077eee74b8f1

C:\Users\kEecfMwgj\Desktop\Setup.exe

Sample File

Binary

»

MIME Type	application/vnd.microsoft.portable-executable
File Size	12.25 MB
MD5	da6b7ddd28dc387bcd10b180c9bdff58
SHA1	c29cd8c4370576afb63deea020bcafd8c0638de0
SHA256	077eee74b8f1227707b389a953234756d3bf8b78108a24f132bd5feb209dd8f6
SSDeep	98304:79Xv0eg9Xv0WJEdbxAtwOT3vjONrdbxAtQGTgvjOmh9Xvp79XvTY9XvRy9Xvjo9V:tqiRJAUkotsOFdRvCkn
ImpHash	f34d5f2d4577ed6d9ceec516c1f5a744

File Reputation Information

»

Verdict	Malicious
Names	Mal/Generic-S

PE Information

»

Image Base	0x00400000
Entry Point	0x01022186
Size Of Code	0x00C20200
Size Of Initialized Data	0x00020C00
File Type	IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem	IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type	IMAGE_FILE_MACHINE_I386
Compile Timestamp	2038-05-23 18:39 (UTC)

Version Information (11)

»

Comments	Hack of Fortnite, with Aimbot and ESP
CompanyName	-
FileDescription	Fortnite Hacks
FileVersion	16.0.5.0
InternalName	SyrkProject.exe
LegalCopyright	Copyright © 2019
LegalTrademarks	-
OriginalFilename	SyrkProject.exe
ProductName	Fortnite Hacks
ProductVersion	16.0.5.0
Assembly Version	16.0.5.0

Sections (3)

»

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x00402000	0x00C2018C	0x00C20200	0x00000200	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	6.75
.rsrc	0x01024000	0x00020A00	0x00020A00	0x00C20400	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	5.66
.reloc	0x01046000	0x0000000C	0x00000200	0x00C40E00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	0.1

Imports (1)

»

mscoree.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_CorExeMain	-	0x00402000	0x00C2215A	0x00C2035A	0x00000000

Memory Dumps (6)

»

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
setup.exe	1	0x01360000	0x01FA7FFF	Relevant Image	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x00CFE000	0x00CFFFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x00379000	0x0037FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x0054E488	0x0055E586	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
setup.exe	1	0x01360000	0x01FA7FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
setup.exe	1	0x01360000	0x01FA7FFF	Final Dump	32-bit	-	... Actions Go to Process Download Dump

C:\Users\Public\Documents\cgo46ea565sdfse7.exe

Dropped File

Binary

»

MIME Type	application/vnd.microsoft.portable-executable
File Size	349.06 KB
MD5	c1bd6d763e6eb6213cac300b03db380b
SHA1	a214070f565c823680eee2ead181618b10951eb0
SHA256	c239d501439b776e93085925eb132ff164b1f3ba4fdc356a00045e8674dc1387
SSDeep	6144:AAFTxES9XIYH8tewQ28cV0XATSCGRJYD8LPSkbBvkcsl4xuoE72l6z:AAEdbxAtwmbT3vjON
ImpHash	f6783656f27e60929c7935f3f748dab1

File Reputation Information

»

Verdict	Malicious
Names	Mal/Generic-S

PE Information

»

Image Base	0x00400000
Entry Point	0x004014A0
Size Of Code	0x00001800
Size Of Initialized Data	0x0000B800
Size Of Uninitialized Data	0x00000400
File Type	IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem	IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type	IMAGE_FILE_MACHINE_I386
Compile Timestamp	2019-07-24 09:03 (UTC)

Sections (15)

»

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x00401000	0x000016C4	0x00001800	0x00000400	IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	5.86
.data	0x00403000	0x00006FCC	0x00007000	0x00001C00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	7.66
.rdata	0x0040A000	0x000025C4	0x00002600	0x00008C00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ	5.16
.bss	0x0040D000	0x000003E8	0x00000000	0x00000000	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	0.0
.idata	0x0040E000	0x0000058C	0x00000600	0x0000B200	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	4.5
.CRT	0x0040F000	0x00000034	0x00000200	0x0000B800	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	0.27
.tls	0x00410000	0x00000008	0x00000200	0x0000BA00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	0.0
/4	0x00411000	0x000002A8	0x00000400	0x0000BC00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	1.73
/19	0x00412000	0x0003D69C	0x0003D800	0x0000C000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	5.96
/31	0x00450000	0x0000212E	0x00002200	0x00049800	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	4.57
/45	0x00453000	0x000021DE	0x00002200	0x0004BA00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	5.23
/57	0x00456000	0x00000748	0x00000800	0x0004DC00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	4.42
/70	0x00457000	0x000006D3	0x00000800	0x0004E400	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	4.54
/81	0x00458000	0x00000D83	0x00000E00	0x0004EC00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	3.5
/92	0x00459000	0x000001C0	0x00000200	0x0004FA00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	2.62

Imports (3)

»

KERNEL32.dll (20)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
DeleteCriticalSection	-	0x0040E114	0x0000E050	0x0000B250	0x000000D7
EnterCriticalSection	-	0x0040E118	0x0000E054	0x0000B254	0x000000F3
GetConsoleWindow	-	0x0040E11C	0x0000E058	0x0000B258	0x000001BF
GetCurrentProcess	-	0x0040E120	0x0000E05C	0x0000B25C	0x000001C8
GetCurrentProcessId	-	0x0040E124	0x0000E060	0x0000B260	0x000001C9
GetCurrentThreadId	-	0x0040E128	0x0000E064	0x0000B264	0x000001CD
GetLastError	-	0x0040E12C	0x0000E068	0x0000B268	0x00000207
GetStartupInfoA	-	0x0040E130	0x0000E06C	0x0000B26C	0x00000268
GetSystemTimeAsFileTime	-	0x0040E134	0x0000E070	0x0000B270	0x0000027F
GetTickCount	-	0x0040E138	0x0000E074	0x0000B274	0x0000029B
InitializeCriticalSection	-	0x0040E13C	0x0000E078	0x0000B278	0x000002EF
LeaveCriticalSection	-	0x0040E140	0x0000E07C	0x0000B27C	0x00000345
QueryPerformanceCounter	-	0x0040E144	0x0000E080	0x0000B280	0x000003B6
SetUnhandledExceptionFilter	-	0x0040E148	0x0000E084	0x0000B284	0x0000048C
Sleep	-	0x0040E14C	0x0000E088	0x0000B288	0x00000499
TerminateProcess	-	0x0040E150	0x0000E08C	0x0000B28C	0x000004A7
TlsGetValue	-	0x0040E154	0x0000E090	0x0000B290	0x000004AE
UnhandledExceptionFilter	-	0x0040E158	0x0000E094	0x0000B294	0x000004BB
VirtualProtect	-	0x0040E15C	0x0000E098	0x0000B298	0x000004DB
VirtualQuery	-	0x0040E160	0x0000E09C	0x0000B29C	0x000004DE

msvcrt.dll (25)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
__getmainargs	-	0x0040E168	0x0000E0A4	0x0000B2A4	0x0000003B
__initenv	-	0x0040E16C	0x0000E0A8	0x0000B2A8	0x0000003C
__lconv_init	-	0x0040E170	0x0000E0AC	0x0000B2AC	0x00000045
__p__acmdln	-	0x0040E174	0x0000E0B0	0x0000B2B0	0x0000004D
__p__fmode	-	0x0040E178	0x0000E0B4	0x0000B2B4	0x00000054
__set_app_type	-	0x0040E17C	0x0000E0B8	0x0000B2B8	0x00000069
__setusermatherr	-	0x0040E180	0x0000E0BC	0x0000B2BC	0x0000006C
_amsg_exit	-	0x0040E184	0x0000E0C0	0x0000B2C0	0x0000008F
_cexit	-	0x0040E188	0x0000E0C4	0x0000B2C4	0x000000A0
_initterm	-	0x0040E18C	0x0000E0C8	0x0000B2C8	0x00000133
_iob	-	0x0040E190	0x0000E0CC	0x0000B2CC	0x00000137
_onexit	-	0x0040E194	0x0000E0D0	0x0000B2D0	0x0000023C
abort	-	0x0040E198	0x0000E0D4	0x0000B2D4	0x0000039C
calloc	-	0x0040E19C	0x0000E0D8	0x0000B2D8	0x000003A9
exit	-	0x0040E1A0	0x0000E0DC	0x0000B2DC	0x000003B3
fprintf	-	0x0040E1A4	0x0000E0E0	0x0000B2E0	0x000003C3
free	-	0x0040E1A8	0x0000E0E4	0x0000B2E4	0x000003CA
fwrite	-	0x0040E1AC	0x0000E0E8	0x0000B2E8	0x000003D6
malloc	-	0x0040E1B0	0x0000E0EC	0x0000B2EC	0x00000402
memcpy	-	0x0040E1B4	0x0000E0F0	0x0000B2F0	0x0000040A
signal	-	0x0040E1B8	0x0000E0F4	0x0000B2F4	0x00000425
strlen	-	0x0040E1BC	0x0000E0F8	0x0000B2F8	0x00000437
strncmp	-	0x0040E1C0	0x0000E0FC	0x0000B2FC	0x0000043A
system	-	0x0040E1C4	0x0000E100	0x0000B300	0x0000044B
vfprintf	-	0x0040E1C8	0x0000E104	0x0000B304	0x00000459

USER32.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
ShowWindow	-	0x0040E1D0	0x0000E10C	0x0000B30C	0x00000335

Memory Dumps (2)

»

Name	Process ID	Start VA	End VA	Dump Reason	PE Rebuild	Bitness	Entry Point	YARA	Actions
cgo46ea565sdfse7.exe	2	0x00400000	0x00459FFF	Relevant Image		32-bit	0x004015B9		... Actions Go to Process Download Dump
cgo46ea565sdfse7.exe	2	0x00400000	0x00459FFF	Process Termination		32-bit	-		... Actions Go to Process Download Dump

C:\Users\Public\Documents\startSF.exe

Dropped File

Binary

»

