Sample File:

	MD5 hash:
		751d685dcedae5880fcf2ca175726d6d

	SHA1 hash:
		742c6a29e4d1904904c6383498cba9a0117c66a9

	SHA256 hash:
		97328f00d5dc6d72f7a1a5c75e6991135183ffeef10e1a6a49dab7cba2eb7f6c

	Filename(s):
		97328f00d5dc6d72f7a1a5c75e6991135183ffeef10e1a6a49dab7cba2eb7f6c.dll

	Filetype:
		Windows DLL (x86-32)


Mutex IOCs:

		- None -


Registry Key IOCs:

		HKEY_CLASSES_ROOT\http\shell\open\command
		HKEY_CURRENT_USER\Software\Classes\CLSID\\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InprocServer32
		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionParams
		HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionParams


IP IOCs:

		- None -


URL IOCs:

		webonline.mefound.com/index/index.php?h=TQz6H5GI8zI%3d&d=TQz%2f%2fCqWZDJNDfUup77CB3U%2bzyihu8MGfTz6H5GI8zJNDPofkYh%3d
		webonline.mefound.com/index/index.php?h=8NavN1UHP1o%3d&d=8Naq1O4ZqFrw16AGYzEOb8jkmgBlNA9uwOavN1UHP1rw1q83VQd%3d
		webonline.mefound.com/index/index.php?h=ppbto8NHADo%3d&d=ppboQHhZlzqml%2bKS9XExD56k2JTzdDAOlqbto8NHADqmlu2jw0d%3d
		webonline.mefound.com/index/index.php?h=OjoH51%2feH88%3d&d=OjoCBOTAiM86OwjWaegu%2bgIIMtBv7S%2f7CgoH51%2feH886OgfnX95%3d
		easport-news.publicvm.com/index/index.php?h=LIFUEDEFV6c%3d&d=LoFR84obwKcsgFshBzNmkhSzYScBNmeTHLFUEDEFV6csgVQQMQVmkRqwYSgDMGCXH7FgIAFBZpYdtWQhAzxnkwLrJHcRJXeHDKF0MBEld4cMoXQwESV3h8%3d%3d
		easport-news.publicvm.com/index/index.php?h=O2i1voZ4%2bOQ%3d&d=OWiwXT1mb%2bQ7abqPsE7J0QNagIm2S8jQC1i1voZ4%2bOQ7aLW%2bhnjJ0g1ZgIa0Tc%2fUCFiBjrY8ydYJXYGHtEHI0BUCxdmmWNjEG0iVnqZY2MQbSJWepljYxM%3d%3d
		easport-news.publicvm.com/index/index.php?h=8AsKjDaVkr4%3d&d=8gsPb42LBb7wCgW9AKOji8g5P7sGpqKKwDsKjDaVkr7wCwqMNpWjiMY6P7QEoKWOwzs%2bvAbRo43EPDi8BKyiit5heusWtbKe0CsqrBa1sp7QKyqsFrWyns%3d%3d
		easport-news.publicvm.com/index/index.php?h=TqFIohTtxkA%3d&d=TKFNQa%2fzUUBOoEeTItv3dXaTfZUk3vZ0fpFIohTtxkBOoUiiFO33dniQfZom2PFwfZF8kiSp93V%2blHyRJtT2dGDLOMU0zeZgboFogjTN5mBugWiCNM3mYM%3d%3d


File IOCs:

	Filenames:

