897821cf...6d36 | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification:
Ransomware
Threat Names:
Gen:Variant.Razy.599308
Gen:Variant.Jaik.40100
Mal/Generic-S

zes.exe

Windows Exe (x86-32)

Created at 2020-08-07T18:49:00

...

Remarks (2/2)

(0x0200000E): The overall sleep time of all monitored processes was truncated from "45 seconds" to "30 seconds" to reveal dormant functionality.

(0x02000007): The operating system was rebooted during the analysis because the sample modified the master boot record (MBR).

Master Boot Record Changes
»
Sector Number Sector Size Actions
2063 512 Bytes
...


Filters:
Filename Category Type Severity Actions
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\zes.exe Sample File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 42.50 KB
MD5 75bb5087b0b5982654d7b13f90189be7 Copy to Clipboard
SHA1 2db9c5c39eb1398d9b8d14b7dabbc2c219e8873c Copy to Clipboard
SHA256 897821cf3526fa8bb0d3954bbb0dd93d0b0f178566a5849d2b2d006b81806d36 Copy to Clipboard
SSDeep 768:ZWAiV+oPalRg4+G1KSisOUp1efyKjJxGqYEphnsL1Gt14etWgDKL+LI+okmDCEc+:ZS+oPIpf11OUp15oVph/42WgHyCEcOjT Copy to Clipboard
ImpHash 008b12ff6cadf232fd3c1e1bd3121bd0 Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
Names Mal/Generic-S
PE Information
»
Image Base 0x400000
Entry Point 0x406850
Size Of Code 0x7a00
Size Of Initialized Data 0x16800
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2020-08-03 13:03:53+00:00
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x7804 0x7a00 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.36
.rdata 0x409000 0xd58 0xe00 0x7e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.05
.data 0x40a000 0x13aac 0x0 0x0 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.ndata 0x41e000 0x1809 0x1a00 0x8c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 7.95
.rsrc 0x420000 0x298 0x400 0xa600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 2.06
Imports (6)
»
MPR.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WNetEnumResourceW 0x0 0x409144 0x945c 0x825c 0x1c
WNetOpenEnumW 0x0 0x409148 0x9460 0x8260 0x3d
WNetCloseEnum 0x0 0x40914c 0x9464 0x8264 0x10
KERNEL32.dll (64)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetFileAttributesW 0x0 0x409040 0x9358 0x8158 0x1ea
CreateFileW 0x0 0x409044 0x935c 0x815c 0x8f
GetLastError 0x0 0x409048 0x9360 0x8160 0x202
FindClose 0x0 0x40904c 0x9364 0x8164 0x12e
DeviceIoControl 0x0 0x409050 0x9368 0x8168 0xdd
WaitForMultipleObjects 0x0 0x409054 0x936c 0x816c 0x4f7
FindNextFileW 0x0 0x409058 0x9370 0x8170 0x145
GetVolumeInformationW 0x0 0x40905c 0x9374 0x8174 0x2a7
CreateThread 0x0 0x409060 0x9378 0x8178 0xb5
TryEnterCriticalSection 0x0 0x409064 0x937c 0x817c 0x4ce
Sleep 0x0 0x409068 0x9380 0x8180 0x4b2
WriteFile 0x0 0x40906c 0x9384 0x8184 0x525
GetStdHandle 0x0 0x409070 0x9388 0x8188 0x264
SetEndOfFile 0x0 0x409074 0x938c 0x818c 0x453
SetFilePointerEx 0x0 0x409078 0x9390 0x8190 0x467
ReadFile 0x0 0x40907c 0x9394 0x8194 0x3c0
GetFileSizeEx 0x0 0x409080 0x9398 0x8198 0x1f1
MoveFileW 0x0 0x409084 0x939c 0x819c 0x363
SetFileAttributesW 0x0 0x409088 0x93a0 0x81a0 0x461
HeapAlloc 0x0 0x40908c 0x93a4 0x81a4 0x2cb
GetCurrentProcess 0x0 0x409090 0x93a8 0x81a8 0x1c0
HeapFree 0x0 0x409094 0x93ac 0x81ac 0x2cf
GetProcessHeap 0x0 0x409098 0x93b0 0x81b0 0x24a
GlobalAlloc 0x0 0x40909c 0x93b4 0x81b4 0x2b3
GetLogicalDrives 0x0 0x4090a0 0x93b8 0x81b8 0x209
GetVersion 0x0 0x4090a4 0x93bc 0x81bc 0x2a2
PeekNamedPipe 0x0 0x4090a8 0x93c0 0x81c0 0x38d
GetComputerNameW 0x0 0x4090ac 0x93c4 0x81c4 0x18f
SetEvent 0x0 0x4090b0 0x93c8 0x81c8 0x459
TerminateThread 0x0 0x4090b4 0x93cc 0x81cc 0x4c1
GetProcAddress 0x0 0x4090b8 0x93d0 0x81d0 0x245
LoadLibraryA 0x0 0x4090bc 0x93d4 0x81d4 0x33c
CreateEventW 0x0 0x4090c0 0x93d8 0x81d8 0x85
OpenProcess 0x0 0x4090c4 0x93dc 0x81dc 0x380
GetFileType 0x0 0x4090c8 0x93e0 0x81e0 0x1f3
GetModuleHandleA 0x0 0x4090cc 0x93e4 0x81e4 0x215
DuplicateHandle 0x0 0x4090d0 0x93e8 0x81e8 0xe8
GetCurrentProcessId 0x0 0x4090d4 0x93ec 0x81ec 0x1c1
ExitProcess 0x0 0x4090d8 0x93f0 0x81f0 0x119
GetModuleHandleW 0x0 0x4090dc 0x93f4 0x81f4 0x218
GetCommandLineW 0x0 0x4090e0 0x93f8 0x81f8 0x187
CreatePipe 0x0 0x4090e4 0x93fc 0x81fc 0xa1
GetEnvironmentVariableW 0x0 0x4090e8 0x9400 0x8200 0x1dc
CreateProcessW 0x0 0x4090ec 0x9404 0x8204 0xa8
WaitForSingleObject 0x0 0x4090f0 0x9408 0x8208 0x4f9
SetHandleInformation 0x0 0x4090f4 0x940c 0x820c 0x470
GetLocaleInfoW 0x0 0x4090f8 0x9410 0x8210 0x206
GetModuleFileNameW 0x0 0x4090fc 0x9414 0x8214 0x214
Process32FirstW 0x0 0x409100 0x9418 0x8218 0x396
Process32NextW 0x0 0x409104 0x941c 0x821c 0x398
CreateToolhelp32Snapshot 0x0 0x409108 0x9420 0x8220 0xbe
CreateDirectoryW 0x0 0x40910c 0x9424 0x8224 0x81
SetErrorMode 0x0 0x409110 0x9428 0x8228 0x458
GetDriveTypeW 0x0 0x409114 0x942c 0x822c 0x1d3
FindFirstFileW 0x0 0x409118 0x9430 0x8230 0x139