MIME Type	application/vnd.microsoft.portable-executable
File Size	89.00 KB
MD5	6cc73421112f42575153bf7cfe7db572
SHA1	d9099c5b7edfc921e998fb5392a4ecca6370e2ef
SHA256	31c3e1c03b15347bf8184854e65261a81ba12db0dcf3aeb5344ced6d8321ddf1
SSDeep	1536:b7fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIfRwY0OG:37DhdC6kzWypvaQ0FxyNTBfRg
ImpHash	2c5f2513605e48f2d8ea5440a870cb9e

File Reputation Information

»

Verdict	Malicious
Names	Mal/Generic-S

PE Information

»

Image Base	0x00400000
Entry Point	0x00401000
Size Of Code	0x00011400
Size Of Initialized Data	0x00004C00
File Type	IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem	IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type	IMAGE_FILE_MACHINE_I386
Compile Timestamp	2019-05-16 14:07 (UTC)
Packer	PureBasic 4.x -> Neil Hodgson

Sections (5)

»

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.code	0x00401000	0x0000387E	0x00003A00	0x00000400	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	5.53
.text	0x00405000	0x0000D962	0x0000DA00	0x00003E00	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	6.56
.rdata	0x00413000	0x000033A5	0x00003400	0x00011800	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	7.11
.data	0x00417000	0x0000178C	0x00001200	0x00014C00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	5.1
.rsrc	0x00419000	0x00000538	0x00000600	0x00015E00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	5.54

Imports (9)

»

MSVCRT.dll (16)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
memset	-	0x00417470	0x00017234	0x00014E34	0x00000299
wcsncmp	-	0x00417474	0x00017238	0x00014E38	0x000002E8
memmove	-	0x00417478	0x0001723C	0x00014E3C	0x00000298
wcsncpy	-	0x0041747C	0x00017240	0x00014E40	0x000002E9
wcsstr	-	0x00417480	0x00017244	0x00014E44	0x000002ED
_wcsnicmp	-	0x00417484	0x00017248	0x00014E48	0x000001EE
_wcsdup	-	0x00417488	0x0001724C	0x00014E4C	0x000001E9
free	-	0x0041748C	0x00017250	0x00014E50	0x0000025E
_wcsicmp	-	0x00417490	0x00017254	0x00014E54	0x000001EA
wcslen	-	0x00417494	0x00017258	0x00014E58	0x000002E6
wcscpy	-	0x00417498	0x0001725C	0x00014E5C	0x000002E3
wcscmp	-	0x0041749C	0x00017260	0x00014E60	0x000002E1
wcscat	-	0x004174A0	0x00017264	0x00014E64	0x000002DF
memcpy	-	0x004174A4	0x00017268	0x00014E68	0x00000297
tolower	-	0x004174A8	0x0001726C	0x00014E6C	0x000002D3
malloc	-	0x004174AC	0x00017270	0x00014E70	0x00000291

KERNEL32.dll (72)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetModuleHandleW	-	0x004174B4	0x00017278	0x00014E78	0x000001FA
HeapCreate	-	0x004174B8	0x0001727C	0x00014E7C	0x000002A4
GetStdHandle	-	0x004174BC	0x00017280	0x00014E80	0x0000023E
SetConsoleCtrlHandler	-	0x004174C0	0x00017284	0x00014E84	0x000003AF
HeapDestroy	-	0x004174C4	0x00017288	0x00014E88	0x000002A5
ExitProcess	-	0x004174C8	0x0001728C	0x00014E8C	0x00000105
WriteFile	-	0x004174CC	0x00017290	0x00014E90	0x00000497
GetTempFileNameW	-	0x004174D0	0x00017294	0x00014E94	0x0000025D
LoadLibraryExW	-	0x004174D4	0x00017298	0x00014E98	0x000002F8
EnumResourceTypesW	-	0x004174D8	0x0001729C	0x00014E9C	0x000000F2
FreeLibrary	-	0x004174DC	0x000172A0	0x00014EA0	0x0000014D
RemoveDirectoryW	-	0x004174E0	0x000172A4	0x00014EA4	0x00000386
EnumResourceNamesW	-	0x004174E4	0x000172A8	0x00014EA8	0x000000EE
GetCommandLineW	-	0x004174E8	0x000172AC	0x00014EAC	0x00000171
LoadResource	-	0x004174EC	0x000172B0	0x00014EB0	0x000002FB
SizeofResource	-	0x004174F0	0x000172B4	0x00014EB4	0x0000042A
FreeResource	-	0x004174F4	0x000172B8	0x00014EB8	0x00000150
FindResourceW	-	0x004174F8	0x000172BC	0x00014EBC	0x0000013A
GetNativeSystemInfo	-	0x004174FC	0x000172C0	0x00014EC0	0x00000207
GetShortPathNameW	-	0x00417500	0x000172C4	0x00014EC4	0x0000023B
GetWindowsDirectoryW	-	0x00417504	0x000172C8	0x00014EC8	0x00000286
GetSystemDirectoryW	-	0x00417508	0x000172CC	0x00014ECC	0x0000024A
EnterCriticalSection	-	0x0041750C	0x000172D0	0x00014ED0	0x000000DA
CloseHandle	-	0x00417510	0x000172D4	0x00014ED4	0x00000044
LeaveCriticalSection	-	0x00417514	0x000172D8	0x00014ED8	0x000002F4
InitializeCriticalSection	-	0x00417518	0x000172DC	0x00014EDC	0x000002B9
WaitForSingleObject	-	0x0041751C	0x000172E0	0x00014EE0	0x0000046E
TerminateThread	-	0x00417520	0x000172E4	0x00014EE4	0x00000438
CreateThread	-	0x00417524	0x000172E8	0x00014EE8	0x000000A4
GetProcAddress	-	0x00417528	0x000172EC	0x00014EEC	0x00000222
GetVersionExW	-	0x0041752C	0x000172F0	0x00014EF0	0x0000027B
Sleep	-	0x00417530	0x000172F4	0x00014EF4	0x0000042B
WideCharToMultiByte	-	0x00417534	0x000172F8	0x00014EF8	0x00000484
HeapAlloc	-	0x00417538	0x000172FC	0x00014EFC	0x000002A2
HeapFree	-	0x0041753C	0x00017300	0x00014F00	0x000002A6
LoadLibraryW	-	0x00417540	0x00017304	0x00014F04	0x000002F9
GetCurrentProcessId	-	0x00417544	0x00017308	0x00014F08	0x000001AB
GetCurrentThreadId	-	0x00417548	0x0001730C	0x00014F0C	0x000001AE
GetModuleFileNameW	-	0x0041754C	0x00017310	0x00014F10	0x000001F6
PeekNamedPipe	-	0x00417550	0x00017314	0x00014F14	0x00000343
TerminateProcess	-	0x00417554	0x00017318	0x00014F18	0x00000437
GetEnvironmentVariableW	-	0x00417558	0x0001731C	0x00014F1C	0x000001C4
SetEnvironmentVariableW	-	0x0041755C	0x00017320	0x00014F20	0x000003D9
GetCurrentProcess	-	0x00417560	0x00017324	0x00014F24	0x000001AA
DuplicateHandle	-	0x00417564	0x00017328	0x00014F28	0x000000D5
CreatePipe	-	0x00417568	0x0001732C	0x00014F2C	0x00000092
CreateProcessW	-	0x0041756C	0x00017330	0x00014F30	0x00000098
GetExitCodeProcess	-	0x00417570	0x00017334	0x00014F34	0x000001C6
SetUnhandledExceptionFilter	-	0x00417574	0x00017338	0x00014F38	0x0000041F
HeapSize	-	0x00417578	0x0001733C	0x00014F3C	0x000002AB
MultiByteToWideChar	-	0x0041757C	0x00017340	0x00014F40	0x0000031F
CreateDirectoryW	-	0x00417580	0x00017344	0x00014F44	0x00000072
SetFileAttributesW	-	0x00417584	0x00017348	0x00014F48	0x000003E2
GetTempPathW	-	0x00417588	0x0001734C	0x00014F4C	0x0000025F
DeleteFileW	-	0x0041758C	0x00017350	0x00014F50	0x000000C4
GetCurrentDirectoryW	-	0x00417590	0x00017354	0x00014F54	0x000001A9
SetCurrentDirectoryW	-	0x00417594	0x00017358	0x00014F58	0x000003CF
CreateFileW	-	0x00417598	0x0001735C	0x00014F5C	0x00000080
SetFilePointer	-	0x0041759C	0x00017360	0x00014F60	0x000003E7
TlsFree	-	0x004175A0	0x00017364	0x00014F64	0x0000043D
TlsGetValue	-	0x004175A4	0x00017368	0x00014F68	0x0000043E
TlsSetValue	-	0x004175A8	0x0001736C	0x00014F6C	0x0000043F
TlsAlloc	-	0x004175AC	0x00017370	0x00014F70	0x0000043C
HeapReAlloc	-	0x004175B0	0x00017374	0x00014F74	0x000002A9
DeleteCriticalSection	-	0x004175B4	0x00017378	0x00014F78	0x000000BF
InterlockedCompareExchange	-	0x004175B8	0x0001737C	0x00014F7C	0x000002BF
InterlockedExchange	-	0x004175BC	0x00017380	0x00014F80	0x000002C2
GetLastError	-	0x004175C0	0x00017384	0x00014F84	0x000001E7
SetLastError	-	0x004175C4	0x00017388	0x00014F88	0x000003F4
UnregisterWait	-	0x004175C8	0x0001738C	0x00014F8C	0x0000044F
GetCurrentThread	-	0x004175CC	0x00017390	0x00014F90	0x000001AD
RegisterWaitForSingleObject	-	0x004175D0	0x00017394	0x00014F94	0x00000378