		C:\Users\EEBsYm5\AppData\Local\Temp\\
		C:\Users\EEBsYm5\AppData\Local\Temp\\6F6C657374646D702E6F6378FF.tmp
		C:\Users\EEBsYm5\AppData\Local\Temp\xx10
		C:\Users\EEBsYm5\AppData\Local\Temp\xx11
		C:\Users\EEBsYm5\AppData\Local\Temp\xx12
		C:\Users\EEBsYm5\AppData\Local\Temp\xx13
		C:\Users\EEBsYm5\AppData\Local\Temp\xx14
		C:\Users\EEBsYm5\AppData\Local\Temp\xx15
		C:\Users\EEBsYm5\AppData\Local\Temp\xx16
		C:\Users\EEBsYm5\AppData\Local\Temp\xx17
		C:\Users\EEBsYm5\AppData\Local\Temp\xx18
		C:\Users\EEBsYm5\AppData\Local\Temp\xx19
		C:\Users\EEBsYm5\AppData\Local\Temp\xx2
		C:\Users\EEBsYm5\AppData\Local\Temp\xx20
		C:\Users\EEBsYm5\AppData\Local\Temp\xx21
		C:\Users\EEBsYm5\AppData\Local\Temp\xx3
		C:\Users\EEBsYm5\AppData\Local\Temp\xx4
		C:\Users\EEBsYm5\AppData\Local\Temp\xx5
		C:\Users\EEBsYm5\AppData\Local\Temp\xx6
		C:\Users\EEBsYm5\AppData\Local\Temp\xx7
		C:\Users\EEBsYm5\AppData\Local\Temp\xx8
		C:\Users\EEBsYm5\AppData\Local\Temp\xx9
		C:\Users\EEBsYm5\AppData\Local\Temp\~DFBEBC.tmp
		C:\Users\EEBsYm5\AppData\Local\Temp\~fgF7F5.tmp
		C:\Users\EEBsYm5\AppData\Local\Temp\~fgF844.tmp
		C:\Users\EEBsYm5\AppData\Roaming\HELP
		C:\Users\EEBsYm5\AppData\Roaming\HELP\\system32\mskfp32.ocx
		C:\Users\EEBsYm5\AppData\Roaming\HELP\\system32\msvcrtd.tlb
		C:\Users\EEBsYm5\AppData\Roaming\HELP\\system32\olestdmp.ocx
		C:\Users\EEBsYm5\AppData\Roaming\HELP\system32\
		C:\Windows\system32\kernel32.dll
		C:\Windows\system32\win.com
		System Paging File
		\\.\pipe\c41b2304

	MD5 hashes:

		12992a1633ce781d47655cb43bcdbd12
		2452a6b1368ec890a1e24fe8a7963ed6
		5224b3b768472c31e9837eb091ac4da2
		7b5b6c7bf41e6055abd4e74476e08575
		8e327c0e388ec0c2c1827724e583af90
		b03290b76ede0df2bffd30926b522eae
		d1cef9e7d2df511f5095f7532bbb3624
		d41d8cd98f00b204e9800998ecf8427e
		d44f6f1dbff7a816acdd7e69884ae707
		de99e5057f0ea5ed7aba40661b762e4a
		e5a53dd11c6c5493655cf92cd6ecf5ca

	SHA1 hashes:

		214670d71ba883f66e035a0f300528e4b1cf5b00
		3f33aefb075a3747ed9f77c009f2de156487a05f
		479a86ae7f7beff58cd7c1cabc91d7518943b548
		4e5607be0fded9c09fe7966c077576db3753c2a8
		5c05d3a68f69258d236f6d9677cc0a42e399e7cc
		60367181f47ec979afef7a7327fdf749b6ff5988
		a3deba0d08a85f539b1691b523189c5630a547ce
		b880a509cc1af5748cca9c1493519ed81e3a3495
		da39a3ee5e6b4b0d3255bfef95601890afd80709
		edb269e72b9b9f02095cd3e1a9de928780dba698
		fc81346041f384f162afd9fca259c544f996538d

	SHA256 hashes:

		0bb31e27bfd7adde01ada0184515b36ec5f553126c6965efa1febd327b48276f
		2392619f397925a165cf31634781d68b006c396611c425f6c67f338356e47f8f
		3314b865d97e1fc43c80bff1eae46e8446e53311db7bf37146e8fb82b7136d55
		8f0f5c99853ec802faaf9fc84a6587dc068051e935486ade64dd11643fde7f5b
		8f8fd27d15c33844302cd60b3238125cac0a8639cabb17aa01b4b42ee2569462
		9e8ce688f7492930823f1517ee7458cd89ddad33a8440261cf82564323a65bec
		a38a6a923110ec4cdb46bcfe128985b84cd3b3e7f1e22e5a9b06a5b683f3f040
		ae382e9548254689e32b154d65476507423b3916f68ec028bd81b2c39055ec86
		c873a7fa57871e32e0721dcec4e9d82eaa3baa42c804b70276f9c98d59de7d62
		e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
		eb3018114ff7109d4b57abd24dafd3ebce34a61c5a59f2e34709cd1a54c45f71