c5878955-7c21-46f7-9950-dbc1d2273e6e\LS_APPDATA744de46e-2913-4f69-a0ea-d12dff2a5c90SAMPLE.exe (Dropped File)
|
|
Mime Type
|
application/vnd.microsoft.portable-executable
|
|
File Size
|
387.50 KB
|
|
MD5
|
80d04be9495d2f7e662f4ee50d03f1a2
|
|
SHA1
|
0bacc428bae7d567f2faaf1f3de896d6f690c098
|
|
SHA256
|
2767c566c6e7de07b85a910e3598cc8e4aa6655cffe7623ccc7f85f508fcaf59
|
|
SSDeep
|
6144:YwEGfsyTs+FW1rX9eUYLEspL7DFTsfVLy0yAgHGUCacSl1FDkZF/MQWMQE+poCI7:tEGfHx69fspHp2ePCacStkZgHpvI7
|
|
ImpHash
|
e101f33f21879df984d10829637ee304
|
|
Parser Error Remark
|
Static analyzer was unable to completely parse the analyzed file
|
|
Severity
|
|
|
First Seen
|
2019-07-18 19:49 (UTC+2)
|
|
Last Seen
|
2019-07-19 02:27 (UTC+2)
|
|
Names
|
Win32.Trojan.Genkryptik
|
|
Families
|
Genkryptik
|
|
Classification
|
Trojan
|
|
Image Base
|
0x400000
|
|
Entry Point
|
0x404bad
|
|
Size Of Code
|
0xee00
|
|
Size Of Initialized Data
|
0x854200
|
|
File Type
|
FileType.executable
|
|
Subsystem
|
Subsystem.windows_gui
|
|
Machine Type
|
MachineType.i386
|
|
Compile Timestamp
|
2018-04-24 05:57:42+00:00
|
|
Name
|
Virtual Address
|
Virtual Size
|
Raw Data Size
|
Raw Data Offset
|
Flags
|
Entropy
|
|
.text
|
0x401000
|
0xec5f
|
0xee00
|
0x400
|
IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
|
6.65
|
|
.rdata
|
0x410000
|
0x6a18
|
0x6c00
|
0xf200
|
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
|
4.71
|
|
.data
|
0x417000
|
0x803840
|
0x1400
|
0x15e00
|
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
|
3.73
|
|
.text
|
0xc1b000
|
0x458d8
|
0x44c00
|
0x17200
|
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
|
6.0
|
|
.rsrc
|
0xc61000
|
0x3b08
|
0x3c00
|
0x5be00
|
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
|
6.1
|
|
.reloc
|
0xc65000
|
0x1248
|
0x1400
|
0x5fa00
|
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
|
6.28
|
|
API Name
|
Ordinal
|
IAT Address
|
Thunk RVA
|
Thunk Offset
|
Hint
|
|
FormatMessageW
|
0x0
|
0x41002c
|
0x16198
|
0x15398
|
0x15e
|
|
CreateMailslotA
|
0x0
|
0x410030
|
0x1619c
|
0x1539c
|
0x98
|
|
lstrlenA
|
0x0
|
0x410034
|
0x161a0
|
0x153a0
|
0x54d
|
|
GetCurrentDirectoryA
|
0x0
|
0x410038
|
0x161a4
|
0x153a4
|
0x1be
|
|
CreateFileW
|
0x0
|
0x41003c
|
0x161a8
|
0x153a8
|
0x8f
|
|
GetNumberFormatW
|
0x0
|
0x410040
|
0x161ac
|
0x153ac
|
0x233
|
|
PeekConsoleInputW
|
0x0
|
0x410044
|
0x161b0
|
0x153b0
|
0x38c
|
|
GetTickCount
|
0x0
|
0x410048
|
0x161b4
|
0x153b4
|
0x293
|
|
WriteConsoleW
|
0x0
|
0x41004c
|
0x161b8
|
0x153b8
|
0x524
|
|
SetFilePointerEx
|
0x0
|
0x410050
|
0x161bc
|
0x153bc
|
0x467
|
|
FlushFileBuffers
|
0x0
|
0x410054
|
0x161c0
|
0x153c0
|
0x157
|
|
SetStdHandle
|
0x0
|
0x410058
|
0x161c4
|
0x153c4
|
0x487
|
|
HeapReAlloc
|
0x0
|
0x41005c
|
0x161c8
|
0x153c8
|
0x2d2
|
|
GetCPInfo
|
0x0
|
0x410060
|
0x161cc
|
0x153cc
|
0x172
|
|
GetOEMCP
|
0x0
|
0x410064
|
0x161d0
|
0x153d0
|
0x237
|
|
GetACP
|
0x0
|
0x410068
|
0x161d4
|
0x153d4
|
0x168
|
|
IsValidCodePage
|
0x0
|
0x41006c
|
0x161d8
|
0x153d8
|
0x30a
|
|
GetHandleInformation
|
0x0
|
0x410070
|
0x161dc
|
0x153dc
|
0x1ff
|
|
CloseHandle
|
0x0
|
0x410074
|
0x161e0
|
0x153e0
|
0x52
|
|
LockFile
|
0x0
|
0x410078
|
0x161e4
|
0x153e4
|
0x352
|
|
TerminateProcess
|
0x0
|
0x41007c
|
0x161e8
|
0x153e8
|
0x4c0
|
|
ExitProcess
|
0x0
|
0x410080
|
0x161ec
|
0x153ec
|
0x119
|
|
VirtualProtect
|
0x0
|
0x410084
|
0x161f0
|
0x153f0
|
0x4ef
|
|
GetBinaryTypeA
|
0x0
|
0x410088
|
0x161f4
|
0x153f4
|
0x170
|
|
GlobalMemoryStatus
|
0x0
|
0x41008c
|
0x161f8
|
0x153f8
|
0x2bf
|
|
GlobalAlloc
|
0x0
|
0x410090
|
0x161fc
|
0x153fc
|
0x2b3
|
|
OutputDebugStringW
|
0x0
|
0x410094
|
0x16200
|
0x15400
|
0x38a
|
|
GetProcAddress
|
0x0
|
0x410098
|
0x16204
|
0x15404
|
0x245
|
|
LoadLibraryExW
|
0x0
|
0x41009c
|
0x16208
|
0x15408
|
0x33e
|
|
EncodePointer
|
0x0
|
0x4100a0
|
0x1620c
|
0x1540c
|
0xea
|
|
DecodePointer
|
0x0
|
0x4100a4
|
0x16210
|
0x15410
|
0xca
|
|
RaiseException
|
0x0
|
0x4100a8
|
0x16214
|
0x15414
|
0x3b1
|
|
RtlUnwind
|
0x0
|
0x4100ac
|
0x16218
|
0x15418
|
0x418
|
|
GetCommandLineW
|
0x0
|
0x4100b0
|
0x1621c
|
0x1541c
|
0x187
|
|
IsProcessorFeaturePresent
|
0x0
|
0x4100b4
|
0x16220
|
0x15420
|
0x304
|
|
GetLastError
|
0x0
|
0x4100b8
|
0x16224
|
0x15424
|
0x202
|
|
HeapAlloc
|
0x0
|
0x4100bc
|
0x16228
|
0x15428
|
0x2cb
|
|
HeapFree
|
0x0
|
0x4100c0
|
0x1622c
|
0x1542c
|
0x2cf
|
|
GetModuleHandleExW
|
0x0
|
0x4100c4
|
0x16230
|
0x15430
|
0x217
|
|
MultiByteToWideChar
|
0x0
|
0x4100c8
|
0x16234
|
0x15434
|
0x367
|
|
WideCharToMultiByte
|
0x0
|
0x4100cc
|
0x16238
|
0x15438
|
0x511
|
|
HeapSize
|
0x0
|
0x4100d0
|
0x1623c
|
0x1543c
|
0x2d4
|
|
IsDebuggerPresent
|
0x0
|
0x4100d4
|
0x16240
|
0x15440
|
0x300
|
|
EnterCriticalSection
|
0x0
|
0x4100d8
|
0x16244
|
0x15444
|
0xee
|
|
LeaveCriticalSection
|
0x0
|
0x4100dc
|
0x16248
|
0x15448
|
0x339
|
|
WriteFile
|
0x0
|
0x4100e0
|
0x1624c
|
0x1544c
|
0x525
|
|
GetConsoleCP
|
0x0
|
0x4100e4
|
0x16250
|
0x15450
|
0x19a
|
|
GetConsoleMode
|
0x0
|
0x4100e8
|
0x16254
|
0x15454
|
0x1ac
|
|
SetLastError
|
0x0
|
0x4100ec
|
0x16258
|
0x15458
|
0x473
|
|
GetCurrentThreadId
|
0x0
|
0x4100f0
|
0x1625c
|
0x1545c
|
0x1c5
|
|
GetProcessHeap
|
0x0
|
0x4100f4
|
0x16260
|
0x15460
|
0x24a
|
|
GetStdHandle
|
0x0
|
0x4100f8
|
0x16264
|
0x15464
|
0x264
|
|
GetFileType
|
0x0
|
0x4100fc
|
0x16268
|
0x15468
|
0x1f3
|
|
DeleteCriticalSection
|
0x0
|
0x410100
|
0x1626c
|
0x1546c
|
0xd1
|
|
GetStartupInfoW
|
0x0
|
0x410104
|
0x16270
|
0x15470
|
0x263
|
|
GetModuleFileNameW
|
0x0
|
0x410108
|
0x16274
|
0x15474
|
0x214
|
|
QueryPerformanceCounter
|
0x0
|
0x41010c
|
0x16278
|
0x15478
|
0x3a7
|
|
GetCurrentProcessId
|
0x0
|
0x410110
|
0x1627c
|
0x1547c
|
0x1c1
|
|
GetSystemTimeAsFileTime
|
0x0
|
0x410114
|
0x16280
|
0x15480
|
0x279
|
|
GetEnvironmentStringsW
|
0x0
|
0x410118
|
0x16284
|
0x15484
|
0x1da
|
|
FreeEnvironmentStringsW
|
0x0
|
0x41011c
|
0x16288
|
0x15488
|
0x161
|
|
UnhandledExceptionFilter
|
0x0
|
0x410120
|
0x1628c
|
0x1548c
|
0x4d3
|
|
SetUnhandledExceptionFilter
|
0x0
|
0x410124
|
0x16290
|
0x15490
|
0x4a5
|
|
InitializeCriticalSectionAndSpinCount
|
0x0
|
0x410128
|
0x16294
|
0x15494
|
0x2e3
|
|
Sleep
|
0x0
|
0x41012c
|
0x16298
|
0x15498
|
0x4b2
|
|
GetCurrentProcess
|
0x0
|
0x410130
|
0x1629c
|
0x1549c
|
0x1c0
|
|
TlsAlloc
|
0x0
|
0x410134
|
0x162a0
|
0x154a0
|
0x4c5
|
|
TlsGetValue
|
0x0
|
0x410138
|
0x162a4
|
0x154a4
|
0x4c7
|
|
TlsSetValue
|
0x0
|
0x41013c
|
0x162a8
|
0x154a8
|
0x4c8
|
|
TlsFree
|
0x0
|
0x410140
|
0x162ac
|
0x154ac
|
0x4c6
|
|
GetModuleHandleW
|
0x0
|
0x410144
|
0x162b0
|
0x154b0
|
0x218
|
|
LCMapStringW
|
0x0
|
0x410148
|
0x162b4
|
0x154b4
|
0x32d
|
|
GetStringTypeW
|
0x0
|
0x41014c
|
0x162b8
|
0x154b8
|
0x269
|
|
API Name
|
Ordinal
|
IAT Address
|
Thunk RVA
|
Thunk Offset
|
Hint
|
|
EnumPropsW
|
0x0
|
0x41015c
|
0x162c8
|
0x154c8
|
0xee
|
|
SendMessageA
|
0x0
|
0x410160
|
0x162cc
|
0x154cc
|
0x277
|
|
ChangeDisplaySettingsA
|
0x0
|
0x410164
|
0x162d0
|
0x154d0
|
0x23
|
|
LoadStringW
|
0x0
|
0x410168
|
0x162d4
|
0x154d4
|
0x1fa
|
|
GetClassInfoW
|
0x0
|
0x41016c
|
0x162d8
|
0x154d8
|
0x10e
|
|
GetClassNameA
|
0x0
|
0x410170
|
0x162dc
|
0x154dc
|
0x111
|
|
DrawIcon
|
0x0
|
0x410174
|
0x162e0
|
0x154e0
|
0xc7
|
|
OemToCharW
|
0x0
|
0x410178
|
0x162e4
|
0x154e4
|
0x224
|
|
CreateDialogParamW
|
0x0
|
0x41017c
|
0x162e8
|
0x154e8
|
0x63
|
|
API Name
|
Ordinal
|
IAT Address
|
Thunk RVA
|
Thunk Offset
|
Hint
|
|
PolyBezier
|
0x0
|
0x410010
|
0x1617c
|
0x1537c
|
0x24e
|
|
GetEnhMetaFileHeader
|
0x0
|
0x410014
|
0x16180
|
0x15380
|
0x1d4
|
|
SetMapMode
|
0x0
|
0x410018
|
0x16184
|
0x15384
|
0x294
|
|
GetOutlineTextMetricsA
|
0x0
|
0x41001c
|
0x16188
|
0x15388
|
0x1fe
|
|
GetMetaFileW
|
0x0
|
0x410020
|
0x1618c
|
0x1538c
|
0x1f3
|
|
PolylineTo
|
0x0
|
0x410024
|
0x16190
|
0x15390
|
0x258
|
|
API Name
|
Ordinal
|
IAT Address
|
Thunk RVA
|
Thunk Offset
|
Hint
|
|
SetPrivateObjectSecurity
|
0x0
|
0x410000
|
0x1616c
|
0x1536c
|
0x2b2
|
|
PrivilegedServiceAuditAlarmA
|
0x0
|
0x410004
|
0x16170
|
0x15370
|
0x218
|
|
LockServiceDatabase
|
0x0
|
0x410008
|
0x16174
|
0x15374
|
0x188
|
|
API Name
|
Ordinal
|
IAT Address
|
Thunk RVA
|
Thunk Offset
|
Hint
|
|
WinHttpWriteData
|
0x0
|
0x410184
|
0x162f0
|
0x154f0
|
0x1f
|
|
WinHttpQueryDataAvailable
|
0x0
|
0x410188
|
0x162f4
|
0x154f4
|
0x12
|
|
API Name
|
Ordinal
|
IAT Address
|
Thunk RVA
|
Thunk Offset
|
Hint
|
|
TransparentBlt
|
0x0
|
0x410154
|
0x162c0
|
0x154c0
|
0x3
|
|
Api name
|
EAT Address
|
Ordinal
|
|
MyFunc165@@4
|
0x11d0
|
0x1
|
|
Threat Name
|
Severity
|
|
Trojan.Worm.GenericKDS.41479463
|
|
|
Mime Type
|
text/plain
|
|
File Size
|
7.92 KB
|
|
MD5
|
360d265eddea8679c434a205f7ade7ad
|
|
SHA1
|
e17d843f610e0283904e201195360525ae449a68
|
|
SHA256
|
5a1597c0d29dd475e33cd8889d7d848037a8c17bad0f3daa022fb889e0db7ead
|
|
SSDeep
|
96:vDZEurK9q3WlSyU0FXmGZll0TOHyF9fAHLmttA/ZKTKdIlMHqzoCGbXx:RrK9FU0FXmGZll06m9fAH6AhKTK9Cax
|
|
Threat Name
|
Severity
|
|
Gen:Trojan.Qhost.1
|
|
|
Also Known As
|
c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\temporary internet files\content.ie5\x9ohk109\updatewin1[1].exe (Downloaded File)
|
|
Mime Type
|
application/vnd.microsoft.portable-executable
|
|
File Size
|
272.50 KB
|
|
MD5
|
5b4bd24d6240f467bfbc74803c9f15b0
|
|
SHA1
|
c17f98c182d299845c54069872e8137645768a1a
|
|
SHA256
|
14c7bec7369d4175c6d92554b033862b3847ff98a04dfebdf9f5bb30180ed13e
|
|
SSDeep
|
6144:7qZQGv0d4dW6efSyahstfKVkW5XXnXXfXXXWXXXXHXXXXBXXXXgXXXXX5XXXXiXk:2ZQGXdPe6qU6W5XXnXXfXXXWXXXXHXXE
|
|
ImpHash
|
0bcca924efe6e6fa741675d8e687fbb3
|
|
Severity
|
|
|
First Seen
|
2019-01-16 22:21 (UTC+1)
|
|
Last Seen
|
2019-07-02 07:29 (UTC+2)
|
|
Names
|
Win32.Trojan.Kryptik
|
|
Families
|
Kryptik
|
|
Classification
|
Trojan
|
|
Image Base
|
0x400000
|
|
Entry Point
|
0x402d76
|
|
Size Of Code
|
0x1c200
|
|
Size Of Initialized Data
|
0x2c200
|
|
File Type
|
FileType.executable
|
|
Subsystem
|
Subsystem.windows_gui
|
|
Machine Type
|
MachineType.i386
|
|
Compile Timestamp
|
2017-07-24 12:23:54+00:00
|
|
FileVersion
|
7.7.7.18
|
|
InternalName
|
rawudiyeh.exe
|
|
LegalCopyright
|
Copyright (C) 2018, sacuwedimufoy
|
|
Name
|
Virtual Address
|
Virtual Size
|
Raw Data Size
|
Raw Data Offset
|
Flags
|
Entropy
|
|
.text
|
0x401000
|
0x1c07e
|
0x1c200
|
0x400
|
IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
|
6.62
|
|
.rdata
|
0x41e000
|
0x463e
|
0x4800
|
0x1c600
|
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
|
5.26
|
|
.data
|
0x423000
|
0x1c6a8
|
0x17400
|
0x20e00
|
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
|
5.83
|
|
.rsrc
|
0x440000
|
0xa578
|
0xa600
|
0x38200
|
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
|
6.88
|
|
.reloc
|
0x44b000
|
0x1968
|
0x1a00
|
0x42800
|
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
|
6.34
|
|
API Name
|
Ordinal
|
IAT Address
|
Thunk RVA
|
Thunk Offset
|
Hint
|
|
ExitThread
|
0x0
|
0x41e028
|
0x21afc
|
0x200fc
|
0x105
|
|
GetStartupInfoW
|
0x0
|
0x41e02c
|
0x21b00
|
0x20100
|
0x23a
|
|
GetLastError
|
0x0
|
0x41e030
|
0x21b04
|
0x20104
|
0x1e6
|
|
GetProcAddress
|
0x0
|
0x41e034
|
0x21b08
|
0x20108
|
0x220
|
|
CreateJobSet
|
0x0
|
0x41e038
|
0x21b0c
|
0x2010c
|
0x87
|
|
GlobalFree
|
0x0
|
0x41e03c
|
0x21b10
|
0x20110
|
0x28c
|
|
LoadLibraryA
|
0x0
|
0x41e040
|
0x21b14
|
0x20114
|
0x2f1
|
|
OpenWaitableTimerW
|
0x0
|
0x41e044
|
0x21b18
|
0x20118
|
0x339
|
|
AddAtomA
|
0x0
|
0x41e048
|
0x21b1c
|
0x2011c
|
0x3
|
|
FindFirstChangeNotificationA
|
0x0
|
0x41e04c
|
0x21b20
|
0x20120
|
0x11b
|
|
VirtualProtect
|
0x0
|
0x41e050
|
0x21b24
|
0x20124
|
0x45a
|
|
GetCurrentDirectoryA
|
0x0
|
0x41e054
|
0x21b28
|
0x20128
|
0x1a7
|
|
GetACP
|
0x0
|
0x41e058
|
0x21b2c
|
0x2012c
|
0x152
|
|
InterlockedPushEntrySList
|
0x0
|
0x41e05c
|
0x21b30
|
0x20130
|
0x2c2
|
|
CompareStringW
|
0x0
|
0x41e060
|
0x21b34
|
0x20134
|
0x55
|
|
CompareStringA
|
0x0
|
0x41e064
|
0x21b38
|
0x20138
|
0x52
|
|
CreateFileA
|
0x0
|
0x41e068
|
0x21b3c
|
0x2013c
|
0x78
|
|
GetTimeZoneInformation
|
0x0
|
0x41e06c
|
0x21b40
|
0x20140
|
0x26b
|
|
WriteConsoleW
|
0x0
|
0x41e070
|
0x21b44
|
0x20144
|
0x48c
|
|
GetConsoleOutputCP
|
0x0
|
0x41e074
|
0x21b48
|
0x20148
|
0x199
|
|
WriteConsoleA
|
0x0
|
0x41e078
|
0x21b4c
|
0x2014c
|
0x482
|
|
CloseHandle
|
0x0
|
0x41e07c
|
0x21b50
|
0x20150
|
0x43
|
|
IsValidLocale
|
0x0
|
0x41e080
|
0x21b54
|
0x20154
|
0x2dd
|
|
EnumSystemLocalesA
|
0x0
|
0x41e084
|
0x21b58
|
0x20158
|
0xf8
|
|
GetUserDefaultLCID
|
0x0
|
0x41e088
|
0x21b5c
|
0x2015c
|
0x26d
|
|
GetSystemTimeAdjustment
|
0x0
|
0x41e08c
|
0x21b60
|
0x20160
|
0x24e
|
|
GetSystemTimes
|
0x0
|
0x41e090
|
0x21b64
|
0x20164
|
0x250
|
|
GetTickCount
|
0x0
|
0x41e094
|
0x21b68
|
0x20168
|
0x266
|
|
FreeEnvironmentStringsA
|
0x0
|
0x41e098
|
0x21b6c
|
0x2016c
|
0x14a
|
|
GetComputerNameW
|
0x0
|
0x41e09c
|
0x21b70
|
0x20170
|
0x178
|
|
FindCloseChangeNotification
|
0x0
|
0x41e0a0
|
0x21b74
|
0x20174
|
0x11a
|
|
FindResourceExW
|
0x0
|
0x41e0a4
|
0x21b78
|
0x20178
|
0x138
|
|
GetCPInfo
|
0x0
|
0x41e0a8
|
0x21b7c
|
0x2017c
|
0x15b
|
|
SetProcessShutdownParameters
|
0x0
|
0x41e0ac
|
0x21b80
|
0x20180
|
0x3f9
|
|
GetModuleHandleExA
|
0x0
|
0x41e0b0
|
0x21b84
|
0x20184
|
0x1f7
|
|
GetDateFormatA
|
0x0
|
0x41e0b4
|
0x21b88
|
0x20188
|
0x1ae
|
|
GetTimeFormatA
|
0x0
|
0x41e0b8
|
0x21b8c
|
0x2018c
|
0x268
|
|
GetStringTypeW
|
0x0
|
0x41e0bc
|
0x21b90
|
0x20190
|
0x240
|
|
GetStringTypeA
|
0x0
|
0x41e0c0
|
0x21b94
|
0x20194
|
0x23d
|
|
LCMapStringW
|
0x0
|
0x41e0c4
|
0x21b98
|
0x20198
|
0x2e3
|
|
GetCommandLineA
|
0x0
|
0x41e0c8
|
0x21b9c
|
0x2019c
|
0x16f
|
|
GetStartupInfoA
|
0x0
|
0x41e0cc
|
0x21ba0
|
0x201a0
|
0x239
|
|
RaiseException
|
0x0
|
0x41e0d0
|
0x21ba4
|
0x201a4
|
0x35a
|
|
RtlUnwind
|
0x0
|
0x41e0d4
|
0x21ba8
|
0x201a8
|
0x392
|
|
TerminateProcess
|
0x0
|
0x41e0d8
|
0x21bac
|
0x201ac
|
0x42d
|
|
GetCurrentProcess
|
0x0
|
0x41e0dc
|
0x21bb0
|
0x201b0
|
0x1a9
|
|
UnhandledExceptionFilter
|
0x0
|
0x41e0e0
|
0x21bb4
|
0x201b4
|
0x43e
|
|
SetUnhandledExceptionFilter
|
0x0
|
0x41e0e4
|
0x21bb8
|
0x201b8
|
0x415
|
|
IsDebuggerPresent
|
0x0
|
0x41e0e8
|
0x21bbc
|
0x201bc
|
0x2d1
|
|
HeapAlloc
|
0x0
|
0x41e0ec
|
0x21bc0
|
0x201c0
|
0x29d
|
|
HeapFree
|
0x0
|
0x41e0f0
|
0x21bc4
|
0x201c4
|
0x2a1
|
|
EnterCriticalSection
|
0x0
|
0x41e0f4
|
0x21bc8
|
0x201c8
|
0xd9
|
|
LeaveCriticalSection
|
0x0
|
0x41e0f8
|
0x21bcc
|
0x201cc
|
0x2ef
|
|
SetHandleCount
|
0x0
|
0x41e0fc
|
0x21bd0
|
0x201d0
|
0x3e8
|
|
GetStdHandle
|
0x0
|
0x41e100
|
0x21bd4
|
0x201d4
|
0x23b
|
|
GetFileType
|
0x0
|
0x41e104
|
0x21bd8
|
0x201d8
|
0x1d7
|
|
DeleteCriticalSection
|
0x0
|
0x41e108
|
0x21bdc
|
0x201dc
|
0xbe
|
|
GetModuleHandleW
|
0x0
|
0x41e10c
|
0x21be0
|
0x201e0
|
0x1f9
|
|
Sleep
|
0x0
|
0x41e110
|
0x21be4
|
0x201e4
|
0x421
|
|
ExitProcess
|
0x0
|
0x41e114
|
0x21be8
|
0x201e8
|
0x104
|
|
WriteFile
|
0x0
|
0x41e118
|
0x21bec
|
0x201ec
|
0x48d
|
|
GetModuleFileNameA
|
0x0
|
0x41e11c
|
0x21bf0
|
0x201f0
|
0x1f4
|
|
GetEnvironmentStrings
|
0x0
|
0x41e120
|
0x21bf4
|
0x201f4
|
0x1bf
|
|
FreeEnvironmentStringsW
|
0x0
|
0x41e124
|
0x21bf8
|
0x201f8
|
0x14b
|
|
WideCharToMultiByte
|
0x0
|
0x41e128
|
0x21bfc
|
0x201fc
|
0x47a
|
|
GetEnvironmentStringsW
|
0x0
|
0x41e12c
|
0x21c00
|
0x20200
|
0x1c1
|
|
TlsGetValue
|
0x0
|
0x41e130
|
0x21c04
|
0x20204
|
0x434
|
|
TlsAlloc
|
0x0
|
0x41e134
|
0x21c08
|
0x20208
|
0x432
|
|
TlsSetValue
|
0x0
|
0x41e138
|
0x21c0c
|
0x2020c
|
0x435
|
|
TlsFree
|
0x0
|
0x41e13c
|
0x21c10
|
0x20210
|
0x433
|
|
InterlockedIncrement
|
0x0
|
0x41e140
|
0x21c14
|
0x20214
|
0x2c0
|
|
SetLastError
|
0x0
|
0x41e144
|
0x21c18
|
0x20218
|
0x3ec
|
|
GetCurrentThreadId
|
0x0
|
0x41e148
|
0x21c1c
|
0x2021c
|
0x1ad
|
|
InterlockedDecrement
|
0x0
|
0x41e14c
|
0x21c20
|
0x20220
|
0x2bc
|
|
GetCurrentThread
|
0x0
|
0x41e150
|
0x21c24
|
0x20224
|
0x1ac
|
|
HeapCreate
|
0x0
|
0x41e154
|
0x21c28
|
0x20228
|
0x29f
|
|
HeapDestroy
|
0x0
|
0x41e158
|
0x21c2c
|
0x2022c
|
0x2a0
|
|
VirtualFree
|
0x0
|
0x41e15c
|
0x21c30
|
0x20230
|
0x457