USER32.DLL (33)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
CharUpperW	-	0x004175D8	0x0001739C	0x00014F9C	0x00000000
CharLowerW	-	0x004175DC	0x000173A0	0x00014FA0	0x00000000
MessageBoxW	-	0x004175E0	0x000173A4	0x00014FA4	0x00000000
DefWindowProcW	-	0x004175E4	0x000173A8	0x00014FA8	0x00000000
DestroyWindow	-	0x004175E8	0x000173AC	0x00014FAC	0x00000000
GetWindowLongW	-	0x004175EC	0x000173B0	0x00014FB0	0x00000000
GetWindowTextLengthW	-	0x004175F0	0x000173B4	0x00014FB4	0x00000000
GetWindowTextW	-	0x004175F4	0x000173B8	0x00014FB8	0x00000000
UnregisterClassW	-	0x004175F8	0x000173BC	0x00014FBC	0x00000000
LoadIconW	-	0x004175FC	0x000173C0	0x00014FC0	0x00000000
LoadCursorW	-	0x00417600	0x000173C4	0x00014FC4	0x00000000
RegisterClassExW	-	0x00417604	0x000173C8	0x00014FC8	0x00000000
IsWindowEnabled	-	0x00417608	0x000173CC	0x00014FCC	0x00000000
EnableWindow	-	0x0041760C	0x000173D0	0x00014FD0	0x00000000
GetSystemMetrics	-	0x00417610	0x000173D4	0x00014FD4	0x00000000
CreateWindowExW	-	0x00417614	0x000173D8	0x00014FD8	0x00000000
SetWindowLongW	-	0x00417618	0x000173DC	0x00014FDC	0x00000000
SendMessageW	-	0x0041761C	0x000173E0	0x00014FE0	0x00000000
SetFocus	-	0x00417620	0x000173E4	0x00014FE4	0x00000000
CreateAcceleratorTableW	-	0x00417624	0x000173E8	0x00014FE8	0x00000000
SetForegroundWindow	-	0x00417628	0x000173EC	0x00014FEC	0x00000000
BringWindowToTop	-	0x0041762C	0x000173F0	0x00014FF0	0x00000000
GetMessageW	-	0x00417630	0x000173F4	0x00014FF4	0x00000000
TranslateAcceleratorW	-	0x00417634	0x000173F8	0x00014FF8	0x00000000
TranslateMessage	-	0x00417638	0x000173FC	0x00014FFC	0x00000000
DispatchMessageW	-	0x0041763C	0x00017400	0x00015000	0x00000000
DestroyAcceleratorTable	-	0x00417640	0x00017404	0x00015004	0x00000000
PostMessageW	-	0x00417644	0x00017408	0x00015008	0x00000000
GetForegroundWindow	-	0x00417648	0x0001740C	0x0001500C	0x00000000
GetWindowThreadProcessId	-	0x0041764C	0x00017410	0x00015010	0x00000000
IsWindowVisible	-	0x00417650	0x00017414	0x00015014	0x00000000
EnumWindows	-	0x00417654	0x00017418	0x00015018	0x00000000
SetWindowPos	-	0x00417658	0x0001741C	0x0001501C	0x00000000

GDI32.DLL (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetStockObject	-	0x00417660	0x00017424	0x00015024	0x00000000

COMCTL32.DLL (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
InitCommonControlsEx	-	0x00417668	0x0001742C	0x0001502C	0x00000000

SHELL32.DLL (3)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
ShellExecuteExW	-	0x00417670	0x00017434	0x00015034	0x00000000
SHGetFolderLocation	-	0x00417674	0x00017438	0x00015038	0x00000000
SHGetPathFromIDListW	-	0x00417678	0x0001743C	0x0001503C	0x00000000

WINMM.DLL (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
timeBeginPeriod	-	0x00417680	0x00017444	0x00015044	0x00000000

OLE32.DLL (2)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
CoInitialize	-	0x00417688	0x0001744C	0x0001504C	0x00000000
CoTaskMemFree	-	0x0041768C	0x00017450	0x00015050	0x00000000

SHLWAPI.DLL (5)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
PathAddBackslashW	-	0x00417694	0x00017458	0x00015058	0x00000000
PathRenameExtensionW	-	0x00417698	0x0001745C	0x0001505C	0x00000000
PathQuoteSpacesW	-	0x0041769C	0x00017460	0x00015060	0x00000000
PathRemoveArgsW	-	0x004176A0	0x00017464	0x00015064	0x00000000
PathRemoveBackslashW	-	0x004176A4	0x00017468	0x00015068	0x00000000

Memory Dumps (2)

»

Name	Process ID	Start VA	End VA	Dump Reason	PE Rebuild	Bitness	Entry Point	YARA	Actions
startsf.exe	3	0x00400000	0x00419FFF	Relevant Image		32-bit	0x0040E4D0		... Actions Go to Process Download Dump
startsf.exe	3	0x00400000	0x00419FFF	Process Termination		32-bit	-		... Actions Go to Process Download Dump

C:\Users\Public\Documents\LimeUSB_Csharp.exe

Dropped File

Binary

»

MIME Type	application/vnd.microsoft.portable-executable
File Size	10.00 MB
MD5	882d128bf4aaa2f1e5bbdbc066fa9eec
SHA1	905bebf7681c8642dbae3c5a8066f6a2753a213e
SHA256	2e137c252a41187d2e70e2a8066d93268a95cb54b0b7a38feed7fa8c3c7b0de2
SSDeep	98304:f9Xv0WJEdbxAtwOT3vjONrdbxAtQGTgvjOmh9Xvp79XvTY9XvRy9Xvjo9Xvxc9X/:viRJAUkotsOFdRvCU
ImpHash	-

PE Information

»

Image Base	0x00400000
Entry Point	0x00EBE3AE
Size Of Code	0x00ABC400
Size Of Initialized Data	0x00000A00
File Type	IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem	IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type	IMAGE_FILE_MACHINE_I386
Compile Timestamp	2038-03-22 18:18 (UTC)

Sections (3)

»

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x00402000	0x00ABC3B4	0x00ABC400	0x00000200	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	6.78
.rsrc	0x00EC0000	0x00000690	0x00000800	0x00ABC600	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	0.0
.reloc	0x00EC2000	0x0000000C	0x00000200	0x00ABCE00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	0.0

Memory Dumps (41)

»

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
limeusb_csharp.exe	10	0x003B0000	0x00E73FFF	Relevant Image	64-bit	-	... Actions Go to Process Download Dump
limeusb_csharp.exe	11	0x003B0000	0x00E73FFF	Relevant Image	64-bit	-	... Actions Go to Process Download Dump
limeusb_csharp.exe	12	0x003B0000	0x00E73FFF	Relevant Image	64-bit	-	... Actions Go to Process Download Dump
limeusb_csharp.exe	12	0x003B0000	0x00E73FFF	Process Termination	64-bit	-	... Actions Go to Process Download Dump
limeusb_csharp.exe	11	0x003B0000	0x00E73FFF	Process Termination	64-bit	-	... Actions Go to Process Download Dump
limeusb_csharp.exe	10	0x003B0000	0x00E73FFF	Process Termination	64-bit	-	... Actions Go to Process Download Dump
limeusb_csharp.exe	13	0x003B0000	0x00E73FFF	Relevant Image	64-bit	-	... Actions Go to Process Download Dump
limeusb_csharp.exe	13	0x003B0000	0x00E73FFF	Process Termination	64-bit	-	... Actions Go to Process Download Dump
limeusb_csharp.exe	14	0x003B0000	0x00E73FFF	Relevant Image	64-bit	-	... Actions Go to Process Download Dump
limeusb_csharp.exe	14	0x003B0000	0x00E73FFF	Process Termination	64-bit	-	... Actions Go to Process Download Dump
limeusb_csharp.exe	15	0x00330000	0x00DF3FFF	Relevant Image	64-bit	-	... Actions Go to Process Download Dump
limeusb_csharp.exe	15	0x00330000	0x00DF3FFF	Process Termination	64-bit	-	... Actions Go to Process Download Dump
limeusb_csharp.exe	16	0x00A30000	0x014F3FFF	Relevant Image	64-bit	-	... Actions Go to Process Download Dump
limeusb_csharp.exe	16	0x00A30000	0x014F3FFF	Process Termination	64-bit	-	... Actions Go to Process Download Dump
limeusb_csharp.exe	17	0x00C60000	0x01723FFF	Relevant Image	64-bit	-	... Actions Go to Process Download Dump
limeusb_csharp.exe	17	0x00C60000	0x01723FFF	Process Termination	64-bit	-	... Actions Go to Process Download Dump
limeusb_csharp.exe	18	0x00F20000	0x019E3FFF	Relevant Image	64-bit	-	... Actions Go to Process Download Dump
limeusb_csharp.exe	18	0x00F20000	0x019E3FFF	Process Termination	64-bit	-	... Actions Go to Process Download Dump
limeusb_csharp.exe	19	0x00F20000	0x019E3FFF	Relevant Image	64-bit	-	... Actions Go to Process Download Dump
limeusb_csharp.exe	19	0x00F20000	0x019E3FFF	Process Termination	64-bit	-	... Actions Go to Process Download Dump
limeusb_csharp.exe	20	0x00F20000	0x019E3FFF	Relevant Image	64-bit	-	... Actions Go to Process Download Dump
limeusb_csharp.exe	20	0x00F20000	0x019E3FFF	Process Termination	64-bit	-	... Actions Go to Process Download Dump
limeusb_csharp.exe	21	0x00F20000	0x019E3FFF	Relevant Image	64-bit	-	... Actions Go to Process Download Dump
limeusb_csharp.exe	21	0x00F20000	0x019E3FFF	Process Termination	64-bit	-	... Actions Go to Process Download Dump
limeusb_csharp.exe	22	0x00330000	0x00DF3FFF	Relevant Image	64-bit	-	... Actions Go to Process Download Dump
limeusb_csharp.exe	22	0x00330000	0x00DF3FFF	Process Termination	64-bit	-	... Actions Go to Process Download Dump
limeusb_csharp.exe	23	0x00330000	0x00DF3FFF	Relevant Image	64-bit	-	... Actions Go to Process Download Dump
limeusb_csharp.exe	23	0x00330000	0x00DF3FFF	Process Termination	64-bit	-	... Actions Go to Process Download Dump
limeusb_csharp.exe	24	0x00330000	0x00DF3FFF	Relevant Image	64-bit	-	... Actions Go to Process Download Dump
limeusb_csharp.exe	24	0x00330000	0x00DF3FFF	Process Termination	64-bit	-	... Actions Go to Process Download Dump
limeusb_csharp.exe	25	0x00330000	0x00DF3FFF	Relevant Image	64-bit	-	... Actions Go to Process Download Dump
limeusb_csharp.exe	25	0x00330000	0x00DF3FFF	Process Termination	64-bit	-	... Actions Go to Process Download Dump
limeusb_csharp.exe	26	0x00230000	0x00CF3FFF	Relevant Image	64-bit	-	... Actions Go to Process Download Dump
limeusb_csharp.exe	26	0x00230000	0x00CF3FFF	Process Termination	64-bit	-	... Actions Go to Process Download Dump
limeusb_csharp.exe	27	0x003C0000	0x00E83FFF	Relevant Image	64-bit	-	... Actions Go to Process Download Dump
limeusb_csharp.exe	27	0x003C0000	0x00E83FFF	Process Termination	64-bit	-	... Actions Go to Process Download Dump
limeusb_csharp.exe	28	0x001A0000	0x00C63FFF	Relevant Image	64-bit	-	... Actions Go to Process Download Dump
limeusb_csharp.exe	30	0x000C0000	0x00B83FFF	Relevant Image	64-bit	-	... Actions Go to Process Download Dump
limeusb_csharp.exe	30	0x000C0000	0x00B83FFF	Process Termination	64-bit	-	... Actions Go to Process Download Dump
limeusb_csharp.exe	31	0x00FA0000	0x01A63FFF	Relevant Image	64-bit	-	... Actions Go to Process Download Dump
limeusb_csharp.exe	31	0x00FA0000	0x01A63FFF	Process Termination	64-bit	-	... Actions Go to Process Download Dump

c:\users\keecfmwgj\appdata\local\gdipfontcachev1.dat

Dropped File

Stream

»