CloseHandle 0x0 0x40911c 0x9434 0x8234 0x52
DeleteCriticalSection 0x0 0x409120 0x9438 0x8238 0xd1
EnterCriticalSection 0x0 0x409124 0x943c 0x823c 0xee
TerminateProcess 0x0 0x409128 0x9440 0x8240 0x4c0
GetExitCodeProcess 0x0 0x40912c 0x9444 0x8244 0x1df
LeaveCriticalSection 0x0 0x409130 0x9448 0x8248 0x339
InitializeCriticalSection 0x0 0x409134 0x944c 0x824c 0x2e2
GlobalFree 0x0 0x409138 0x9450 0x8250 0x2ba
GetSystemWindowsDirectoryW 0x0 0x40913c 0x9454 0x8254 0x27c
USER32.dll (24)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DialogBoxParamW 0x0 0x409170 0x9488 0x8288 0xac
ShowWindow 0x0 0x409174 0x948c 0x828c 0x2e4
MessageBoxW 0x0 0x409178 0x9490 0x8290 0x217
SetWindowTextA 0x0 0x40917c 0x9494 0x8294 0x2cf
SendMessageW 0x0 0x409180 0x9498 0x8298 0x280
EnableWindow 0x0 0x409184 0x949c 0x829c 0xd8
UnregisterHotKey 0x0 0x409188 0x94a0 0x82a0 0x30d
GetWindowThreadProcessId 0x0 0x40918c 0x94a4 0x82a4 0x1a5
RegisterHotKey 0x0 0x409190 0x94a8 0x82a8 0x25a
GetWindowTextLengthW 0x0 0x409194 0x94ac 0x82ac 0x1a3
CloseClipboard 0x0 0x409198 0x94b0 0x82b0 0x49
GetWindowTextA 0x0 0x40919c 0x94b4 0x82b4 0x1a1
EmptyClipboard 0x0 0x4091a0 0x94b8 0x82b8 0xd5
GetDlgItem 0x0 0x4091a4 0x94bc 0x82bc 0x127
OpenClipboard 0x0 0x4091a8 0x94c0 0x82c0 0x228
SetClipboardData 0x0 0x4091ac 0x94c4 0x82c4 0x28a
wsprintfW 0x0 0x4091b0 0x94c8 0x82c8 0x339
GetShellWindow 0x0 0x4091b4 0x94cc 0x82cc 0x17a
SetTimer 0x0 0x4091b8 0x94d0 0x82d0 0x2c0
PostMessageW 0x0 0x4091bc 0x94d4 0x82d4 0x239
KillTimer 0x0 0x4091c0 0x94d8 0x82d8 0x1e4
wsprintfA 0x0 0x4091c4 0x94dc 0x82dc 0x338
SetWindowTextW 0x0 0x4091c8 0x94e0 0x82e0 0x2d0
EndDialog 0x0 0x4091cc 0x94e4 0x82e4 0xda
ADVAPI32.dll (15)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CryptAcquireContextW 0x0 0x409000 0x9318 0x8118 0xb1
CryptSetKeyParam 0x0 0x409004 0x931c 0x811c 0xcd
CryptReleaseContext 0x0 0x409008 0x9320 0x8120 0xcb
CryptGenRandom 0x0 0x40900c 0x9324 0x8124 0xc1
CryptDestroyKey 0x0 0x409010 0x9328 0x8128 0xb7
CryptDecrypt 0x0 0x409014 0x932c 0x812c 0xb4
OpenProcessToken 0x0 0x409018 0x9330 0x8130 0x1f7
GetTokenInformation 0x0 0x40901c 0x9334 0x8134 0x15a
SetTokenInformation 0x0 0x409020 0x9338 0x8138 0x2c2
DuplicateTokenEx 0x0 0x409024 0x933c 0x813c 0xdf
RegQueryValueExA 0x0 0x409028 0x9340 0x8140 0x26d
RegOpenKeyExA 0x0 0x40902c 0x9344 0x8144 0x260
RegCloseKey 0x0 0x409030 0x9348 0x8148 0x230
CryptImportKey 0x0 0x409034 0x934c 0x814c 0xca
CryptEncrypt 0x0 0x409038 0x9350 0x8150 0xba
SHELL32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
(by ordinal) 0x2a8 0x409154 0x946c 0x826c -
CommandLineToArgvW 0x0 0x409158 0x9470 0x8270 0x6
ShellExecuteExW 0x0 0x40915c 0x9474 0x8274 0x121
SHGetPathFromIDListW 0x0 0x409160 0x9478 0x8278 0xd7
SHBrowseForFolderW 0x0 0x409164 0x947c 0x827c 0x7b
SHGetSpecialFolderPathW 0x0 0x409168 0x9480 0x8280 0xe1
ole32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CoInitialize 0x0 0x4091d4 0x94ec 0x82ec 0x3e
CoTaskMemFree 0x0 0x4091d8 0x94f0 0x82f0 0x68
CoUninitialize 0x0 0x4091dc 0x94f4 0x82f4 0x6c
Memory Dumps (2)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point AV YARA Actions
zes.exe 1 0x00400000 0x00420FFF Relevant Image True 32-bit 0x00402850 True False
...
zes.exe 1 0x00400000 0x00420FFF Final Dump True 32-bit 0x00406E65 True False
...
Local AV Matches (1)
»
Threat Name Severity
Gen:Variant.Razy.599308
Malicious
c:\windows\tasks\sa.dat Modified File Stream
Whitelisted
...
»
Mime Type application/octet-stream
File Size 6 Bytes
MD5 f1a6cd5adaab953a6764ea364e17bfb8 Copy to Clipboard
SHA1 c99a1eb2d8974a667d2e0bc2dc1efcbe0ef23387 Copy to Clipboard
SHA256 12dc5ccd7fecafe070976a1916e9672e3d53085633c86957aee305ccc584184c Copy to Clipboard
SSDeep 3:A:A Copy to Clipboard
ImpHash -
File Reputation Information
»
Severity
Whitelisted
c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\explorer\thumbcache_32.db Modified File Stream
Whitelisted
...
»
Mime Type application/octet-stream
File Size 24 Bytes
MD5 ae08a2f7fbf44ad3cb6cbc529df8b1dd Copy to Clipboard
SHA1 bb2665ee5cd1821d48cca1cb07cdfde9ed6081a6 Copy to Clipboard
SHA256 8429d5c6eb134eb64d8b0f3ecce83ab4d4d16e73c2d76993163372692b65ea8f Copy to Clipboard
SSDeep 3:illt:ilX Copy to Clipboard
ImpHash -
File Reputation Information
»
Severity
Whitelisted
c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\explorer\thumbcache_1024.db Modified File Stream
Whitelisted
...
»
Mime Type application/octet-stream
File Size 24 Bytes
MD5 b623140136560adaf3786e262c01676f Copy to Clipboard
SHA1 7143c103e1d52c99eeaa3b11beb9f02d2c50ca3d Copy to Clipboard
SHA256 ee3e1212dbd47e058e30b119a92f853d3962558065fa3065ad5c1d47654c4140 Copy to Clipboard
SSDeep 3:ill0:il Copy to Clipboard
ImpHash -
File Reputation Information
»
Severity
Whitelisted
c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\explorer\thumbcache_sr.db Modified File Stream
Whitelisted
...