|
|
QueryPerformanceCounter
|
0x0
|
0x41e160
|
0x21c34
|
0x20234
|
0x354
|
|
GetCurrentProcessId
|
0x0
|
0x41e164
|
0x21c38
|
0x20238
|
0x1aa
|
|
GetSystemTimeAsFileTime
|
0x0
|
0x41e168
|
0x21c3c
|
0x2023c
|
0x24f
|
|
FatalAppExitA
|
0x0
|
0x41e16c
|
0x21c40
|
0x20240
|
0x10b
|
|
VirtualAlloc
|
0x0
|
0x41e170
|
0x21c44
|
0x20244
|
0x454
|
|
HeapReAlloc
|
0x0
|
0x41e174
|
0x21c48
|
0x20248
|
0x2a4
|
|
MultiByteToWideChar
|
0x0
|
0x41e178
|
0x21c4c
|
0x2024c
|
0x31a
|
|
ReadFile
|
0x0
|
0x41e17c
|
0x21c50
|
0x20250
|
0x368
|
|
InitializeCriticalSectionAndSpinCount
|
0x0
|
0x41e180
|
0x21c54
|
0x20254
|
0x2b5
|
|
HeapSize
|
0x0
|
0x41e184
|
0x21c58
|
0x20258
|
0x2a6
|
|
SetConsoleCtrlHandler
|
0x0
|
0x41e188
|
0x21c5c
|
0x2025c
|
0x3a7
|
|
FreeLibrary
|
0x0
|
0x41e18c
|
0x21c60
|
0x20260
|
0x14c
|
|
InterlockedExchange
|
0x0
|
0x41e190
|
0x21c64
|
0x20264
|
0x2bd
|
|
GetOEMCP
|
0x0
|
0x41e194
|
0x21c68
|
0x20268
|
0x213
|
|
IsValidCodePage
|
0x0
|
0x41e198
|
0x21c6c
|
0x2026c
|
0x2db
|
|
GetConsoleCP
|
0x0
|
0x41e19c
|
0x21c70
|
0x20270
|
0x183
|
|
GetConsoleMode
|
0x0
|
0x41e1a0
|
0x21c74
|
0x20274
|
0x195
|
|
FlushFileBuffers
|
0x0
|
0x41e1a4
|
0x21c78
|
0x20278
|
0x141
|
|
SetFilePointer
|
0x0
|
0x41e1a8
|
0x21c7c
|
0x2027c
|
0x3df
|
|
SetStdHandle
|
0x0
|
0x41e1ac
|
0x21c80
|
0x20280
|
0x3fc
|
|
GetLocaleInfoW
|
0x0
|
0x41e1b0
|
0x21c84
|
0x20284
|
0x1ea
|
|
GetLocaleInfoA
|
0x0
|
0x41e1b4
|
0x21c88
|
0x20288
|
0x1e8
|
|
LCMapStringA
|
0x0
|
0x41e1b8
|
0x21c8c
|
0x2028c
|
0x2e1
|
|
SetEnvironmentVariableA
|
0x0
|
0x41e1bc
|
0x21c90
|
0x20290
|
0x3d0
|
|
API Name
|
Ordinal
|
IAT Address
|
Thunk RVA
|
Thunk Offset
|
Hint
|
|
CloseClipboard
|
0x0
|
0x41e1d8
|
0x21cac
|
0x202ac
|
0x47
|
|
BeginPaint
|
0x0
|
0x41e1dc
|
0x21cb0
|
0x202b0
|
0xe
|
|
CallMsgFilterW
|
0x0
|
0x41e1e0
|
0x21cb4
|
0x202b4
|
0x1a
|
|
PeekMessageA
|
0x0
|
0x41e1e4
|
0x21cb8
|
0x202b8
|
0x21b
|
|
MapVirtualKeyExW
|
0x0
|
0x41e1e8
|
0x21cbc
|
0x202bc
|
0x1f1
|
|
RegisterRawInputDevices
|
0x0
|
0x41e1ec
|
0x21cc0
|
0x202c0
|
0x242
|
|
GetClipboardSequenceNumber
|
0x0
|
0x41e1f0
|
0x21cc4
|
0x202c4
|
0x113
|
|
CountClipboardFormats
|
0x0
|
0x41e1f4
|
0x21cc8
|
0x202c8
|
0x50
|
|
GetDialogBaseUnits
|
0x0
|
0x41e1f8
|
0x21ccc
|
0x202cc
|
0x11d
|
|
GetClassLongW
|
0x0
|
0x41e1fc
|
0x21cd0
|
0x202d0
|
0x109
|
|
API Name
|
Ordinal
|
IAT Address
|
Thunk RVA
|
Thunk Offset
|
Hint
|
|
PolyTextOutW
|
0x0
|
0x41e000
|
0x21ad4
|
0x200d4
|
0x23c
|
|
CreateCompatibleDC
|
0x0
|
0x41e004
|
0x21ad8
|
0x200d8
|
0x2e
|
|
Rectangle
|
0x0
|
0x41e008
|
0x21adc
|
0x200dc
|
0x246
|
|
SetStretchBltMode
|
0x0
|
0x41e00c
|
0x21ae0
|
0x200e0
|
0x289
|
|
SetPixelV
|
0x0
|
0x41e010
|
0x21ae4
|
0x200e4
|
0x284
|
|
GetClipBox
|
0x0
|
0x41e014
|
0x21ae8
|
0x200e8
|
0x1aa
|
|
CreateDiscardableBitmap
|
0x0
|
0x41e018
|
0x21aec
|
0x200ec
|
0x35
|
|
StrokeAndFillPath
|
0x0
|
0x41e01c
|
0x21af0
|
0x200f0
|
0x29c
|
|
GetBitmapBits
|
0x0
|
0x41e020
|
0x21af4
|
0x200f4
|
0x191
|
|
API Name
|
Ordinal
|
IAT Address
|
Thunk RVA
|
Thunk Offset
|
Hint
|
|
ShellExecuteW
|
0x0
|
0x41e1c4
|
0x21c98
|
0x20298
|
0x118
|
|
ShellAboutW
|
0x0
|
0x41e1c8
|
0x21c9c
|
0x2029c
|
0x110
|
|
DuplicateIcon
|
0x0
|
0x41e1cc
|
0x21ca0
|
0x202a0
|
0x23
|
|
DragQueryFileA
|
0x0
|
0x41e1d0
|
0x21ca4
|
0x202a4
|
0x1e
|
|
Name
|
Process ID
|
Start VA
|
End VA
|
Dump Reason
|
PE Rebuilds
|
Bitness
|
Entry Points
|
AV
|
YARA
|
Actions
|
|
updatewin1.exe
|
6
|
0x00400000
|
0x0044CFFF
|
Relevant Image
|
-
|
32-bit
|
-
|
|
|
|
|
buffer
|
6
|
0x00315000
|
0x00315FFF
|
Marked Executable
|
-
|
32-bit
|
-
|
|
|
|
|
updatewin1.exe
|
6
|
0x00400000
|
0x0044CFFF
|
Process Termination
|
-
|
32-bit
|
-
|
|
|
|
|
buffer
|
7
|
0x00585000
|
0x00585FFF
|
Marked Executable
|
-
|
32-bit
|
-
|
|
|
|
|
Threat Name
|
Severity
|
|
Trojan.GenericKD.31534187
|
|
|
Also Known As
|
c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\temporary internet files\content.ie5\x9ohk109\updatewin2[1].exe (Downloaded File)
|
|
Mime Type
|
application/vnd.microsoft.portable-executable
|
|
File Size
|
274.50 KB
|
|
MD5
|
996ba35165bb62473d2a6743a5200d45
|
|
SHA1
|
52169b0b5cce95c6905873b8d12a759c234bd2e0
|
|
SHA256
|
5caffdc76a562e098c471feaede5693f9ead92d5c6c10fb3951dd1fa6c12d21d
|
|
SSDeep
|
6144:vLgbC0mVQlY+3aKn7n4CTHcXXnXXfXXXWXXXXHXXXXBXXXXgXXXXX5XXXXiXXXXP:vGCtQlb3aKzvT8XXnXXfXXXWXXXXHXXf
|
|
ImpHash
|
5921adaaf66f8c259aeda9e22686cd4b
|
|
Parser Error Remark
|
Static analyzer was unable to completely parse the analyzed file
|
|
Severity
|
|
|
First Seen
|
2019-01-16 22:21 (UTC+1)
|
|
Last Seen
|
2019-07-14 14:03 (UTC+2)
|
|
Names
|
Win32.Trojan.Kryptik
|
|
Families
|
Kryptik
|
|
Classification
|
Trojan
|
|
Image Base
|
0x400000
|
|
Entry Point
|
0x402d64
|
|
Size Of Code
|
0x1c200
|
|
Size Of Initialized Data
|
0x2c800
|
|
File Type
|
FileType.executable
|
|
Subsystem
|
Subsystem.windows_gui
|
|
Machine Type
|
MachineType.i386
|
|
Compile Timestamp
|
2017-11-21 06:08:45+00:00
|
|
FileVersion
|
5.3.7.82
|
|
InternalName
|
gigifaw.exe
|
|
LegalCopyright
|
Copyright (C) 2018, guvaxiz
|
|
Name
|
Virtual Address
|
Virtual Size
|
Raw Data Size
|
Raw Data Offset
|
Flags
|
Entropy
|
|
.text
|
0x401000
|
0x1c03e
|
0x1c200
|
0x400
|
IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
|
6.62
|
|
.rdata
|
0x41e000
|
0x45ec
|
0x4600
|
0x1c600
|
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
|
5.34
|
|
.data
|
0x423000
|
0x1cde8
|
0x17c00
|
0x20c00
|
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
|
5.8
|
|
.rsrc
|
0x440000
|
0xa724
|
0xa800
|
0x38800
|
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
|
6.88
|
|
.reloc
|
0x44b000
|
0x195c
|
0x1a00
|
0x43000
|
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
|
6.33
|
|
API Name
|
Ordinal
|
IAT Address
|
Thunk RVA
|
Thunk Offset
|
Hint
|
|
ExitThread
|
0x0
|
0x41e024
|
0x21ae8
|
0x200e8
|
0x105
|
|
GetStartupInfoW
|
0x0
|
0x41e028
|
0x21aec
|
0x200ec
|
0x23a
|
|
GetLastError
|
0x0
|
0x41e02c
|
0x21af0
|
0x200f0
|
0x1e6
|
|
GetProcAddress
|
0x0
|
0x41e030
|
0x21af4
|
0x200f4
|
0x220
|
|
GlobalFree
|
0x0
|
0x41e034
|
0x21af8
|
0x200f8
|
0x28c
|
|
LoadLibraryA
|
0x0
|
0x41e038
|
0x21afc
|
0x200fc
|
0x2f1
|
|
AddAtomA
|
0x0
|
0x41e03c
|
0x21b00
|
0x20100
|
0x3
|
|
FindFirstChangeNotificationA
|
0x0
|
0x41e040
|
0x21b04
|
0x20104
|
0x11b
|
|
VirtualProtect
|
0x0
|
0x41e044
|
0x21b08
|
0x20108
|
0x45a
|
|
GetCurrentDirectoryA
|
0x0
|
0x41e048
|
0x21b0c
|
0x2010c
|
0x1a7
|
|
SetProcessShutdownParameters
|
0x0
|
0x41e04c
|
0x21b10
|
0x20110
|
0x3f9
|
|
GetACP
|
0x0
|
0x41e050
|
0x21b14
|
0x20114
|
0x152
|
|
CompareStringA
|
0x0
|
0x41e054
|
0x21b18
|
0x20118
|
0x52
|
|
CreateFileA
|
0x0
|
0x41e058
|
0x21b1c
|
0x2011c
|
0x78
|
|
GetTimeZoneInformation
|
0x0
|
0x41e05c
|
0x21b20
|
0x20120
|
0x26b
|
|
WriteConsoleW
|
0x0
|
0x41e060
|
0x21b24
|
0x20124
|
0x48c
|
|
GetConsoleOutputCP
|
0x0
|
0x41e064
|
0x21b28
|
0x20128
|
0x199
|
|
WriteConsoleA
|
0x0
|
0x41e068
|
0x21b2c
|
0x2012c
|
0x482
|
|
CloseHandle
|
0x0
|
0x41e06c
|
0x21b30
|
0x20130
|
0x43
|
|
IsValidLocale
|
0x0
|
0x41e070
|
0x21b34
|
0x20134
|
0x2dd
|
|
EnumSystemLocalesA
|
0x0
|
0x41e074
|
0x21b38
|
0x20138
|
0xf8
|
|
GetUserDefaultLCID
|
0x0
|
0x41e078
|
0x21b3c
|
0x2013c
|
0x26d
|
|
GetDateFormatA
|
0x0
|
0x41e07c
|
0x21b40
|
0x20140
|
0x1ae
|
|
GetTimeFormatA
|
0x0
|
0x41e080
|
0x21b44
|
0x20144
|
0x268
|
|
InitAtomTable
|
0x0
|
0x41e084
|
0x21b48
|
0x20148
|
0x2ae
|
|
GetSystemTimes
|
0x0
|
0x41e088
|
0x21b4c
|
0x2014c
|
0x250
|
|
GetTickCount
|
0x0
|
0x41e08c
|
0x21b50
|
0x20150
|
0x266
|
|
FreeEnvironmentStringsA
|
0x0
|
0x41e090
|
0x21b54
|
0x20154
|
0x14a
|
|
GetComputerNameW
|
0x0
|
0x41e094
|
0x21b58
|
0x20158
|
0x178
|
|
FindCloseChangeNotification
|
0x0
|
0x41e098
|
0x21b5c
|
0x2015c
|
0x11a
|
|
FindResourceExW
|
0x0
|
0x41e09c
|
0x21b60
|
0x20160
|
0x138
|
|
CompareStringW
|
0x0
|
0x41e0a0
|
0x21b64
|
0x20164
|
0x55
|
|
GetCPInfo
|
0x0
|
0x41e0a4
|
0x21b68
|
0x20168
|
0x15b
|
|
GetStringTypeW
|
0x0
|
0x41e0a8
|
0x21b6c
|
0x2016c
|
0x240
|
|
GetStringTypeA
|
0x0
|
0x41e0ac
|
0x21b70
|
0x20170
|
0x23d
|
|
LCMapStringW
|
0x0
|
0x41e0b0
|
0x21b74
|
0x20174
|
0x2e3
|
|
LCMapStringA
|
0x0
|
0x41e0b4
|
0x21b78
|
0x20178
|
0x2e1
|
|
GetLocaleInfoA
|
0x0
|
0x41e0b8
|
0x21b7c
|
0x2017c
|
0x1e8
|
|
GetCommandLineA
|
0x0
|
0x41e0bc
|
0x21b80
|
0x20180
|
0x16f
|
|
GetStartupInfoA
|
0x0
|
0x41e0c0
|
0x21b84
|
0x20184
|
0x239
|
|
RaiseException
|
0x0
|
0x41e0c4
|
0x21b88
|
0x20188
|
0x35a
|
|
RtlUnwind
|
0x0
|
0x41e0c8
|
0x21b8c
|
0x2018c
|
0x392
|
|
TerminateProcess
|
0x0
|
0x41e0cc
|
0x21b90
|
0x20190
|
0x42d
|
|
GetCurrentProcess
|
0x0
|
0x41e0d0
|
0x21b94
|
0x20194
|
0x1a9
|
|
UnhandledExceptionFilter
|
0x0
|
0x41e0d4
|
0x21b98
|
0x20198
|
0x43e
|
|
SetUnhandledExceptionFilter
|
0x0
|
0x41e0d8
|
0x21b9c
|
0x2019c
|
0x415
|
|
IsDebuggerPresent
|
0x0
|
0x41e0dc
|
0x21ba0
|
0x201a0
|
0x2d1
|
|
HeapAlloc
|
0x0
|
0x41e0e0
|
0x21ba4
|
0x201a4
|
0x29d
|
|
HeapFree
|
0x0
|
0x41e0e4
|
0x21ba8
|
0x201a8
|
0x2a1
|
|
EnterCriticalSection
|
0x0
|
0x41e0e8
|
0x21bac
|
0x201ac
|
0xd9
|
|
LeaveCriticalSection
|
0x0
|
0x41e0ec
|
0x21bb0
|
0x201b0
|
0x2ef
|
|
SetHandleCount
|
0x0
|
0x41e0f0
|
0x21bb4
|
0x201b4
|
0x3e8
|
|
GetStdHandle
|
0x0
|
0x41e0f4
|
0x21bb8
|
0x201b8
|
0x23b
|
|
GetFileType
|
0x0
|
0x41e0f8
|
0x21bbc
|
0x201bc
|
0x1d7
|
|
DeleteCriticalSection
|
0x0
|
0x41e0fc
|
0x21bc0
|
0x201c0
|
0xbe
|
|
GetModuleHandleW
|
0x0
|
0x41e100
|
0x21bc4
|
0x201c4
|
0x1f9
|
|
Sleep
|
0x0
|
0x41e104
|
0x21bc8
|
0x201c8
|
0x421
|
|
ExitProcess
|
0x0
|
0x41e108
|
0x21bcc
|
0x201cc
|
0x104
|
|
WriteFile
|
0x0
|
0x41e10c
|
0x21bd0
|
0x201d0
|
0x48d
|
|
GetModuleFileNameA
|
0x0
|
0x41e110
|
0x21bd4
|
0x201d4
|
0x1f4
|
|
GetEnvironmentStrings
|
0x0
|
0x41e114
|
0x21bd8
|
0x201d8
|
0x1bf
|
|
FreeEnvironmentStringsW
|
0x0
|
0x41e118
|
0x21bdc
|
0x201dc
|
0x14b
|
|
WideCharToMultiByte
|
0x0
|
0x41e11c
|
0x21be0
|
0x201e0
|
0x47a
|
|
GetEnvironmentStringsW
|
0x0
|
0x41e120
|
0x21be4
|
0x201e4
|
0x1c1
|
|
TlsGetValue
|
0x0
|
0x41e124
|
0x21be8
|
0x201e8
|
0x434
|
|
TlsAlloc
|
0x0
|
0x41e128
|
0x21bec
|
0x201ec
|
0x432
|
|
TlsSetValue
|
0x0
|
0x41e12c
|
0x21bf0
|
0x201f0
|
0x435
|
|
TlsFree
|
0x0
|
0x41e130
|
0x21bf4
|
0x201f4
|
0x433
|
|
InterlockedIncrement
|
0x0
|
0x41e134
|
0x21bf8
|
0x201f8
|
0x2c0
|
|
SetLastError
|
0x0
|
0x41e138
|
0x21bfc
|
0x201fc
|
0x3ec
|
|
GetCurrentThreadId
|
0x0
|
0x41e13c
|
0x21c00
|
0x20200
|
0x1ad
|
|
InterlockedDecrement
|
0x0
|
0x41e140
|
0x21c04
|
0x20204
|
0x2bc
|
|
GetCurrentThread
|
0x0
|
0x41e144
|
0x21c08
|
0x20208
|
0x1ac
|
|
HeapCreate
|
0x0
|
0x41e148
|
0x21c0c
|
0x2020c
|
0x29f
|
|
HeapDestroy
|
0x0
|
0x41e14c
|
0x21c10
|
0x20210
|
0x2a0
|
|
VirtualFree
|
0x0
|
0x41e150
|
0x21c14
|
0x20214
|
0x457
|
|
QueryPerformanceCounter
|
0x0
|
0x41e154
|
0x21c18
|
0x20218
|
0x354
|
|
GetCurrentProcessId
|
0x0
|
0x41e158
|
0x21c1c
|
0x2021c
|
0x1aa
|
|
GetSystemTimeAsFileTime
|
0x0
|
0x41e15c
|
0x21c20
|
0x20220
|
0x24f
|
|
FatalAppExitA
|
0x0
|
0x41e160
|
0x21c24
|
0x20224
|
0x10b
|
|
VirtualAlloc
|
0x0
|
0x41e164
|
0x21c28
|
0x20228
|
0x454
|
|
HeapReAlloc
|
0x0
|
0x41e168
|
0x21c2c
|
0x2022c
|
0x2a4
|
|
MultiByteToWideChar
|
0x0
|
0x41e16c
|
0x21c30
|
0x20230
|
0x31a
|
|
ReadFile
|
0x0
|
0x41e170
|
0x21c34
|
0x20234
|
0x368
|
|
InitializeCriticalSectionAndSpinCount
|
0x0
|
0x41e174
|
0x21c38
|
0x20238
|
0x2b5
|
|
HeapSize
|
0x0
|
0x41e178
|
0x21c3c
|
0x2023c
|
0x2a6
|
|
SetConsoleCtrlHandler
|
0x0
|
0x41e17c
|
0x21c40
|
0x20240
|
0x3a7
|
|
FreeLibrary
|
0x0
|
0x41e180
|
0x21c44
|
0x20244
|
0x14c
|
|
InterlockedExchange
|
0x0
|
0x41e184
|
0x21c48
|
0x20248
|
0x2bd
|
|
GetOEMCP
|
0x0
|
0x41e188
|
0x21c4c
|
0x2024c
|
0x213
|
|
IsValidCodePage
|
0x0
|
0x41e18c
|
0x21c50
|
0x20250
|
0x2db
|
|
GetConsoleCP
|
0x0
|
0x41e190
|
0x21c54
|
0x20254
|
0x183
|
|
GetConsoleMode
|
0x0
|
0x41e194
|
0x21c58
|
0x20258
|
0x195
|
|
FlushFileBuffers
|
0x0
|
0x41e198
|
0x21c5c
|
0x2025c
|
0x141
|
|
SetFilePointer
|
0x0
|
0x41e19c
|
0x21c60
|
0x20260
|
0x3df
|
|
SetStdHandle
|
0x0
|
0x41e1a0
|
0x21c64
|
0x20264
|
0x3fc
|
|
GetLocaleInfoW
|
0x0
|
0x41e1a4
|
0x21c68
|
0x20268
|
0x1ea
|
|
SetEnvironmentVariableA
|
0x0
|
0x41e1a8
|
0x21c6c
|
0x2026c
|
0x3d0
|
|
API Name
|
Ordinal
|
IAT Address
|
Thunk RVA
|
Thunk Offset
|
Hint
|
|
CloseClipboard
|
0x0
|
0x41e1c4
|
0x21c88
|
0x20288
|
0x47
|
|
GetSubMenu
|
0x0
|
0x41e1c8
|
0x21c8c
|
0x2028c
|
0x16b
|
|
LoadBitmapA
|
0x0
|
0x41e1cc
|
0x21c90
|
0x20290
|
0x1d0
|
|
BeginPaint
|
0x0
|
0x41e1d0
|
0x21c94
|
0x20294
|
0xe
|
|
CallMsgFilterW
|
0x0
|
0x41e1d4
|
0x21c98
|
0x20298
|
0x1a
|
|
PeekMessageA
|
0x0
|
0x41e1d8
|
0x21c9c
|
0x2029c
|
0x21b
|
|
MapVirtualKeyExW
|
0x0
|
0x41e1dc
|
0x21ca0
|
0x202a0
|
0x1f1
|
|
RegisterRawInputDevices
|
0x0
|
0x41e1e0
|
0x21ca4
|
0x202a4
|
0x242
|
|
SetWindowsHookExW
|
0x0
|
0x41e1e4
|
0x21ca8
|
0x202a8
|
0x2b0
|
|
GetClipboardSequenceNumber
|
0x0
|
0x41e1e8
|
0x21cac
|
0x202ac
|
0x113
|
|
GetDialogBaseUnits
|
0x0
|
0x41e1ec
|
0x21cb0
|
0x202b0
|
0x11d
|
|
MessageBoxIndirectA
|
0x0
|
0x41e1f0
|
0x21cb4
|
0x202b4
|
0x1fb
|
|
API Name
|
Ordinal
|
IAT Address
|
Thunk RVA
|
Thunk Offset
|
Hint
|
|
CreateCompatibleDC
|
0x0
|
0x41e000
|
0x21ac4
|
0x200c4
|
0x2e
|
|
PlayEnhMetaFile
|
0x0
|
0x41e004
|
0x21ac8
|
0x200c8
|
0x230
|
|
ScaleViewportExtEx
|
0x0
|
0x41e008
|
0x21acc
|
0x200cc
|
0x258
|
|
SetStretchBltMode
|
0x0
|
0x41e00c
|
0x21ad0
|
0x200d0
|
0x289
|
|
SetPixelV
|
0x0
|
0x41e010
|
0x21ad4
|
0x200d4
|
0x284
|
|
CreateDiscardableBitmap
|
0x0
|
0x41e014
|
0x21ad8
|
0x200d8
|
0x35
|
|
AddFontResourceW
|
0x0
|
0x41e018
|
0x21adc
|
0x200dc
|
0x7
|
|
SetDeviceGammaRamp
|
0x0
|
0x41e01c
|
0x21ae0
|
0x200e0
|
0x271
|
|
API Name
|
Ordinal
|
IAT Address
|
Thunk RVA
|
Thunk Offset
|
Hint
|
|
ExtractAssociatedIconA
|
0x0
|
0x41e1b0
|
0x21c74
|
0x20274
|
0x24
|
|
ShellExecuteW
|
0x0
|
0x41e1b4
|
0x21c78
|
0x20278
|
0x118
|
|
ShellAboutW
|
0x0
|
0x41e1b8
|
0x21c7c
|
0x2027c
|
0x110
|
|
DragQueryFileA
|
0x0
|
0x41e1bc
|
0x21c80
|
0x20280
|
0x1e
|
|
Name
|
Process ID
|
Start VA
|
End VA
|
Dump Reason
|
PE Rebuilds
|
Bitness
|
Entry Points
|
AV
|
YARA
|
Actions
|
|
updatewin2.exe
|
9
|
0x00400000
|
0x0044CFFF
|
Relevant Image
|
-
|
32-bit
|
-
|
|
|
|
|
buffer
|
9
|
0x00305000
|
0x00305FFF
|
Marked Executable
|
-
|
32-bit
|
-
|
|
|
|
|
updatewin2.exe
|
9
|
0x00400000
|
0x0044CFFF
|
Process Termination
|
-
|
32-bit
|
-
|
|
|
|
|
Threat Name
|
Severity
|
|
Trojan.AgentWDCR.SVC
|
|
|
Also Known As
|
c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\temporary internet files\content.ie5\x9ohk109\updatewin[1].exe (Downloaded File)
|
|
Mime Type
|
application/vnd.microsoft.portable-executable
|
|
File Size
|
277.50 KB
|
|
MD5
|
e3083483121cd288264f8c5624fb2cd1
|
|
SHA1
|
144a1dd6714ff4b5675c32f428d1899e500140a5
|
|
SHA256
|
114ccacb7ca57c01f3540611fdf49e68416544da8d8077f5896434a4b71b01dd
|
|
SSDeep
|
6144:JMLLGApbfLsx8TsvD6OD61XXnXXfXXXWXXXXHXXXXBXXXXgXXXXX5XXXXiXXXX56:JMLdpMdhDyXXnXXfXXXWXXXXHXXXXBXK
|
|
ImpHash
|
1755b6d950f72981fdcd1be68f24e7b3
|
|
Parser Error Remark
|
Static analyzer was unable to completely parse the analyzed file
|
|
Severity
|
|
|
First Seen
|
2019-01-16 22:21 (UTC+1)
|
|
Last Seen
|
2019-07-06 02:48 (UTC+2)
|
|
Names
|
Win32.Trojan.Kryptik
|
|
Families
|
Kryptik
|
|
Classification
|
Trojan
|
|
Image Base
|
0x400000
|
|
Entry Point
|
0x402d7c
|
|
Size Of Code
|
0x1c200
|
|
Size Of Initialized Data
|
0x2d400
|
|
File Type
|
FileType.executable
|
|
Subsystem
|
Subsystem.windows_gui
|
|
Machine Type
|
MachineType.i386
|
|
Compile Timestamp
|
2018-02-19 08:26:47+00:00
|
|
FileVersion
|
8.8.10.11
|
|
InternalName
|
sutazaxidi.exe
|
|
LegalCopyright
|
Copyright (C) 2018, huxonulow
|
|
Name
|
Virtual Address
|
Virtual Size
|
Raw Data Size
|
Raw Data Offset
|
Flags
|
Entropy
|
|
.text
|
0x401000
|
0x1c09e
|
0x1c200
|
0x400
|
IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
|
6.62
|
|
.rdata
|
0x41e000
|
0x4636