MIME Type	application/octet-stream
File Size	108.52 KB
MD5	adf279d903d863e9b68ecd1d228893fb
SHA1	7d9f49311fe95bc7a3d2e2ae751954efa3f546cf
SHA256	cb4e2511e5a723b966e80a5ec8c465f7337b003f19c308697cf98a5b36ae71c8
SSDeep	768:NoCcHivjI3HgTlPVJ9kRXkh4OXfHBBpWkJJciK9EIoJgoT/Od4nrvR4Fw:NSivs3HgTlPXiOXfckJJciK94EFw
ImpHash	-

c:\users\keecfmwgj\music\omcoseo.wav.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Music\omCoSEo.wav.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	99.55 KB
MD5	aea482b0a025a5460a6c3d6255e85d0e
SHA1	f67dcd0df96bc7b9baa55e1e7de360793a66884a
SHA256	596ed2ba26fc25b1ebe3108ae2ffd8fccd23024b2a0426b06008f8fd849d70a3
SSDeep	3072:HBFQw9Mbw4jWHkzmzS/M5E5tB84XuUjOO1hBkAw:HBFQw2SE6e0534X7X5w
ImpHash	-

c:\users\keecfmwgj\desktop\m3w-q0rzrfukl\ncd4gg.jpg.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Desktop\M3w-Q0RZrFUkL\NcD4gg.jpg.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	97.44 KB
MD5	fe0a0d8057c752263d392d0b865ae7ce
SHA1	a9e0fae88bbfae0bbca19b8cb9780e0cd662eaac
SHA256	3214a38a14daecfea7d4f9030766aaa1aafc09e2f2dde2ae094f4ec09e908b6d
SSDeep	1536:pg3YuzqVqaWJgQaybsXFVkStZlhpryqjzRUSNEDT0B1Z02u+WkSmHn1OLusq:pksWLaUsXFDtvhRn7NE3K0Pkngasq
ImpHash	-

C:\Users\kEecfMwgj\Documents\gADgp30\qJEcmQ\9bDYANhq-V\tirKK9 byo0\JGqHA5Ln0.ppt.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\documents\gadgp30\qjecmq\9bdyanhq-v\tirkk9 byo0\jgqha5ln0.ppt.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	97.17 KB
MD5	80775e44484aecff166355726af05ad5
SHA1	52c19fa69ac60719fb11e08a6e34abb6752bfc0d
SHA256	b39e335595b51ec09e2a5c150bc968880c31079d2d2bc2afef1ac9a60a872644
SSDeep	3072:2eTVBDPT93NijpOfdxrA8QP3/0ouEPdKSLu:2qDO9IdWVvh18
ImpHash	-

c:\users\keecfmwgj\pictures\-yqu7r.jpg.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Pictures\-yqu7r.jpg.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	96.84 KB
MD5	7f5a9515f09934f552f967f92efd0952
SHA1	ab81f304da452493104dc9e05918a4b77eff0647
SHA256	7659cb2d5739a47ee12cf6392c81822d5652712cb4d09761c2da4ede7770808f
SSDeep	3072:N2PTgmodwnLvJ6qkPmqTUMBklA4LPgeEFQjx9:8KWnzJ6qkeqTUM2lA4L4eEFQr
ImpHash	-

C:\Users\kEecfMwgj\Music\sR45lfBmn\HnGdqI3uzhk02\qL4ItMgKfKQ\tjL0lG.mp3.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\music\sr45lfbmn\hngdqi3uzhk02\ql4itmgkfkq\tjl0lg.mp3.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	96.03 KB
MD5	ba61824410e3e076c36a13caa4badb0e
SHA1	8574643826e574dd4cd7cde10399c4fdb738d5bf
SHA256	0cea05e6120228dd58220ffb69a994b3d46b4aa2a40c64edd4400bc022557d05
SSDeep	3072:h5D9D9a7nqpWufm81zGezoU4ZJ+f1R8/JgX:hfGqpWuN1qqodZJAwWX
ImpHash	-

c:\users\keecfmwgj\desktop\ehz3w0f6qpam.png.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Desktop\EHZ3W0F6Qpam.png.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	95.22 KB
MD5	e1e98a71aa0049e2d959d83cbc881608
SHA1	692e623ee89ce49c6a691478bedbcaf6c352f969
SHA256	61c6e143b3d888d07157b04c1fe42294e0c57c630cbd6eeaa7cb2026a0cb48f3
SSDeep	1536:VvMTL1zXZjh8OSajM3/gLmxlR+EBlqHIs69XuqHrNJ4JDiKmuZi9clVnYe9AkF6M:E1zXZjtnju4C3BIIFeW/Cm/9cXYeQ70z
ImpHash	-

C:\Users\kEecfMwgj\Pictures\LxEyCMb3cz G.png.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\pictures\lxeycmb3cz g.png.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	94.73 KB
MD5	2f200fe224a42045cb21c23484c8bfb0
SHA1	e0c7896b986ed3f246f254a8d353a1e9aa7d5232
SHA256	d5f92769e115d0d64574d5cee2e7d44b96d01bde5ac2525de988c09de5541283
SSDeep	1536:gJPFCk97B1qtmbLbxa4f5cQGNaWqzcCDdBCEo9sTcufzzHq:GNCC1UeoGcrNaWqzcYqEfTcuffq
ImpHash	-

C:\Users\kEecfMwgj\Music\MT00azHNzYeUklUK7WLY.wav.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\music\mt00azhnzyeukluk7wly.wav.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	92.81 KB
MD5	bea0f501f9dbc9ef96b649bd534ab964
SHA1	d4e501fd76b6819dafee3e52eda961e56a44d0af
SHA256	40fef7c27c8142c89dc0a645de52f1a9be73228a4e187edb66191a161f98864b
SSDeep	1536:1sIUL3DXCpdH4GOjGeKgyl7doRLHWfRo1aVae2PU9bo5UbPp0ciZAWAzw2iWv+d:KL3DXC/OaeKgaBSJah2PU9bTPp0ciZbf
ImpHash	-

C:\Users\kEecfMwgj\Documents\hQwa.pptx.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\documents\hqwa.pptx.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	91.98 KB
MD5	eb4a74c26677092cfd408c0eba137d34
SHA1	3e51c78a409075923128d95ce8bcd1177d662898
SHA256	b94515d82ce9a82f4e67ce1f32cb50d12a579e9266dd9c84eeb042154696161c
SSDeep	1536:pwoPCmD4qgTxkshhInO1fLKab4cr875mvqgYQyQhsFr2gKhFUMKX2jTi4s5VrOPN:fcqcJ0STKawaqey0rgKhFU4niVJqlfOe
ImpHash	-

c:\users\keecfmwgj\music\sr45lfbmn\hngdqi3uzhk02\xlkrw\wwq2xl38e.mp3.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Music\sR45lfBmn\HnGdqI3uzhk02\xLkRw\Wwq2Xl38E.mp3.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	91.39 KB
MD5	2a4b0dd17f3180c4b2745b0f9ec314dd
SHA1	6e191ed41767bb7ce3f0ae1c839e11e71f7495b6
SHA256	3964603d995993e318e5f473494c0ed085ead3029f8d46f6ea7c921810ef0d6e
SSDeep	1536:hEF/4i4H2ChZa6nn5HYnYUVUdjRo1TTo2koevQUuTQciOcxUWrGM32P:S/P4H20aa4YwUZmToqevQUuTQ0sGw2P
ImpHash	-

c:\users\keecfmwgj\videos\xbhxbnsb3poh.mp4.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Videos\xbhXbnSb3PoH.mp4.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	91.01 KB
MD5	e1979acd94a830f8cb7dea04332f4890
SHA1	3f860140bd3a42c77c5f73f87daeb96ab5994bef
SHA256	8652ba9110046eeebf36fec821690dbca5ab0cf701781fecff50adb651e13f74
SSDeep	1536:PXxG9/MgVnEwdWOYKylUAqeJIlp/cFTdfRmscnuHk9GbSo/2zLc3S66S/BmpZ:fk9/MSnEwdWZvlUAqwAp/iS/uHkBVzLz
ImpHash	-