»
Mime Type application/octet-stream
File Size 24 Bytes
MD5 2034995f0bbaa16db835b462eb78152a Copy to Clipboard
SHA1 ce19b1a236f95307067d4979f8dd96c70d69c18a Copy to Clipboard
SHA256 62ce260f5e10fc17bf63faafa39912febf61d20fad51cc11606a295801743799 Copy to Clipboard
SSDeep 3:illhlnll:ilL Copy to Clipboard
ImpHash -
File Reputation Information
»
Severity
Whitelisted
c:\windows\bootstat.dat Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 66.00 KB
MD5 50d57ceefcc74bf9d6c571df4e97cb87 Copy to Clipboard
SHA1 1aca0d21321cb5e712725fc797103f2ff0cac588 Copy to Clipboard
SHA256 6b4ba3925e3de9c84ef7422dbeff3dc69cee1a607a0641206d87d001b6546d5f Copy to Clipboard
SSDeep 3:NlE/7k+lHlFlkflTl7sK8Uha6aulIiBliAqlspXDsK8UhaCtkUlcl:iPWNjNXauHkH6LN9ny Copy to Clipboard
ImpHash -
c:\windows\setupact.log Modified File Text
Unknown
...
»
Mime Type text/plain
File Size 314 Bytes
MD5 9447e12df901c4cc0f1b49d4836e2a4b Copy to Clipboard
SHA1 dadbe7e53fa9738ee26f542968c26e01ca054e53 Copy to Clipboard
SHA256 c557e93708405df203f1bf035074d8c0f2184d20c719448ea59f25e95b7840ac Copy to Clipboard
SSDeep 6:/WNVf1gKfTOJ1F34vkxDNVf1gKfTOJ1F34vkxDNVf1gKfTOJ1F34vsjAIGF2TWN6:eVgK6JPo8xDVgK6JPo8xDVgK6JPo0qFg Copy to Clipboard
ImpHash -
c:\windows\system32\winevt\logs\system.evtx Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 2.07 MB
MD5 3f448b262d3f55f0b2ded2f1ec4a3f5a Copy to Clipboard
SHA1 ee28421ae04040ea12259403a0d28142717ea43d Copy to Clipboard
SHA256 c3aef701bbb6f4b21a95f8859406e4d135b8c20b6e1663e8b3be3456d7346791 Copy to Clipboard
SSDeep 6144:wg1wz0VgGjSZ33D9mCFOrdMSLMBaiDzSDK:d1C0tGN3D9mCFOrdMSLMBaiDzSDK Copy to Clipboard
ImpHash -
c:\windows\system32\winevt\logs\application.evtx Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 2.07 MB
MD5 4e6c74f6c1c498947abe47a3ef955350 Copy to Clipboard
SHA1 ab00ac5e4fea8b92ab5493b54ee23adffa47dbee Copy to Clipboard
SHA256 4a558a433828e9629ba1e0f5a35fda13ba5ea0026f0542a006701feb78bb65cd Copy to Clipboard
SSDeep 12288:m1sheRoQ/hqSl1LDsM4kLF37C0r5E8XK1yXeITNhz17atDJMB/1: Copy to Clipboard
ImpHash -
c:\windows\system32\winevt\logs\security.evtx Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 1.07 MB
MD5 2d70c5a69c6a937d101a4b73e3ce9bec Copy to Clipboard
SHA1 16b861f0477f7f5b64d4f33b087d931fc7eca059 Copy to Clipboard
SHA256 e5cf5125f817f3665d1254788a6c9e93cfd4d43a34af48d9b2591f32df2a000e Copy to Clipboard
SSDeep 3072:TLO7IqpT9tOervMEDrPJVtHJLv3BaHDUd99JtwHVmevw:gGervMEpVtHJL/z99JtwHVmev Copy to Clipboard
ImpHash -
c:\windows\system32\winevt\logs\microsoft-windows-kernel-whea%4operational.evtx Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 1.00 MB
MD5 ae15f8ff34b6873e4b7797fdc13f150c Copy to Clipboard
SHA1 d5e8db1a43acc3e0f5cec0381cd33275b205b67c Copy to Clipboard
SHA256 efd0f893a81d5eda5c92e83840789bbb0f89cb37902154875d8ba8c260cae77f Copy to Clipboard
SSDeep 384:B7hkICqQ0RDIx9IyIQIhInI/JIHIAEIGYIOI7IeIvghVI/iY8CIXIi0IXIhCIHkL:B7RxTOLgPz+Rag03KvU Copy to Clipboard
ImpHash -
c:\windows\system32\winevt\logs\microsoft-windows-grouppolicy%4operational.evtx Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 1.07 MB
MD5 5371e69b77e90fc818903ac041f73f45 Copy to Clipboard
SHA1 d1599ec1146eba698575c8000f5d83f9bfeaca61 Copy to Clipboard
SHA256 4acc488e9da330f7b89ddbf34d02fc6023ab5ca71404a6b8872f74feec870f3a Copy to Clipboard
SSDeep 3072:/P3qQ2kiBNqmW+ngCJsVv06r0kJP4JqjLKTTSm:/P4hngCJsVv06r0kJP4JqjLKTTSm Copy to Clipboard
ImpHash -
c:\windows\system32\winevt\logs\microsoft-windows-user profile service%4operational.evtx Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 1.07 MB
MD5 3a3ef4832ac67df329bf363a13f1c1dd Copy to Clipboard
SHA1 772577a47f4aef7b83f32456b2308978c334a69c Copy to Clipboard
SHA256 adddd61427e6e6b14f2ce5e00f039e2eb14ede253e7e730edde72169a873cab7 Copy to Clipboard
SSDeep 1536:zdoIScVo73eJwSQpdBCA07aVN6er+FU2PflW7fRBoeRdVrnVzpbRgL8gnRb7WPi2:4RlMS1 Copy to Clipboard
ImpHash -
c:\windows\system32\winevt\logs\microsoft-windows-offlinefiles%4operational.evtx Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 68.00 KB
MD5 91d55a1d542cab3f3db38b7a6932b048 Copy to Clipboard
SHA1 ad8d859f6d45d551b954648ac9344ada0e5ac9b7 Copy to Clipboard
SHA256 c895f6dbe6ae3e6f77f4f546a33f4292505eebb83e87e8bc6ad8823974fc9160 Copy to Clipboard
SSDeep 1536:ywpSJQxh9R8WJQl58ipWYIWphdBdurh+sJZlpJt7iRf9JiSqhNvtAqhs9+8zhSWS:hV Copy to Clipboard
ImpHash -
c:\windows\system32\winevt\logs\microsoft-windows-terminalservices-localsessionmanager%4operational.evtx Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 68.00 KB
MD5 f95164ac32b9a71dc5d3cd566f1c45cf Copy to Clipboard
SHA1 a4d508f4ee7eff498070145b95482975a6bbd70f Copy to Clipboard
SHA256 ab80eb8b1e7eab874896efcc355b8c487d7e92a66db54abaa5d98766fb30acb3 Copy to Clipboard
SSDeep 1536:q2sCaBtBbLghOy01lNHsco0kwE2YY21lRw4DWQbrsNKQQsLbNxrVkIdsA0CcxwQq:9Y Copy to Clipboard
ImpHash -
c:\windows\system32\winevt\logs\microsoft-windows-branchcachesmb%4operational.evtx Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 68.00 KB
MD5 e1b85cf3eff46236a5799a218d021d25 Copy to Clipboard
SHA1 7570cb15dfa2bf3aa08cb6ea7790e999adae6a70 Copy to Clipboard
SHA256 da5f7ebeb59b696875b34fc6962c16a95b685ae0b9cd71d484393b73f75a2ee3 Copy to Clipboard
SSDeep 384:vhuhDhQ2QPhDY6hDamhDDhD8hDhhD/hDOhD1hD4hDshDchDihDohDLzhD4hDWhD+:vYrQeDQP6j Copy to Clipboard
ImpHash -
c:\windows\system32\winevt\logs\microsoft-windows-dhcpv6-client%4admin.evtx Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 68.00 KB
MD5 080d35b6d8849600dd1d0dc2032616f9 Copy to Clipboard
SHA1 8675ee960e15fff9a4aeda51c01cbb752a8a8018 Copy to Clipboard
SHA256 3ac000c5c73a0e3017bf50c8c41e283b8021a3e4402eff7a0d642fbcc4c49cab Copy to Clipboard
SSDeep 384:QhdtKDtotS/tSPtS7tSKtSTtSntS/tSntSNtSlptSbtSbtSPtS2tS7tSRtS7tSex:QoAH Copy to Clipboard
ImpHash -
c:\windows\tasks\schedlgu.txt Modified File Text
Unknown
...