|
0x4800
|
0x1c600
|
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
|
5.25
|
|
.data
|
0x423000
|
0x1d5a8
|
0x18400
|
0x20e00
|
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
|
5.8
|
|
.rsrc
|
0x441000
|
0xa826
|
0xaa00
|
0x39200
|
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
|
6.84
|
|
.reloc
|
0x44c000
|
0x1974
|
0x1a00
|
0x43c00
|
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
|
6.34
|
|
API Name
|
Ordinal
|
IAT Address
|
Thunk RVA
|
Thunk Offset
|
Hint
|
|
ExitThread
|
0x0
|
0x41e020
|
0x21af4
|
0x200f4
|
0x105
|
|
GetStartupInfoW
|
0x0
|
0x41e024
|
0x21af8
|
0x200f8
|
0x23a
|
|
GetConsoleAliasesW
|
0x0
|
0x41e028
|
0x21afc
|
0x200fc
|
0x182
|
|
GetLastError
|
0x0
|
0x41e02c
|
0x21b00
|
0x20100
|
0x1e6
|
|
GetProcAddress
|
0x0
|
0x41e030
|
0x21b04
|
0x20104
|
0x220
|
|
BackupWrite
|
0x0
|
0x41e034
|
0x21b08
|
0x20108
|
0x18
|
|
GlobalFree
|
0x0
|
0x41e038
|
0x21b0c
|
0x2010c
|
0x28c
|
|
LoadLibraryA
|
0x0
|
0x41e03c
|
0x21b10
|
0x20110
|
0x2f1
|
|
GetNumberFormatW
|
0x0
|
0x41e040
|
0x21b14
|
0x20114
|
0x20f
|
|
AddAtomA
|
0x0
|
0x41e044
|
0x21b18
|
0x20118
|
0x3
|
|
FindFirstChangeNotificationA
|
0x0
|
0x41e048
|
0x21b1c
|
0x2011c
|
0x11b
|
|
GetStringTypeW
|
0x0
|
0x41e04c
|
0x21b20
|
0x20120
|
0x240
|
|
VirtualProtect
|
0x0
|
0x41e050
|
0x21b24
|
0x20124
|
0x45a
|
|
GetACP
|
0x0
|
0x41e054
|
0x21b28
|
0x20128
|
0x152
|
|
SetProcessShutdownParameters
|
0x0
|
0x41e058
|
0x21b2c
|
0x2012c
|
0x3f9
|
|
CompareStringW
|
0x0
|
0x41e05c
|
0x21b30
|
0x20130
|
0x55
|
|
CompareStringA
|
0x0
|
0x41e060
|
0x21b34
|
0x20134
|
0x52
|
|
CreateFileA
|
0x0
|
0x41e064
|
0x21b38
|
0x20138
|
0x78
|
|
GetTimeZoneInformation
|
0x0
|
0x41e068
|
0x21b3c
|
0x2013c
|
0x26b
|
|
WriteConsoleW
|
0x0
|
0x41e06c
|
0x21b40
|
0x20140
|
0x48c
|
|
GetConsoleOutputCP
|
0x0
|
0x41e070
|
0x21b44
|
0x20144
|
0x199
|
|
WriteConsoleA
|
0x0
|
0x41e074
|
0x21b48
|
0x20148
|
0x482
|
|
CloseHandle
|
0x0
|
0x41e078
|
0x21b4c
|
0x2014c
|
0x43
|
|
IsValidLocale
|
0x0
|
0x41e07c
|
0x21b50
|
0x20150
|
0x2dd
|
|
EnumSystemLocalesA
|
0x0
|
0x41e080
|
0x21b54
|
0x20154
|
0xf8
|
|
GetUserDefaultLCID
|
0x0
|
0x41e084
|
0x21b58
|
0x20158
|
0x26d
|
|
GetDateFormatA
|
0x0
|
0x41e088
|
0x21b5c
|
0x2015c
|
0x1ae
|
|
GetSystemTimes
|
0x0
|
0x41e08c
|
0x21b60
|
0x20160
|
0x250
|
|
GetTickCount
|
0x0
|
0x41e090
|
0x21b64
|
0x20164
|
0x266
|
|
FreeEnvironmentStringsA
|
0x0
|
0x41e094
|
0x21b68
|
0x20168
|
0x14a
|
|
GetComputerNameW
|
0x0
|
0x41e098
|
0x21b6c
|
0x2016c
|
0x178
|
|
FindCloseChangeNotification
|
0x0
|
0x41e09c
|
0x21b70
|
0x20170
|
0x11a
|
|
FindResourceExW
|
0x0
|
0x41e0a0
|
0x21b74
|
0x20174
|
0x138
|
|
GetCurrentDirectoryA
|
0x0
|
0x41e0a4
|
0x21b78
|
0x20178
|
0x1a7
|
|
GetCPInfo
|
0x0
|
0x41e0a8
|
0x21b7c
|
0x2017c
|
0x15b
|
|
GetTimeFormatA
|
0x0
|
0x41e0ac
|
0x21b80
|
0x20180
|
0x268
|
|
GetStringTypeA
|
0x0
|
0x41e0b0
|
0x21b84
|
0x20184
|
0x23d
|
|
LCMapStringW
|
0x0
|
0x41e0b4
|
0x21b88
|
0x20188
|
0x2e3
|
|
LCMapStringA
|
0x0
|
0x41e0b8
|
0x21b8c
|
0x2018c
|
0x2e1
|
|
GetLocaleInfoA
|
0x0
|
0x41e0bc
|
0x21b90
|
0x20190
|
0x1e8
|
|
GetLocaleInfoW
|
0x0
|
0x41e0c0
|
0x21b94
|
0x20194
|
0x1ea
|
|
SetStdHandle
|
0x0
|
0x41e0c4
|
0x21b98
|
0x20198
|
0x3fc
|
|
SetFilePointer
|
0x0
|
0x41e0c8
|
0x21b9c
|
0x2019c
|
0x3df
|
|
GetCommandLineA
|
0x0
|
0x41e0cc
|
0x21ba0
|
0x201a0
|
0x16f
|
|
GetStartupInfoA
|
0x0
|
0x41e0d0
|
0x21ba4
|
0x201a4
|
0x239
|
|
RaiseException
|
0x0
|
0x41e0d4
|
0x21ba8
|
0x201a8
|
0x35a
|
|
RtlUnwind
|
0x0
|
0x41e0d8
|
0x21bac
|
0x201ac
|
0x392
|
|
TerminateProcess
|
0x0
|
0x41e0dc
|
0x21bb0
|
0x201b0
|
0x42d
|
|
GetCurrentProcess
|
0x0
|
0x41e0e0
|
0x21bb4
|
0x201b4
|
0x1a9
|
|
UnhandledExceptionFilter
|
0x0
|
0x41e0e4
|
0x21bb8
|
0x201b8
|
0x43e
|
|
SetUnhandledExceptionFilter
|
0x0
|
0x41e0e8
|
0x21bbc
|
0x201bc
|
0x415
|
|
IsDebuggerPresent
|
0x0
|
0x41e0ec
|
0x21bc0
|
0x201c0
|
0x2d1
|
|
HeapAlloc
|
0x0
|
0x41e0f0
|
0x21bc4
|
0x201c4
|
0x29d
|
|
HeapFree
|
0x0
|
0x41e0f4
|
0x21bc8
|
0x201c8
|
0x2a1
|
|
EnterCriticalSection
|
0x0
|
0x41e0f8
|
0x21bcc
|
0x201cc
|
0xd9
|
|
LeaveCriticalSection
|
0x0
|
0x41e0fc
|
0x21bd0
|
0x201d0
|
0x2ef
|
|
SetHandleCount
|
0x0
|
0x41e100
|
0x21bd4
|
0x201d4
|
0x3e8
|
|
GetStdHandle
|
0x0
|
0x41e104
|
0x21bd8
|
0x201d8
|
0x23b
|
|
GetFileType
|
0x0
|
0x41e108
|
0x21bdc
|
0x201dc
|
0x1d7
|
|
DeleteCriticalSection
|
0x0
|
0x41e10c
|
0x21be0
|
0x201e0
|
0xbe
|
|
GetModuleHandleW
|
0x0
|
0x41e110
|
0x21be4
|
0x201e4
|
0x1f9
|
|
Sleep
|
0x0
|
0x41e114
|
0x21be8
|
0x201e8
|
0x421
|
|
ExitProcess
|
0x0
|
0x41e118
|
0x21bec
|
0x201ec
|
0x104
|
|
WriteFile
|
0x0
|
0x41e11c
|
0x21bf0
|
0x201f0
|
0x48d
|
|
GetModuleFileNameA
|
0x0
|
0x41e120
|
0x21bf4
|
0x201f4
|
0x1f4
|
|
GetEnvironmentStrings
|
0x0
|
0x41e124
|
0x21bf8
|
0x201f8
|
0x1bf
|
|
FreeEnvironmentStringsW
|
0x0
|
0x41e128
|
0x21bfc
|
0x201fc
|
0x14b
|
|
WideCharToMultiByte
|
0x0
|
0x41e12c
|
0x21c00
|
0x20200
|
0x47a
|
|
GetEnvironmentStringsW
|
0x0
|
0x41e130
|
0x21c04
|
0x20204
|
0x1c1
|
|
TlsGetValue
|
0x0
|
0x41e134
|
0x21c08
|
0x20208
|
0x434
|
|
TlsAlloc
|
0x0
|
0x41e138
|
0x21c0c
|
0x2020c
|
0x432
|
|
TlsSetValue
|
0x0
|
0x41e13c
|
0x21c10
|
0x20210
|
0x435
|
|
TlsFree
|
0x0
|
0x41e140
|
0x21c14
|
0x20214
|
0x433
|
|
InterlockedIncrement
|
0x0
|
0x41e144
|
0x21c18
|
0x20218
|
0x2c0
|
|
SetLastError
|
0x0
|
0x41e148
|
0x21c1c
|
0x2021c
|
0x3ec
|
|
GetCurrentThreadId
|
0x0
|
0x41e14c
|
0x21c20
|
0x20220
|
0x1ad
|
|
InterlockedDecrement
|
0x0
|
0x41e150
|
0x21c24
|
0x20224
|
0x2bc
|
|
GetCurrentThread
|
0x0
|
0x41e154
|
0x21c28
|
0x20228
|
0x1ac
|
|
HeapCreate
|
0x0
|
0x41e158
|
0x21c2c
|
0x2022c
|
0x29f
|
|
HeapDestroy
|
0x0
|
0x41e15c
|
0x21c30
|
0x20230
|
0x2a0
|
|
VirtualFree
|
0x0
|
0x41e160
|
0x21c34
|
0x20234
|
0x457
|
|
QueryPerformanceCounter
|
0x0
|
0x41e164
|
0x21c38
|
0x20238
|
0x354
|
|
GetCurrentProcessId
|
0x0
|
0x41e168
|
0x21c3c
|
0x2023c
|
0x1aa
|
|
GetSystemTimeAsFileTime
|
0x0
|
0x41e16c
|
0x21c40
|
0x20240
|
0x24f
|
|
FatalAppExitA
|
0x0
|
0x41e170
|
0x21c44
|
0x20244
|
0x10b
|
|
VirtualAlloc
|
0x0
|
0x41e174
|
0x21c48
|
0x20248
|
0x454
|
|
HeapReAlloc
|
0x0
|
0x41e178
|
0x21c4c
|
0x2024c
|
0x2a4
|
|
MultiByteToWideChar
|
0x0
|
0x41e17c
|
0x21c50
|
0x20250
|
0x31a
|
|
ReadFile
|
0x0
|
0x41e180
|
0x21c54
|
0x20254
|
0x368
|
|
InitializeCriticalSectionAndSpinCount
|
0x0
|
0x41e184
|
0x21c58
|
0x20258
|
0x2b5
|
|
HeapSize
|
0x0
|
0x41e188
|
0x21c5c
|
0x2025c
|
0x2a6
|
|
SetConsoleCtrlHandler
|
0x0
|
0x41e18c
|
0x21c60
|
0x20260
|
0x3a7
|
|
FreeLibrary
|
0x0
|
0x41e190
|
0x21c64
|
0x20264
|
0x14c
|
|
InterlockedExchange
|
0x0
|
0x41e194
|
0x21c68
|
0x20268
|
0x2bd
|
|
GetOEMCP
|
0x0
|
0x41e198
|
0x21c6c
|
0x2026c
|
0x213
|
|
IsValidCodePage
|
0x0
|
0x41e19c
|
0x21c70
|
0x20270
|
0x2db
|
|
GetConsoleCP
|
0x0
|
0x41e1a0
|
0x21c74
|
0x20274
|
0x183
|
|
GetConsoleMode
|
0x0
|
0x41e1a4
|
0x21c78
|
0x20278
|
0x195
|
|
FlushFileBuffers
|
0x0
|
0x41e1a8
|
0x21c7c
|
0x2027c
|
0x141
|
|
SetEnvironmentVariableA
|
0x0
|
0x41e1ac
|
0x21c80
|
0x20280
|
0x3d0
|
|
API Name
|
Ordinal
|
IAT Address
|
Thunk RVA
|
Thunk Offset
|
Hint
|
|
CloseClipboard
|
0x0
|
0x41e1d4
|
0x21ca8
|
0x202a8
|
0x47
|
|
SendNotifyMessageA
|
0x0
|
0x41e1d8
|
0x21cac
|
0x202ac
|
0x264
|
|
BeginPaint
|
0x0
|
0x41e1dc
|
0x21cb0
|
0x202b0
|
0xe
|
|
CallMsgFilterW
|
0x0
|
0x41e1e0
|
0x21cb4
|
0x202b4
|
0x1a
|
|
PeekMessageA
|
0x0
|
0x41e1e4
|
0x21cb8
|
0x202b8
|
0x21b
|
|
MapVirtualKeyExW
|
0x0
|
0x41e1e8
|
0x21cbc
|
0x202bc
|
0x1f1
|
|
RegisterRawInputDevices
|
0x0
|
0x41e1ec
|
0x21cc0
|
0x202c0
|
0x242
|
|
GetClipboardSequenceNumber
|
0x0
|
0x41e1f0
|
0x21cc4
|
0x202c4
|
0x113
|
|
SetUserObjectInformationA
|
0x0
|
0x41e1f4
|
0x21cc8
|
0x202c8
|
0x29f
|
|
GetDialogBaseUnits
|
0x0
|
0x41e1f8
|
0x21ccc
|
0x202cc
|
0x11d
|
|
GetMessageW
|
0x0
|
0x41e1fc
|
0x21cd0
|
0x202d0
|
0x14e
|
|
API Name
|
Ordinal
|
IAT Address
|
Thunk RVA
|
Thunk Offset
|
Hint
|
|
CreatePolyPolygonRgn
|
0x0
|
0x41e000
|
0x21ad4
|
0x200d4
|
0x4b
|
|
CreateCompatibleDC
|
0x0
|
0x41e004
|
0x21ad8
|
0x200d8
|
0x2e
|
|
SetStretchBltMode
|
0x0
|
0x41e008
|
0x21adc
|
0x200dc
|
0x289
|
|
SetPixelV
|
0x0
|
0x41e00c
|
0x21ae0
|
0x200e0
|
0x284
|
|
GetCharWidth32A
|
0x0
|
0x41e010
|
0x21ae4
|
0x200e4
|
0x1a0
|
|
CreateDiscardableBitmap
|
0x0
|
0x41e014
|
0x21ae8
|
0x200e8
|
0x35
|
|
BitBlt
|
0x0
|
0x41e018
|
0x21aec
|
0x200ec
|
0x12
|
|
API Name
|
Ordinal
|
IAT Address
|
Thunk RVA
|
Thunk Offset
|
Hint
|
|
ShellExecuteW
|
0x0
|
0x41e1b4
|
0x21c88
|
0x20288
|
0x118
|
|
ShellAboutW
|
0x0
|
0x41e1b8
|
0x21c8c
|
0x2028c
|
0x110
|
|
ExtractIconA
|
0x0
|
0x41e1bc
|
0x21c90
|
0x20290
|
0x28
|
|
ShellExecuteExA
|
0x0
|
0x41e1c0
|
0x21c94
|
0x20294
|
0x116
|
|
FindExecutableA
|
0x0
|
0x41e1c4
|
0x21c98
|
0x20298
|
0x2d
|
|
DragQueryFileA
|
0x0
|
0x41e1c8
|
0x21c9c
|
0x2029c
|
0x1e
|
|
ExtractIconW
|
0x0
|
0x41e1cc
|
0x21ca0
|
0x202a0
|
0x2c
|
|
Name
|
Process ID
|
Start VA
|
End VA
|
Dump Reason
|
PE Rebuilds
|
Bitness
|
Entry Points
|
AV
|
YARA
|
Actions
|
|
updatewin.exe
|
10
|
0x00400000
|
0x0044DFFF
|
Relevant Image
|
-
|
32-bit
|
-
|
|
|
|
|
buffer
|
10
|
0x00305000
|
0x00305FFF
|
Marked Executable
|
-
|
32-bit
|
-
|
|
|
|
|
Threat Name
|
Severity
|
|
Trojan.AgentWDCR.SUF
|
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Aclviho ASldjfl.contact.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
1.23 KB
|
|
MD5
|
3462118eb0d954bce8f28247cc72949d
|
|
SHA1
|
d52a965a29e3930cd141a88419a1f0213e077a62
|
|
SHA256
|
9d93ca0635bd90e2f83c4cbf2210e887c8d353ccdbe8d1a1a243a13853cc3a0c
|
|
SSDeep
|
24:o05c4cK4FXOKOpTxZKwP5ZOu5AUajIR32AT5I8Z7TC2LVtexRr2BYB+IKe/BWUFX:o05c4yFXOpLKwPOu5xiIR325622LusBk
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Administrator.contact.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
66.86 KB
|
|
MD5
|
c0bfe36e828dd0d56b252067b4fa1c5f
|
|
SHA1
|
aa1ef8fc2899a1f58ca1c16493cc7910bca31d03
|
|
SHA256
|
4ce97812a963f080f9cc64dcc9909c8579a150c8ad0fed355a3657f34e86212e
|
|
SSDeep
|
1536:SlJ9hlxS5t7CLn+7y1AWpfOjG9t++kA/tyFQjS0mXD32AV7:ST9E5wHAWpfp//MFQjS0eD3h
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\asdlfk poopvy.contact.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
1.22 KB
|
|
MD5
|
1195fd7d9d888138e4dfa2c24d12d584
|
|
SHA1
|
0aa0a062cedfc5e7f06b89cf23f0e704f5a3e4c2
|
|
SHA256
|
a447e1a1abe721ec46ad5eed9f0b6ec75eef85452d5c1532d1d57706a3b1b5a2
|
|
SSDeep
|
24:o05c4cK4FXOKOpTxZKvsN5STgH8UajIk2F4GFy7pNqYJW4q46Rv3BWUFbD:o05c4yFXOpLKvsN5MwFiIk2GR7pJW4qZ
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\lulcit amkdfe.contact.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
1.22 KB
|
|
MD5
|
0fb3330c427c3dde75158310ca367099
|
|
SHA1
|
58175b01c504ecda3743dafca0f75688bd201e5b
|
|
SHA256
|
0600c6601d3a9a19463c864c1e4925cde34b77caba49990990fffa670fb303fb
|
|
SSDeep
|
24:o05c4cK4FXOKOpTxZK5I0BqUajIuI+2pT5I8Z7TC27aS0KMFanP17faKeidwJ97z:o05c4yFXOpLK59RiIH+20622dpt17yKs
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\cPHmz4y9hlXd6trOnGz.ots.gusau (Dropped File)
|
|
Mime Type
|
application/zip
|
|
File Size
|
77.29 KB
|
|
MD5
|
897d10ebbfd9d81057d9b210b31bc69c
|
|
SHA1
|
2ee7754f5b5ad24632c53f1bf3635b7fe7de9cd3
|
|
SHA256
|
4b8b9ea4d2fc9691216670683e65e3c68f63a4e852927f6c4932daf126324781
|
|
SSDeep
|
1536:wLgbv35rO3ddrgjDKaYF2yIubX8ZX7e4717tniMizx74TVU4WtceTzOm:IQv3xO3knKaq2CAZrxrniF4xmceTB
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\EDVS.avi.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
14.52 KB
|
|
MD5
|
276a312d91c73519d8fc70a6dee26423
|
|
SHA1
|
1c27d114189ccbb2a10666d0d71386b23c2070ab
|
|
SHA256
|
a7c6e4320da5fa66cd7eb126aba4716d0c9e0544991c2d4162521c5fc1cebaa1
|
|
SSDeep
|
384:6OOxN1FLqxUI+aVByy0cfHF/udp10+YGsULD:6hgxUI1oy5fFW4ULD
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\G0k7.m4a.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
62.51 KB
|
|
MD5
|
1460659f5fe528d0c306ecccda7f1ee4
|
|
SHA1
|
ffdf0f2a74f85e910167ed0b409ba55a0eb4abf0
|
|
SHA256
|
ebf328c4d0a3ff42ae3ca5a597e53b7f140e8f770427cbc7aafa5cfc428a6046
|
|
SSDeep
|
1536:2JBMx7geQfAk6wtRlUUjunCjuPnXnpZu1kOB+iQ37u9ZHloY:cOVgeQYk6wjCHCKPn3pZuWO+LuPlb
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\GH F.mp3.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
27.80 KB
|
|
MD5
|
733a163030c28fad86ead80057c1aaa2
|
|
SHA1
|
61a6517fae7e3c54ff26eddb05b875768a161043
|
|
SHA256
|
06b39d4fbcb1ff33ceb88b1681ffcfabb6a5434d08885d29b64b48d7f87e7408
|
|
SSDeep
|
384:97oB73Ayng+lvIs/xZOvK4fJ2C7m8NhBZkucuwK3y/DO+jApuZxvTw37XjYyvsjO:Fot3ABbVftmEXZkuiK3ORjhLKzZcO
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\h7iN.jpg.gusau (Dropped File)
|
|
Mime Type
|
image/jpeg
|
|
File Size
|
29.37 KB
|
|
MD5
|
cf3f57daf74b3f07a905a9cf2f87620f
|
|
SHA1
|
0e8bb42b55d02740910f05afa334bcb03d4f821e
|
|
SHA256
|
9a8d1580490caf6cf9438e7a5f51e07e349b3c994cc4bb092fcbbecacbadec12
|
|
SSDeep
|
384:Vyatylyhl9ojUQ41tok6jKDIqYgLzME/YjYRUtMpLuuX0qsYJbPx7Big1x:VvJPog5AIIqYgf/YlteiukqJtigf
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KaYNqgG.bmp.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
20.40 KB
|
|
MD5
|
1f9d0c3b4af1a13cfb8ed86f157faa5d
|
|
SHA1
|
d028f0d97276bd17abd920d6caaf286d0bc57240
|
|
SHA256
|
a9d09ddc952b7724ca9c50e393bff220f01d7bf5a19d62906b47d2a02d1e9185
|
|
SSDeep
|
384:RN5topbhEM3z7Nz+P0a8z7jLB3eojMpKq/EgfIPLb2dGPn0KXt0oTr:R1mhz7NS8vjLvjMpKeRIPeXk
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\LS_APPDATA744de46e-2913-4f69-a0ea-d12dff2a5c90SAMPLE.exe.gusau (Dropped File)
|
|
Mime Type
|
application/x-dosexec
|
|
File Size
|
387.58 KB
|
|
MD5
|
91fc5f70c0bed097d53c34cb8a23e756
|
|
SHA1
|
31308bddb0aae0725e7e8158ba690b5b96b666c5
|
|
SHA256
|
52a88d7dad4a50498c0190a2a18d896d6515bd66b9c02b73391f035bd3f8bddd
|
|
SSDeep
|
12288:IPOf6b2G3AFIlrUspHp2ePCacStkZgHpvI7w:IPzAk4sdp2efkypvI7w
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ntzf.doc.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
69.46 KB
|
|
MD5
|
e1ef3e2c0bd853eb6a569906cbb3d7dc
|
|
SHA1
|
027f3e5d6dd1d95432398ed824c1625452a5c43f
|
|
SHA256
|
575ee7b262250e8fdd06e208fb6cb3be2d3f47791f861ccf48a0ff6bdd66d0ec
|
|
SSDeep
|
1536:391z/f6XA7s4VVC6xNW8W77bJ9+nw9vo2578P2tafIdLX+:391rf6Q7ppNLW7BhVXtSQO
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Pjxm0.mp3.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
91.77 KB
|
|
MD5
|
e2d6cd858fa14d405c551b90852ff50c
|
|
SHA1
|
e6ed8b0512fa3764c96a9aaba34304c3778e70a8
|
|
SHA256
|
e3b35500360d27bed26c86d771a6413e517e6c8da2fab41a9ad8e7f9daaa9f8f
|
|
SSDeep
|
1536:JmaSlX6DDrRULzyWTgO2Fw6654jhEj+1pPh9cCvPctC6vZHj4xwmMP4XlJmdH9ff:JmdX6zQWWUO23cWnc6PctbxDQCP4Xf+N
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\sDwPUwZG7wDgXptt.flv.gusau (Dropped File)
|
|
Mime Type
|
video/x-flv
|
|
File Size
|
22.46 KB
|
|
MD5
|
4c55e2980a2052acaa3fcdafeafbe8cd
|
|
SHA1
|
19407db31373b99b831800c207d4b36b4c446f44
|
|
SHA256
|
83878d7afa8d48309764a950742b08c65e2f8152cda57057558a0cc3b4a12933
|
|
SSDeep
|
384:8qlqviI9JH6d5KBp/0OxpseOOTA5IlwS3PmWALFGSA2ntxPHRPLkb7:8qlSDp/0Oxad5IqS/mW/SbDRPL87
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\uJu-CI.mp3.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
11.93 KB
|
|
MD5
|
c3dbfc30b476bbb8294d09ffa39b2805
|
|
SHA1
|
c5ed7d3858441d81bf8f74ee1cc1c74b06affa84
|
|
SHA256
|
3b88c75bc14dbdd9d84e4e65cdc26f820565d340f14fb5e78ea2f5ddc8ba8ed1
|
|
SSDeep
|
192:mqhBG8QRraHx3mb33OkrurX85hRIYnncWLW1i8HSstC/vKc4XKLbfAie1ZvFlyv:mqzG8eraHo+ej5nIC1+SE4icaiQZvFlg
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\uZ7jTVGLo.pdf.gusau (Dropped File)
|
|
Mime Type
|
application/pdf
|
|
File Size
|
69.72 KB
|
|
MD5
|
f45890402f5d73c4e2d6f8d11e53dbc6
|
|
SHA1
|
ebf7d8a33e9911ac449a649158dfbbe29c7687ec
|
|
SHA256
|
4e204e5b01f691691ac19f3a08ccbefe5be4fc674caf01e31d966ff2ca4a5a3b
|
|
SSDeep
|
1536:/9nRpsrqrZoDVIA7WsUdCIufnnNjcWRv4xatwC5R2iNqkc:VnsrqFo3WePmWEVeqkc
|
|
Error Remark
|
Could not parse sample file: No /Root object! - Is this really a PDF?