C:\Users\kEecfMwgj\Documents\gADgp30\qJEcmQ\9bDYANhq-V\vztlNW.docx.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\documents\gadgp30\qjecmq\9bdyanhq-v\vztlnw.docx.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	90.48 KB
MD5	22a8756fef228fb9de95c303dc6bc827
SHA1	9bb65e09089a51ec9c2343157cfdfc7d30146826
SHA256	f482f765f278721fd2ca01a99d93bbeae83f8f879dd7971207fb0afef3e6cf23
SSDeep	1536:XQCyAZVPHC1jmU8LEfcE4Lc4Q8/B7Kw1Fhf01deTL4LDYWSOZwzZau8bOGMzcWRd:ACyAvizAEv4A8/8w/ysc4WtuzZiMzcWD
ImpHash	-

c:\users\keecfmwgj\documents\0m2lwa6w2.docx.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Documents\0m2lWa6W2.docx.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	87.30 KB
MD5	bd9128ac453b441ccfd4cf12afa70dbf
SHA1	c1c4bc23e076b447636744f3b97ce67e6c3786d4
SHA256	ce69344077a84dcc4ba6f96737b7f1fa77c19b00c0f201ee76b3046ccd295ff5
SSDeep	1536:FY9YKwIskJKu5fKfHYpG9k+bjiece+TPJ38F643BZhw71TE1LHQ5:W9nw3sK+A4kxfNYJ3kTBZhwZg9K
ImpHash	-

C:\Users\kEecfMwgj\Desktop\KcV8WXd6gM.mp3.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\desktop\kcv8wxd6gm.mp3.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	83.23 KB
MD5	543794db3f84a76c7e9f7cdac06f1441
SHA1	7990d77f42aaedbe89214302eee40924694b246b
SHA256	e574cd45c1530de4846b48ec68ccdf6d8f15a9d2458368575eebbd7bc79db7b7
SSDeep	1536:ArhHb9g25h7kD0FsElIf1FdTt3ZOJZeCnan/Vg3pfqLWmr2/DEMIOci4lsdP:Ghb9PXkYFsGIf7dTPOzRatE8Sg2bEMZ1
ImpHash	-

C:\Users\kEecfMwgj\Documents\63C2JNBupUJaLCzjj.xlsx.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\documents\63c2jnbupujalczjj.xlsx.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	82.22 KB
MD5	6cb04decbeb6af53f77a523c8ebe92cb
SHA1	2815d61bdc8fadf0a9c6b833e4ae56bba79ccc06
SHA256	abeb0eb440730f8fb3e4d815710bf52c0476b7b1709a6795e8c8f08aa293add5
SSDeep	1536:dDoSzfWNqOz6RuD60fe+vRRI0Sro19DjjDCUlizE0yVMw2:b+Bz4ulfe+yrouU+E2w2
ImpHash	-

c:\users\keecfmwgj\music\sr45lfbmn\hngdqi3uzhk02\o5kq9mr4cc\sb2jvq1jz7zixzf4.mp3.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Music\sR45lfBmn\HnGdqI3uzhk02\O5Kq9mR4CC\SB2jVQ1jZ7ziXzf4.mp3.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	82.17 KB
MD5	c0fbb44bd372c40d479e29365b4f001a
SHA1	2d549842da44e1b193c882c26ead36ee05c14461
SHA256	1f7c93b5af11fa630b72a770b3f302dc531c9467ea6457b5cb41f5b3fbdebe06
SSDeep	1536:SQEj0zKQwVd+TFNkCpRvD/B8Vx/5xScW9DfOUiw5clCzRGHodfakiZTpt:REw+Vd+wivDJSxB0cW9DfOvwS819iV7
ImpHash	-

c:\users\keecfmwgj\pictures\t_ v5c6i.png.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Pictures\t_ v5C6i.png.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	81.53 KB
MD5	7e4f05ca5a51f1f958d4b942de770906
SHA1	2a5416fae134bd8ab0ee4eb0ea1591fc5cc14f93
SHA256	654070e295114ae7dcd103d1898fb060b0d719e099b0110f0981eb4f479194e4
SSDeep	1536:dZYjFVwX0O66v8f89H/uaLx+i25cGnQX7/05ZHKaUtH0q8cpaWQb:knw6W8gHGMo5cGiKhK/dychQb
ImpHash	-

C:\Users\kEecfMwgj\Videos\qgeTWMdHrM.mp4.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\videos\qgetwmdhrm.mp4.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	81.51 KB
MD5	0bd1fe715acb0354be1ee916226acac6
SHA1	81918b3fc1dfe6d66672d3806b540d76b74ad5c1
SHA256	836eb1d2d7b9d1e283807b30246dca0ee2298dfe42274df44b50eacd1d9ef812
SSDeep	1536:tWyo9SODNQAtPE48IvQ1vjaYeUPEpqvNwRtUMH55L3Dv3q8+TUKkEf9F2vaIPUMH:t69jrxGaYeUPEpAwPUM7v33+/fm1H
ImpHash	-

C:\Users\kEecfMwgj\Documents\UYWqtSLk mI.docx.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\documents\uywqtslk mi.docx.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	80.25 KB
MD5	cf880f689d3e172e029f3abac06bb380
SHA1	f0490d937eb3ae475203281e4ebbfdd498de66df
SHA256	42a99a78bf3011643889b6396a91de639f69a5ec963eb3ff76b7627a1397b6ca
SSDeep	1536:+KUCY7KMz4ba0X8zjedTct6KwAP0L4OrHaTAOCtjP1UbvVwLFfx:qCQzea0DdGP00Or6T/gbYO9x
ImpHash	-

C:\Users\kEecfMwgj\Videos\YZQR06gE.avi.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\videos\yzqr06ge.avi.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	79.34 KB
MD5	3559553610c7d95b2deb4ca73b39e20d
SHA1	97cae43dabf192016008d56385aa6d71bcb9077d
SHA256	89d1489cc425cd1fde3a36222517150aa70d5278d9d20f0d95a5600c19aeb06e
SSDeep	1536:MSosFxSVXqmQCu8pFJ381I2gAAcdhOYxTPeN4OycIBX:JPq6m/FJ381/J8YxTPpp
ImpHash	-

c:\users\keecfmwgj\pictures\8czrpcyd_m6g307p3uxk.png.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Pictures\8CzrpcYd_M6g307P3Uxk.png.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	78.30 KB
MD5	c616aa237b97e0ae147bd7b4c261d1f4
SHA1	8c201ee2925d4172284dd414b7bbe011f438546e
SHA256	a82ce3b9110193471f62f7e8aafb9799d7125a47ebe94bc71999986d32ace1eb
SSDeep	1536:B+kumF4zTYHsC9r+9XeK2JidaJ6yP/7P4ZOgPYHgib4ScoRC7sCMB:MozHsCE9uK2sdzu8ZOgPY1ooYsD
ImpHash	-

C:\Users\kEecfMwgj\Documents\da4Yt5-_HXX-4.xlsx.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\documents\da4yt5-_hxx-4.xlsx.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	77.56 KB
MD5	1c3b06ae6aab818d35a484069caef48d
SHA1	bc59c4c67d3ce42f7c43f3a6dfafeca76e832f22
SHA256	30511e6572938110ef97c82fcfe6fc07d8d3e24b6ef1dd99af4b841e5f0921c7
SSDeep	1536:ZCpucQ4Y6PhkJcgJpTDgfJ597YgCfJXbRQOwbiXD/VtNJ:Mub4Y6Phk7TEfJ597JCfJXbL+q/BJ
ImpHash	-

c:\users\keecfmwgj\music\sr45lfbmn\hngdqi3uzhk02\ql4itmgkfkq\u0af.mp3.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Music\sR45lfBmn\HnGdqI3uzhk02\qL4ItMgKfKQ\U0af.mp3.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	76.51 KB
MD5	0bddfc68760d9c3275b98dff10844dd3
SHA1	0747f9ef505653d93c607c3322c47c5214024dc6
SHA256	303c93e49ed05431382581da782e6299bae015e341293a7a0c1a322f3b9b84b8
SSDeep	1536:Wl2q/luOxKw43OfO+EL7XulcQxN+/SlByeLBrfPHmGUChREaOja6ilT:Wlp/vxK/efOHLWPL+/SlByiBrHHmta2s
ImpHash	-

C:\Users\kEecfMwgj\Pictures\XOXL0s.gif.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\pictures\xoxl0s.gif.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	75.81 KB
MD5	5019cfe239daa0f6507b6f731106e4c5
SHA1	4b34ed670bb90eacbb49f7ce620b2984cc33e8be
SHA256	2dd901e5cc1444d7d97dadef2ab6ab852ec942b45009c6c82a0183510c69a912
SSDeep	1536:3/U1oIaAJAm8E7cHgLFLfzQW0vU/uwI85HOk2HQDuR7VjAwyeJpG8rFCYQYj2ETy:3/UBLJAC7jnQW0WVI8Byau3jlG6FCrWW
ImpHash	-

c:\users\keecfmwgj\music\sr45lfbmn\hngdqi3uzhk02\i82ix5otq989c-uh2jwl.mp3.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Music\sR45lfBmn\HnGdqI3uzhk02\I82Ix5OTQ989c-Uh2jWL.mp3.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	74.28 KB
MD5	4b088d3970a726f00a3b98cf0cb9e7ec
SHA1	50f43a15eac86489c31e6048e4e20cad9b886391
SHA256	2cbb2137ef5b8aa3f0540394e797ecc21b5928e74edfb7faa5b50025641f1dd8
SSDeep	1536:kpg2fn647jylnIWXaafsRQn2+gdm46Z3hhYDmlPUK7oAuxUPDQv5psUK:Wt4nfCYXwd4zYEPUK+xEcIUK
ImpHash	-

C:\Users\kEecfMwgj\Music\sR45lfBmn\HnGdqI3uzhk02\qL4ItMgKfKQ\-hsXLHPSE2Gpg.mp3.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\music\sr45lfbmn\hngdqi3uzhk02\ql4itmgkfkq\-hsxlhpse2gpg.mp3.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	72.06 KB
MD5	b00ce2c6991e5ec39df44a6924f0acd6
SHA1	bd44ef9003a4f8852823c32dbc5e9e5065bd0172
SHA256	c6f41b3640d0ab7e302136137e890e33f53b1efe65554e0a3f207c5d008d0840
SSDeep	1536:tl7QBrS9JJFBKxnNBePcz17qaex/7zxsAzaSNg9wJcg/9:tOBu9JvBKFNBlzZ0dzuf9wmg/9
ImpHash	-