»
Mime Type text/plain
File Size 11.37 KB
MD5 e7855784bb811d54912adf85f0df94a1 Copy to Clipboard
SHA1 94173e8d58378958b887505297157971d454e07a Copy to Clipboard
SHA256 b00d6ca1202408154a61f53c66a4f6124cf461bd11210777531c441cf5020695 Copy to Clipboard
SSDeep 192:r1hs11161PI1Ls1qsUfURUkU0UIqUIuUjULmNm8mHmdl4rTSrSrIcrNrttUQT6jV:r1hs11161PI1Ls1qsUfURUkU0UzUvUjF Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\explorer\thumbcache_96.db Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 1.00 MB
MD5 3083cd7f09b1d5833106de2ce64e1a90 Copy to Clipboard
SHA1 c58d430149a5be3cf39915160388e67661bdaf03 Copy to Clipboard
SHA256 a7ef2f649f86bab0820e42d5a4eb73c5a1d5c85523c03a3f22743ccb2829ac9a Copy to Clipboard
SSDeep 3:illalnl:ilc Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\explorer\thumbcache_256.db Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 1.00 MB
MD5 ba512dce0c6c7dd96ac62734cbfe8345 Copy to Clipboard
SHA1 0c995073a5625509fd798cb14d40209f9ecdce9e Copy to Clipboard
SHA256 3c789c2abb38ea6e8f1f02152c07e6e9b44bd8ad14d4aeeb7c1178084e32377b Copy to Clipboard
SSDeep 24:G9/0sLdHEx3ybcK8U0sLdHEx3ybcK8BcbKPmUhN:GtzdHM3ybXzdHM3ybO6KO Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\explorer\thumbcache_idx.db Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 3.18 KB
MD5 612d399f2462fb9b357acc13f629d365 Copy to Clipboard
SHA1 13e4ae3bb733b5da84c2997ce541be93ec97133f Copy to Clipboard
SHA256 1c4b2dc53b0ce24e0f068530354ff9760ef82f27fc7d3b6d31ad8e8161881e72 Copy to Clipboard
SSDeep 12:Rj3UlSahYqh1ldNOjhMCZNoR/hGgNDmxMZ:RrUl4YmZqjhmu Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\explorer\explorerstartuplog_runonce.etl Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 16.00 KB
MD5 9c941d2409c2e240bd60c28cf57a95dd Copy to Clipboard
SHA1 ba8d9aa8c764575f96631098bd33fed9c35ed1fb Copy to Clipboard
SHA256 3fdd474c450b01cf799f9f6e720473fbbcd45ce6d089377d31d771751d39e407 Copy to Clipboard
SSDeep 48:gIBiM4DhBikMwiMSJe+ELdb1khx9EdbUHd9t3Yk8xFGgd9tERLeS:gIBiM4DqwiMSHEXkhjPBYk8faZ Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0XH GEu.wav.[4B2E4630].[johncastle@msgsafe.io].zes Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\0XH GEu.wav (Dropped File)
Mime Type application/octet-stream
File Size 31.66 KB
MD5 71d394d93c4326893589860758797712 Copy to Clipboard
SHA1 69702c0c20f3de837225f3e3043a196665e225f5 Copy to Clipboard
SHA256 55f51a3e267c616f58da19244b60f605255bfdeee3e2f6cc8737ce5487322391 Copy to Clipboard
SSDeep 768:RjlxuCjUIl8YYGaP8ZxcEG2lEpb3w+IJx9hMZutIUBTytFEHYfUZY+:R5xuCJaYYGk8ZMwhMI5cFBKY+ Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\5iwkI64gBz.mkv.[4B2E4630].[johncastle@msgsafe.io].zes Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\5iwkI64gBz.mkv (Dropped File)
Mime Type application/octet-stream
File Size 5.80 KB
MD5 39f0b1cea53de7a00de5b6dd3f203c0b Copy to Clipboard
SHA1 95f7d7d503ea08528fe009ceb9076394b61ff357 Copy to Clipboard
SHA256 51c2b4b1208ea0ea584367ce445ac3dded31b3694cb1f12edcffc7adb9ea3865 Copy to Clipboard
SSDeep 96:+O3PjgnGIudwt5gbe7q3FVfr8J8wK58NqdyjWUto3Yp5DjAnhNerT8+:R3PjWvGw37WVjW8Re2gCWjAnhNerA+ Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ahtoY.flv.[4B2E4630].[johncastle@msgsafe.io].zes Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ahtoY.flv (Dropped File)
Mime Type application/octet-stream
File Size 93.11 KB
MD5 5f084dcb9116cff1b6578c9928e2477a Copy to Clipboard
SHA1 81d449db17bed3e6b72ea613c102e8ec2a4f3076 Copy to Clipboard
SHA256 f19bd13931ab2b379874f7faa6ea6d92ff839b94be053aaf0393e28b85705a3e Copy to Clipboard
SSDeep 1536:c5jRdhyle3KcDFPcK3PSOcLQ7grito3vUeg6GQa1QbNA6i+/e30PGzT:mRdhUe3D1cs7gmiUegUagLeIET Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\bsikVZ.jpg.[4B2E4630].[johncastle@msgsafe.io].zes Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\bsikVZ.jpg (Dropped File)
Mime Type application/octet-stream
File Size 72.18 KB
MD5 87914abeecc17cb88556eb550d95763d Copy to Clipboard
SHA1 91d695b533555201144bfc82a97f4a6dea4938e8 Copy to Clipboard
SHA256 3288b968ea4140f5c14aece855320c736773976a38c4a3d409b3e5cd432e8ed2 Copy to Clipboard
SSDeep 1536:AAGCGHQy4rBYy/4gyI9PigEAVF9bQ9ZLBwwPcooHVzyDzJ:+HyBOvIIgE79Z9wwG1E Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\BU7M mcTpJ93bZk.bmp.[4B2E4630].[johncastle@msgsafe.io].zes Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\BU7M mcTpJ93bZk.bmp (Dropped File)
Mime Type application/octet-stream
File Size 22.63 KB
MD5 26cbc4eae75f2cec8c993133ee62a12e Copy to Clipboard
SHA1 4bc8180167b758f1da4d5ec0103963a27dcca49d Copy to Clipboard
SHA256 d59ff4975d9d213e618e3ff11e0d8fdc99782fed0e404ff54a44239409bd7bc8 Copy to Clipboard
SSDeep 384:q4/bsnFISLWi01utS1iOschtcTnRbtXatWz22i6NLgwDwaqwgvUy+lSPRPxdXvSR:v/bsOSYpJtHAhgwD0UyljdJQUj+ Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\DqWuUGnY.avi.[4B2E4630].[johncastle@msgsafe.io].zes Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\DqWuUGnY.avi (Dropped File)