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wmwdI-cLzMW1U.rtf.gusau (Dropped File)
|
|
Mime Type
|
text/rtf
|
|
File Size
|
39.19 KB
|
|
MD5
|
f92239341fd1357d8b8280c95a2fbaed
|
|
SHA1
|
837bceff03ec594b543708c60a31dd2b8728dfdb
|
|
SHA256
|
0c677983e2a6b1a89276bf8b81d4993948a3b27dc8657d925b1383e3565419d7
|
|
SSDeep
|
768:D6vtFjG6mf8ORc9qDoI5Sy7KF+Prlgl0eOvYSq1hBzVkMzPm+ecKDyn+:DaHG6mf8e0I5SQM+DhrvYj1W2e+ecwX
|
|
Parser Error Remark
|
Static analyzer was unable to completely parse the analyzed file
|
|
~dyc|S 2sӯ%] 6>l4)FIFkkȦBog~u->1ֲ!5_%7QOiu̶ FkAY&[ZsXpG@W?~y'oQӭ-ly@ODhmW4$QDQE3EOչJ6`o3;^͵ 'r*FЀm4@`o"-z&u`͓# '뛸>貐q*9Bt5)IFTDKuj2-,*C|-!6H9V1*h:"Pr,% '2')axSWMK|RYڭ|[ƌL,./AyE ~Rv]n$Wp%f;mRI?`Tb0Aanv.ƀFޢ 8gnbxQA-*ED3_ƝzckHReSB(P <'=(LqC:L0f?A̬ۀ6Ӿg|9bdU@pfطfi<b?~%#mEU?mq稀BS^0ХI~h0ciotW@b~vHI8k'-b/W_$мH<0E3^J'܇4BPteGrӖ35)os]EB2dF"B|2[_V|SGĜ^j#Xuaڍ]V̢[qXT@ҺS?S;Nu CgQig2N﨏fA#LQCQc;l?P7xn2(Ho^2OD-J#N'<5ҏ$1ˇ]=Iq@X5Pmia4suŷRrʾDmHu=*3r1VRMK~X5X6)LЂuvL8-c(9thھr_ SӈT#؏A#((Gޡ|e5,h:C=kh,8FgƬ6&bNR;R5V4U-ىz!WtRL8:|$Pjz$ь"BhEY`,e-8/ZBfe. =6'!`r/~7X1Rj"bؚݟjLҩhf2!T(dlI<j~OWdgM[XlIOE<m+XNc4O7$^Gç&0VL5eTҍ:yEE7ɃE:hlb&S~QS^xېPjvϸbڅo#ڏ]iV'fh!q`yդJ|Ό<? Udbvra+Eⷱ7w]8)*"y #@s2lqgGVП$.e|iAihcm7Q嚻 k :j=Ų@SVEX#7nA q!nRJ>Dbc+赻~RphK%3| !s#oWks8NFiUV=_VCK0u=#uCJ=rxz@H컠C(>e?# ...
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xZVVdLTP5CRjDGwK.mp3.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
99.03 KB
|
|
MD5
|
1330e375ae9a9880bcc2bbda91020910
|
|
SHA1
|
868013042c03d6390d61479cbb94a112672a657a
|
|
SHA256
|
eda0c6a54fe73969505832657253c1215a753bf53ed55467e7a1ca172cb63473
|
|
SSDeep
|
1536:WjsUjHJrbNGkpsWIyBy2rLWnj09OnXAJweVFoCD+WkMB+SiG5L4DRdF0oA7S+ghP:1ypPs0snMy2Gj09EteVCChVL4ma+4rMw
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\_pjDf89YoIOK7INngcQL.swf.gusau (Dropped File)
|
|
Mime Type
|
application/x-shockwave-flash
|
|
File Size
|
26.25 KB
|
|
MD5
|
e42c40b2f332b465fe17a07c491e6176
|
|
SHA1
|
beb171d05583cd50de1c49f23bf450bec05dbd1d
|
|
SHA256
|
383887710924c7be1bf5fa00792c0902462e32ad64352a00d41963ccee3c9908
|
|
SSDeep
|
768:KpLUhdqd3T/K9pj041zvloUr4ba2h0+Qt:Jdqdj/el1zN0+2q+Qt
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\13WDFkzLx13VDvEaH0D.pptx.gusau (Dropped File)
|
|
Mime Type
|
application/zip
|
|
File Size
|
93.27 KB
|
|
MD5
|
cd85aaba3acc19c63b65493d97e9bed4
|
|
SHA1
|
93fa8dbaa9b352ed53170f8908c79c9c0dc62fca
|
|
SHA256
|
146a27b3799e3f49e73f2b7f8a77c2b11e75e7970ae25dde95dc2d08e90b6196
|
|
SSDeep
|
1536:huBxnI5l6Y5VUhtt4Zj5/B8SpvhgFjrduWkX7WxcTlE6QmnmwVzLovlViB2htZ/k:huBUJ5yx4Z9/Tp5YjrUVXqGwk3elViBz
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\4zo3jZ4ZhCJWz.doc.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
89.44 KB
|
|
MD5
|
ea066e0319a807fe2c9fc5979ce16bf5
|
|
SHA1
|
677e2d5de5b45bd0aaf46a8ba42724e236327725
|
|
SHA256
|
34dfd633f7719c31173bab0989ca35cc14b439c27ff58f9248c38f12629d827b
|
|
SSDeep
|
1536:05x2g9T6tHsk6suOF1gUheQpxfdRuGYFuac6WTTwIYVC8p913bVv2AQ3X3Dl6R2J:qx2gt6tHsJsFkoxffuGYoaBoFYVC8p9O
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\7SVXau9BM-qAm.docx.gusau (Dropped File)
|
|
Mime Type
|
application/zip
|
|
File Size
|
86.70 KB
|
|
MD5
|
66ef1d84a2d44b3a7cdf1ff4f7f1ab33
|
|
SHA1
|
0794c1a59abd1d18e06aad3f90eb313fd1084d66
|
|
SHA256
|
caab89ae483ac11f0a9726568b1939f8070f1e7b2935bce1101e683e4ddedf1c
|
|
SSDeep
|
1536:UY30BuYSP3SCyVMjIoZ6KJwt2I4Esq1eyX/KKXQKuOpwvodPw0mdWGG:UY3uNV0IoZPJwtv4Esq1bPnu2H40mdWp
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\aHQ0mStm7MOUQz8p.csv.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
52.41 KB
|
|
MD5
|
839649a1a545863654ffeac5cc0cdb74
|
|
SHA1
|
43219dc6467addc9eaf7e3e725464611d6d3bba8
|
|
SHA256
|
c07e6b2a7a698c83f1771abcbb936ca8b36de737913eec3b05883bdc511123c6
|
|
SSDeep
|
1536:It2r/iP/p6TNKY7y/NltZYDOTSY9mAUtSwLTVqkFMZQsjBnPg:It2rKMTNKY7yvtZlTSYkAUtSwLIzZba
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\c74ORtbzoKEgt1tULZrF.ots.gusau (Dropped File)
|
|
Mime Type
|
application/zip
|
|
File Size
|
89.54 KB
|
|
MD5
|
545b91b6e19745a22b79df06f0e6361d
|
|
SHA1
|
d6a46025886d2713563917845b071c80e976b16e
|
|
SHA256
|
098ddfba2bc8be604fa66a59a7f69eb94cd80a29d68e775bf8a7b925284865b0
|
|
SSDeep
|
1536:Z0IGnLCvU8MxYGcZJWjiSpej7QlKb7Y8HcWgRZKH0VGduQvZfM/1Fzz:eIGLCv/JWfU7Hcpr88ASH
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Eiz2OkszASes0dl.ods.gusau (Dropped File)
|
|
Mime Type
|
application/zip
|
|
File Size
|
56.93 KB
|
|
MD5
|
664ca661ef88b83519c5dcc56d49470a
|
|
SHA1
|
d0e0d35ed58accefc9a5f7c10bb6220eb60feb8f
|
|
SHA256
|
156667547afe1472f9951cee6bbc059f99092d24431d0e5e982782a0688c598b
|
|
SSDeep
|
1536:UgtCZjaFNM3DPQtcZ4UW1YtziU1Ul4+30l3vdlDbkjmzg:UgUZ2NM3GcZ4JStziGl+3u/dl6/
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\G5QwtEl2iSslGa.ots.gusau (Dropped File)
|
|
Mime Type
|
application/zip
|
|
File Size
|
21.86 KB
|
|
MD5
|
c30c3a2349176e929dc058bffdd92d77
|
|
SHA1
|
39d70b289bc0aa6c774b5e22cf370b9762196f78
|
|
SHA256
|
cf207642be5a50dccb7da3cfa16514500337a34fe356f8eeb85a09a4ec90ed72
|
|
SSDeep
|
384:ctOcPiTW7gT8JI8WnyyZ5ttwpvOTqVwqXS7jxa8Gqw8KU8kCOyB5oB77EsKnQ2ta:ctnzjhWnuP5ea8w2dCvBSR7xKQ2tgSTC
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ixHgNpSkmetkMwk0N.doc.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
46.21 KB
|
|
MD5
|
84da300814ae376402acef3ffb1ccbe6
|
|
SHA1
|
75c4dcb6e042be28a6870f0d79b01b2fb4e8fa8b
|
|
SHA256
|
70d950d0174e0e0dd8f49fa7ea28af149b67be542cceeae9aa4ba8a3a30d33c1
|
|
SSDeep
|
768:Htuyup/hXIXLLkLSA1HUuB1LzZCtqpS4O9YRXftotc4rVANza7R7GjWeqlv7D:H4BFh4XE39B1LBS4O9wXfWS4rVGzMBGO
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\rrn5_p.docx.gusau (Dropped File)
|
|
Mime Type
|
application/zip
|
|
File Size
|
14.73 KB
|
|
MD5
|
72f974d982be1532faffec6bb589d8d6
|
|
SHA1
|
98c922acedea7e0077137ae0b59644566fda6c0b
|
|
SHA256
|
3b0eaa6468509b3c6a5258ee1cf7aada776fd81157fcb8fb3445c38d8803d027
|
|
SSDeep
|
384:w2AFWo4fRP/pBc77MEsj09BaTDFzyPaFchwkLz46U/:wnQJpYsj0LYDFZmhVjU/
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Sh2l9d6EAI4aRt7OOr6g.pptx.gusau (Dropped File)
|
|
Mime Type
|
application/zip
|
|
File Size
|
30.99 KB
|
|
MD5
|
bfaa1c75ca31567aad32c85c7fd8e745
|
|
SHA1
|
f07316d7c081e2c74f2287a6bd3fc496d6b6f948
|
|
SHA256
|
23a171708f749718a48f5f877f856c674d6d5fc59c8fa5c068d54b103b7c79ef
|
|
SSDeep
|
768:uj8WKJtq+azSwzBUgyAq8nFgiW2cmKrVBvMv0kcqB:iyJWznB/1FsCwjp8B
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\uJO-YiH9NhpREYVYgJi.xlsx.gusau (Dropped File)
|
|
Mime Type
|
application/zip
|
|
File Size
|
29.68 KB
|
|
MD5
|
5eb7b8143639c8ed516857efaeddd23c
|
|
SHA1
|
b9c9a333a851bb2cd11f93aa219cc8872c39d0a9
|
|
SHA256
|
8aeba710077fca0a7be40345ccfe660fdac77f3a4a6d4099f3ca63d88169869d
|
|
SSDeep
|
768:4vImsA1PIbnFILQjbGcna9hHWJlwybwx65JrsA27EOu7:lq1gbnGcScnwHalxbBo3i
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XhDBm5L_.xlsx.gusau (Dropped File)
|
|
Mime Type
|
application/zip
|
|
File Size
|
83.69 KB
|
|
MD5
|
2a33af7963eac392be24385958eee247
|
|
SHA1
|
5f5ad0aef9405f4ba236997ae84cb87e6ff96132
|
|
SHA256
|
6d36ca4bc9d64a1fdf5c3ba88720d5558e78fea9fb37cf157e4eb47c6f367485
|
|
SSDeep
|
1536:SfGdOitvVGEMsHg0vXmhKM0DImttLw6XWkZegfYx8pdVFLb4sDmaC4W:5dOcVlrA0vXmMHNttLwwWkPAxcbpcOW
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\_7Xr5yfzUYNnPcQwSd50.xlsx.gusau (Dropped File)
|
|
Mime Type
|
application/zip
|
|
File Size
|
19.92 KB
|
|
MD5
|
d9b1eae9acf2974cfedae54ca8c2c98b
|
|
SHA1
|
992cd766797404a65173695704833b6214fa2ca4
|
|
SHA256
|
459e32f16f01a8190e205e16e8d05586635ae584133d5afb01796226e44326ab
|
|
SSDeep
|
384:SE8gF6XL9UZkpCApADPnb9WCONvb0EqEEfrTLpj1je0N3NdUAQejj7s:SykpCA6DPnbWdMJ3NdUAQgvs
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Music\-GcGxMxOZK4.m4a.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
88.64 KB
|
|
MD5
|
ce3abeb3743787f2bf7f48fd55773a50
|
|
SHA1
|
c911688e6ea64d25db6ede194092b8731c6100ad
|
|
SHA256
|
d4835bc446b427de3f5009136ef3c99a6953c3e790024f422eb605d6bb33c755
|
|
SSDeep
|
1536:g284nCcfgpE/p8tgxrUI4Em1ctZY2qdTJOH3iARal7Z/09CyxPcje938khI8HHjy:g28QCcfgp5tSUV2gTJGJCZc9CyB8kS82
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Music\07G0ZL7bvnBKvt7n.mp3.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
14.18 KB
|
|
MD5
|
19ba2b141ad5c7104fb84b83b5dd5994
|
|
SHA1
|
f14e7800da30f448ca98daa0af2e6a06ecf030ab
|
|
SHA256
|
5ba81f20952f6374d4f33b70deb1cba5ce85c15718fe22b199851d7682c0658b
|
|
SSDeep
|
384:+FesyuDLOFwqZfWcoS52OnoFWNleHjo/WGlpcl6Kk3c4vZmqK:+FCcLcZnT52On8WreGUlLyVMX
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Music\8HrfWqZar65w.wav.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
8.92 KB
|
|
MD5
|
187e78e8c98639b9228d4df8ecca483e
|
|
SHA1
|
6099009f48232f0f792fec25aa630e7fb519acf3
|
|
SHA256
|
2aec025e8fde3dc82a7c1993dd797cddb11967d5279647988cfd55f2cb8a672a
|
|
SSDeep
|
192:9vs/GjLI5moeTV3w9qFqzOzRdS2hblJd5vX4pDD+:9vs+jLI5mV9wAMzOO2rZv4pW
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Music\bS4AaW9eUKRKSJX2c.m4a.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
80.20 KB
|
|
MD5
|
1528700794d8f453be2367d840d6fa6d
|
|
SHA1
|
44421f9f368b69e06e01db2c8ad0f65de780b769
|
|
SHA256
|
e8c0767b97be3d6ae9f8d9ac188d9fb15826852c0c3cafe27f981fa4a7f65b5e
|
|
SSDeep
|
1536:QEEz4SjxHh373iYAR8p5rDTcaPR5w8vp38znJtc6VfzupjhuyeFq:bErj/3ji38p5LcapXpszJmyfl3M
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Music\eySD-sWxKcR.m4a.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
62.24 KB
|
|
MD5
|
e6be65a514297557832a5cffb0ebfe56
|
|
SHA1
|
105fe83d65ae02648c9917d6471c242132a2582b
|
|
SHA256
|
daaeea9b1dd104191305f9188535a614b14d6cea966426001fd824cb5228d3fe
|
|
SSDeep
|
1536:1AGxXomWMmEBF2fMLhGkrIdNaI4pj50W7qlIZdvKg:1AGxXWMmfMLhbrIjj4fUwvKg
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Music\FB pP.m4a.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
34.44 KB
|
|
MD5
|
b77f7491118885ee827756bb5e02cc7d
|
|
SHA1
|
f19df3b662b9e1c82242bdcb040d40d604573817
|
|
SHA256
|
846d60d3fba16dab621335900252eb9dd544495ab6f309edea5b94ecbc893e07
|
|
SSDeep
|
768:7cBRkJhhmP/0ryYF7QTA/FsuK4troUtokA9mmIj+Fx2N:7kkJhhM/E7QTA/GuV0Ut76Fx8
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Music\fQh6.wav.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
16.10 KB
|
|
MD5
|
455c0101ec7f81ef2623ea00e230e8cd
|
|
SHA1
|
e990da55e70921d2b2410b6e3734b6bf562a7473
|
|
SHA256
|
e297b70ca4e34e3c11c7664601233aae1481a36874035e61100b29a5bea9633e
|
|
SSDeep
|
384:VXcVsSeBTDYvkVwffdetDSShfMq8jKByypZohvMYX3CrFkU40Shk:V/PIkVwtcD50Xji7oh13CJ1
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Music\H94nos6VqWF8Oqje.m4a.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
98.12 KB
|
|
MD5
|
7c3972446bb06ae06da1a85e5ae366d7
|
|
SHA1
|
65acd3a10d7e76bf8257521e344c4d7f37262217
|
|
SHA256
|
885aa155fe89c3779400fff648ddba5f4db5b9507275d6d98afe08ad00ae7bd4
|
|
SSDeep
|
3072:iLgCgkpk1D2BSbjbOywj2MBl1kFFz+o4oJM:iLhPpJBuvfM6FBM
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Music\jgXL.wav.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
96.80 KB
|
|
MD5
|
4d4563a5cb2fd0a202654f3a607741ed
|
|
SHA1
|
e01794b7c8cfb4a20cd36f63e14d1e773402098e
|
|
SHA256
|
a12ba2920780d1e576d8c73f5902eec5ce8063618ff8e85aecdd298b800b67c0
|
|
SSDeep
|
1536:HGE5o+H0MXhmw0R0hS/zsAL6LaKPhKAYvJm6/lzbbEfAJCEfnj3Og17eKa/oLc:HF5jUMxmwWfunhKvJR9IoJC0nD4T/oc
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Music\MyJjOnayKnFCwyo3.m4a.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
71.39 KB
|
|
MD5
|
f41ac451a15c36dcb3a50a3371192563
|
|
SHA1
|
a35867d69801a52c7ebff8f88132f9cb6c9a4bf7
|
|
SHA256
|
9f8a8843746d2fc90e27614e518b90e3b4eeca14465d74c65535082350ca66ec
|
|
SSDeep
|
1536:LOdAOd0ZrYWfIJyD6biwJU1XkUV3DgdC1hk53IN:LOdd2sWmTJsd3DgdCjkqN
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Music\NTjyCO-pmQ3AS.mp3.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
36.01 KB
|
|
MD5
|
b72a9b4169e68f1ffa77c87cb1bdb5ec
|
|
SHA1
|
147c78f2f37df85c893681d719f036ec9afd4df7
|
|
SHA256
|
137fd439d11c5a587be5e9f1cc7aadb270055eb10b57948329ab5ccd9e58da11
|
|
SSDeep
|
768:0ierEHfb9Jzu4qdFINeGM/gD/hE0ZeWK4OxG5Eod1lSB+k0g:0ierkxJeST327WVIod167
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Music\O841-zc0Cz.m4a.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
1.50 KB
|
|
MD5
|
f028765a3aa0f2d0e775320521cace96
|
|
SHA1
|
8330290ed1c9cd21d91adaa61f17b9fe6a8f0255
|
|
SHA256
|
aece3e2381b8d116a09bf8a717202bf7c959a26a20c1de69b8df7fb515f86e8e
|
|
SSDeep
|
24:yRqSHW7wf6rUXIxEReYZjHJp73i2KOEc6Cj1DlFjfvweBm/mFSAUP53Z+cW2mZ/J:nSHWEx4xERe67bKOD66BFjfvwMYO47Kh
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Music\POR XU-fcmkfoFYhwpS_.mp3.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
5.20 KB
|
|
MD5
|
e6a3e0656a8760d9ec305609ef7f5280
|
|
SHA1
|
6d5462a1f1759393b38a49fbdb40f97a9e1c6b22
|
|
SHA256
|
17537d5e2555130efb483a3c7e1cb65bc2d1a224a8bf5569a5e881e34fdf4828
|
|
SSDeep
|
96:O5Cx6Z5nUAmuO4Ng1qlnhPmMp0huc4ryMhh+Uqx3nZj7Yxv2j7ylgJWeFoDoe2:FgHXmuOt10hPmMKIc3uMUqXYwyewG
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Music\ptcryHpXY3gBNb.m4a.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
85.36 KB
|
|
MD5
|
4f525eab69e0f82619ec3a7a969ea55a
|
|
SHA1
|
7522e787417a72eb3cea9c8f84d501b57b514943
|
|
SHA256
|
ec82412e9878402aa52763f3376b2dc51be00aaac2ac5a2a8a88c3f55c6bb9ed
|
|
SSDeep
|
1536:G0z/Ro9tvpGSR7vXoKuGTjSMUukh0ZqbZ2GiK96LuFWjkCRz3PZctN5B0EmvWSwE:G0z/Ro951R7v4NauFhcEHf9auQjkqw5m
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Music\qpbO.wav.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
70.35 KB
|
|
MD5
|
413a323a9a93ff127956843e2898a39f
|
|
SHA1
|
bb62c52c12b7823c0dcdc5596ddb1b2ef882046c
|
|
SHA256
|
ac78d01ba55128570259d1cb978ff3c1b331de96568d6bcfc0ae0a1f6f93647e
|
|
SSDeep
|
1536:3wTB6pRdS+28CB1ldtd3/EQ/SZyw6VglgffX9uL/a/qz2Sh:E65F2RZtlHUU/9uu/uth
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Music\S4IWsPZvnadFRmzK.mp3.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
81.65 KB
|
|
MD5
|
c2fddb041910213f36693023afbb9ecc
|
|
SHA1
|
b3e368e1c99a5f0569bdd3c7c2fabda6c1b21d93
|
|
SHA256
|
eaac7fe0591e019309f90e2782c7c3a51c7bd33436aeaa95e48ea00c82c44f9a
|
|
SSDeep
|
1536:E/XXp3A9PPX3//t2hHFMpUSkb5h5TS1PHjrm62y5wXbLL891Ugb6yK5ACnBm6pw:EfZ+t4upUH/IHjrQhLfWpb6yLCBmqw
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Music\SOIg.mp3.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
72.05 KB
|
|
MD5
|
35d850850a9f62a921f45cd1facb25bf
|
|
SHA1
|
91492fb25c084d7a63d2c141d3d4c1055262c19c
|
|
SHA256
|
5d926599d92be052d43b1ea91aa437fbdb028f302889d1f72921e536a0df15b0
|
|
SSDeep
|
1536:T57DgLVReVcx/RMCSoaDDpBfAWTT7lS3H8PvLpG7MQVpl6JocMSFWM15tJUpzlFs:pD0DeKNRMKmRHs3H0LaMQh+xztJUpzU
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Music\SpwIY0qQ5DxtnlG-Nb.m4a.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
96.82 KB
|
|
MD5
|
30e36bac51b7e7f23e251a8479fe22db
|
|
SHA1
|
2abac275b8d2a7676c29b75af2e3fb83ea24723e
|
|
SHA256
|
9f684cfe39233d050e06efe07e82a3e05737f6edaa6d33327448c4e418a97edb
|
|
SSDeep
|
1536:dOnyV/cpWrGJu+Wj+P98EIB6Zl+HpEDgQlNr1QhnNRrzxaIDxSs4:dOy1xrGJFWj+1QB6uklNr1OnnBrq
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Music\unP_Med.m4a.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
58.31 KB
|
|
MD5
|
3796aa9c2df5b7539d92f71db25118e4
|
|
SHA1
|
83940ff83acb981ae1b0bfe5f7127cc2c893af75
|
|
SHA256
|
cacb4758a568fd78c444385734bbebdcef4404d4f89f1da4e4a7f9433149121c
|
|
SSDeep
|
1536:B4zJhytua4ZyirVw63z/7018O5LVaRaHoM0/4u:azJhCuUKwoE8KASoz/
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Music\wcuQuzjX.wav.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
74.28 KB
|
|
MD5
|
58e8a74816292ebf8ec30bad2085170e
|
|
SHA1
|
7dca164438e4bea9950d552c687b1c2f986d76b9
|
|
SHA256
|
f13a2f334af4c0e146f3a8882c9d34076e2faad1f560e252a8185902ccd2f0c3
|
|
SSDeep
|
1536:I6TxtFEnE8L6S9sQliQauBPNECPTCnGR9FVVxbunPOz7ISa7zBfvQFO:I6TxtFEnJKoiQzPLPTjRBHuPXXhvwO
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Music\y9xtUA5iI6IPOKUD.wav.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
63.75 KB
|
|
MD5
|
d773af13dd9f782dcc53936d18583c32
|
|
SHA1
|
218f10935e29b52818ce123edfc4f328aae3b807
|
|
SHA256
|
279499525a83ed10b02c5f50af41e7116e4fdd21a0e58a1d298437263bc98cf0
|
|
SSDeep
|
1536:1Oadj6WTSKrSNhqLx6OgDe7+Wx6WbxK435CKjLSzGb:EadOMmOLx6OgDS+Wak5CKjLSS
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Music\Z3UK3vFO8h-zCs4j.mp3.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
82.35 KB
|
|
MD5
|
6ec9770e08e3bd420b4062accf0b2155
|
|
SHA1
|
2e94037a50a3600116fffc802c79bc3ed2d79cca
|
|
SHA256
|
84a33f8628e4c4235634e9b51073327ef3601d2b492c0693d3ca62ac6ca016ac
|
|
SSDeep
|
1536:EI9UikF/F0xn59VzFKY7KcjxmpAfqPuf+kwSNSlhxm49CiGWon/:EI9zRHKYJjSAfqu1wASPgySn/
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Music\zyzE7.m4a.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
81.11 KB
|
|
MD5
|
f773ff0e1b827d209839b2a86ff0c171
|
|
SHA1
|
e766d908c178f169f8b146fa03abc9539dab95f7
|
|
SHA256
|
c0ba9b129c93ab4779ad9ad5a79882a72cc0745811a14688dacbee2f0978a800
|
|
SSDeep
|
1536:2cbqrb9yLC/GA3/706ba7B6/i4+Wox0w0FuI1r5RhH/:2cZe/L/AWa96AWsd0Y+5Rh/
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Music\_wiR1L3MR2ebfVeG.mp3.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
53.80 KB
|
|
MD5
|
5092e5b5fd5a3c1de7bdc70ceb5c804a
|
|
SHA1
|
7d325b802b36678d17f18111e4ca6f1323d9af91
|
|
SHA256
|
56e6f366326d7587884eeb83d9c474a75d093ec76ded9e6798c8b6c6b6919b7d
|
|
SSDeep
|
768:PnocEMQQoCgposcK8J9zd655eDqva4HgHIgDPRfn1KIgFn4jlHiVKAhmkyy:PoPMQQapXA655gqv1HMIgFfUIvC8fy
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\3vMt_2q3fAah.png.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
86.49 KB
|
|
MD5
|
7f73224d73ee241b4d76e66658b8d1cd
|
|
SHA1
|
f72d33ef0b99398928340cc6c61ddeb5e29ddd45
|
|
SHA256
|
f6dd285675fa095e33a468440c5ff6894495f3260bd8c06f2f9c599d31a9b25f
|
|
SSDeep
|
1536:TTu/dNTBCT0QK0eSglkiMb6CFm/G8WnzaESY1Zro0xdyVAxlI7H:/iCDgzLVESydtd7lI7
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\CrjCu6i aZorUJcYh.png.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
51.81 KB
|
|
MD5
|
d6c922d37692e9e0314516d78be91008
|
|
SHA1
|
f19e2aa0a8c7d2a6d204232f3a207443531fe70b
|
|
SHA256
|
117e40a9f3188ccd26c5232486ba750be8ceb4396022af53c1d9931df0315ff3
|
|
SSDeep
|
1536:VZaCwPpD6epvG9osTqsPURMhnI9prkoZyH:G7PTNG+cqseMIprkoZyH
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\IblMdY4N1yG.bmp.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
90.19 KB
|
|
MD5
|
8fda29c54bd5cc0d45545465afd38011
|
|
SHA1
|
e0879e7c22047a957c301f254e8990a9369f78ac
|
|
SHA256
|
ab490b4347702ea98fea0ae1e1fecc8587a85413786379727a00bd62a6a15a44
|
|
SSDeep
|
1536:ctu/skYYt1AcbLeik0zrgu8RZHx3qgxdHRk+8+pEf4YszgZBDKC7a5DIjQgqbgn2:+2sgt1AKLeJ0zt8RZHAgnRk+8mfYszg4
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\eFGyeqngF0yupS6aQiTk.mkv.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
67.82 KB
|
|
MD5
|
10552720eb3ba8dff9e6faf5721aec86
|
|
SHA1
|
b3f0e81aeecaa3ca3df6d0d4ed03a0a69bfe89aa
|
|
SHA256
|
1db85c43009c7aff2248bbbbee5389e42265bfff4a449fd0715388c042260f21
|
|
SSDeep
|
1536:U1VC9FQ0TXDGuhJRhg3QfkeYTHa/SuPMFv6ut25IgT6oCv:GCfTXDG6DyoYTHa/SCMs4rO8
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\HuEJMg3KiSp.avi.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
38.85 KB
|
|
MD5
|
5a572b438c8257d2dcf0e4ea0f9eefde
|
|
SHA1
|
fb22dd14be1fe1573b1a695ea1b3fbd6ba333e9a
|
|
SHA256
|
fab15d0498a66ba0e8d9d5a1e2daf8f97bf7fb2b1bae33634858ef3d4e9f1d1d
|
|
SSDeep
|
768:U2/In7wfVQoDwGdB64l9sRHHfWIC+1nxTcKnVXA6qzU9vrilG4liV:g7wfVE22RU+1nDV5qIdilGJV
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Mv1WVGRvzH\0JOcjFAlZN.flv.gusau (Dropped File)
|
|
Mime Type
|
video/x-flv
|
|
File Size
|
83.38 KB
|
|
MD5
|
2110a5539b60a9d732d9ee2368d29e50
|
|
SHA1
|
b187603b38014bcc44b53045ff7283d590dc59d9
|
|
SHA256
|
5c7bedad10022d0c909c25a01339b5fed5c415244ec9b74c5778dd2315071038
|
|
SSDeep
|
1536:8rnLYpYvRmEboKTY/A5YZXiAJVPhXbVfom+DGupnAsF6mg2+YL5cG5yRpvWhkCVf:8rqNEboVZXiAZ1Z+DznAsE2+Ydxyz6km
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Mv1WVGRvzH\7H07rLnEi4jFThR2aq.mp4.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
1.50 KB
|
|
MD5
|
a0524799e30397dfb7c35cb9eec34e09
|
|
SHA1
|
6bd92117f0715930a43f68892b11730a5a1c6cff
|
|
SHA256
|
2844b2fc00aa4a4374a153c5d2a2300fc54299d8383fa8fc1dea783cdd030992
|
|
SSDeep
|
24:cAYY+fyPgGKpp+AFrGvvz0sfIzNeybr0FmqxWKIJNnKD5zC0/7K1vj1hKQrBWUFX:chYHg9X+A0zhwzAcqYNKD5esmt9rrVD
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Mv1WVGRvzH\Gtis3rDzqOHJLSemRMN.odp.gusau (Dropped File)
|
|
Mime Type
|
application/zip
|
|
File Size
|
21.60 KB
|
|
MD5
|
fdcbbad7a60caf14a8f1bb807cdbb7ac
|
|
SHA1
|
e6eda0135925202d058e791426bd5b0f9b196fde
|
|
SHA256
|
c2069c981b500384c22e3afb099db764b3956be7acf7c63d5d88c7281760a6d0
|
|
SSDeep
|
384:Y4lv2mnlB4E6Kb6LC+QQsH9vqWnL1dqmvogRDuxFujSSOtSOpT/f/H4Lw5i:Y4x2mnlSwKCzIWnL7JAgRDGFujS+YDIR
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Mv1WVGRvzH\sKevCgi1Mzg9JDdGUMsM.flv.gusau (Dropped File)
|
|
Mime Type
|
video/x-flv
|
|
File Size
|
56.06 KB
|
|
MD5
|
c2a0adaaaeaa545faa9ae966cf53a613
|
|
SHA1
|
8e2c15381047c4722ff4d692fcc7a5f9f8cb629b
|
|
SHA256
|
a116b359ebc704347f5dcc73128ac4c9e3db3b84dc168f626a08e8794916e483
|
|
SSDeep
|
1536:r11Ssf2+Hcr+o6swvuARJtOHUIJMtlOUcHBRYZWeG:rDS+2wc6DskRqHkcHB2ZU
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\gck8eKrR\0d9kggXW.pdf.gusau (Dropped File)
|
|
Mime Type
|
application/pdf
|
|
File Size
|
36.12 KB
|
|
MD5
|
01390a497f954693a3d2eac94b5c52d5
|
|
SHA1
|
392fe00b5e443a9735f427210a50f490cb8406b7
|
|
SHA256
|
37c62e0d4d64c6d685e6f7b05a112abab0e085bd207c6b1d763f924b1b3f5c44
|
|
SSDeep
|
768:A3TO+MIqFv+1bXgKbM8FkdWTUa9GycyNsG4y0C+8bRuto+H8PD:A3TfMIqM1bX1g8Fb9GyJflMto+H8r
|
|
Error Remark
|
Could not parse sample file: No /Root object! - Is this really a PDF?