C:\Users\kEecfMwgj\Documents\hiQyDV.pptx.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\documents\hiqydv.pptx.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	72.00 KB
MD5	c625b9f88950268ff506e58f33c3c037
SHA1	b74a652a73a756fe2ac9199fb1d3048213355ee1
SHA256	3ed68bb573ec4d31ab8dd78169813d36cc0c3e9c88dbf6c4fba0a137cecf0a97
SSDeep	1536:0a2Ztegz4FZ2NO5SCOHFTCfialOUSZ16eUiubkDdj2s1Nw:0FogUH0ub2QvbkD52sM
ImpHash	-

C:\Users\kEecfMwgj\Desktop\oSEF.xls.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\desktop\osef.xls.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	67.66 KB
MD5	5307ee23bd638af0b92887348d0492cb
SHA1	1cc9cffa8c31a6047feff6bcf1b297facd44ea12
SHA256	c7ed925dd319a9c92df829ec65f1354d236d4de40e6b6f8ae52a61522fae8542
SSDeep	1536:WqVmlrDSYXH0Zdi520VHbFT7fRaSFlrnWbFkkq+nNbfk4RbAjQz0bfM:otGYfLppT7fUSFlzQFkL+Nwsbpz1
ImpHash	-

c:\users\keecfmwgj\music\sr45lfbmn\hngdqi3uzhk02\o5kq9mr4cc\l9ni.wav.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Music\sR45lfBmn\HnGdqI3uzhk02\O5Kq9mR4CC\L9ni.wav.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	67.17 KB
MD5	b9778507761c5380e9efb556ea6d065f
SHA1	a9bdeb7478b3a90fab4f8d083a715fc5598a45c4
SHA256	40319d1ce18c61ca89aee161b0690aa7321f60ed0499f36b3020fea8e3580f14
SSDeep	1536:1DZ4aKIN9o738dyBalDHSRuFLCsjMZNrkpjjmjpjUnHNlRy/xv:1DZ46C7sEwjdLn2j6ntlRmxv
ImpHash	-

C:\Users\kEecfMwgj\Pictures\6ZfnhezHZzwofrnONF.jpg.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\pictures\6zfnhezhzzwofrnonf.jpg.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	67.14 KB
MD5	bba3bc0818a2d62cfbc7b96987bf7094
SHA1	384a0bddb16ac3d0b8c062a145eb4fc39b6afe3e
SHA256	172c950dbc41bf6ea2870227cbaad003646c259b27a022b63d67e42fcbf3f014
SSDeep	1536:qvWfrlP1DSA9DY/xsUCGB5sDbPMTF55YSRXv8KbGnkZa3QE3ys0:qsrl9SA9k/xfjybYHB/dKn4ax3yr
ImpHash	-

C:\Users\kEecfMwgj\Desktop\A_Xuo41AM2 4XZ.gif.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\desktop\a_xuo41am2 4xz.gif.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	66.56 KB
MD5	8fd4dc276303fd2037fecb08916f6465
SHA1	49a6cb6ab8c44831cb02481a2fdeb6eccdfed7e9
SHA256	6644778987660579834152e38b558fd54eb2c5931343139444713e9d955352fa
SSDeep	1536:hI4Zx3HqXv43SKj2UcInYRgiNEwHqr3/tPXl3a4q6eG15:hIix3Qgj2UbnYaw0VPl3ak1r
ImpHash	-

c:\users\keecfmwgj\videos\gjgfz-.mp4.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Videos\gJgFz-.mp4.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	66.36 KB
MD5	7adb7ac538dc64aae560a34006114eae
SHA1	6fdd17df13f8714cc4f8ca420fdb0fe5f36fb038
SHA256	24e509d3f3df4cb17ad3350892c541c59de7465df67406d4eef4ed3a5e46f2cb
SSDeep	1536:QhbN2Z7YKH8C96PnqoqNVQhHwS5kSB++RBh9pklJ0LQ5:+bAi7D3/B9t9pMiLu
ImpHash	-

c:\users\keecfmwgj\documents\gadgp30\ahvikv6bhgp\9dbeojadwjynbxb\cptrf.ppt.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Documents\gADgp30\ahvIkv6BhGP\9dBEoJADWjyNbxb\CpTRf.ppt.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	65.03 KB
MD5	b7bf657a39e0d0b9e6df1bac44790afe
SHA1	c60d6b206a2eae160d4aa0c4378f009bf56f57fe
SHA256	510ed9d07626dcee696852531b681fd35b0d812e2972c84b312085a9f6f39dcc
SSDeep	1536:mFYtoza+/t+wewzmGAmgQs9pqVcwuwBcIowg+RLx:mFYt4kwewzmSZs9QSpwgmd
ImpHash	-

c:\users\keecfmwgj\documents\bx_hg08 qccc73wa.pptx.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Documents\bx_hg08 qccc73wA.pptx.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	64.44 KB
MD5	67152ca4a20d8e20f75d08e160d568b7
SHA1	17267a6a9de5b57d0f2fdbad33c73d17d0f6cbc0
SHA256	7c15b7aed4be5d19e36536841e39e0e3a8538ec0cce3842c05f32e3d7fb6c952
SSDeep	1536:mHDUYty5JCkHfI4Ehot+nEwVy3Uf47qnMCD1NdcapqZ:ADUYtQQkL8DI3UcqnjDAZ
ImpHash	-

c:\users\keecfmwgj\videos\qpxgrgh9_6h.avi.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Videos\Qpxgrgh9_6H.avi.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	64.28 KB
MD5	b4f7636a51cfc507d9bed05f9aaef88c
SHA1	638ca44d48a9ea86141066710efe38989dce0b3a
SHA256	ccf26473d57d5e41910278dba046e038ac7fa80fa2975514d2b8db837ab9c20b
SSDeep	1536:HRpttjM6W4Rkq+KfHyS3GutFIILfuhr177cJYpMQ:ltQ6RNDfD37WV178Q
ImpHash	-

c:\users\keecfmwgj\desktop\e06hth3voha0d\4o6jjgbzavbwsb6-29.png.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Desktop\E06hTH3VoHA0d\4o6jjgbzavbWSb6-29.png.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	63.12 KB
MD5	b625a78156bd0e60d0d91570005cd757
SHA1	8e602f6c334208515e04edff9ae1851a1b51b4a4
SHA256	bfaa0a4a07452c90befba1c0f1e22cc3cc2974222f66321725aa614e6417df7e
SSDeep	1536:ymVTYM3EAIRVPWESxD9NO+NMEj905ko1/pHR5w1g:YMAlF0DXO89MRJ
ImpHash	-

c:\users\keecfmwgj\pictures\uz- c.gif.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Pictures\uZ- c.gif.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	62.23 KB
MD5	0d95484d25dff4f5d5879b27993c0f2c
SHA1	80168bc7984fdb2f8da6d232115738fcde70247a
SHA256	2ddac7b33946bf2158d4b6c543f5aaf860d4b32bac502fd58e6101c2ec6dc7b7
SSDeep	1536:0wvlPBDmIJ4RZOVoPQQhCYWOmHoO39N0nRob4mD:/vlPBD1J4T3PFj74pn0ny3D
ImpHash	-

c:\users\keecfmwgj\music\sr45lfbmn\hngdqi3uzhk02\ln8yfcu_yh0.wav.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Music\sR45lfBmn\HnGdqI3uzhk02\ln8YfCU_Yh0.wav.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	62.17 KB
MD5	aeb7057a898b9df2a1b80a4b979fa123
SHA1	db37ec3a4c68f84bfc5872311e0608522a0f899b
SHA256	09eca56ca95f5d48299d311ff5185519568f92ceadb9bff7086ce8436c7ceca2
SSDeep	1536:FY1zVYp6KFn4uVUG5Pynpf2Cz31IXeuajdoSP6:2mvy8U1Xuak
ImpHash	-

C:\Users\kEecfMwgj\Music\sR45lfBmn\HnGdqI3uzhk02\M5V7viLPSBu Fn\UOrn1.mp3.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\music\sr45lfbmn\hngdqi3uzhk02\m5v7vilpsbu fn\uorn1.mp3.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	61.72 KB
MD5	8ddedb3ca76a90d0611be402d56f91fe
SHA1	cc75f7757e570d341bc51793c1d59355e92a9f76
SHA256	525f3ccaa8a1da2f6fb0e2f000db446e903fd7c5c29c15d84420f867127eee15
SSDeep	1536:V3bfABZGx1tP/wqKIvj76j99S6VgRQ70H2lp6yTvuP1kFQsg05v/im:Vprwq4XS6VAQYAp7TudlA9
ImpHash	-

C:\Users\kEecfMwgj\Documents\p9eQVmM.pptx.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\documents\p9eqvmm.pptx.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	61.67 KB
MD5	44f390dbf3f3eeb28a9e5d9269fbe172
SHA1	5897f67c6cae94b0ce62d1271203d37185fff130
SHA256	8c16c1c0f353de3ec419054467c27dc78a96fa47464654e210bf24032373e553
SSDeep	1536:WsF8WWDEliTGK/BjM+EfxyyxU/ivZGfWPOv:GWriiWEZyUDMf5v
ImpHash	-

C:\Users\kEecfMwgj\Desktop\4XirQCKnN-C5.mp3.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\desktop\4xirqcknn-c5.mp3.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	61.39 KB
MD5	4f7e0845ea0f4ca05162b9c6b7b074eb
SHA1	7d615541c917172c564267722586afcc2db90aea
SHA256	ec188048930cc6cfd159cf00434a08653db076c0a3228c62e3814cd9c576a10b
SSDeep	1536:7FDiMQKj8rH/PTkbCMDwtBe7p3oCnDlvpPuFdDcaV:7FsTnAOM8tBmhmDcaV
ImpHash	-

c:\users\keecfmwgj\desktop\e06hth3voha0d\hftktiwcu\ck5hblc73yemq3t cjmx.mp3.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Desktop\E06hTH3VoHA0d\hfTktiwCU\Ck5HbLC73yEMQ3T CJMx.mp3.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	61.37 KB
MD5	d4aa4e4c84e3c5a8e8d8eb42313753f2
SHA1	01cc76ed6c969408ff19fe62cb6dee261e02d719
SHA256	1feb2da75eeb8971848ef37b21accf49462acc15688735c8b9b216f7e7d11ee1
SSDeep	1536:btE4NFcEVP12s2z8fka2jdy5TvgRmQeJSMljxnXX8Iv0:btW4ERl3jdy5cR7cjVXMIs
ImpHash	-