Mime Type application/octet-stream
File Size 57.00 KB
MD5 0167f39e5d81b4853b7a5b5de4846c92 Copy to Clipboard
SHA1 786f0d4cb1c3bf2dfb46c38eee41dfbce1cedc1e Copy to Clipboard
SHA256 619588d385a5e8c249dc898b012a6624331c96c1f6e6cc46cb1a21f0c9d22bcf Copy to Clipboard
SSDeep 1536:csmu8Yh9az+zVPRdonISVHQsPQNxe+0J5MYTQwlyXe96c+:csmR69azgVP7oISHY430Xewx Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\D_5K_QCaeZaqS1f_Oh_.avi.[4B2E4630].[johncastle@msgsafe.io].zes Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\D_5K_QCaeZaqS1f_Oh_.avi (Dropped File)
Mime Type application/octet-stream
File Size 35.66 KB
MD5 c69fd27100dcd3e21ea16341b0cfd8ce Copy to Clipboard
SHA1 3a085051a16bcee788071efec45d69f1b572720e Copy to Clipboard
SHA256 085aaa91033e57a202cda4851af1b2422138b31f612098b907751277f457cf8a Copy to Clipboard
SSDeep 768:AQZhyHYMR4axq8oIxhzoJ/02sCjRUWBIRn1mPooNhtspGrS0h:AQZhQOyqvEoB04pqnEhtSoh Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\h9 vL1qAQ0j.mp3.[4B2E4630].[johncastle@msgsafe.io].zes Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\h9 vL1qAQ0j.mp3 (Dropped File)
Mime Type application/octet-stream
File Size 31.99 KB
MD5 300537c6dbd6a5ddeacc2529001adfb9 Copy to Clipboard
SHA1 648b21b1340d4d5f269997119aca5a708953dfd9 Copy to Clipboard
SHA256 0ea72f6f147cda47a2068a8d9f96e2a596a8f4daf68e9c1fab26d950bb8bb967 Copy to Clipboard
SSDeep 768:Dr5hjUH4S9cbhgbDQPLg+UEp+QjP63hyChEkWSV0ob7+:DrLO4+fOJDz6Raa0y+ Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\j-fJcx.m4a.[4B2E4630].[johncastle@msgsafe.io].zes Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\j-fJcx.m4a (Dropped File)
Mime Type application/octet-stream
File Size 48.29 KB
MD5 fdf8efafdfa6076e3a909c45da2ae178 Copy to Clipboard
SHA1 76f5241cb2345af1e9250d97489c0fc7ef4a7050 Copy to Clipboard
SHA256 a6407078d36f41ae4d254cd3e85e2930110b89364877b40c0433573c8c2ec0f4 Copy to Clipboard
SSDeep 768:3JhL0gMrk6n3hE+hbAdx6ANIFRxU1mouDTBBsrrmGL28KQU/6SGfQmtQIHhmPcOg:7U4M0LunxUTu3IrbaCU3GfQm+VxPq+BW Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\JTNWKHDQn2XuLRv.png.[4B2E4630].[johncastle@msgsafe.io].zes Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\JTNWKHDQn2XuLRv.png (Dropped File)
Mime Type application/octet-stream
File Size 6.96 KB
MD5 13ed453f752f6349cad1c7b7425953a7 Copy to Clipboard
SHA1 be98822b91581e9b628463d270daf6bcf74a0584 Copy to Clipboard
SHA256 26dd5cdb1005e1fe520e8105a9e7f6193bd364bdf01b5908420267cd3607feb4 Copy to Clipboard
SSDeep 192:A/qP/Q8oi/tsYXjxklGn6zgS8nJRT7mesza2nanYH76dHA+:A/qP/Q8d/tsYXjxpQgTYza2aYHf+ Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\K8FlFC.pdf.[4B2E4630].[johncastle@msgsafe.io].zes Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\K8FlFC.pdf (Dropped File)
Mime Type application/octet-stream
File Size 74.97 KB
MD5 006e6cef2cc25acabdf6bc44000b6681 Copy to Clipboard
SHA1 e014c308ffb50bad5bf04b731a18513f203130ae Copy to Clipboard
SHA256 25311a81e1fbf3ebc26b546982f4c10b240be47dbf820ee8166e65ff12f71419 Copy to Clipboard
SSDeep 1536:zFlzdqsXiouWIr90TiooEuv8PCIkM+HMN4zsrJfVS/wkQ:zF/rXiFP90TiooF8PCIP+sN4zsrvaw5 Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\l3CDAV63MRYTd8k.png.[4B2E4630].[johncastle@msgsafe.io].zes Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\l3CDAV63MRYTd8k.png (Dropped File)
Mime Type application/octet-stream
File Size 41.63 KB
MD5 409e275954c31dfc810c6aa4ef049e94 Copy to Clipboard
SHA1 51eb1b4de8de64b7869bffe9d2bb1a9dae673712 Copy to Clipboard
SHA256 72956ba8116827f280d35b67377f81d030740aca131b88879f44f0ec71464e70 Copy to Clipboard
SSDeep 768:OmmR2ddK5VdB/8q8RQpckqi2TT8PXdbbhrpu+iaQchEdsCFrKV8Hn4uJdFDV4QX+:7G2ddKVdKq8ap6bKtbbyaV8j9KV8YAdy Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\MkSA.m4a.[4B2E4630].[johncastle@msgsafe.io].zes Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\MkSA.m4a (Dropped File)
Mime Type application/octet-stream
File Size 14.66 KB
MD5 9debc87ff2be15abcd7fb5c52cbb1b24 Copy to Clipboard
SHA1 d829d06fff1fff57db16ec57564a53a1aed4a8a2 Copy to Clipboard
SHA256 9ed337422d0e8feae08bb1ca21d4107bb0aa2bb655b75570b2f28cbd63b812fd Copy to Clipboard
SSDeep 192:5SefJqMiiYiAUJvUVioXKTW7v8Q1NutprYliBVdmCEHGA5QjeWjhuYnAcRgx5gMT:TBIiUU5yh1bNCELCEHX0u+OlC9jJApJ Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ml-L2Mnu1hfDn3Ebw.png.[4B2E4630].[johncastle@msgsafe.io].zes Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Ml-L2Mnu1hfDn3Ebw.png (Dropped File)
Mime Type application/octet-stream
File Size 48.32 KB
MD5 089432de3db1f0cfa43fde2f9dc8e925 Copy to Clipboard
SHA1 9383e1fd7c2aaed18a7b1a75bbaf47577d487eea Copy to Clipboard
SHA256 2773ed8e00d4fbbf353e73e16ba1a1fdc7cdf370fd7be1b2c7a1269536e29331 Copy to Clipboard
SSDeep 768:Aq68I8IG7zEdXaadcciGXoREl5iB+z4IS/ey/oNfyxI/0GZSOnpq0fPtlJaGTsV7:AN8jaTsB+z4MIoNYWxkOnphfPtlJ0Vm+ Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\NZt4WTx8.ots.[4B2E4630].[johncastle@msgsafe.io].zes Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\NZt4WTx8.ots (Dropped File)