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\gck8eKrR\aFuREbY291J9.rtf.gusau (Dropped File)
|
|
Mime Type
|
text/rtf
|
|
File Size
|
62.46 KB
|
|
MD5
|
28c1166f91e5acf90e1ce4833a856309
|
|
SHA1
|
898ea21e372f21f05ca3502c900678039c31bdd6
|
|
SHA256
|
5dbc1573ed5d2df0271982a4f33ba14ca65d81afd760f6c97f78253791bcf606
|
|
SSDeep
|
1536:pAL8RF6Me8c8oUTcHIpA9yhRxuq1gQfh1U6xeASwqXaVFtlPIaF2R:pAL8RRNxo/HgAwpusgQfhzxemqXavbTk
|
|
Parser Error Remark
|
Static analyzer was unable to completely parse the analyzed file
|
|
~dyc|S 2sӯ%] 6>l4)FIFkٜtco*pSF 㝉cؐ<o|Oek(u%M,qg%=$9[NŚVO>##dΧwU#we(6<s^ey"q+H<0<S#D.͜$!S臻Tfa<<k_)>O|T1|83'mll(#(;IqdPzY ELM.;һ1bWpdGx/J/:-dgR#ws-jX@f4C1,."jR_`B'E<? Z3հVptLdO)=^եuţNêն,QrSXŋOn<b⋲6۲8iw o2$0uyD.hp5PGezB ӛ@QRHh| (:χ>ZeP;f>WB1$,Ɖx#0*8Rjv==lIf%LmGWTqQ+^Q?3%W,wldj±^ś[Zp0`0:pZS5FB.*:BHYtGLNJfE1 msU?rL>x8ԟdU'dQ] 0r%BC/l puOTؤ%/rU8X$~N=I&Gg",p5:%ۤ<6_ȴdcӥ""OHزbB$aX%8(D&vxҭc/8V?/43?Lq*kz3_ش<xKi!,pS@-''1Ϝ@EbAx;h0whZHĔ~YkBʽ ̌zʽZJK8&Y57Z2TUbS(L QS?*`ΪMYC^'j5DCp+Ĺ´ZD?40xն6x`.q3> 'W89_4PER,"g*"bJŴcXF٩=Y6șe|W42!HwhWX;F8_?s91~)q7ٗGYkt^.2Ϩz>~p+p1Wݶ2!&@oarc U].im/Un|Aou"RswAZ2G?f=</&=OmktA1Ͽ7_j^١u]ΦO_%CD.N@@>+=f%UPCat$y̸hmZbZBIUqѯ'9!ͥuYP_9MIkim$l;WtHu+&]-2ؙfeט;Ynlct3K#VsKO n|9,KLȲ6r<rF&(.OHWnoʱ[#8լVS?J;K<֗L!.>'Qk!&w@`esbP(لQ֤@oqi@+2,Af"9lMhkC˧M$Uf.BR @%Mq0SV|fTwqFȄ! ...
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\gck8eKrR\bhC_ABvBjR.ods.gusau (Dropped File)
|
|
Mime Type
|
application/zip
|
|
File Size
|
77.20 KB
|
|
MD5
|
4c0f324e5a9da806e9f36fbd3daec4c2
|
|
SHA1
|
a02c7e4937b698541e01751d2af11b87efafb2b9
|
|
SHA256
|
8ee6059c843142459dc4dfa7001f9815b5baa821c7d0af00aab1429ef2a2f375
|
|
SSDeep
|
1536:CVea2x7u7fyZNpzJ6ctiv354N9yxuBhkYkjNQMYMGYaWOkoXqDX+i4Lo:CVj7qf1JdiPqoxy1kjr1aW5qs
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\gck8eKrR\hK5LQd-AxtZKvzbn.xlsx.gusau (Dropped File)
|
|
Mime Type
|
application/zip
|
|
File Size
|
28.58 KB
|
|
MD5
|
f3080711e797fa9c993ebedb27eca9a2
|
|
SHA1
|
bd4555d48d1edc9aee31a6e690695b937a5c7f04
|
|
SHA256
|
aee5972c7aad918da63e6e243df23be24cbd01883cd62086a3357be19353aade
|
|
SSDeep
|
768:OkqB4IyRcKHJ0z17whWudpOipirXs3fLWw4G4X:NRcV57nkBpirc3fLWw4/
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\gck8eKrR\lbsR.csv.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
32.07 KB
|
|
MD5
|
48803b713c5b3e96b48dadda25467880
|
|
SHA1
|
3deae71b79dc4adc66dab8987803c375a8d5fbf7
|
|
SHA256
|
fc9d6e47967b80ced0de35bc96d9f2cdac6bf3a30bd6e3bf22666fd4e5f86ac7
|
|
SSDeep
|
768:Qk3bN5sKDGFSAd1KHEyGANy3C8Hkxn/hhoE++8ifE8azL:Qk3bBSFSSDDkxn/n++8Qgn
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\gck8eKrR\pelEM3i4e4Jx_4 Wkx.pdf.gusau (Dropped File)
|
|
Mime Type
|
application/pdf
|
|
File Size
|
26.14 KB
|
|
MD5
|
a6147813e53c6360431fd0fcdf68be41
|
|
SHA1
|
b1190c8a568fa7ac97113366a4fc7211f2665529
|
|
SHA256
|
b5a81a40c3d9619d5d01e0eef5fad625a1454df0e2feac8a0e1b07121a7bf1d3
|
|
SSDeep
|
768:b2GYpjo7Xv19X5DsvB+GEKKN64xt3D4hBxSXO/stKFbR:aGYt2Xvb5wvB6KKjtTyBxSXO/fFN
|
|
Error Remark
|
Could not parse sample file: No /Root object! - Is this really a PDF?
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Outlook Files\voeimd@djhreuu.uhd.pst.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
265.08 KB
|
|
MD5
|
cff98993381af2a66a11a2c54b474d3a
|
|
SHA1
|
be66b5e87e976f5a9c349fdea3fdc17167b87230
|
|
SHA256
|
ee76e9556ca4bbc0ecd5d6485b9b8a2d6a32700dfd54a94ba2eeb3b9cd323b41
|
|
SSDeep
|
3072:2Qy3R+PG4WaC+pdL+DSuifSsqhp65y6dDRphpycX4gHGpZvMkVWxXoOsUr:gkP8qSCqhp64ynyJS2NMkEtJsUr
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Suggested Sites.url.gusau (Dropped File)
|
|
Mime Type
|
text/x-url
|
|
File Size
|
314 bytes
|
|
MD5
|
ab7ddcc2bca7350586608cc3261f4036
|
|
SHA1
|
98b04ce4bcdb35bf12a154e1689033d7da274cec
|
|
SHA256
|
46d49718034c28357dfe334f3cbac37ff10905ab7f63613bdde171e5165a3e9c
|
|
SSDeep
|
6:JH8/EvTNzL1B9ILOUhv0HbWAuTjgwrKxCnxhid+HBWUFcii96Z:5T9f9ZUp070HCQBWUFcii9a
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Web Slice Gallery.url.gusau (Dropped File)
|
|
Mime Type
|
text/x-url
|
|
File Size
|
304 bytes
|
|
MD5
|
cc836362edb1d3bb48e1e868251e7cb4
|
|
SHA1
|
7ff69b9f92b3212bd5d17c72e335901155f84522
|
|
SHA256
|
c2b2e3c7a21879a7a94d344f73d8dbe15c3a334eb37bf1eae6ba5293f1225df7
|
|
SSDeep
|
6:JH8/EvTNzL1ycfL0WYQuZADB5MM/0NmVHMbAoZElsUIaT0zt9HBWUFcii96Z:5T985QTDB5OEH8Uu7BWUFcii9a
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE Add-on site.url.gusau (Dropped File)
|
|
Mime Type
|
text/x-url
|
|
File Size
|
211 bytes
|
|
MD5
|
44ddf471d93bbd22f8329867c590e7ef
|
|
SHA1
|
f98cda46547c298002207f0d68b7db1954f79d04
|
|
SHA256
|
bbf7263165a75979613d58af054ac82758f2c30885bffbea72cf2388300a7348
|
|
SSDeep
|
6:JH8/EvTNzL1ycfL0WYQuZAQKSHBWUFcii96Z:5T985QTH0BWUFcii9a
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE site on Microsoft.com.url.gusau (Dropped File)
|
|
Mime Type
|
text/x-url
|
|
File Size
|
211 bytes
|
|
MD5
|
b4c2d0ff21a0170d5efa33853d4ccf53
|
|
SHA1
|
eb75b812144b378b413b5decce7aee382eded44c
|
|
SHA256
|
f1267a4b69806406e38b40e451d556c3d90904a67751bb8a94a097e1b0999f2b
|
|
SSDeep
|
6:JH8/EvTNzL1ycfL0WYQuZAKxKSHBWUFcii96Z:5T985QTKc0BWUFcii9a
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Work.url.gusau (Dropped File)
|
|
Mime Type
|
text/x-url
|
|
File Size
|
211 bytes
|
|
MD5
|
f34854cee5f76c493e4948926a620233
|
|
SHA1
|
4af85d4bb85603e2035d962f58eb67f11dc24641
|
|
SHA256
|
6fd9527738e3cf4dbfa6ae3a1a8f1e4b3a80e61f978ff1e23451d0e440dac136
|
|
SSDeep
|
6:JH8/EvTNzL1ycfL0WYQuZArVyKSHBWUFcii96Z:5T985QTL0BWUFcii9a
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Money.url.gusau (Dropped File)
|
|
Mime Type
|
text/x-url
|
|
File Size
|
211 bytes
|
|
MD5
|
eb6f94e96dbc817f7c4fd1fc6820667a
|
|
SHA1
|
14ffca31ea9d9326b841d7e0e411dee6c4421e20
|
|
SHA256
|
4bbc9a7c9043a203ecde35c0a2d3286ebad9464fe70401fe87f1d2688a040e52
|
|
SSDeep
|
6:JH8/EvTNzL1ycfL0WYQuZAx/xKSHBWUFcii96Z:5T985QTxE0BWUFcii9a
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSNBC News.url.gusau (Dropped File)
|
|
Mime Type
|
text/x-url
|
|
File Size
|
211 bytes
|
|
MD5
|
753063c368f9616df5d078c2cb1d7484
|
|
SHA1
|
a7711a30b3ac77919edc0c80486de5d250afd59e
|
|
SHA256
|
9a57ad0f95dd1fc00ae5cc25cca12c574744a244d972124091aa5ee91b065f11
|
|
SSDeep
|
6:JH8/EvTNzL1ycfL0WYQuZAxNCXKSHBWUFcii96Z:5T985QTxf0BWUFcii9a
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Get Windows Live.url.gusau (Dropped File)
|
|
Mime Type
|
text/x-url
|
|
File Size
|
211 bytes
|
|
MD5
|
09936bfdebaf106548ba692519d5d07b
|
|
SHA1
|
a0716cf5d8d32c37efffe2f9eef1fb09c1f6a581
|
|
SHA256
|
af057014df77f0c3750b01ed9ddaab9d2f5005f95ad00aad5e57eb0c8931ee27
|
|
SSDeep
|
6:JH8/EvTNzL1ycfL0WYQuZAGKSHBWUFcii96Z:5T985QTl0BWUFcii9a
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Gallery.url.gusau (Dropped File)
|
|
Mime Type
|
text/x-url
|
|
File Size
|
211 bytes
|
|
MD5
|
2e130da62e47513b4d91e300a4d64f79
|
|
SHA1
|
8c5a7cb1f9148d10c45c2ef0768d187f869cf831
|
|
SHA256
|
18a85f190212a294a4a03e231f6d221f399cbd934fe918e61f1ab3251826c261
|
|
SSDeep
|
6:JH8/EvTNzL1ycfL0WYQuZAtxKSHBWUFcii96Z:5T985QTtc0BWUFcii9a
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Spaces.url.gusau (Dropped File)
|
|
Mime Type
|
text/x-url
|
|
File Size
|
211 bytes
|
|
MD5
|
6c5651c5fa1ee2fa828f4c38814ffe37
|
|
SHA1
|
d7ebdbbd2b0e8398289c05fec014fa01e7f21722
|
|
SHA256
|
b665c1c523e5e6ed576bc76a4590414676345e826d14e529895c15699eca44de
|
|
SSDeep
|
6:JH8/EvTNzL1ycfL0WYQuZAxx1FKSHBWUFcii96Z:5T985QTxx1A0BWUFcii9a
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kuLBm0R5-grtJK8w\z2lk.jpg.gusau (Dropped File)
|
|
Mime Type
|
image/jpeg
|
|
File Size
|
52.43 KB
|
|
MD5
|
6dfba947b80c54fa514a84aeca46042a
|
|
SHA1
|
2079376eb21fc5716045e228fba633308b88e17d
|
|
SHA256
|
eddc713b81b442ff8c3a12a3e31f5973521761ff0850f35f009bb74ab64870af
|
|
SSDeep
|
1536:6LPgl7EX1Wadh+GW1VBGA6E17Lnb9VGcuOD0DKn0D:6LabaH+GW1HGA6EdTLGcWOn0D
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\NYC5ngf\P1zhXc0ibiHP0Bs2v5.gif.gusau (Dropped File)
|
|
Mime Type
|
image/gif
|
|
File Size
|
13.45 KB
|
|
MD5
|
e1f9f0f583e550eaefbd75ea35ac1855
|
|
SHA1
|
32ec3e822933b0892f6eac2ee4627e27c4f95a88
|
|
SHA256
|
e3adde70a75a3bdca722a0a37fd2c65c27c15ec9479574c24d4646e264f37a1e
|
|
SSDeep
|
384:SEwSzUPtC866JuuRqEnDJL4kQXgUjEyEeTY:C1C866JuuRXnWgU4cTY
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\ZTE-\l6LO.bmp.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
40.46 KB
|
|
MD5
|
7fb2c497ef00b4fa46754172e74120ca
|
|
SHA1
|
57d62fe9070d0943b4ac0fdcb08f812eac33aa1e
|
|
SHA256
|
81a19962c9275aba7bd54e8d1632352130ff6bc4b6450fded763c7323ad5e298
|
|
SSDeep
|
768:04M1HdU2+LK8Sh7vJVZAyBXkF7cPFfWySG9Qy4EEi4+l2DaTs:0d1HwLKB7hjAyBXScPFfWyZ4EEi4r7
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\ZTE-\MFSIcW7l5OKlh5.gif.gusau (Dropped File)
|
|
Mime Type
|
image/gif
|
|
File Size
|
60.48 KB
|
|
MD5
|
22bb2f5d1d43777e285be6d89057ff90
|
|
SHA1
|
2bce63abf7322da8f8a3b5302035f685e62d96a3
|
|
SHA256
|
f02a1d575f910faf7ee0dd76cd9d6955a0afd86e79d4dac1fded65d24f6c483b
|
|
SSDeep
|
1536:nmjoBHIZ0mO4GpnNL/3SJzgFYR2/CXwlJQW3:nmMByVyNL/3ShgCSCXwlJZ3
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\ZTE-\WQb DhJ7Wo.jpg.gusau (Dropped File)
|
|
Mime Type
|
image/jpeg
|
|
File Size
|
91.93 KB
|
|
MD5
|
b8ec5050f8faef356a879fc235499c68
|
|
SHA1
|
b95e6957c4d001de5f24d6ca85c85978463986c8
|
|
SHA256
|
14bfac4f97ebd94950b44ab3d5e85b82ce369320170af8532689f1440793c9ea
|
|
SSDeep
|
1536:CUkhk+0IkHUqDoeEdSQzdeiQ5oJ0pTvhubkv4vjLeHbNTgBTANiYi5Qtr+poYL:ikrIknDoeEdSQzdk5E0pjhujjwpgiAYq
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ynWwf7IE7\BoizzI4g97t.flv.gusau (Dropped File)
|
|
Mime Type
|
video/x-flv
|
|
File Size
|
67.73 KB
|
|
MD5
|
962ac3394ada275ab79ef7ba99b8820f
|
|
SHA1
|
369ce9b666e13f603a8c84fa07ddadd1595508bf
|
|
SHA256
|
36d07f619bafac359a2db344f8ca2f87f0c01de05706428f68ded0eb5a26efd2
|
|
SSDeep
|
1536:+hlGkhFOdYEPwKBdMLPs/bgKN7tii8wCZVGLHZLLsntrrA:+hkuOOlKB4E/Z7tidVkLIntrA
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ynWwf7IE7\Iq gbMO_n.flv.gusau (Dropped File)
|
|
Mime Type
|
video/x-flv
|
|
File Size
|
18.89 KB
|
|
MD5
|
46d6bfa75273dd2e188d965e16b5ff44
|
|
SHA1
|
afe51c9c915654dfbd2592824c6bf489ecf43b67
|
|
SHA256
|
f52e649dbb45354a8b46fa41558b02256040b241fce2bf372a8737d9ca088102
|
|
SSDeep
|
384:BI2nATbfC7UpW4wcRD8MC15r9g3HYeM9iG8dod/sCsQYMFUAFnAIuFhuEoiXL:BI2gMUpWGRDRC15r9BriGtslQYc/8F80
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ynWwf7IE7\UtVdyOv5.swf.gusau (Dropped File)
|
|
Mime Type
|
application/x-shockwave-flash
|
|
File Size
|
19.12 KB
|
|
MD5
|
3ac16b9c5a693da18f87266a01d09aa1
|
|
SHA1
|
63ead171308f025928dbda5d56d2773e9333bd82
|
|
SHA256
|
f4981308b6a9d62e60504c27ed94bd88a61720283cc598e2c1e519493798f95d
|
|
SSDeep
|
384:R+mKWc4i8mndC0f17VLtY1N6G22ar2D4j7mT:IIcdJnzd7HyE3r2XT
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Mv1WVGRvzH\Fv3TELB 8E\2BSi.ods.gusau (Dropped File)
|
|
Mime Type
|
application/zip
|
|
File Size
|
25.51 KB
|
|
MD5
|
f538ce94948f0f6c2792584d19105d67
|
|
SHA1
|
e44bcc922180f3680b5526746c42766db5c96e79
|
|
SHA256
|
b970ed07b4f8fedc465b4db3e955a464d8f17af27935bba576ea16e2bc84997e
|
|
SSDeep
|
768:zoIspS05l/qB1MqJWK5k4uyUWp5F8HDogwQ:zoIs4Gl/qsmWZ4zUWDY
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Mv1WVGRvzH\Fv3TELB 8E\eOYyRR2EObYB.wav.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
4.54 KB
|
|
MD5
|
b3c2fc3105e8f052de57bc567a02d1dc
|
|
SHA1
|
c35ea70eef99178acaa27257239e8700e91f1e09
|
|
SHA256
|
769523deb7ca18cf2b68f45e7c93882a5daf7d6987ae6b290ed5b6a3d43c6544
|
|
SSDeep
|
96:Z3YmyRcez/FPoS7CxdMG2+b8ye+1u9ICR4/u09hY/xKWrDMZgTfkxuvC4l:ZomyRj/BoSwdMG78/KMR+9G/guqkfpaG
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Mv1WVGRvzH\Fv3TELB 8E\eZfj5ZvjMOZ.m4a.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
71.41 KB
|
|
MD5
|
99c7e83576f1b27aa187005be5d95ee5
|
|
SHA1
|
b4255460999c846eab602fda5902b18afa04fec0
|
|
SHA256
|
f7571654a6de86717275128c795a68f43ab175a5875a9332d04b894de9b3a3a4
|
|
SSDeep
|
1536:8BFI1SsmuFkE5aazIlQimr3gffx9pqZFSVk31KqDqKWKEVXlMZ+p7OXsCTB:8BcSsDB5a/mr3gXcfS+RD7GyJTB
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Mv1WVGRvzH\Fv3TELB 8E\O7mIpznG0.gif.gusau (Dropped File)
|
|
Mime Type
|
image/gif
|
|
File Size
|
83.23 KB
|
|
MD5
|
eeb92d9d45ac1cbdc78a220c739acda0
|
|
SHA1
|
c80a2e9cba32281b7ef944993f7eab7af9d7e4dc
|
|
SHA256
|
78b64eb3e76982ca0f6c181be1d533956c82590d4d8bcda9fac8832b3d9567cc
|
|
SSDeep
|
1536:x7nKl3vFBYNE6NKPW7Zr++/fFUKVPeNvVNXqX3avKmxWCI8d0:RKlNqz+Ci+/fFUBpVNy69xQ82
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Mv1WVGRvzH\Fv3TELB 8E\qDPtFMhAiJ2xQ vm.odp.gusau (Dropped File)
|
|
Mime Type
|
application/zip
|
|
File Size
|
90.47 KB
|
|
MD5
|
227d6820438525982c96bf3ae9631aa0
|
|
SHA1
|
381f408b6b87897134b185cc1cdbc3adf3e9dac4
|
|
SHA256
|
23c982d009afbf9fe4ff843d21f0af74020734a6a0892f5ca57273a8df454fb1
|
|
SSDeep
|
1536:yMe3O+Ae4ubDtI7Zc56oQeKC6E/2pWYI1chdS87dFcm272a3K0ttTay/YgmVuwUh:yMgMTuve7MrKAWyc28Tc2iT9+Vsh
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\gck8eKrR\-cJIpQCkg1\1TiNgxSzmOsn7Ri OkP.ots.gusau (Dropped File)
|
|
Mime Type
|
application/zip
|
|
File Size
|
42.22 KB
|
|
MD5
|
6ca14b22503f2efef77a26b4d6cfa4ae
|
|
SHA1
|
7df05a129790f4732ab134f3e7abf91d2c4f20c9
|
|
SHA256
|
22b17ed98d4c033cf33716d306a4ed09e2e9641eb4c22bb891e390d7b37e7426
|
|
SSDeep
|
768:izzrFMQhk/excDr1JvCY6RMAU0vMGXe6xifxe9XnL6FnWUmKPMTd8xkZ:izFYecLvP3iJFxifxHBPEL
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\gck8eKrR\-cJIpQCkg1\faBTC43kElpNlGMFau.pps.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
89.99 KB
|
|
MD5
|
fa96f029c530f21c56d0255f90c60744
|
|
SHA1
|
d08d128399c6b990fbdd827073b82d8feaff99a9
|
|
SHA256
|
4562882780a3e228fd4b9e203c3a8857cbdd6fa9608d7db68eb8954e13f14820
|
|
SSDeep
|
1536:6MOax3EEX/yPFFww0vMnzjAlJZsazPRmTKR6uPeOnZ4kCNCAY6kVDvA:6glX/+0vEzjAzXR6TqZ4dTY6qA
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\_private\folder.ico.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
29.30 KB
|
|
MD5
|
9970368b4f9e17803aa4867c505b2a91
|
|
SHA1
|
8a0a1f2a0b5f4a8c1eaedea288401a3fe6f20b9a
|
|
SHA256
|
266ad874ff5cf30d93da9b2da235c2ad6ae7f75e7e1b9de7178d7ceddc6dbd40
|
|
SSDeep
|
768:EsXZcc1se85iG5T0p9oTS4WUmhndIS1w/oy+romaEACNOP:EsXr1svkmT0pL5dISooy+Um3ACg
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kuLBm0R5-grtJK8w\KkXM-cBNoii_tDa0YyP\CugNJ6pb94kQCPMiK.jpg.gusau (Dropped File)
|
|
Mime Type
|
image/jpeg
|
|
File Size
|
13.66 KB
|
|
MD5
|
4cceec2e7d1eb5cd36acc8bd5ed74c71
|
|
SHA1
|
8c190c679607f9482fcd4cd08675912f7fb8c562
|
|
SHA256
|
e328384089c8445993721a726595990c9d35e5f8773d455a7ba79c8bac4ad438
|
|
SSDeep
|
384:doM/QNyE5ASdW5GAQKLB012UsSzQ7qN4rQHGKYDR:tQ/A1xLB01kQ4rKGKYF
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kuLBm0R5-grtJK8w\KkXM-cBNoii_tDa0YyP\pySmPr79Heo.png.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
23.04 KB
|
|
MD5
|
e0bce824a0d893b6db381f2ce422fb56
|
|
SHA1
|
8bc863daa2728d68fdd059c310d61f13f24152e3
|
|
SHA256
|
2d9d75138057caaa09ad9ee9d7a04a5a66bdbf90d941dd3ca8c8928a2e937d9c
|
|
SSDeep
|
384:AV7w4B2a/mFYTaNUEqVvL2l94AZbiAlPztn62KJipRViOxxS6/DPA:OZ4040aNUrSlJzlrN67MXDSq4
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kuLBm0R5-grtJK8w\KkXM-cBNoii_tDa0YyP\Zusq yA8dO-j.gif.gusau (Dropped File)
|
|
Mime Type
|
image/gif
|
|
File Size
|
97.33 KB
|
|
MD5
|
cbf84c56f7ce2e00d94d96a07ed8cf5e
|
|
SHA1
|
6ead5619b6cd2b686b2bedea8d66481592f99217
|
|
SHA256
|
a1fc5af1df8725902b28e4785aa4ab6b29424ba877899f1d94085d2fae2fccc9
|
|
SSDeep
|
3072:agRXnvjNYCw7C2oBwojCVPD33l+26gRlwvHw:hRXbNbvLCx426gRaw
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\NYC5ngf\NSqsuqL\KZrZHmvQBeSkBOCD.jpg.gusau (Dropped File)
|
|
Mime Type
|
image/jpeg
|
|
File Size
|
10.45 KB
|
|
MD5
|
e1f0dc29d47ce59fac6a49872665047d
|
|
SHA1
|
7910dd89027bf20420df50c8338f7014d404d894
|
|
SHA256
|
5e6272469fca7f16d68e2ab1aef36370655c0450a5069e93ef4c57f707f3d921
|
|
SSDeep
|
192:eY5HltN/qZzL9UT3bNwl5VvaR+YqAPJz15sQIYOaC2MuPhmYAwTXU:BRJ/qMTRe4ROoZHsQIY7C2MuPhB+
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\NYC5ngf\NSqsuqL\m7Zhy4P-VQ66.gif.gusau (Dropped File)
|
|
Mime Type
|
image/gif
|
|
File Size
|
65.75 KB
|
|
MD5
|
39875c304672a19ecdce6086f1c52638
|
|
SHA1
|
381a1d160f26c3e0f3d74993b53301f25cb38509
|
|
SHA256
|
84cd5d6979fac6bb435a1e7a6c62727426b608843389c5a5c337d3bca07d1cad
|
|
SSDeep
|
1536:K+o7gb5DFioJjmMrTicznvuzUp+d62VuTpi6lMqnfAMr0gps:Zo7GCUdrzzv076a8VuqV1y
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\ZTE-\3Bsx2yMEE1UNteJQW\OQg8wwtsOsz4VSDTpD.png.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
73.73 KB
|
|
MD5
|
199b83eec418ad8832710ae05f01dd01
|
|
SHA1
|
30b16ddf146f7a498dc150e3daf88980d46d7f8f
|
|
SHA256
|
9670f8f0954291a987096207451080ece8f20dde85acb00fba37f51f9b9bde73
|
|
SSDeep
|
1536:rdRZzMR8lcwTyAl3LniNTSq9hnlaX9ljrf25oGMHZju9AbK4+q7zcjHvMbBHjs:rdRZzMR8mg3ONT+NJ5jEAbz+6V4
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\ZTE-\bbyLspO02\y lRKLTJHdvF Q.gif.gusau (Dropped File)