C:\Users\kEecfMwgj\Music\sR45lfBmn\HnGdqI3uzhk02\O5Kq9mR4CC\ZDzv.mp3.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\music\sr45lfbmn\hngdqi3uzhk02\o5kq9mr4cc\zdzv.mp3.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	61.28 KB
MD5	6bd692cbbd775754e2837c7e320b1567
SHA1	975729a46daed62f8b473ed8246171bf71230044
SHA256	bff18a4d12dc95648349c4c44c433a5883fb4685d31b393dae5ced79902db84d
SSDeep	1536:hhnaOa/0nBosbzvCEg+AEhSxm9FdHiN0n5B81+aKm+Wg:X9a2Bosbjlg+nhSuFpiN0nT8Lg
ImpHash	-

c:\users\keecfmwgj\desktop\m3w-q0rzrfukl\-8f.xls.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Desktop\M3w-Q0RZrFUkL\-8F.xls.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	60.11 KB
MD5	974933673f8cd5daef6ee55ca2ef7b67
SHA1	25eb4f34a2d59ada536130b7275735b2f350ddda
SHA256	ccd0b348a27958b4ea555a2ad7def37ba0c66ac96efde1022da0e6482c946bdb
SSDeep	1536:1YrnlFNre31NaicEW7paM+W7kA3DPm1PnjgOOp1E:1elPrnNf+WHz+12p1E
ImpHash	-

c:\users\keecfmwgj\music\zern8svva2_nmg.mp3.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Music\ZERn8svVA2_nmG.mp3.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	59.69 KB
MD5	43185056fe8167bfd5a60b0ab79a84d1
SHA1	73a6ab26f9beaade48b6ad2ced6e7460babdac4e
SHA256	51d39d6cf54ba294edc2e1648bb85351a78c167748d96618e0d526b64cf07fde
SSDeep	1536:PVN6l746kgNTPltVUxogdohr2ZVX2rCRX9GXHZL:PVN6l7GgtPlPUxQ6VLXg3ZL
ImpHash	-

C:\Users\kEecfMwgj\Pictures\JhqgivuCmr9tbit.jpg.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\pictures\jhqgivucmr9tbit.jpg.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	59.03 KB
MD5	5c5ecc24bc19735b7abcd6b89abebf21
SHA1	3a0cb29c944fb7b2ba75b4db789076c5d9b7e963
SHA256	0fb0a7c611b7597d1b1f57b1d9433e05cc08f835100ca48babba4913dd43de1b
SSDeep	1536:yVzKmUQsMKRRP24Ra/GMXqSWHUQ4TNwXMzoWo:iK2sMOAGa/GqWHUnyOoWo
ImpHash	-

C:\Users\kEecfMwgj\Documents\kLxyk2vrts2_ylshyl.xlsx.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\documents\klxyk2vrts2_ylshyl.xlsx.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	58.12 KB
MD5	c2c4204d769d858408b076ce7b25749b
SHA1	78bdc3e954fb1ac019a02dca1d44ca032f6da3e3
SHA256	b80401295bdac40e332fa7acd778d47b0ae3ca56f2840c236a06d2b4d960d8c9
SSDeep	768:sxv3pUh3Din1ibGObhebWxVMBWQxwomubj+sSc9GOfoBnLuqFsy5KZX5LOI45Dlb:o3pU1A+b6ZVworj+sFAOSKqNKjKLp
ImpHash	-

C:\Users\kEecfMwgj\Documents\tcbu3AshPzFcR2r8Ck o.docx.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\documents\tcbu3ashpzfcr2r8ck o.docx.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	57.30 KB
MD5	3ea16b7d374b82660cce70f1693b41ac
SHA1	be586d3f9a41895f89f533de21b654dcab136a46
SHA256	1279fd3acd75d1e5c6b29b4df9c001c72c581eb9cfba8d440267ceb269a79bd0
SSDeep	1536:+qIdRAvFDjMwMV/pyf51+E7I9hRZGu4sOnA:+qIdR8VMwu/pU51+sqjGdnA
ImpHash	-

C:\Users\kEecfMwgj\Music\sR45lfBmn\HnGdqI3uzhk02\M5V7viLPSBu Fn\0cA5darpWBXR.wav.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\music\sr45lfbmn\hngdqi3uzhk02\m5v7vilpsbu fn\0ca5darpwbxr.wav.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	56.83 KB
MD5	85b655897df5217a6a8640a2aefca917
SHA1	99dfed819b580d73246d46771f6eaeb652456d8e
SHA256	888f7edb6bf699754e29071bfc6167075ff6fc2d67ad8dedbdc974bc87696a23
SSDeep	768:w5bA12EhR9WeAHrqTwVgKZinhN5dyHjTKmTEaXv/qJjxZhXcG85FdWqauQzWrC1u:w5bcUmEYPAHnK0Byvp2jC4w1Zqf1
ImpHash	-

c:\users\keecfmwgj\desktop\e06hth3voha0d\hftktiwcu\eq95xs_2bmkwbb6.xls.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Desktop\E06hTH3VoHA0d\hfTktiwCU\Eq95Xs_2BMkWBb6.xls.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	56.09 KB
MD5	03508a05e614537531422ee238901da6
SHA1	be9cf476ae63296c98a90ea19f67fffea79bdf21
SHA256	db8fc48228dcf7032bf37633c20f3a1526333725f316e0e2b55ca3d19bf597e4
SSDeep	1536:qmwzSIjNMCFYetXQY69lltAbFHEuwvSLSluMt:qhNHAY69hA+uGSLUuMt
ImpHash	-

c:\users\keecfmwgj\desktop\m3w-q0rzrfukl\x7ay056 0rvhbasv7.bmp.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Desktop\M3w-Q0RZrFUkL\X7aY056 0rvhbASv7.bmp.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	55.58 KB
MD5	a8afa28b633feb141b2f54b463c9dceb
SHA1	3d1f36050731ab39630048705a0cd009772d2967
SHA256	98ba79da92b6b14b87cb7a87ca80761780c5b4bde21143a7fe7ec552b262c8d9
SSDeep	1536:FENNnvIrUGmG6SzHiKyZx0U7M8d5TNE4BlaYl1F0VvtNk0p:FQN31hSHbyZx0aHlJvF0jNbp
ImpHash	-

c:\users\keecfmwgj\documents\gadgp30\ahvikv6bhgp\mhccyt.docx.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Documents\gADgp30\ahvIkv6BhGP\mHccYT.docx.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	55.03 KB
MD5	be2c430cf17a2accb3dc88663e9c6765
SHA1	f369f6a9855e67cb07653ae8d0e087b281c8b572
SHA256	7aeca36cc1c2a8fb03e8bd8c5786f2ca7b1bd2e2702e5371a54a10cb29597249
SSDeep	1536:NYS/jDuaYH0frjBHyhBidP0YwWXHMQK1kj0364Q:F7DDY+QXidsYPXHMjUurQ
ImpHash	-

c:\users\keecfmwgj\desktop\lw2zryjl bjcze.png.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Desktop\LW2ZryjL bjcZe.png.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	54.30 KB
MD5	37f0a9bcc4a4b0df5ba27c1129197f43
SHA1	017f0f0c48684b9aeed48189b2164e283265a640
SHA256	f1f1aa7a30c1fcd85a7cbf7d228f98876cbc44e280e5b75fcf7dad9bb559c2e5
SSDeep	768:aCKSIWBzUGr7nVuMFF+1KBEo2fs3gfUr8SKaYBjxFDUiSM7ELaH6DOUghxopKagU:aCjIIfY4n+si7SeHFDpSVLdDR0W/RBSG
ImpHash	-

C:\Users\kEecfMwgj\Music\sR45lfBmn\HnGdqI3uzhk02\xLkRw\MsuOsA4r0 23U.mp3.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\music\sr45lfbmn\hngdqi3uzhk02\xlkrw\msuosa4r0 23u.mp3.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	52.48 KB
MD5	697b480ac4d6e2c3ce7a4ac72f31c914
SHA1	2a607032f1154a209f24772bce3fb01debc645ca
SHA256	06a9abde69f3d19c6a15070f9dfd43d364a378550c8c5c7538408d0651289292
SSDeep	1536:0OFD5fIYht7eINenabzX2roxJclm4LCot:hQYhbio2MxJcA4eW
ImpHash	-

C:\Users\kEecfMwgj\Documents\gADgp30\qJEcmQ\Z0wgHK\TiksC6kLaNE3N.ppt.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\documents\gadgp30\qjecmq\z0wghk\tiksc6klane3n.ppt.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	51.70 KB
MD5	0d199411895596145848649a6f0e76d8
SHA1	22e1ef7b7ba23de75ed94abff842324cdf01d281
SHA256	4d7694c5c927a5da321708a7bd50f069032af0e66d36f6e0293f551a6dfe2d02
SSDeep	1536:aVvWARzGeq9+EzLXLi73W03f0DOkpRwHdlCyEl:a3Y3QEzLXE3f06qw9Il
ImpHash	-

C:\Users\kEecfMwgj\Pictures\8DVbrPzwsfunn.jpg.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\pictures\8dvbrpzwsfunn.jpg.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	51.33 KB
MD5	252a57cba74d1a7752bc435ca5ed97a4
SHA1	1b8229922c59a9f9db33d673c67c1acf67ba27f1
SHA256	58a064d5257e3f2e145c09c0396e6c3413c9c1717659303b96ba85e879a690e6
SSDeep	768:JugUACHoBwPbQRv8O5gG9Y5HlKoEt/FwXzj8A71zlBtii4JxZTLwrfzNM3UQgTKN:Jug6IizGgGKCPwXzj8Alzi9TLwfxTTKN
ImpHash	-

c:\users\keecfmwgj\documents\gadgp30\ahvikv6bhgp\hd6yww0khas8.ppt.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Documents\gADgp30\ahvIkv6BhGP\hd6YwW0KHas8.ppt.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	51.26 KB
MD5	787413bca3535ee14c1da240e18ddac8
SHA1	cfffff23b25eeda4d7d9a7365ce9b6dc64b7519f
SHA256	88b384a438a14086bfd3c7972cce6038c5f51a034973841fdc93f8a7a4894ce9
SSDeep	1536:VjTWQg0HRDs/SWki4sN7wC14RsNZYrOkhIh/gMGXDwloKo:FTWQg02SWbnN7wC6GNDkOCOQ
ImpHash	-