Mime Type application/octet-stream
File Size 70.94 KB
MD5 2981ed530f3f879ee7cb8e9f03c4da68 Copy to Clipboard
SHA1 3c26e2b92153a70d1f6a6597f7f5d1a947eac7a9 Copy to Clipboard
SHA256 7e8e7d7f51f64ef61f110751b405e2bb805b4a6c70bb02d138d896e4289a8e2c Copy to Clipboard
SSDeep 1536:49fct6BqDHKIdnC85Sj6UnX84vjjNH8BjRj7ipeuDYPnO:0fcQMBdCjpn1jZONHbuDYfO Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\o4Mezc2IK4f8C_fMJ.rtf.[4B2E4630].[johncastle@msgsafe.io].zes Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\o4Mezc2IK4f8C_fMJ.rtf (Dropped File)
Mime Type application/octet-stream
File Size 100.07 KB
MD5 dbaf5b8a79beabecbccf701a617664d0 Copy to Clipboard
SHA1 599d0932112c93abf023220e1dac508f98641e26 Copy to Clipboard
SHA256 5b2a744ea5f310dc1a340833d4288056c5ea10f9fdb3c3f6bf56a2636a9396e8 Copy to Clipboard
SSDeep 3072:Ks/ovNfu9kwhxUlGaBKSCCtgQYFnhpfQ5An:hQBuPhxIB/CCtgQEhpYKn Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\p6WJ6Sf_Bnqv.bmp.[4B2E4630].[johncastle@msgsafe.io].zes Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\p6WJ6Sf_Bnqv.bmp (Dropped File)
Mime Type application/octet-stream
File Size 30.58 KB
MD5 bfbb806cffcb69349eaad12677db059e Copy to Clipboard
SHA1 1c08d71b7c973e04a4ec73274ca65e63021e88b5 Copy to Clipboard
SHA256 f01c09274ddb8bb497c53cb46f2d486223ace9dac9c736ea8a4ce15c1da7a6de Copy to Clipboard
SSDeep 768:rfVor/snkm8Mk01m5nP0twBnTYQc+sJiwWb/XXfUdOWiHvP:rfer/s/8MdU5nPzDc+JbPvrHX Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\rcM75 cm.mkv.[4B2E4630].[johncastle@msgsafe.io].zes Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\rcM75 cm.mkv (Dropped File)
Mime Type application/octet-stream
File Size 91.52 KB
MD5 cc738f60598ce1fb5b997912f82c111d Copy to Clipboard
SHA1 088d8a9c47797f8c258db6a73ef73c2ac0bb5773 Copy to Clipboard
SHA256 8ff13c3013966ce783f60021036d916d103f595809ec5f64009ddadf030e354b Copy to Clipboard
SSDeep 1536:YpZbyih+pDfCa2jQqJnA9idGHxEDRDbjoSlhIqQ3i5WX2EHtf6k0BcCdVC/9wH2M:YpZmih+9kVJANxE1nk8hITS8X74BjCV+ Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\rFizuWFKJxS8V2i7l3.mkv.[4B2E4630].[johncastle@msgsafe.io].zes Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\rFizuWFKJxS8V2i7l3.mkv (Dropped File)
Mime Type application/octet-stream
File Size 56.97 KB
MD5 23a6a20d8c982c40ccc16dae7784691a Copy to Clipboard
SHA1 6eed493da9984445ce4a74bdc263ac0f8a56eee8 Copy to Clipboard
SHA256 b0ae2902eac2af4d1587d51115c36612d7ff8794cac7c9df8d77c46175b1a99c Copy to Clipboard
SSDeep 1536:xwr9N1dRptAWbb9VzRDrCEE0SYoJjFf4R5jty:CrhdRptAEZrPCEESop54RxI Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\upgHuG7Awn9.mkv.[4B2E4630].[johncastle@msgsafe.io].zes Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\upgHuG7Awn9.mkv (Dropped File)
Mime Type application/octet-stream
File Size 50.43 KB
MD5 404e25c009c86510cc1d93635b9f7716 Copy to Clipboard
SHA1 aa718dc2e9e0551a9833189e24a2a4e0d3269a8b Copy to Clipboard
SHA256 97f64c3dddd5e0848286b3d6045eef1a9ab259d361210dc3fb928ba3c84654a1 Copy to Clipboard
SSDeep 1536:tEJQSxZqEJSpdDtoP520VfbIzA9e/3KaXhnj+:tWQA+eP52WDK4yHc Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\uSOZ4TNyZhhaa Gl3.bmp.[4B2E4630].[johncastle@msgsafe.io].zes Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\uSOZ4TNyZhhaa Gl3.bmp (Dropped File)
Mime Type application/octet-stream
File Size 5.08 KB
MD5 33d5502b4e40605e960e2befd2217106 Copy to Clipboard
SHA1 a58e40d035070559e9097f8d76c23f557bca81cd Copy to Clipboard
SHA256 e76308eca2a8763bbe47f8442c0c32afad7b3ba03ae385b9150853107d43ec23 Copy to Clipboard
SSDeep 96:NZZVkLehI/eokD5jN8LNdXUfJS5ZyfJlz3ZDoHyqvwy/k9pl8nD0gdS/HGO:NZZOamfkDhWNmJ4YxlzF0/Sv8nQ7D Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\vvYk6R2xu.xlsx.[4B2E4630].[johncastle@msgsafe.io].zes Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\vvYk6R2xu.xlsx (Dropped File)
Mime Type application/octet-stream
File Size 8.82 KB
MD5 80d624b0be7524081e0137c9b5f4cb69 Copy to Clipboard
SHA1 291074439d9e87373fef75185f3278195cf41513 Copy to Clipboard
SHA256 6c749c8f7b572a83bb95ce036015efa10aee9eea648a84e769238acbd870eeee Copy to Clipboard
SSDeep 192:3UoG926ZLFBfQwIkNG67gpCAbJfs8CV7k+Bb9+:EoxUnfQwnHobq8qY+Bb9+ Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\W83hY-ueVY.wav.[4B2E4630].[johncastle@msgsafe.io].zes Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\W83hY-ueVY.wav (Dropped File)
Mime Type application/octet-stream
File Size 37.58 KB
MD5 c54e6516309d4c4d5d282e5bc69aba28 Copy to Clipboard
SHA1 bd9810a8905cbd4a0fe130e6b82232a82ad829bd Copy to Clipboard
SHA256 c5db1ff4d5b02966cb65dbc81ce4ab5ad636e82836bbf0e6baaa6561277779a5 Copy to Clipboard
SSDeep 768:3dznxbf/XG9MJ4fRb6D9yGU+Yb8ADrB1HecHlblgsZ+AU:3dzxr/2e4JmD9GNgCBvRZ+z Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Xgmd_gfDjhMfGMTGlo\ga 79jQ.csv.[4B2E4630].[johncastle@msgsafe.io].zes Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Xgmd_gfDjhMfGMTGlo\ga 79jQ.csv (Dropped File)