|
|
Mime Type
|
image/gif
|
|
File Size
|
89.26 KB
|
|
MD5
|
cc9aa524142f35105397b5d74039bc46
|
|
SHA1
|
4662625cb83e4bcdbcb7a092767749e5c9928914
|
|
SHA256
|
35f498f2492dd74429faa0efc92264c387e1034b709d95589db22f4c527bde89
|
|
SSDeep
|
1536:yBC8/Cy35pVMNeEV7hCAS7AbLLqPZbN06qdY8q+oLhDKE98ECs1LqXh:U//Nb297szKSBbR8q+iGE/Cs1Lqx
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\ZTE-\pYG2mrJ4CHtyyhs xGQU\eyP8XnrLY rQ9ZYZ.gif.gusau (Dropped File)
|
|
Mime Type
|
image/gif
|
|
File Size
|
84.64 KB
|
|
MD5
|
a2c80b3613b0c89d6e90bee5f6993779
|
|
SHA1
|
8ebd6943a5d2f57689b915707cb8da507bb0e604
|
|
SHA256
|
dc43de4bc4d57f4fe1bc0546fefd60190bc3c94ca83473f840901ece56717f23
|
|
SSDeep
|
1536:46HTyXBf/sjOz5sYkSb2RyUAHJmknKxiGcEAxNdzPN6Fr3tSMlbmTuv:46z2BHE2sYkSqRyUAHJmVxAJNdh6Z3QS
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\ZTE-\pYG2mrJ4CHtyyhs xGQU\lfJNr8tOZ7oDHun6ukoV.gif.gusau (Dropped File)
|
|
Mime Type
|
image/gif
|
|
File Size
|
43.35 KB
|
|
MD5
|
1bbb003c5786fe9dfe855fad703c4c94
|
|
SHA1
|
fda3679e1e08a940d8e78201550270b7fc2bfc03
|
|
SHA256
|
4a1b3e0ec3c42889b7d98342ee5d6af61bc46261e5ae62ae2cc5a85998d5a6da
|
|
SSDeep
|
768:AC1dzaj9LLvHk1VGIFm5acISVFvEZ0KSLtp0o7iuth9X/tRBeoeO4fns7Mzc:AC1duj9LLv6GoO1Imi0BtyoWazVneJs9
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\ZTE-\pYG2mrJ4CHtyyhs xGQU\VFWyDHM.png.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
60.96 KB
|
|
MD5
|
f88db3d6f26d7355cd038d245c10cab4
|
|
SHA1
|
5751b5c5d13dab47ad5a71c86cd7a71f272fe213
|
|
SHA256
|
aebff11de1c88a9aa8c6f4623b4b606e0b0fba2f8c7472892b9f9ea9c214296a
|
|
SSDeep
|
1536:Rz6Hcdw3ZKw+0P6PITOG4eBLZmB4cGuW7rfjFhzDEl:R2HcwpKw+0SwTODeBqTIr7El
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ynWwf7IE7\muLwtSyMNArdmekL\a9qF7OuHrZ4T.flv.gusau (Dropped File)
|
|
Mime Type
|
video/x-flv
|
|
File Size
|
15.57 KB
|
|
MD5
|
c296eb305fd7db0e587eae8be2be2377
|
|
SHA1
|
7d4af68dc3dbd5da82e67abf409376c8be833e02
|
|
SHA256
|
2956ad2eb1c54ff93678471e88a44babaf3319626b881a0f30c218809699481b
|
|
SSDeep
|
384:1GUqNbxxX7xlnHPYaPe7IXJchQtdyE1oc2QJsR5XQFtx9k:wUc1xlPe7IChQfyE6c2QJsRuc
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ynWwf7IE7\muLwtSyMNArdmekL\KEz1B VUjzGhZ.swf.gusau (Dropped File)
|
|
Mime Type
|
application/x-shockwave-flash
|
|
File Size
|
77.47 KB
|
|
MD5
|
27421e592442f4a8d526a2a764620b1a
|
|
SHA1
|
c8e4f3aa54767385dd1428186afec88f88b32222
|
|
SHA256
|
ea1cb5ac8385043c34042b7078e6c91c0f1b1c1c0c16c2b570a1f120cfc8151d
|
|
SSDeep
|
1536:LuTgdSAk3xIyNhSTaIhb7qmQ/8dkjMBWYjSkcOthj2k1rpYaIFiYp3B7eIvo83MS:LucdSAdyLiiTj/YWkcnk1rpYaIFic3Bb
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ynWwf7IE7\muLwtSyMNArdmekL\RrLl7FRJlURSY01.flv.gusau (Dropped File)
|
|
Mime Type
|
video/x-flv
|
|
File Size
|
35.06 KB
|
|
MD5
|
c4eecd5cc661d79c3cc4c6885b6c3114
|
|
SHA1
|
4f95cfb746b2d56eb854531c69476df133e3eec5
|
|
SHA256
|
93bba8111a04097edf780fdae9de97ca4cf138334e2cf9020a89b0062b8b3be8
|
|
SSDeep
|
768:wH7leNtM75AxctuuotF8xrJ2v05x4so3WrI/1xwVh4:wbUN4Ajyvx4srr4qS
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\gck8eKrR\-cJIpQCkg1\5T4sBt2\5ETH-YOt.pps.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
84.58 KB
|
|
MD5
|
5c6fddf1f3617e462de165d564daafa8
|
|
SHA1
|
abf636895598f904561e4d8437a1ec547e3a7c76
|
|
SHA256
|
3c76886fee17e07bdd68697019d26297294063f5e50d04b2ab81e1d0c555d5d6
|
|
SSDeep
|
1536:skJLn8eBnvAbot5VzzRubFfKAyquWYvsskzXnNY4xj1gAwnYRRHZfBPMQ:skJLpBnvMweFyAyOGsL7nNXxpmoZfBUQ
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\gck8eKrR\-cJIpQCkg1\5T4sBt2\5LxZSjV.pdf.gusau (Dropped File)
|
|
Mime Type
|
application/pdf
|
|
File Size
|
3.25 KB
|
|
MD5
|
a0403b697a45aaa908cbe14b34cc359e
|
|
SHA1
|
87a7d8de5fd77316e8035236a8bad845bc807a8b
|
|
SHA256
|
d1c90834941ea3cca06fdfcff1c23e81011298e7407274bb149e03a014271b24
|
|
SSDeep
|
96:fVDVRB1jyD/30t6/LtJKBFluAAd2mhjLwCuU7PSiDYJaR:VPyDP0t6eihjLlSHaR
|
|
Error Remark
|
Could not parse sample file: No /Root object! - Is this really a PDF?
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\gck8eKrR\-cJIpQCkg1\5T4sBt2\8GBnXsZ.pdf.gusau (Dropped File)
|
|
Mime Type
|
application/pdf
|
|
File Size
|
3.37 KB
|
|
MD5
|
d730f22a63ab5096eaceb00eaab221f7
|
|
SHA1
|
9ebbe64ca8b3b76f01f11df25ab181e20089a482
|
|
SHA256
|
13083e6849870ddc2e94a30be4e2255294a0f931caed8efa6ae16c685b35506a
|
|
SSDeep
|
96:fVVGvigHErNKQ18asb+AqIWTry4oCq/XgDOjJEhsW:jG5HKNV18afAFKW4E/XwKWX
|
|
Error Remark
|
Could not parse sample file: No /Root object! - Is this really a PDF?
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\gck8eKrR\-cJIpQCkg1\5T4sBt2\aVltm_fp_1spcSpiUB7E.pptx.gusau (Dropped File)
|
|
Mime Type
|
application/zip
|
|
File Size
|
80.37 KB
|
|
MD5
|
cfd0b59f43d37d03a668735920b78777
|
|
SHA1
|
8d6a6ff3fe195329558046d043ff729dfe862f47
|
|
SHA256
|
23ae7927173eec746e11a70b2732c6f53275f7aa979321690c2cdb8dfb96d2b1
|
|
SSDeep
|
1536:iHslAEAHzkOCGA/Z7JwOjfe3DdLVcq+PfboXIMxBOGfuRK5/UBW9vvu38Fi3/hLl:osltAHy/e1p0b/uxUBW1vu3VhE/Xj07J
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\gck8eKrR\-cJIpQCkg1\5T4sBt2\dthjAR.odt.gusau (Dropped File)
|
|
Mime Type
|
application/zip
|
|
File Size
|
83.67 KB
|
|
MD5
|
afe4072d58f32287e47340609e8e1c0b
|
|
SHA1
|
539a7f867ec28aec1bc13687f149954f7c97a6c6
|
|
SHA256
|
a2658a660ed3d08a8f046099b069def8d5cf96e3e6ccd01f7ffe2dcd7339cf02
|
|
SSDeep
|
1536:SGgaJK7wVEkyW1eCGc8NKbcKZSvfyXrCyG8Z3pqf+cfszLhYASAlSujiQl:ScsCakQKZSX2qqcWWCh5SAllD
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\gck8eKrR\-cJIpQCkg1\5T4sBt2\HOw3I9OnurIF0.pptx.gusau (Dropped File)
|
|
Mime Type
|
application/zip
|
|
File Size
|
54.54 KB
|
|
MD5
|
fe10c05b0c9889f069208b428e9a8f46
|
|
SHA1
|
7bee041e4f1dce999c4a38d862ac3b06add8070d
|
|
SHA256
|
c5272474c55178c0a1d8c0262651b05ef8465f51baeb3d1e542752ef828f5969
|
|
SSDeep
|
1536:VtgVx5AG0NHQ+mT0WSzB64wMbNIOQTn1oIPbzcsG:VGVxP0940JzB64wMbyz7ng
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\gck8eKrR\-cJIpQCkg1\5T4sBt2\kLhp.docx.gusau (Dropped File)
|
|
Mime Type
|
application/zip
|
|
File Size
|
78.43 KB
|
|
MD5
|
4c17eccfdf4eb49fda9e8f268db51201
|
|
SHA1
|
30f06a1b6c56fe31cd0bb6f49c82c0e8eb0d6228
|
|
SHA256
|
acf28eed2a462af5f13ff689c3fde01abd478f2d2655058039f076bdc269d404
|
|
SSDeep
|
1536:neW0fBalraXrAeSCS/ovea+nt/zB/JFoylz3rc+cqDTViNr3QpnFWrBkhrHDclQY:eW0Zalr6BChaQNJFZ5Y+cqXbpMwrHIlp
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\gck8eKrR\-cJIpQCkg1\5T4sBt2\M85S8 e0deSz1O2lZp.xls.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
96.37 KB
|
|
MD5
|
9b3625eea8114e20733d0f0805336bee
|
|
SHA1
|
af79f0407a1cd3587ccdafd37208eda08e157fbd
|
|
SHA256
|
8e274cf29e02c9bd5721838b95f64c2c8a84cd8f949b87fb8805772b6230fa71
|
|
SSDeep
|
1536:Z0WFTNdHiMQdR3ymLIsNuqoNRR69Kq1s2UfXN/jsgLerz7JPe7KZxlA10KWbXjd3:TrxYdZymLJNuHN7NG4fLcVDbJb+c
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\gck8eKrR\-cJIpQCkg1\5T4sBt2\pbZLWA2gHx6B.ods.gusau (Dropped File)
|
|
Mime Type
|
application/zip
|
|
File Size
|
42.59 KB
|
|
MD5
|
80f339b9c96a15ba41cab21f383dc266
|
|
SHA1
|
88ef9f07b5449260b17bdc875d85380d5f018fbb
|
|
SHA256
|
f08a845639c5d75c08fd4f143631aba20daea0c4d9c730fcf0e46540295b7733
|
|
SSDeep
|
768:Ei5Y3KWKW8HapxBeYZW9nMnh/BsM3tpTXzWioCnU55z6yfZpjIthe0DB1nYKXETQ:Ep6gLeY4Gh/BsuHWilU2yZ9Ithn1nrUk
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\gck8eKrR\-cJIpQCkg1\5T4sBt2\z ACbUu.csv.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
99.53 KB
|
|
MD5
|
99f12534ad991394df007583e678bca1
|
|
SHA1
|
1b86fc71c8b87ea1b7ad9bde418d4916fd7270ed
|
|
SHA256
|
37d6ad0739ab58d4a36b80871dc0bac53232974f290e855a33637cca41eebfd5
|
|
SSDeep
|
3072:p2czrHQFu3w37ZbCUnPbo38TNX9AJ5yxV:p2wrHQFoC74UPFTNNAJAn
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kuLBm0R5-grtJK8w\KkXM-cBNoii_tDa0YyP\fXLlrMkF3y385T7R_VK\NSMy5XFpc9v55E4.png.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
16.98 KB
|
|
MD5
|
fde2bc2061a8a2fbae5e9fda67033e8c
|
|
SHA1
|
6e1a55efe6fc23f35b11a000c2622f0c25171365
|
|
SHA256
|
691f615642f394ba0839eb22c2db4158af5e48b3dfcf4bd2bd61eab35172f125
|
|
SSDeep
|
384:cezGtQtNwBrEu9mnGaaenCfzAxBW8uqlCp5jScxFIP7:tGt4+1HWC2wqlCp5jSfP7
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kuLBm0R5-grtJK8w\KkXM-cBNoii_tDa0YyP\fXLlrMkF3y385T7R_VK\sMjYpjKhyZpf8TNaMG.gif.gusau (Dropped File)
|
|
Mime Type
|
image/gif
|
|
File Size
|
60.47 KB
|
|
MD5
|
d103aaf38ee1e28abb1dd2d9bab77785
|
|
SHA1
|
f8d7aeeef0f7c861068a104ce504d0f1a461f790
|
|
SHA256
|
0077be53bcc8df357ffac38c5e468564e3311b78ad5b7b1a2f45526522a26ac5
|
|
SSDeep
|
1536:CqfXILmd9FDq4jwLPks5dFgLkgwbcCw6rWXUsf+9:CUXIQ9Fq4jSbFqkvYBu9
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\kuLBm0R5-grtJK8w\KkXM-cBNoii_tDa0YyP\fXLlrMkF3y385T7R_VK\V6CUx4Z.png.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
46.98 KB
|
|
MD5
|
4cea05ee38e55a92f5b0914a74a29f09
|
|
SHA1
|
e50445a83f7862f6cf3baea3d53da98d4284c4ef
|
|
SHA256
|
6194bf07f1d9b738e812f06434e6c463b3f70630a9974ca9a96dc39bd0c382ef
|
|
SSDeep
|
768:N5e6yzTm7g5jzk6/flU+l1KK0SYJVD/RI3u6mHvp1MLgbpmpYV/QsLHZwWb8EKF1:NImQk6XYJp/Rv6mBGk0iV/FLHmgMFVX
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ynWwf7IE7\muLwtSyMNArdmekL\sVLD8M-oJOW\lZ73i.avi.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
81.53 KB
|
|
MD5
|
ae14424c1dee421114e51a726d66fff0
|
|
SHA1
|
445625cbbea107b0f81216ce6c33922d31950c37
|
|
SHA256
|
425b10bf50b550e16f39aed2153a3c138e4fefda9aedbbb43893c5517c92b859
|
|
SSDeep
|
1536:TCcyaBCG/IuPlWXePLoT2Y35+0J5A/CbhIDdTE8vYDjVFCkptikvSo:GUR/IIWRv+0LOkhIdTE8vY3Vtik5
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ynWwf7IE7\muLwtSyMNArdmekL\sVLD8M-oJOW\NDd8nvPiASazxx_Qnd.mp4.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
96.84 KB
|
|
MD5
|
323d91435a5e0c7ec5ef6b982302da2f
|
|
SHA1
|
7fde41ff1a3f6bbb5b334f4db231f72749422773
|
|
SHA256
|
16a1c0b1939b85d54680e6bc7bc05d9023540b2814f953e76d4ebf084ae48b94
|
|
SSDeep
|
3072:oqnGHfi42thowIppUsCtuuNIK/LJNrOTglbjFga6u:o7qZ/owITUsCtfIALPrbRia6u
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ynWwf7IE7\muLwtSyMNArdmekL\sVLD8M-oJOW\QV66E7hBIev3ByZZaaQi.flv.gusau (Dropped File)
|
|
Mime Type
|
video/x-flv
|
|
File Size
|
1.20 KB
|
|
MD5
|
6139f25857aee763e4a6930bfc56f0bb
|
|
SHA1
|
bd012c5848efadc54616db8d9173d673888c7e1b
|
|
SHA256
|
4fdd1bf85b56b56a10737d9487608c5c09afb62b902b886b4b6722f45ab2f6c2
|
|
SSDeep
|
24:8f85Z+mchRiCu97ay2igZ7zoAXHg6Qto8ruUJ//bdg2BWUFbD:Dum03u9O9i6fw5uUBDdg2rVD
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ynWwf7IE7\muLwtSyMNArdmekL\sVLD8M-oJOW\T0lSyaUX_nTdUnU89-7l.avi.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
34.45 KB
|
|
MD5
|
24b55abdcd3a4fb7c1be6d78f6cfa3b2
|
|
SHA1
|
c17b12d207a0c0655fb1386461428311def898b6
|
|
SHA256
|
e3b1a250ee2e61ac606eb0f39706ed39a6f814419631e4c056f539395805b877
|
|
SSDeep
|
768:w72vYUW7rAYb9mJxWAbGZPHt6eYh01ScOLrIASy:lYUW7rAE9vAbGZl1Ym1WLrIASy
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ynWwf7IE7\muLwtSyMNArdmekL\tKB6e7CXHXIzSLY\M9S6OcF7aYbMU.swf.gusau (Dropped File)
|
|
Mime Type
|
application/x-shockwave-flash
|
|
File Size
|
23.42 KB
|
|
MD5
|
1a80d06ee059f2a4396a60b5c1473d23
|
|
SHA1
|
a29eecac96039902ee8fff261be8285bd7115c81
|
|
SHA256
|
9efe574f36b224e5ad84a18523f90c217c96c325c808d1254b480ac854b0d094
|
|
SSDeep
|
384:40R3sPTHnjQcDPmmD5FxMC4ktT/nqDJmhywBs/YeE0XoVRt03bj:M7DTDPfpMDuvcmhyWs/tEMoVA3bj
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ynWwf7IE7\muLwtSyMNArdmekL\tKB6e7CXHXIzSLY\MKQEfW1 O9_GGct.avi.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
53.83 KB
|
|
MD5
|
667c914aed82cd97428d798c16d8d119
|
|
SHA1
|
3ec304b3ebe26e82fbbfc42b88731feb43f4897f
|
|
SHA256
|
b087b64d01612238442fa1e0a5dc21a9e29836311868a1d563043f5d8ee62dfd
|
|
SSDeep
|
1536:IthMcCHw9n+J96Os1n4QL+SP0x7cN4usrVcGpprgy:7w9n+DTSsx7cujB/0y
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ynWwf7IE7\muLwtSyMNArdmekL\tKB6e7CXHXIzSLY\xSTCc.avi.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
38.73 KB
|
|
MD5
|
2b86330229c3369abaa1a0f94a3aba3a
|
|
SHA1
|
b1e3272ce7b649fbefdab0c6666568b769fcf744
|
|
SHA256
|
4232aef697744fc6ef0ad913436e8e9c3c34612e96e8466941a4389335016d0a
|
|
SSDeep
|
768:CbYm4eYOM/YvCazEB1BE+j/UilDMvB9qrFVT9f8PTEiRk1:Ed4eySEBEWA9qrFVT98Trm1
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\au.msi.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
181.08 KB
|
|
MD5
|
19a1c7dddad67c09a6d11fdcd2f279e8
|
|
SHA1
|
b01474444b9f0bbef9831d40617f508d3653944b
|
|
SHA256
|
3b99eaa45ae6b7471361ee350ac06dc9c18e068f25922dd649ccf6ab1578e675
|
|
SSDeep
|
3072:kD3Ir3nLAsHEC7XU+0AxdiuUHd4IxjZioeWqXqGP:kO3nQs7/iuUHdtxPzqX3P
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ynWwf7IE7\muLwtSyMNArdmekL\sVLD8M-oJOW\xbwc4aSxlyVVrqHkiS\E31COVq.mkv.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
66.20 KB
|
|
MD5
|
bd76acb4c4508d22d90bca9afdb1167d
|
|
SHA1
|
e4a1c44bc02732db38fb571cc8fe00cf4b1e082e
|
|
SHA256
|
044cd24295f2f043d52ccc013d62cd8d65a9a410cf2fbc552ea0dd821962d064
|
|
SSDeep
|
1536:4pkP8QWayDDBi+aEL5YW39WBWnowHes9XNvGyR7r4aR9OYvDOziZ/C:mkPZmHBraEL5YW39tnowHesZ59OY7OWg
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ynWwf7IE7\muLwtSyMNArdmekL\sVLD8M-oJOW\xbwc4aSxlyVVrqHkiS\utbmN6bsL1s2QoyIy_N.mp4.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
38.64 KB
|
|
MD5
|
95a2eb07b05051b1c97f0c66aab913fe
|
|
SHA1
|
fc2dcf51f0b54de8d1b820957b2f22fd0ce7b418
|
|
SHA256
|
59e47c6b67f90e0749d2db282948968fa38c524d339dd5523508c9fdee9ac4d3
|
|
SSDeep
|
768:+XSrGrWX9w4UJeY+MnsZOXhL+j3XmDJfWeQtPu7dltCGB9:3rGrW7U0d32DQztW7dltCI
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ynWwf7IE7\muLwtSyMNArdmekL\tKB6e7CXHXIzSLY\4Ww3Dv\bjmnfbrNfGEXCMraZ.flv.gusau (Dropped File)
|
|
Mime Type
|
video/x-flv
|
|
File Size
|
55.08 KB
|
|
MD5
|
7ea2d90c438cd16a4272d3f8971a8294
|
|
SHA1
|
b3f415b0cb6d57595633f0ce7d10511c28623805
|
|
SHA256
|
3181bcbd0f3451afff0e3728a377ba65f44e7edfd99e33e19101f82adceb503f
|
|
SSDeep
|
1536:QI84kwxc6o5ws0TQQsrURGlan8LMly0BrJZJ:QIguses0TWrU8angM00BDJ
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ynWwf7IE7\muLwtSyMNArdmekL\tKB6e7CXHXIzSLY\4Ww3Dv\Djmg5Xg.flv.gusau (Dropped File)
|
|
Mime Type
|
video/x-flv
|
|
File Size
|
14.05 KB
|
|
MD5
|
7b4f70d472fe1773cc9ebbd68fa7b920
|
|
SHA1
|
2b413d764779a6b9ffced45e4edc755c3a51dcd1
|
|
SHA256
|
4b71dd54e441f302418fe30ac8714f2bf536920a3711e07faee5cfd36791d5d8
|
|
SSDeep
|
384:O9IIDz0UXO40rzzjLJsT0JS4BVpYpeYQ2SxqFAN1fK:AZcTJDI6QFAN1fK
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ynWwf7IE7\muLwtSyMNArdmekL\tKB6e7CXHXIzSLY\4Ww3Dv\pW-HWPux0H.flv.gusau (Dropped File)
|
|
Mime Type
|
video/x-flv
|
|
File Size
|
26.67 KB
|
|
MD5
|
6d35e444112fc476ceaddb26db9ce62b
|
|
SHA1
|
195a07648886a771ee421b601e248b5eb3a837fc
|
|
SHA256
|
45ce6fa4dcbcfa94303215b3a61d426e150ab70b248dc9b5858415815f050bdf
|
|
SSDeep
|
384:5y4IfTmY5em2ap0BN4hGuu3rN6mq4ha2JuWtFyEMFzXIph3jZ6VQN:w4CT5emgN4gjrN6mm0kE8crZ62N
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ynWwf7IE7\muLwtSyMNArdmekL\tKB6e7CXHXIzSLY\4Ww3Dv\UMlO p8XR.mp4.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
62.88 KB
|
|
MD5
|
0dac0c8927bc8b34b32900295b3462a0
|
|
SHA1
|
84c5bcee2d2f96606160a4a5752fc4df81147ea1
|
|
SHA256
|
0ac4717b95599a818c47c352591f7bd90e8fb4a5bc07e7a78d09961fbd61c47a
|
|
SSDeep
|
1536:/Dqjf+dmYPREAgMNEu2xZYOOjH+ZNGAnX7Re:/DkMmH1PxZJZNGGXE
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\36USA68T\imagesrv.adition[1].xml.gusau (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\3O75JDME\www.google[1].xml (Modified File)
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\3O75JDME\www.google[1].xml.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
91 bytes
|
|
MD5
|
444000394facc34bbaa1a5ac11a3fcea
|
|
SHA1
|
ea4583d8355bf44fbb8cd2743b75020dc149e5e5
|
|
SHA256
|
c78e87667b24f89aad054189658d2c7db55622652bc1220c98d40230ea62873d
|
|
SSDeep
|
3:D68PifPDNWRUqAksncIFiRHIgHaRT:enHBWUFcii96Z
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\VGMTOI09\www.msn[1].xml.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
914 bytes
|
|
MD5
|
48097f2721fc572c525792c44b0ac368
|
|
SHA1
|
4b1e1e4ba61ddfb06274b542252e48232fe195e7
|
|
SHA256
|
8f8fa2abb3cff86dbdb142ebfe7c9f8bd9ad2753ff435e47abb71a45e03e50cd
|
|
SSDeep
|
24:y8XbEcmtT0AeAu1Q8FkFvQ9VNGntDEvorgjNI2coyEWUpVBBWUFbD:LEcgo9Au28FPotgvw+RcbaVBrVD
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ynWwf7IE7\muLwtSyMNArdmekL\tKB6e7CXHXIzSLY\4Ww3Dv\6xgwVggB1\3-Nhyh1JijVqK571B0JU\I0IPALQTs_bmOEuFUuOl.avi.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
40.95 KB
|
|
MD5
|
61fc58d224e8ffac42e3c5fd7bbc824b
|
|
SHA1
|
b752d8e2f63de0ed1b09e525a3c7685f9b9d054a
|
|
SHA256
|
cbeb8c19aa43f3c8e890eac1f0e942de63f6e06c4af6bce8433468c199f6c356
|
|
SSDeep
|
768:9MfUklxpREfaJFwkxmVWnbZNiRSaDtTfXCL3v37wuDahWNOmlY2jA99xm:OPvEfa7wBV/RSapf0fPDROmW9xm
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ynWwf7IE7\muLwtSyMNArdmekL\tKB6e7CXHXIzSLY\4Ww3Dv\6xgwVggB1\3-Nhyh1JijVqK571B0JU\Imq8H_txUYezfovf910P.avi.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
13.32 KB
|
|
MD5
|
96788c23532863dbdd9230455f93a36e
|
|
SHA1
|
dc6b06889c95fc2e1fcc4ad7119ffd46b34563b8
|
|
SHA256
|
f97fbaeda2d1b8f1408ebcf415e97c677a1118ba81a1e7076a9cabcc67a72d84
|
|
SSDeep
|
384:jihlhMLUMFcDAzvS/IdJxMixpqzonofv1JVr:j8lhMLUgvSADLaUYv3Vr
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ynWwf7IE7\muLwtSyMNArdmekL\tKB6e7CXHXIzSLY\4Ww3Dv\6xgwVggB1\3-Nhyh1JijVqK571B0JU\PSRUTQvyeJCY.mp4.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
87.09 KB
|
|
MD5
|
12bbf06134224a228cc43e5b1db52d6a
|
|
SHA1
|
e0d35bbbb1f1c6fb67dca1e2b12d921f5de3b620
|
|
SHA256
|
4a605137db0f3504cfb9d5606d3888569a4547cb77def577a61cc2fe41c220fd
|
|
SSDeep
|
1536:DeVNy3ODnsb2kWZEqSbeojuDrfG+//ohYiZaiWnGwo4Ivy+83QQH9M/rL9:DeKODnsbTEsiojuDD7/wC0av9oZvy7PW
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
32.00 KB
|
|
MD5
|
74d69403f4a938faa28298c110bc71c3
|
|
SHA1
|
c016f27979d48a90bb341ccf7ffef41a3955f4d5
|
|
SHA256
|
8b9d3a6a22778e368c9e81397e2b1af64b9739f7ade535966708f34bcf6eada9
|
|
SSDeep
|
48:qMhaLouhzppiksLSLWFM+AWi3QTGnbYbQWy58V4l9:qO7appiksLSLaH0QCnMbQ5ll9
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
256.00 KB
|
|
MD5
|
6852149628dae385c68c7a9db7028560
|
|
SHA1
|
c6e02c929ec99f984b04876816024c3a39b88ccb
|
|
SHA256
|
53ae38a5bdbd72f76bf578f6c36e0b54a994003f535dbc1b469c12f3a169e3a4
|
|
SSDeep
|
384:p8JEJH45Y0z6hKO59HqXRIhHPQ3NGjt3hAJnNH0kHf9QV9wRULzArvCCjgnF5TRy:pTHcEt8jdjFQg2cEbcaaoQARz40LG
|
|
Also Known As
|
c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\temporary internet files\content.ie5\x9ohk109\get[1].php (Downloaded File)
|
|
Mime Type
|
text/plain
|
|
File Size
|
103 bytes
|
|
MD5
|
2de91b6400ae2adcbf96b3c56b69afae
|
|
SHA1
|
4311a6972fb13173212ae0125ad283970b91c43f
|
|
SHA256
|
4eb5327e8d2d781d323da8c6214f389d54bae4e801a232acb48304cf3384814a
|
|
SSDeep
|
3:YJMLAAul/qx/To0k/qtojjJCH9PMifPDNWRUqA4:YIc/qJs0k/qtoEdfHBWUG
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\chucu jadnvk.contact.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
1.23 KB
|
|
MD5
|
a4f2240312dffe64969d33bab9911ade
|
|
SHA1
|
d22cd2c755527ffb06b5d6c7d53b9aa7616d497c
|
|
SHA256
|
e50f2f8cc674851b3762c16029a1405d565947b99eeebee1166e1377fbe0f22b
|
|
SSDeep
|
24:o05c4cK4FXOKOpTxZK5FH5M2UajIXEEO2ZUtwfFz3fVqMg57DbQ/BWUFbD:o05c4yFXOpLK5PMziIUEO2ZUOlshdDbM
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\sikvnb huvuib.contact.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
1.22 KB
|
|
MD5
|
638e00c8b5989e0fe39659f4b39d740f
|
|
SHA1
|
209231a38b2599b05e637c6622c1dbc6d661a1e9
|
|
SHA256
|
84cf0e4d40b23cce1e6159e8e8023df48443cf73152c441aeb76852d7a824aa7
|
|
SSDeep
|
24:o05c4cK4FXOKOpTxZKGM6kFUajIYlW2H7EeLd8dC9L0isjA3neBycABWUFbD:o05c4yFXOpLKtuiIYA2H4c/9L0i53eyH
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\dSfwXCkwSPKl-.avi.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
63.53 KB
|
|
MD5
|
8ce2554eae66b3d8c0aaa48518a48538
|
|
SHA1
|
54e961b248228cadfe217469553de077cbc41e8e
|
|
SHA256
|
c858c42bde1c020234d4f9bb9615ca71ac7e7ded312b1903be7450c8ea87ae39
|
|
SSDeep
|
1536:eZQghe0n1xYL0jbiKLUW4xgEC8o8eKAgmHf2lBbV1s2VYKV:eZ5hx1u2iKz4Q8o89AHfsD1soV
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\frVUZwt9PcEpwFw.jpg.gusau (Dropped File)
|
|
Mime Type
|
image/jpeg
|
|
File Size
|
79.22 KB
|
|
MD5
|
afad99c97e39a62f36ae9aa4952f3633
|
|
SHA1
|
17f7e5122cfd8a5446acab1f3b4f4eef69d9132e
|
|
SHA256
|
3592f2f609d022689b7de48b9a814cbfe6683731d035a568f05574730d73f37d
|
|
SSDeep
|
1536:oZA/Nxy9kzYosyYh5s5X/GYRLp9NbuZLXNqnvUBuPi:oW/Nxy9OppYsNNPbuZpy8kPi
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Gp40F.mp3.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
51.10 KB
|
|
MD5
|
31cf6ce5b4d0c5d5c40a7fc1f6a30219
|
|
SHA1
|
f8e7058e687a58b1dee7dec320e6fb7de79e0d20
|
|
SHA256
|
406cad1ac8f1d5b6dcc2e56254bf80513ec28732b5df5dbc1c7613a4f2a113e9
|
|
SSDeep
|
768:wCxYhmXGTNL4xeavYFMzz1tFvjWq9JU7neCNza7qOz6IIgSCciiql4uWsr+wCda5:w9hdTNDavYWzEy69Nz6uIIbreJFCAXr
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\IcgE7 x.mp3.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
43.15 KB
|
|
MD5
|
f902ab0896d787e05820ae05dbdfcb56
|
|
SHA1
|
cb09a7fa52c4b211a10449c2d3226eee0d0a4213
|
|
SHA256
|
95765a5a77c7d8555b607f0fc9b8bcd0accf8dd92d54bc5317db196d213b04e8
|
|
SSDeep
|
768:NkH0/CLAm/yDMUEdl+jkp6/fsZRS1r2DkwIDnYWDSLhPh74ccVkzBp5I8dJYakJ:T81rPdKZ/0Zc14MDnYWIhPh7NKArRJYH
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\K0eRKbFqwJi63h.flv.gusau (Dropped File)
|
|
Mime Type
|
video/x-flv
|
|
File Size
|
81.85 KB
|
|
MD5
|
5ac27eb584aff7fe3db500bb528ca020
|
|
SHA1
|
435a277809fe444481d9455916537096fd7e120c
|
|
SHA256
|
be992c55f474086d876b22769add5358e09a1f498624971c9cc1b81595c09904
|
|
SSDeep
|
1536:qojFjUbBnV4xoX5W6ZDt+LbFajOklcnfD78YVkiBHruYpIKkQCF3npUcIpZ:qYjSBJ5W6D8vsjIfvoiBLuEi6cIH
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\vDgHCp4Eu83i9SpY9-10.m4a.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
67.50 KB
|
|
MD5
|
f03f35c98194f1ecb9591fc93173b996
|
|
SHA1
|
15fcd573cfc3638aa14c18fa88fa36b759a5bcca
|
|
SHA256
|
55790fb0323c283ea44c94d1d8a2c72b14c8ae7105206268b6038f2646d08798
|
|
SSDeep
|
1536:U6SxGaUXPOSK8erqBgw5cxIDBggQYC/hLDRnhum8WYMacJrgX71KKJ:SED/ePw8IDByYC/hLTuN7cJMX7tJ
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\4Q Yden1pX.xls.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
88.31 KB
|
|
MD5
|
98f23245af09f84a41a90c964b8fef9d
|
|
SHA1
|
099db1f27fb89a06dcd909ae47fb7fadb86b0557
|
|
SHA256
|
f43b8728f0d57a5d78fef3967305cce728e985dee4d1ef3dce0af55b52cda79f
|
|
SSDeep
|
1536:qdCoZcGpZClZE35BRBiHXOh676VGbpXXy9mdPmdtdiBw8QN1pih0MkM4O6TEjjhi:ifZcGDClm35BRc3Oh6ZnYcmIK86pttVd
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\8OcrQfqf9.xlsx.gusau (Dropped File)
|
|
Mime Type
|
application/zip
|
|
File Size
|
39.59 KB
|
|
MD5
|
f9317fcb24ce9203b96b1d9c9156f7a9
|
|
SHA1
|
a3dd5bc48b47ad74024bcd1762b22ea4e0f1ba06
|
|
SHA256
|
e887613fbacfbd770c5f08d25b9ff063ef8e2f71c5d02dbb8db64e96db5496ce
|
|
SSDeep
|
768:AfKVwb0lkMBUhD0+RJpKLcE744j8lsXCajgB6/H8pGmiLDg7NAWIysfN:AiWGBUhQ+JqfzgiXv8ScpGTDjWIJN
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\jLUC 3.docx.gusau (Dropped File)
|
|
Mime Type
|
application/zip
|
|
File Size
|
93.59 KB
|
|
MD5
|
50c5cf41eb883d1f1de922b1a17e45a8
|
|
SHA1
|
443378e45da67e003d5813e9152aad21b88c3e4e
|
|
SHA256
|
036ad5c817ab8207c429118387dcf2a0a7c3c991129fd7a30ad9607d1f7f4b5b
|
|
SSDeep
|
1536:VsPX70+4qBfLFxtYjklJN57/Qp+OF6EHDwwGAvGqch5EfjIu5+ik4:Vsf70+lfLFvYj0HSpbVwXr5Tu5+p4
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mMGsDdpRxCcIwjb.pptx.gusau (Dropped File)
|
|
Mime Type
|
application/zip
|
|
File Size
|
60.73 KB
|
|
MD5
|
bbaff1270738b877a1da94cd0b22ad30
|
|
SHA1
|
17389f6c269f14ff0b6ac0e75681b667bd42d31d
|
|
SHA256
|
ec2807dab81ced4c76f9514c7dc34336ed8350fbe36bc2241cb6f025dbd6582c
|
|
SSDeep
|
1536:uzvF2ts8ZtgjU9+rlj3HTkOTXWpLx/b8I5u066:uz+s8zZsnkOzILxT8su0r
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mXYQzNZWY3_pbSh7dVoS.xlsx.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
13.88 KB
|
|
MD5
|
6984761224351b25386b89ce23ac12f3
|
|
SHA1
|
f59810503b0f78d1e95095aa19ca10bd80ea3dd5
|
|
SHA256
|
30f25b17b125e7974560406454d7810ac465108131cc733514c0a3c64bd81fb2
|
|
SSDeep
|
384:HZTu5/WafBnmSwfOLuJZMqNrlAKc1k/T7E:HZTu5e0KOUuqNrqTk/vE
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\rOeN9J2zJO_02nt1ly.docx.gusau (Dropped File)
|
|
Mime Type
|
application/zip
|
|
File Size
|
53.57 KB
|
|
MD5
|
bf8ebbd080872049da770f1d4b79a50a
|
|
SHA1
|
c704b8ed9cc91851665ad314151dba2d89ffd42b
|
|
SHA256
|
cf83281cbb48ff35e468edb28ebe4221c8c7e60dbcc95236d40de5fbf18cbf93
|
|
SSDeep
|
1536:IX1fuhytQ8gRxjmTzUpYgXQFm+oVoFzY1UP:61fuh9vf6F5eAYeP
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\tJLm4JiczASJ_8Z0U3i.ots.gusau (Dropped File)
|
|
Mime Type
|
application/zip
|
|
File Size
|
95.11 KB
|
|
MD5
|
da0c92ebd7427870da8fa2d0092a1420
|
|
SHA1
|
e7453e38d4584936ef8efb9398dae1117ebb2f5c
|
|
SHA256
|
7b29962371296423dd69eb5cb6df9639cbab23ec31cbe8e4d2816a6a1ef208a2
|
|
SSDeep
|
1536:VG2vwEhjpxmPcxQQInyoqkwvrJQaxkHq/Q+KUU0Gt6fYLLDJOMZPQ5gqEiW1D1Ng:Y2vwIjpIn9qJzJQaiHXeYeY7HZP2XW1M
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\VJH-kfHp7SFpre94.pptx.gusau (Dropped File)
|
|
Mime Type
|
application/zip
|
|
File Size
|
24.62 KB
|
|
MD5
|
7bc740bc67e016636035c3be69d86e72
|
|
SHA1
|
dfeae244d43e6a69dec393b54169dcd9837f99e5
|
|
SHA256
|
db17dc75f3701612fb5cb6d126c7100a8bd56212c91612282298ed0cc2b66199
|
|
SSDeep
|
768:He2fqBACB8wXf3a6ubYBAPoQx+mcjEPci:+sW/Xfq7bVPvcoB
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\wZOz3j2ll6HfOuxlg93b.docx.gusau (Dropped File)
|
|
Mime Type
|
application/zip
|
|
File Size
|
24.37 KB
|
|
MD5
|
17a02743c5a3b4930028d1136276b18d
|
|
SHA1
|
69e4786641caf3ed2ee5d9fe0a282f2fce0388ee
|
|
SHA256
|
3eaf9f537fc78298d0aeaab21ef79c4c7173c4aa71a8b7c2fa1e09000d7cc87a
|
|
SSDeep
|
384:zE/bDNJe9XRepSei0oq4VH4YZOyBeTsjf7PeoJclblSx4TV3D0vJQm4yUZbRTdeF:A/lJESUd5DuWORUx4JeJJeHJeUkb
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\x7bIgakKt.docx.gusau (Dropped File)
|
|
Mime Type
|
application/zip
|
|
File Size
|
26.83 KB
|
|
MD5
|
310328d2eb57aa4b79dd94e4a87f34b4
|
|
SHA1
|
c1fbd5015f0aaf5cdc550e26c0fed53952f50339
|
|
SHA256
|
63831daf7c40e6295aba324e3be9c949d387960718b3e47c6742dd26b7879988
|
|
SSDeep
|
768:P06aWvIzUBDOIQgxT6O8JtxZKbFA6NnQ05Vcc+p:c6dIQ0XG+/KC6G0XB+p
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\yB0OOX Rk5q.pptx.gusau (Dropped File)
|
|
Mime Type
|
application/zip
|
|
File Size
|
40.78 KB
|
|
MD5
|
7fad12967f2b27c7bc121b40e22ae8a5
|
|
SHA1
|
5eeff5b2b9b91d9d6112394053af54ee725166ae
|
|
SHA256
|
ff1222504b57744d3372a4875a74e6235d6640475aa8e49b16feaa63eb4b54b5
|
|
SSDeep
|
768:aJZcYj5aSOCnW8V1DzSIS4DGfk3ycFb0c4FvQC02+druvRHlo82TWscbL:QZljBOp8bDzZSwGAmfam+5yRHAis+L
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Music\1tk99aXbfw9RlvqZV.mp3.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
13.27 KB
|
|
MD5
|
6935172483f346e39b65ef3625418f91
|
|
SHA1
|
7868c780a884c511adcfe0d4fa908032f3fc2e55
|
|
SHA256
|
9e7c1756812ad1b5fca8df89299828e962960d339849f684a3368b82b5ddbbb7
|
|
SSDeep
|
384:gROrwLFSi8zoq4TaCd5pCjsnpfVwC9+Qz/o0Ng9c:gROr+FUcTaCAjQVM0+q
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Music\FC0AY.wav.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
48.42 KB
|
|
MD5
|
469e2bbaec4795a42e54ed73163fafcc
|
|
SHA1
|
e105cb1459ab48f3b2c8b2678dda3203278f479d
|
|
SHA256
|
4b80ea7989901de8ad3990a79db08ab6b87571fb0340ae44a8724f68aa960842
|
|
SSDeep
|
1536:hAFOSOHZ5meiFWMoZSiWqfgjKmQbKuvMVk6Xr1GN:hA0n5maMhi54jKm6fii
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Music\FiSO1uvHs5.wav.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
7.61 KB
|
|
MD5
|
28f9d1b10d4052cce249430338091f0d
|
|
SHA1
|
d0901fe3477d0e814649ad39401c1121b0802221
|
|
SHA256
|
972209a9fa7d6e421bbc5c5b78b8e05c3c7bfbeb4daff7687fb7ef40826513ba
|
|
SSDeep
|
192:Wa3ecpfilDsQQuZFwTxI+tmEvTEQUPrZQgdAhGGneLroni:j7JuZFSI2rTEjjZQgdAYdoi
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Music\g9mcoi9dYhMEy.m4a.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
71.97 KB
|
|
MD5
|
d236fedf89d7326cc447627894f2866e
|
|
SHA1
|
48a19811e75673367cd4be35270f7ed638be9db9
|
|
SHA256
|
7cbe3b1c48f9b158a50a7c6aa64ebc1e59e00d143e9bd813cca83d264b67df6f
|
|
SSDeep
|
1536:StFeavnbrlSu+eHcyPbG/D4AutP5zReFHk0gS2Rby64b9S+bRI:uFeenQu+eHcyzsvutRzR6Hk0J2dy6U9m
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Music\H99vbmXS7JVu8GvPT.mp3.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
78.42 KB
|
|
MD5
|
4745f8f1eac99a42cb569371e20c0260
|
|
SHA1
|
be9fa1ad8aac997e4d9678a5389d5a359cad51c7
|
|
SHA256
|
619124114a4ff5bbdd54ae6476157120a7543fd9e0a578cf6d9c612692781416
|
|
SSDeep
|
1536:ip6p/pO/vNF11ZkT8++7F/nyyGHRCjsxK1aNb1mCAVlKp2:ipcO/v311ZkT8TF/nZAxbBAVl
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Music\hf0MR7KC2v0S0EFbF.mp3.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
59.98 KB
|
|
MD5
|
67b8a6de6a3b571f2565de2f627e811a
|
|
SHA1
|
8c08763cd9454fa4c490906ded070576d55301e8
|
|
SHA256
|
0fdd449755fee89fd8034e30b26ee541d9dc10807725436df0b687926e117c29
|
|
SSDeep
|
1536:9mRv69ZQEKUIiTETnl18ka6SqSfwkyrl4DCPbN6jOl:coQZOEk6SqkyrKC7l
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Music\j nRVt1oLEKKj.m4a.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
60.31 KB
|
|
MD5
|
488b336d1400aea90262571d5c42b92e
|
|
SHA1
|
74ca58901a65f8ea321f3a9e53d09752c0bbc531
|
|
SHA256
|
2777049f481b44a9742cf496dcb5ba2e364da98e6edd006e623c34598aeafd1c
|
|
SSDeep
|
1536:qbmAie4+07x8eqwTt5WIMMcRam6SVcdeCZfuhoziMMF5D7bUn:rlp5F8Ap5WxMcg6cdBOF5D7gn
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Music\nh7G7MoNq.wav.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
32.18 KB
|
|
MD5
|
f015cf4294c06c81124a1c4bcb8e755f
|
|
SHA1
|
3cfc58c5b17b823e8c2e2c46f2f9868d92c12860
|
|
SHA256
|
7c3d5a6b8c7e310e56abbe004696e0e7b2b2757c683cb4b112d5d0c62291a66f
|
|
SSDeep
|
768:+3lihIN60yowNddfpZoIczaW8ZHNK+UE/6QvtqWKmTXPfCI5P:uYIN6TJDfHoIczaW8ZtK+/6+emTH1P
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Music\PBGnAJbjKeNYoVmuXsp.wav.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
41.86 KB
|
|
MD5
|
0e92c096ddf9efcdd4ade529bcfd28b6
|
|
SHA1
|
d22fb9aed26ad1f06b14d63b5fe27bd790532a4f
|
|
SHA256
|
41d59b9687eabbdc5f7528e1b2b96e87ca34d2885916cd227e374e5969e38b05
|
|
SSDeep
|
768:Si/1SA2iq3Y5XH5AVCqB2YbsJ5qfoqusEXYx+PDHhJLLJ4URlpvcZ:J/ei2Yh2CqB2gm5qfgXa+1lLOURHcZ
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Music\SIP IIj4TyP2E.mp3.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
77.70 KB
|
|
MD5
|
3f4b8544b5c18a5fd102849b1b73e3dc
|
|
SHA1
|
dc7c6ba776f164cd6d79b6ba362b04978f357bae
|
|
SHA256
|
1e610c7cc21efba0a74b9e2b6fc34b800dfa61d4a6cf005619e22c4f1339df50
|
|
SSDeep
|
1536:ILzZSpN8GoIZVgGZFzc32RwfuQJfAnuzNJBj3qAOxlhdyXv1HIhh:IvZJGocXZSJJLBDqAcdyX9ohh
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Music\th0xZ3rZW1yj.m4a.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
36.19 KB
|
|
MD5
|
aff9c8e4ed26d6ef29bb3d5fcbf7e609
|
|
SHA1
|
0ccc4a1816fa93a97f7dfdf4a3733bda1c6c2dae
|
|
SHA256
|
eb6d814e5a1f462523f03e8807cafc1215cc3cbbe89122ae50d4822bf348ef07
|
|
SSDeep
|
768:/sgkgeCQQFmlzBYwT3EGY2G8A3zsLyQYu2ZR1UHq+4gzDGWU6p55s:dVQQcnxrVEza2qK8zKn6p55s
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Music\WqT6i1.m4a.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
44.00 KB
|
|
MD5
|
c54fcf8049a8db5eb8332dfdd24b17b1
|
|
SHA1
|
219736a514943b7996674272ce037d30555a5866
|
|
SHA256
|
9a8c831a4b9aa75f86605c66eae951dd3833030168272fbb128587cd2faae664
|
|
SSDeep
|
768:zK1lj2mNPPC/IGgKzaaTSW5gvQdxl2DphQp5mR9BqbyL/wb6Lkz:zK13P1G/7j2Qdx0kt6Lkz
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Music\ZBi4Ka.wav.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
46.05 KB
|
|
MD5
|
c36c8333b34ae52d3f1cd6eacf4390d6
|
|
SHA1
|
cc1e1a0e17fd34d5dbd1926049031c4bf6973396
|
|
SHA256
|
6185c2b1557b6d8303eced431398bcb84773812721b2627748fe4b15697c3fe6
|
|
SSDeep
|
768:FejjZqjtOlv+Cux4CQY1RalxVmFmST3r60euQ6k6i1pZQmvhlhkAu2WGKcZ7eb:U6tOlv+b44ejVmxT3r6xuQz6AVvhvkAy
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Mv1WVGRvzH\ceQR-g1K.flv.gusau (Dropped File)
|
|
Mime Type
|
video/x-flv
|
|
File Size
|
88.71 KB
|
|
MD5
|
46f4e9b486e79c9aa57c47551cdd9504
|
|
SHA1
|
3b8c038fff34f118348b3cb1bc54d0d1e69c4501
|
|
SHA256
|
cd7cd9ca2231c85d61ecb94ea7d7afa9da7a46b813561d8fe1c5d125811cd7c8
|
|
SSDeep
|
1536:jK3PHg5lEci/WS6qt5o0fppLKfvOBhu1qfqp8eMeTMcBfV0ezPImmRUf5rxc:jK3PgnEcibPxppLG8I4qHlfVzImmS5rm
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Mv1WVGRvzH\hjjmc6wvdBzNble_jQ.m4a.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
62.39 KB
|
|
MD5
|
e63a70e8d7d3dd0601b381680544a169
|
|
SHA1
|
b8ad799a33cd29a1cf2f84935560a968372bea92
|
|
SHA256
|
f5db28b1c74b29ec3efa6c2d6b52ddf520cd92508ab6ac24cbdbc0ec07b198d7
|
|
SSDeep
|
1536:EAyS9xVr3GnL5iYj0K0GMZXPjhiQZrM6EPCk:EAyS9xVDsbg0MZXPjhiewjD
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Mv1WVGRvzH\IqxOJCjnMrxHR71kHDep.mp3.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
42.46 KB
|
|
MD5
|
9a7e9ddcd341f20b8688826750262f3a
|
|
SHA1
|
47b024f494ec57868f4d3b7dfdabd54e1ed0f3ae
|
|
SHA256
|
89009a736cdf91cf09cfe489a74d70341ee0bc5b71ea54732994fac9eeb823c2
|
|
SSDeep
|
768:zq2lBy9PfTYE9SAHtO2CTcnruGkZrzhU2qs6R:zq2bgfTdZ42CTIruGH2Pu
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Mv1WVGRvzH\KMX9gyhiVByA4.mp4.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
45.80 KB
|
|
MD5
|
5576e1ae103d240faf5dd77ed05a3269
|
|
SHA1
|
90168a2eee8d9a7599a4a7e852ed43de9702db23
|
|
SHA256
|
62a0d39741fb06024a83d2f225c8405bb8232735595a1bfa6ebd6a7c6dabf09f
|
|
SSDeep
|
768:93yeFqtPttNQLtbILJEO2K9eDp5GskRKUaMWNh3Yu7H1X0aaKZbnhfhDy:zFettNuILJE+9GkJzWNhT7VX0mhJDy
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Mv1WVGRvzH\rX Jr.png.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