Mime Type application/octet-stream
File Size 91.38 KB
MD5 0bcfaccf081e598930edc822cb3f29b9 Copy to Clipboard
SHA1 ea146f3a881a39a7e5d17d74241de8c79528d396 Copy to Clipboard
SHA256 4e572793aedbe82a9fdb62d4719255b4523af229ab9216b8fcf6db58139b3091 Copy to Clipboard
SSDeep 1536:8gKdIzyUUPVH5sH9EJ5KGx6VSo51ECm7LE0TTp70a8nIQkl9YTXj3fshCWUnC34K:wUUtM9EJPMSE1LmLvT151lmH8jUC34K Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Xgmd_gfDjhMfGMTGlo\qfzGN 6xma8CCH8IKS.wav.[4B2E4630].[johncastle@msgsafe.io].zes Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Xgmd_gfDjhMfGMTGlo\qfzGN 6xma8CCH8IKS.wav (Dropped File)
Mime Type application/octet-stream
File Size 6.82 KB
MD5 7dc777687a69134e137bf8ffc964adeb Copy to Clipboard
SHA1 79c7cc9de5a76de38e84d582afdd516757a410c5 Copy to Clipboard
SHA256 1e886838dd251b123aabb14c5f607092d92d13d03b1fb7910a8986d03bc30050 Copy to Clipboard
SSDeep 96:PTQ5BUNIMGIe1zQXpR4KMHupL2LA6CPi8TexIaDYrYSLRinL1M9QlqeODIGhPpc9:bM/fR1MZaKvQ8RqRyapSQnB4BIGhq8S Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Xgmd_gfDjhMfGMTGlo\sGnbgw8s2gTrD4\6R1trGA_1jq.wav.[4B2E4630].[johncastle@msgsafe.io].zes Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Xgmd_gfDjhMfGMTGlo\sGnbgw8s2gTrD4\6R1trGA_1jq.wav (Dropped File)
Mime Type application/octet-stream
File Size 56.35 KB
MD5 e02f662656dad3378f20bb8a83eb939f Copy to Clipboard
SHA1 3d163234720a454673fe218ca6ed29481741d03b Copy to Clipboard
SHA256 c774dec920cdc151c58ff0b2991713f4b056bf88e3032f2753f07146e7f9254e Copy to Clipboard
SSDeep 1536:pugUEswBaPREYVI4e0fC9Wq8MFa7XjtdQjVPMBrg+:QYswBa6a/C9CMUXXQjVPAR Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Xgmd_gfDjhMfGMTGlo\sGnbgw8s2gTrD4\mGYbl5LMqWWKr.gif.[4B2E4630].[johncastle@msgsafe.io].zes Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Xgmd_gfDjhMfGMTGlo\sGnbgw8s2gTrD4\mGYbl5LMqWWKr.gif (Dropped File)
Mime Type application/octet-stream
File Size 95.66 KB
MD5 e83d4a4ccc7bafead69ecef3f50a706b Copy to Clipboard
SHA1 53a5344a612adf0da4ff612a8917b850cb8713c0 Copy to Clipboard
SHA256 52d80695e790cb4fdc2f90981ee60171d3574e235a5b328e7f05a15ba5bedb72 Copy to Clipboard
SSDeep 1536:vqpLRjTGQvhvhX7mr7gmy8Hrg2m9EcmUxkMIAsyZGDN36ByuU/:2LRXGQ5dmngV8HU2PcmovZsIGDB6M9 Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Xgmd_gfDjhMfGMTGlo\sGnbgw8s2gTrD4\NglnlXvJLQ haes0xIg.gif.[4B2E4630].[johncastle@msgsafe.io].zes Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Xgmd_gfDjhMfGMTGlo\sGnbgw8s2gTrD4\NglnlXvJLQ haes0xIg.gif (Dropped File)
Mime Type application/octet-stream
File Size 24.64 KB
MD5 91c2b458a934477551331f5a0b838f7c Copy to Clipboard
SHA1 b72f0ac1b89b2447808413a327a15c8d48e59635 Copy to Clipboard
SHA256 09da961a7dbc8810a6f27e00a56bf415409f0bb93a79a86c79a2688afe510dbb Copy to Clipboard
SSDeep 768:IwgV84ZFq/DFnzYICbMq+oHl1e+O0HGuGqf:Iwgi4ZFq/pzCwP+O0mq Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Xgmd_gfDjhMfGMTGlo\sGnbgw8s2gTrD4\ohRy5R3Zh\C OQSp3lrPEA6lKyBv.bmp.[4B2E4630].[johncastle@msgsafe.io].zes Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Xgmd_gfDjhMfGMTGlo\sGnbgw8s2gTrD4\ohRy5R3Zh\C OQSp3lrPEA6lKyBv.bmp (Dropped File)
Mime Type application/octet-stream
File Size 69.13 KB
MD5 55ae867d540f53996d97225177a5bcff Copy to Clipboard
SHA1 3a534b04279c221891f67acd76ba00a9d06a7ab9 Copy to Clipboard
SHA256 97f7e41821afe7b23848157391a952fdd22cdce6ff99b0aa1d34eadbbbabb830 Copy to Clipboard
SSDeep 1536:mwp6zX7f1bGp5fQ1+Bq9gagiRG6qC1R3cI75XQk+:m7zXhCp5Y1kab2C1RMIi Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Xgmd_gfDjhMfGMTGlo\sGnbgw8s2gTrD4\ohRy5R3Zh\O7GsOEI.swf.[4B2E4630].[johncastle@msgsafe.io].zes Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Xgmd_gfDjhMfGMTGlo\sGnbgw8s2gTrD4\ohRy5R3Zh\O7GsOEI.swf (Dropped File)
Mime Type application/octet-stream
File Size 23.68 KB
MD5 69e7ab3c0d9b77322673cafd317abffd Copy to Clipboard
SHA1 dd7eaaa5b3368c1a0b910d21121b1b468a788166 Copy to Clipboard
SHA256 9df38f8c2ff29136f37affcc17514f39a66332a9c5c60ec1abdcb91db3a8fbbe Copy to Clipboard
SSDeep 384:jvJ8ZQMdz0bN9VbF6xtJxHW0IUxuXdFqE1fciharCu+uyFkhU7+OIcQUgIrj9TE3:jIQa0VF6xPxLA7qE1kiha+pkhAvIcyAg Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Xgmd_gfDjhMfGMTGlo\sGnbgw8s2gTrD4\ohRy5R3Zh\Pef90osST9zF.mp4.[4B2E4630].[johncastle@msgsafe.io].zes Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Xgmd_gfDjhMfGMTGlo\sGnbgw8s2gTrD4\ohRy5R3Zh\Pef90osST9zF.mp4 (Dropped File)
Mime Type application/octet-stream
File Size 54.07 KB
MD5 b1db76b8deee910dff1fa30960e3e6c1 Copy to Clipboard
SHA1 e36877db960f0af5dbf4ad8a434481b9ece0104e Copy to Clipboard
SHA256 901c4c35c978652340b5b0a1e2fa584396f977f18fe06adff20fb2185de6b9ea Copy to Clipboard
SSDeep 1536:SRi8PdtynBN6MFPSEwVuikCblgD5CdwhJfvLBIzBZAGYP+:SRjP3QBoMhwVuJ7D5C8Zo+8 Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Xgmd_gfDjhMfGMTGlo\sGnbgw8s2gTrD4\ohRy5R3Zh\zeCGssAJsgRZgGpoHCS.swf.[4B2E4630].[johncastle@msgsafe.io].zes Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Xgmd_gfDjhMfGMTGlo\sGnbgw8s2gTrD4\ohRy5R3Zh\zeCGssAJsgRZgGpoHCS.swf (Dropped File)