75.53 KB
|
|
MD5
|
61c01eec0e5db1c14dd6eda01ce06714
|
|
SHA1
|
6d4bd0f4cd1630eada815b8b5d995fc516945c1e
|
|
SHA256
|
7306371a3d65b047d019bf70c04461ef96ec415dd5049e604c195c844c718be0
|
|
SSDeep
|
1536:/+teyfsbYkgjiq/SihY6hm36q523+0SIoMmD2boST+gMful9ZFYWf26:yemlkgj66hgnZdIFq2Dqmv926
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\gck8eKrR\mdkvH5k.csv.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
80.15 KB
|
|
MD5
|
23df2525ee01a6b66c15c548dd9383b1
|
|
SHA1
|
681c42d1e0efd0aa4ff4857e2c13d71d4f231d21
|
|
SHA256
|
7a27759e84e81bd7237c3387d75ee6053978aa8946c8e60609acd0c7119d1e2e
|
|
SSDeep
|
1536:QAvkMAzqx5EtNIztYL3ycnZDa3UWYlADzJxPR9y++MbYqSERW+EWFe40:Q3MAGxGAYTu3fYlUMqYqeKn0
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Home.url.gusau (Dropped File)
|
|
Mime Type
|
text/x-url
|
|
File Size
|
211 bytes
|
|
MD5
|
06ee4581aead49a3d1ebf4871adf8e5c
|
|
SHA1
|
e005c6cffd2a3722ba596fd2bf95c3b4dae39e81
|
|
SHA256
|
ca3b8567aa1022234c2e54818872825e9d49d15d5b32e1cd7aa474fc929212af
|
|
SSDeep
|
6:JH8/EvTNzL1ycfL0WYQuZAIUKSHBWUFcii96Z:5T985QTI70BWUFcii9a
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft Store.url.gusau (Dropped File)
|
|
Mime Type
|
text/x-url
|
|
File Size
|
212 bytes
|
|
MD5
|
c207e3ec6b4bdea860edffc4abdb60b3
|
|
SHA1
|
056e9a79eafc7dbcbbbe6c997a8daf17ae79efc2
|
|
SHA256
|
44165ea6eb6ab4765e9699b6ec8dc5510e9bfb9afa91b63496970adbec341b5c
|
|
SSDeep
|
6:JH8/EvTNzL1ycfL0WYQuZArAyx+HBWUFcii96Z:5T985QTNyBWUFcii9a
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Autos.url.gusau (Dropped File)
|
|
Mime Type
|
text/x-url
|
|
File Size
|
211 bytes
|
|
MD5
|
3d47626403547dcddc960abfda9a63e6
|
|
SHA1
|
4a3abc361554320ca64f810eeb0e1afbc2051d41
|
|
SHA256
|
153261d7f361fa3bb22dfb1646176a86c1f708a98b303e630f8c6bea1e1b3c4f
|
|
SSDeep
|
6:JH8/EvTNzL1ycfL0WYQuZARTKSHBWUFcii96Z:5T985QTw0BWUFcii9a
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Entertainment.url.gusau (Dropped File)
|
|
Mime Type
|
text/x-url
|
|
File Size
|
211 bytes
|
|
MD5
|
0c84634d0a75d998c620f63a51624d4f
|
|
SHA1
|
5ff825c9805e7555c0a08f757882edaa5db57504
|
|
SHA256
|
af03765eede373201c6759d127cf79882c1afd426331cf0ec1aa67c304d716b4
|
|
SSDeep
|
6:JH8/EvTNzL1ycfL0WYQuZAxCXKSHBWUFcii96Z:5T985QTxN0BWUFcii9a
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Sports.url.gusau (Dropped File)
|
|
Mime Type
|
text/x-url
|
|
File Size
|
211 bytes
|
|
MD5
|
3fd00efb503cbfcd3e48134818e1f434
|
|
SHA1
|
ce16665325dc96181f7a3923b28b3ccdd941dd1e
|
|
SHA256
|
a276591bd04c799898b11bf6b3858d0a83ff0c7faa667fed2607f6892e2d7ef5
|
|
SSDeep
|
6:JH8/EvTNzL1ycfL0WYQuZAx5xKSHBWUFcii96Z:5T985QTxG0BWUFcii9a
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN.url.gusau (Dropped File)
|
|
Mime Type
|
text/x-url
|
|
File Size
|
211 bytes
|
|
MD5
|
dd1a52295916352e44672f44ac562ac6
|
|
SHA1
|
f6e7a17bab83e09cca50ab760481b9d5c35a2a2a
|
|
SHA256
|
accf2be7a97d5567b9bac2e5d009e8f6ac5e9321898d85f4bbfe0e4b87742437
|
|
SSDeep
|
6:JH8/EvTNzL1ycfL0WYQuZAQz1FKSHBWUFcii96Z:5T985QTQhA0BWUFcii9a
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Mail.url.gusau (Dropped File)
|
|
Mime Type
|
text/x-url
|
|
File Size
|
211 bytes
|
|
MD5
|
eb2f56320cd5511a886a6a2e20d8ee93
|
|
SHA1
|
667f9a4b469a69aae7786474bc45e819f89f6d76
|
|
SHA256
|
4ff7fa59e2ed417e7ba210b9f491d776d53ff8af50b4f45485a0f538198d592b
|
|
SSDeep
|
6:JH8/EvTNzL1ycfL0WYQuZAxPKSHBWUFcii96Z:5T985QTxi0BWUFcii9a
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\ZTE-\_1-Z0l.gif.gusau (Dropped File)
|
|
Mime Type
|
image/gif
|
|
File Size
|
22.08 KB
|
|
MD5
|
06fbe2d392c970f86c785fec8d7bde54
|
|
SHA1
|
06fb8896ce644a4a4a50fa817d70366802781688
|
|
SHA256
|
e09f10ae937178b25fef0fa2d408cd19bc1533a941c3c5e82f9550be81a6c56b
|
|
SSDeep
|
384:76d0hSRLo72ogIdUq7bRDEhnB2Heg/DJkNsd0vJfxCy/z2gd:zhkurdjftkB2HZOrxCvW
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ynWwf7IE7\8Vj kyoaTN1vy L0-Vsr.mp4.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
2.28 KB
|
|
MD5
|
de5972c755ddd1c4fbbe1cd8b5ebfd45
|
|
SHA1
|
a9694f7b1280adb0e71edc6c42dde9ed0452833b
|
|
SHA256
|
3c68da4a21bebff0ed2d2b4d401e92441910f027fe2ccaa51f16a5ac737f3524
|
|
SSDeep
|
48:chYMMP5tAdHFqQ4v44GbJ+Hhj7h7NOaYspUsUvC76SMY82Ut1rVD:ca9tAdwQ4PgUl7VN3YccwVm9tP
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ynWwf7IE7\9zW0DyjAU1Nrc.mkv.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
78.19 KB
|
|
MD5
|
19bda09d6c51216731c178489e2bd60a
|
|
SHA1
|
b2b9c13e770e22f5886ea68453af147243c8b74c
|
|
SHA256
|
e77d4cc1f648b82d62b478ab380a1606d0efb9ddb1c79ad8e7a7bc207ce3eee6
|
|
SSDeep
|
1536:3yeiV0YQmae7j2kLv9uA4pUIlSMInDRcrbBXJONYd8uzfEXtvhUp:3yNV0xmamLv9uhpTlDIDIb0Q8uDEdap
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ynWwf7IE7\fXPAxGgq.avi.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
70.70 KB
|
|
MD5
|
19172301dbfbac662f3cc1730bc693fe
|
|
SHA1
|
9fcf937bcc9b0d14e06f721a0ccda72fb935f252
|
|
SHA256
|
de03b90db94923105affbd24f2285aa4f28729df931277f96af6e3c388448900
|
|
SSDeep
|
1536:aM0s4nLXilSXvNuIOfFcSuscAMH2DxP9fWQBmAISQOOCjdaR67fZa:6nLfXl2fa6RMHIuumVS7Y+a
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\gck8eKrR\-cJIpQCkg1\20r7oIjlUFUIkP.ppt.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
43.34 KB
|
|
MD5
|
1f1ee1351ba2073a994b0eb717f5bf6e
|
|
SHA1
|
063c8a12a086fd894f291a8b6b7b003ee27e97e2
|
|
SHA256
|
2cd0a2979165033a396a1d613fc220c5b7944f08f51c3d40feaec598a02fa140
|
|
SSDeep
|
768:BGf2cMc4O2BIHCMpYsc0YqkJCt54lF7oHZsRkMRaOehD0d:BGfIcT2qhciICtm8HZsRzh00
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\gck8eKrR\-cJIpQCkg1\ALIdU0.docx.gusau (Dropped File)
|
|
Mime Type
|
application/zip
|
|
File Size
|
33.99 KB
|
|
MD5
|
43bec1cae59f7d1a3f7db067b6a8f983
|
|
SHA1
|
2ff39c67231e1cb71db4fdfc02092ffe4ebfb8fb
|
|
SHA256
|
e5fc43e6b85a38de15af68d66590ea2ef1e32ce88da7ab5278cbabed4fb01178
|
|
SSDeep
|
768:Qt9flnwVHfhaKPdmP4W4U/qnAtfPC1j1vHjy/OGiV4T:Qt9flnC0KE4aqAtfPqjdjy/L+4T
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\gck8eKrR\-cJIpQCkg1\C0 _B8qINeQrUbrt.csv.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
86.86 KB
|
|
MD5
|
6136b0c25f810fde5e8a15762f0b343d
|
|
SHA1
|
78d8251e855a8034482076f51660116d38802c77
|
|
SHA256
|
dbfde0fbd1da804ada2760cf0650470133d2992ed33ba62fbe895285d2043c07
|
|
SSDeep
|
1536:+S99gMEUrkrORcu+e1uRDhQ515Wj7ARrLy0de5I9:79gPzK3CRD65Wj7urf
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\NYC5ngf\NSqsuqL\3CYFm.jpg.gusau (Dropped File)
|
|
Mime Type
|
image/jpeg
|
|
File Size
|
45.08 KB
|
|
MD5
|
379c0e76446c1e7d4e07b3230adbd12b
|
|
SHA1
|
8c7298bf95b3ed2ba2017e9deb8b87b542f9d18b
|
|
SHA256
|
8b2944e05b0b810b20cff44eb7193e97657f2f5650d1549ace621b45c3ed0d30
|
|
SSDeep
|
768:r8lPWO2L8MR+7EeIg4+Ad9IEb26WPsgKXkPINynQqaSea/y9euZFb+i:YpWOoC1EIEbQsgiiRdKOy4uZl+i
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\NYC5ngf\NSqsuqL\R7Kau5o.gif.gusau (Dropped File)
|
|
Mime Type
|
image/gif
|
|
File Size
|
8.61 KB
|
|
MD5
|
2e3d7cd0c9b7f7ec82bbb0ba3c9026ed
|
|
SHA1
|
04d7c9c396bd8fdc4a89a0b6550a2c74629f44b2
|
|
SHA256
|
840994aca20a09ada36341cc15f634e388014cc34a9cf904aa039e2435f32840
|
|
SSDeep
|
192:9a/jFvdKwbuwrYt3m0MeZeJ/3kzwsiDTH1djGzbwbCtxeX:9a/jpdK520MowsO71dAa
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\ZTE-\bbyLspO02\hd0ZLwcXz17isUe1hi_.gif.gusau (Dropped File)
|
|
Mime Type
|
image/gif
|
|
File Size
|
81.21 KB
|
|
MD5
|
f03848dd3f3b96b2427abc370d7c7ff0
|
|
SHA1
|
f0731c6835abf82b39c3a3fcf5b1910bfa4211bc
|
|
SHA256
|
41b10226d051af8fad91b9b00d5fe686b80601f5866a193a4bf783e5bdcda4fd
|
|
SSDeep
|
1536:MD1+uh5bJw+2FbObzgdHwRBu965+wCVeSzzbYFgp410ReFfE8VXh214at:M5+6bJ/2FbObUdHwjQ1V/3bYe34Fs8V4
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ynWwf7IE7\muLwtSyMNArdmekL\X98zhXIRm mnrxp8RLxH.avi.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
27.62 KB
|
|
MD5
|
5cc39adb8365740e911af6c32614903b
|
|
SHA1
|
315a01010d7e05dc9810e4f64d44362a921e7eed
|
|
SHA256
|
66bf230f27b1b27db19df85db0e334aa4a294840bf7b035290e65d84a20e38e9
|
|
SSDeep
|
768:Gu41R/USDGynsp8YCoU9xmDrGd0MO+AKqEcXbaUwwZKAvJj:GV1ZUEocBmo6LnKAvJj
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\gck8eKrR\-cJIpQCkg1\5T4sBt2\1Sx-VZ.ppt.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
98.89 KB
|
|
MD5
|
ceda10200e3e0e55bb5feda7ff6e0226
|
|
SHA1
|
13a86f6ea53cd36c5eb090cb247c8d400a2641ed
|
|
SHA256
|
dc8f72b086a7a0c8705c683ecf641d05c13311163640c68cf28135282ecaa0e1
|
|
SSDeep
|
1536:i+4u50Ga07h9Eu1s8icIGFoCw+C4/Ede1+qVNeVHto0kL00uyiiHpZsP9:i+P50v4TaHcIGF1PC4Q2+qVNeVP+U
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\gck8eKrR\-cJIpQCkg1\5T4sBt2\c7w3Be_K.pptx.gusau (Dropped File)
|
|
Mime Type
|
application/zip
|
|
File Size
|
79.00 KB
|
|
MD5
|
f41acc0a19314075c3619e218e21b0b4
|
|
SHA1
|
20c02ecbfddc4d0cee06a16c3217ad1a7a7d9913
|
|
SHA256
|
f8e4f9c8e4e4c332564f51ed1269f65322e5f15fed7e3d20f2a77307c141abc1
|
|
SSDeep
|
1536:tHMWeA/HJ+vVrFvahYs4zTxuDRGWKJ8WRWcJHbkaCMlqhsgwFYQ6rTZ85SMrS7za:taAUXbhzTxuD0Ww8yWyIaChtwFYvTMrP
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Documents\gck8eKrR\-cJIpQCkg1\5T4sBt2\ieaOD_.odt.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
1.62 KB
|
|
MD5
|
592a7cb98bfe42f65c421333e45b51e1
|
|
SHA1
|
a66d9f4c8585e71f16319ff9ebf3b3f54f4f7571
|
|
SHA256
|
bb74bbd283fdfffd5ee2431bb533ff0890eeee31e6c64a26b8db164fd3e3eb9b
|
|
SSDeep
|
48:mIEttu9EyDE+eIv5Yel8K2C5FMdob3zrrVD:nctu91DVhl38o3F
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ynWwf7IE7\muLwtSyMNArdmekL\sVLD8M-oJOW\l65Ij.avi.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
58.08 KB
|
|
MD5
|
0565966029734d603a5c564af6fd5379
|
|
SHA1
|
c463a672c4049a44aba49dd215f7e3e2e0737841
|
|
SHA256
|
93788ed3e3786a2ddc405c8c91c87efae2392aa95a140ea4167277c03e453c64
|
|
SSDeep
|
1536:pyWAE2plxaDn4yuPWtKGUygxNcgCFAQYWFZxeK:nQQDnJ9JEYD5YWFZx/
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ynWwf7IE7\muLwtSyMNArdmekL\tKB6e7CXHXIzSLY\PVK83zEhiJoptl7F1vB.avi.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
27.88 KB
|
|
MD5
|
3a1fce48731af06216850e8ccf884e81
|
|
SHA1
|
c68d76076b1ba2193135dee23f1e17cc2222bf64
|
|
SHA256
|
7f0973807a78c58b2b4be0c9afcb65f27e6323099ad1b7770d55d0c11b8c0423
|
|
SSDeep
|
768:AxwcnGVU2BJJt5ObR88YWJUBBtl1DlrT5VczUysFaMk4i:A4JJvBtld5VVczUzk4i
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Adobe\Acrobat\10.0\rdrmessage.zip.gusau (Dropped File)
|
|
Mime Type
|
application/zip
|
|
File Size
|
41.58 KB
|
|
MD5
|
22a43084487b9387712f66161056f18e
|
|
SHA1
|
50d206027dddb5fb16fafcbd32cda66dc83467ac
|
|
SHA256
|
9d83294e79ba461390324d5085bb46aa3a91097d5641fc9d60b5d117c2267c09
|
|
SSDeep
|
768:3BVsz3NK0RWnwZakhsTv9spcdUy0Zx9rzSvo6otU8bVc5ssMsl7:69K0y1Tv9s8ju3rzSvjotZbVSp
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\index.dat.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
32.08 KB
|
|
MD5
|
12c3fab2070b233583b0b1a8dc7e0551
|
|
SHA1
|
2fb01f36fc75a862d32599e4331eb46eecb3bcfd
|
|
SHA256
|
fe8944440649fc182bed5d97c0df8d07df9e468e538d91f04130816222445df3
|
|
SSDeep
|
768:BrI53he7HnjUyI3BnDvcorDxNqsWiD/Oe/Vt4s/DZNhAunbACvB1CZsBnw:25Yzj/I3tvcixNq9i7LVxdm4CT
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\au.cab.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
568.17 KB
|
|
MD5
|
8db2893f045fdc6b3111120b67852cab
|
|
SHA1
|
bffe79de9c23152a7e1bab554440d4cbe2e35607
|
|
SHA256
|
e1a4ecfeba99987fe2e66924c274537792d60d69975bd938ad11a9c2eef56070
|
|
SSDeep
|
12288:pnuiRub9l8ycRY4hyMPezVNK9TcS5RyjDUI6Eh/MOhT/:pnWb9ldpMPgyTx6jDUbE2Ir
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\Deployment\deployment.properties.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
797 bytes
|
|
MD5
|
329b38813d3ebb1f225c9cae31aeda54
|
|
SHA1
|
9ce3247e33a7175417beccab4766c743a65b0f3d
|
|
SHA256
|
5b6be5e7d1c4cb9c77fe41d543766ce31ebad8b0ade4d9e7543b1a54bb6b7152
|
|
SSDeep
|
24:p3WL9rIpk8QVsACdiY8L/VsQcl8LpNkBWUFbD:ZWL9rIpkPsl0YIclQErVD
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\jre1.7.0_45\Data1.cab.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
24.17 MB
|
|
MD5
|
c7ae6909b35e52e5d6801baec5868fc9
|
|
SHA1
|
6499409a04f6d0345f41afb3478630ec2a6a1fe6
|
|
SHA256
|
df0c107808585dce94c940caf5b67c328226e8c6780c801570753c0d39793aaf
|
|
SSDeep
|
196608:YWdNm7l//upum9uxpfp4uZ8q7zEqaZswqLhQTcvlj9/z2H7DLKH8:yl//upum9QtEqaeqc3/iH3mH8
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\jre1.7.0_45\jre1.7.0_45.msi.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
885.58 KB
|
|
MD5
|
56ebc592b62530f3d369232c8f2d2807
|
|
SHA1
|
321b0cad9fe66bdeaff3dcc0cdb9a5a0b8469eda
|
|
SHA256
|
586ba3e184bcc14ca2e677b8ae9bd80b7c9c486fe25b455d4b4e17d39537e64e
|
|
SSDeep
|
12288:9jK8fMA/TrgwOXmTnikseAPsJpfjt3PEn:9P0A/BOXqnGuTftEn
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ynWwf7IE7\muLwtSyMNArdmekL\sVLD8M-oJOW\xbwc4aSxlyVVrqHkiS\QDp9.mp4.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
45.29 KB
|
|
MD5
|
2834b4c07dc542e6b244247cb72fa0b8
|
|
SHA1
|
1edecc0907f99224f68733c548dc1979c5ceae62
|
|
SHA256
|
c9e1d0b140570e6d4ecd531242bc3ada0e763c8a44c27b407a1e60d310913adf
|
|
SSDeep
|
768:t54+ARW1D4U2xDogRaZsl99t1LNihQ8iemWtN+QOnrqnXu7OI3bayl5nrFNlRdIz:t54+Oo4U2CgRYslfLNihQ8Ht2OnXu7Lw
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ynWwf7IE7\muLwtSyMNArdmekL\tKB6e7CXHXIzSLY\4Ww3Dv\6xgwVggB1\3-Nhyh1JijVqK571B0JU\rbkgNDQN9sYCu5S0K.flv.gusau (Dropped File)
|
|
Mime Type
|
video/x-flv
|
|
File Size
|
81.17 KB
|
|
MD5
|
ae80e40360173f5f2ea37aaad311b283
|
|
SHA1
|
8d99c40228a6e185135b3c47d1e24322e08d3cfe
|
|
SHA256
|
438ec781653f3aeb94b0c4337894e872342f23c921198db9cf2d8ac29e6c6eee
|
|
SSDeep
|
1536:GEqqhlsIM8K2JSU0HjCG/wKKVV+PdaNpk6arJP4hyVvUg8MxB8D:GsAuJSUbEwKKr+cNpgNP4hyUhML8D
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ynWwf7IE7\muLwtSyMNArdmekL\tKB6e7CXHXIzSLY\4Ww3Dv\6xgwVggB1\3-Nhyh1JijVqK571B0JU\ZPlP3lZcQ.flv.gusau (Dropped File)
|
|
Mime Type
|
video/x-flv
|
|
File Size
|
48.64 KB
|
|
MD5
|
d8adf136429d0be7ccf4b0d3c1f70dd2
|
|
SHA1
|
c694e06f6908aba119bc7b9a91ca43168e54e341
|
|
SHA256
|
9b85b62f020e591ebcdbbae307794665f0b96f82db9d9ccd60555eca43bb1b73
|
|
SSDeep
|
1536:u8iy+/fhSGaVQZ/VqP5VRhKDQa96QfVgjw9h7Jo5x:nOSsMrQcQfVgj885x
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\Videos\ynWwf7IE7\muLwtSyMNArdmekL\tKB6e7CXHXIzSLY\4Ww3Dv\6xgwVggB1\3-Nhyh1JijVqK571B0JU\_eu6q3E zyK.mp4.gusau (Dropped File)
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
23.34 KB
|
|
MD5
|
6cc53a08f835447132e912960f8ee4f7
|
|
SHA1
|
bcbd090ed4e0f4e8661b0e675b6a76471c78aca5
|
|
SHA256
|
50cb91ec333a8166b1d5290d05f1b84100655cdd6c920df27218d24bc969eb06
|
|
SSDeep
|
384:P83twGNiWuW0gjE0vkSfS04mN9mHdF655BOqwe5yoQrU0xdT4A79qogcy9K6DLqy:P83HruWZjE0vkwS04gm9Fm5uBXRUogcI
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
64.00 KB
|
|
MD5
|
2db89fb48fd886b621627751f2ae15ed
|
|
SHA1
|
e2f78c6a535f4ba230a4470402b6f905f0b4c066
|
|
SHA256
|
dfc9aeb2ad6900a7b836db92a36a9d2162c84551134c0291757cc352206a3166
|
|
SSDeep
|
384:gnjyLKYBfFVZJptKF2KTFZTCzXTtX+Yih9aX5Jqiq+AN:6OLKYBdVZJptKF2KTFZTCzp++8
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
64.00 KB
|
|
MD5
|
091194cb61e0a0c2b3c54a1824657f17
|
|
SHA1
|
67a4b3f9a188580cd4c91506aec26100eb154ff5
|
|
SHA256
|
e54305f7e9bd351ed8c22562f4f5f971f86ba14777467fd5d5f2a743671f5395
|
|
SSDeep
|
192:5HbDhTtJS8e4S7SVSSdSHS1sSk/S11S1TS1US1sS8LSDS0SdSqSTS1S1HSqhSp8t:5HnhT4WoQYqjVoQS+aYiz7L
|
|
Mime Type
|
text/x-powershell
|
|
File Size
|
49 bytes
|
|
MD5
|
f972c62f986b5ed49ad7713d93bf6c9f
|
|
SHA1
|
4e157002bdb97e9526ab97bfafbf7c67e1d1efbf
|
|
SHA256
|
b47f85974a7ec2fd5aa82d52f08eb0f6cea7e596a98dd29e8b85b5c37beca0a8
|
|
SSDeep
|
3:uIHeGAFcX5wTnl:/eGgHTl
|
|
Also Known As
|
c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\temporary internet files\content.ie5\x9ohk109\geo[1].json (Dropped File)
|
|
Mime Type
|
text/plain
|
|
File Size
|
465 bytes
|
|
MD5
|
d6727470681ecc2ca56bbd0486b4fa97
|
|
SHA1
|
693756ab251ef2d82a91d94a2e5b78a9604d8bac
|
|
SHA256
|
8b37ae3083eb3bb497d0de9aa0f48e4fa2b893726e2a9787e6dad0ecd40d9613
|
|
SSDeep
|
12:YCJcjmdVQVCRbwXhCdEVQVPB8yPt0fRbIRAJdxFQVyrhmXoB2SH4:YODQVCRbwxCCQVvV0fRbI2JdxFQVyNm5
|
|
Also Known As
|
C:\Users\5p5NrGJn0jS HALPmcxz\_readme.txt (Dropped File)
|
|
Mime Type
|
text/plain
|
|
File Size
|
1.15 KB
|
|
MD5
|
bc01b36baa05c91b7a3ed2103e216ee9
|
|
SHA1
|
c16d60da0d1747385b1eb8e2a7a2459fac2d011a
|
|
SHA256
|
7c35e933e4e3cf44a7d9369f93af191425b6cf941bf27d4c6f812e656f51344d
|
|
SSDeep
|
24:FSimHPnIekFQjhRe9bgnYLuWG95GmFRqrl3W4kA+GT/kF5M2/kDwyD5oELDrBWUZ:NmHfv0p6WG95GPFWrDGT0f/k55DrrZ
|
|
Mime Type
|
text/plain
|
|
File Size
|
42 bytes
|
|
MD5
|
a63f5ce769bf3a5cbb9dc6457e532556
|
|
SHA1
|
a74920735ecff88afbb805d4c5a41483de1702d6
|
|
SHA256
|
2c1486282492a2479970952c41779d6c6410324a64eba461522221614fc8737a
|
|
SSDeep
|
3:iJifPDNWRUqAyn:nHBWUon
|
|
Mime Type
|
-
|
|
File Size
|
0 bytes
|
|
MD5
|
d41d8cd98f00b204e9800998ecf8427e
|
|
SHA1
|
da39a3ee5e6b4b0d3255bfef95601890afd80709
|
|
SHA256
|
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
|
SSDeep
|
3::
|