Mime Type application/octet-stream
File Size 59.24 KB
MD5 1589b992d2381c4c808602e8587f9b0b Copy to Clipboard
SHA1 dff0fa424ea32966cf1979f59aa352e60eef56d4 Copy to Clipboard
SHA256 90167fd3b656db35cf6f4d2160fe8b240a20bd9d3935105bea02f90bd07b4c78 Copy to Clipboard
SSDeep 1536:nZtXoACiApqfPW9BnLQQxEjjvQeWSXoJ4K0Ct0zvvwLiifsKHrf6YF:LXoA6qXWKUEXb5QL9VLSO Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Xgmd_gfDjhMfGMTGlo\sGnbgw8s2gTrD4\S0OmtXwErpHh0OJ.flv.[4B2E4630].[johncastle@msgsafe.io].zes Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Xgmd_gfDjhMfGMTGlo\sGnbgw8s2gTrD4\S0OmtXwErpHh0OJ.flv (Dropped File)
Mime Type application/octet-stream
File Size 13.83 KB
MD5 6b25681294e1d95fccf3d1bcf8239ff3 Copy to Clipboard
SHA1 cdf7547ef9d006baed6abdd259704be478d9c35d Copy to Clipboard
SHA256 43c3b32a31771e98c8bf3f6f64b3ec5614c2a40fe78649995ab659238e4d4488 Copy to Clipboard
SSDeep 384:p9PFNkju3Y1tGcVfOvunlYlPtmW6iuOI1yCpyLMIZun+:LMK3CfyuctmW6iuOkyAyLTZun+ Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Xgmd_gfDjhMfGMTGlo\sGnbgw8s2gTrD4\YK9azGU-728BZMlu.mp4.[4B2E4630].[johncastle@msgsafe.io].zes Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Xgmd_gfDjhMfGMTGlo\sGnbgw8s2gTrD4\YK9azGU-728BZMlu.mp4 (Dropped File)
Mime Type application/octet-stream
File Size 51.97 KB
MD5 d989b9a69cf73ed02ae7f43f593f1aa1 Copy to Clipboard
SHA1 17a33fdfd4876b6ab9ab76f9ddf6d6dbac6f7dd1 Copy to Clipboard
SHA256 063aca448994f18f69e2d852f0a3be547b9a55d166f16b7f1eb4e077cc37b6d8 Copy to Clipboard
SSDeep 1536:ooch/jg4vpOY+ieiUSERCK7JDM6XzfQkv3vvbZC1CR+:9WbBpOMeiZERCKVDKkHvVoCw Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ybEXHNZftujEdotm.mp4.[4B2E4630].[johncastle@msgsafe.io].zes Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ybEXHNZftujEdotm.mp4 (Dropped File)
Mime Type application/octet-stream
File Size 95.77 KB
MD5 945015beafbd5a609bea807553ed26d6 Copy to Clipboard
SHA1 b60c743c323a6b71948c14b945bd364fe51072d1 Copy to Clipboard
SHA256 a4961edf70ec6fd624ae71c3d7ccb3e00b455bec7a5ee9a47c17704b6b5e679b Copy to Clipboard
SSDeep 1536:ExloxA5TAyInB9j2qpMMEWgqqpQ0/uv79KWqinxYWZ52JvLU/mHHQMHYJ2ROKz0d:EDTAyInBt2qpMMrg+0Gz9XnxY6A9U+Hq Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\zgyGh8GT0arDFn7.mkv.[4B2E4630].[johncastle@msgsafe.io].zes Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\zgyGh8GT0arDFn7.mkv (Dropped File)
Mime Type application/octet-stream
File Size 66.49 KB
MD5 b8519e0f6d0eb5391e1639ad9ef383f5 Copy to Clipboard
SHA1 0dafb74bf56c6a5d0b8585c3e9ac0e2348b5bea1 Copy to Clipboard
SHA256 f402f38edc31d963c36cafcdd9d8e052751d11a303019559c5d8d1e28ed625b9 Copy to Clipboard
SSDeep 1536:PcHRtP+L0ITpiquI+7AcQAuupQqcDxvrsDpU4XX1muEEm97T1+:MRtj0q/uuWVDpInXX11EEmtk Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZJyWQae78.bmp.[4B2E4630].[johncastle@msgsafe.io].zes Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZJyWQae78.bmp (Dropped File)
Mime Type application/octet-stream
File Size 11.36 KB
MD5 39214adc9c973ef0056f0897d827cca4 Copy to Clipboard
SHA1 2a4dc1562b65ade217f4e64f37652f23c61952d2 Copy to Clipboard
SHA256 1b879c73617e69ae7ef6b5145eb8d7c9bcceb97b305570783486f851c1efe8fd Copy to Clipboard
SSDeep 192:Z0MQchN87NJyA4khQ9M+KOfUUUoaxqo991zX6mb/KKiAOoFYQ7ltVuHGDxYHEkDp:jzhN6JyRtp10Fxb/wVeH73IHmOtDp Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Xgmd_gfDjhMfGMTGlo\readme-warning.txt Dropped File Text
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\readme-warning.txt (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Xgmd_gfDjhMfGMTGlo\sGnbgw8s2gTrD4\ohRy5R3Zh\readme-warning.txt (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Xgmd_gfDjhMfGMTGlo\sGnbgw8s2gTrD4\readme-warning.txt (Dropped File)
Mime Type text/plain
File Size 1.69 KB
MD5 a7fe09a97d857fbb07eb680977d01e40 Copy to Clipboard
SHA1 35c682cdadc9791779b388326fc2e70729b71f10 Copy to Clipboard
SHA256 87fd23abd1d45f81ebe02784dcbfc4aed129c296ba788083aee38df6adf7dc46 Copy to Clipboard
SSDeep 48:x6FO5yQGdHcEZ9/iddeAHUaKcm0KnXwuQQvG:xwEyJdHcEZ9serDg8G Copy to Clipboard
ImpHash -
c:\windows\serviceprofiles\localservice\appdata\local\lastalive0.dat Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 2.00 KB
MD5 b28a0da88ae13d62c313cd374d8ae442 Copy to Clipboard
SHA1 7abc5c8e172fc0ec1ef72ae824d82173754f4a0f Copy to Clipboard
SHA256 be7c2c205521deab33ebcedb47c4016c13e28b7d22976340f461276100c0c9a1 Copy to Clipboard
SSDeep 3:+lcRMBGJkut/l:tRMk Copy to Clipboard
ImpHash -
c:\windows\serviceprofiles\localservice\appdata\local\lastalive1.dat Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 2.00 KB
MD5 b6e0904ccd8957e58dc5062c49ede17b Copy to Clipboard
SHA1 001b57ec68194399f0892bdd6beb63ff2f9f7d40 Copy to Clipboard
SHA256 04d5d1574125e6a0047265915296ded64ae27378d2e3c07155e323e2ccd4a416 Copy to Clipboard
SSDeep 3:+lc+5B/lq/l/xGJ4V1:t0B/l0 Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image