C:\Users\kEecfMwgj\Desktop\5wD jaVgryR0UBy6Yy26.gif.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\desktop\5wd javgryr0uby6yy26.gif.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	50.55 KB
MD5	670fc40b4fb950e2bb4c8c2b1c72ae49
SHA1	6de405290ce86f10789bcd5e70aefd29faade57b
SHA256	052c65ca957bcd04a26e04fe04d7dd538943060343aebcb3d21d8595baa22223
SSDeep	1536:KuSZIRfRBISSzNEK/m6hUrWsBtQbE+IyibN70ofDWfHvX:9SZIl4l/m2UfQON0ofY
ImpHash	-

C:\Users\kEecfMwgj\Pictures\-lvNlIwLh6qJBQ7x.bmp.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\pictures\-lvnliwlh6qjbq7x.bmp.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	50.11 KB
MD5	dd4bd006f03c7b61f3b209b461a6b440
SHA1	91090f9f69b9f583512ac8a8d6e4eb5b856561bc
SHA256	03a92cee666c6930caceaaa407ce399e75d242c0d628fddfa16582870a0ee4fa
SSDeep	1536:zIIPeCjUSwXoeNnxgGHiM9K6KduBSDb3pnELk:zYCjUDhNyGHZ9PVSDb39ak
ImpHash	-

C:\Users\kEecfMwgj\Documents\zVu_x.xlsx.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\documents\zvu_x.xlsx.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	49.84 KB
MD5	85ab838d2bbcc5fd735e5b5021eb5a79
SHA1	6365f05ede36629d12476a9186cc9e534b54a2f3
SHA256	2702f45ec0f378dd4ee634a4d4a700e87b71ac90ad56649cce14084d85e81215
SSDeep	768:rddqhqGevcYkF3QfcYX+Suev+B9lBaQqgN9QqDR1P92Qc35XcDFxHzvHIbwi:rdnGevBkFgASueq7UMNqERB4HRcDrw
ImpHash	-

c:\users\keecfmwgj\desktop\ltmu_vt fzdro.mp3.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Desktop\ltMu_vt FZDRo.mp3.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	49.66 KB
MD5	c8edfdad0884a5a66d435f7da8b8089c
SHA1	5954bec9fe3b0b15caafe41fe3a90342274e1506
SHA256	63a6b1e02d35d062e72ad252f605c7fba433d3cf7fb764155253461765bd06f2
SSDeep	768:IDsT/AnaNCwk0O3bI+12Bmhly7UdB7HcpuyyTSdPwUirrZz8mRjkjC9jmlfJXD:Iwon1T0O3U+D3GuHSdPwNrZznjkCjcD
ImpHash	-

c:\users\keecfmwgj\desktop\e06hth3voha0d\5ifudwany.bmp.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Desktop\E06hTH3VoHA0d\5iFUDWANY.bmp.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	49.56 KB
MD5	71d2c4c9e5b44efcd0015041373afdd3
SHA1	609d43b9138c4abb84505f822f6b5197b651e80d
SHA256	dc838a4bdbc84dadab25864895e197ead4caf94974c41350561ac2a223e613a0
SSDeep	768:AIQvOr1/r06f7jB0OzrU4iW2/1AphCCBHwm6fZlOiXlW8nJymYDb64qdtiarxXLo:A9mx/Bf790OfPPpOdZRDnImuQdtA/WC
ImpHash	-

c:\users\keecfmwgj\videos\xleaz.mp4.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Videos\XLEaz.mp4.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	49.14 KB
MD5	9f658efe9013b9d028d7c3d4235bc59a
SHA1	5f2fb74947926351df1b9ff1323b45a81f3cc4ec
SHA256	7e5c0a4b50179f0ae93ad46813441b2e55fdb59b6bd5eddbd450c21aa485ee28
SSDeep	1536:rd/NkgCHptJYwLPPEFhznYNEwBdEueTyd4Z:rJep7dEueTyd4Z
ImpHash	-

C:\Users\kEecfMwgj\Documents\gADgp30\ahvIkv6BhGP\9dBEoJADWjyNbxb\2NDvK0UV6C93Or2y33.xls.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\documents\gadgp30\ahvikv6bhgp\9dbeojadwjynbxb\2ndvk0uv6c93or2y33.xls.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	49.00 KB
MD5	a6b860ecb6aa213624ed28a390b1d77f
SHA1	0d5a9a4f5763f9ab496be931d6912be013407f86
SHA256	c40c4a1586e7838ad9a4c894c12173c08df382f53279931f20d3b4e09d0dc953
SSDeep	1536:xUtHmKDtzjxKkL3uTrGi+y/02k4vSMyuhOYqb5Ja:wtDt/As3uTrR+y/6iBvCfa
ImpHash	-

c:\users\keecfmwgj\pictures\3r8d3dnv_alj.jpg.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Pictures\3r8D3DNV_Alj.jpg.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	46.26 KB
MD5	54a65c3281ca912bcdfcc9e23a143415
SHA1	b7541f05e81056b6bd7ae3a369a227f5a2abeaaa
SHA256	7f7a7fe5d43430c7825ffed2f3662fc2ef5b9cd60ebe46de6e7cf1251a44cfea
SSDeep	768:PL4LY6i2pxHKs518h/mlHRJw9FeVtAmGhdHrldEcNKr6uBqNXiMEaVvexpmRk1eX:PELY6iwxr518lSHRJw9oVtAmwPhNKr6f
ImpHash	-

c:\users\keecfmwgj\pictures\ie3k6n7c0_b gizgjbf-.png.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Pictures\IE3K6N7c0_b GIZGjbF-.png.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	45.42 KB
MD5	fbb2392aab85a54a31a543a7c9174be9
SHA1	c9c6591e82fbf050a2fddd3d79a58a5e04525463
SHA256	9f048704fbaac9839cc4b459954c1eca325431f89738c5e65332d7090485a8ab
SSDeep	768:9lYA66YIlydsUZv7YEKWfEAOtCH+5Tt+2FnrZlPN5PHzygquirZYmt86sZ3myOns:9lb2IlSswv8f4H+5drZlPLNqu6YNtTOs
ImpHash	-

C:\Users\kEecfMwgj\Pictures\tBNEwownJMNLIH-.gif.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\pictures\tbnewownjmnlih-.gif.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	44.72 KB
MD5	27e4d3940d8ed0389ef49bce7194c0fb
SHA1	744ae0afd768ab35e76c658501070a206d1ad388
SHA256	6a004621590e48d14fc76093da6e81edeb39ae27342b8504284f9ebe091fc098
SSDeep	768:S41wm6tDXB1oRWDGihkJgv89ZEMTyggAUie7OApjXRUJYnF6mRLVwNCh+gGp1FRc:twLBoEDDkadC/UVOAhXOJYnFJRLVwN7E
ImpHash	-

c:\users\keecfmwgj\desktop\6t r wkg.pdf.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Desktop\6t r wKg.pdf.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	44.70 KB
MD5	8b361387db9d4240d73c6e7aee2bb26e
SHA1	f751a83eba43d8e385a4e6655d3a7d38f7258a23
SHA256	bdddeb9d0c3b9b89cb2fbb3137a5f7fc617bf13cadca1d193f1a7502202cf078
SSDeep	768:zSz1cqHW2XYut3MFQe6a64yYwA6L/HbCLvhGYpS7XjsBwj5WJ2m+J5LYR:2BRHrXFWb6a6IUXCj47X42dWcNrYR
ImpHash	-

c:\users\keecfmwgj\documents\kzkisarpnjyn.xlsx.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Documents\KZkiSaRpNjYn.xlsx.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	44.58 KB
MD5	3ce43072990e3c39f01e304fadde9951
SHA1	055da25f937ae34b7537cdb316190df12a547e1c
SHA256	030ff19c62a6127b358e8a9462509a3bf6a4306dc1fb5c3a9dd44cfe87d2a2f4
SSDeep	768:UzLGKsgMbDbDfHwLfDnP8otoXQ+KhllMjy0qOS9uDbjoABWBtqgt6nB4D4Z:Uz1kHbjHc9toXMWWzKWhtSX
ImpHash	-

c:\users\keecfmwgj\videos\ulsd6hewxcm_chkzb.avi.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Videos\uLsd6HEWXCm_CHkZB.avi.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	44.44 KB
MD5	8b24401e65d628c4c5de2f3e82d2df27
SHA1	8599079d5fc649d01b9c81bde8a8702c017d4486
SHA256	365f0ae6285dc9f0d469e51f458e33ce2702ed53fe4b6f3230f06275045b08ba
SSDeep	768:k+i2WlqrQ/hZ8E/klA8Yf5OdBLy9PO0Ah2j4vqbfJIUMLEvlGQs85n6iuEMrC:/WmQZGs5+tyc0dfJIUMLMlGQsO6n3C
ImpHash	-

C:\Users\kEecfMwgj\Pictures\rokbMHY7.bmp.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\pictures\rokbmhy7.bmp.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	43.80 KB
MD5	7bba61a10d8d97f812df7fedd92457a6
SHA1	02154d6600e5966fe0f55ca411e1c4d87c03ff27
SHA256	1c5b84a5d5ce04fd6a066ee035ed2fe73ce4ccaf16e1ad55aa298256adb78c05
SSDeep	768:gyAHxUpCPJ1kDhqiqU3K8fw6ME7OftC7dfNy6H3qWH3k/JezpOY+Amhvc9CGcKZY:IUpO0V3TME7k+TyDWXkB0t8hvmZY
ImpHash	-

c:\users\keecfmwgj\pictures\1tp--jqrn7ickv.jpg.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Pictures\1Tp--JQrN7iCKV.jpg.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	43.30 KB
MD5	dd467ca5669d12968608d92364018c56
SHA1	59b4a3b7b1be410874341c6ed97a6e10b87b18f6
SHA256	1f3f4ecf25f0e7b023b9cd44c358e10d198f2307deb96c0feeadbf9ba04c0a31
SSDeep	768:3s66YEsaZEVfVorIpdrLhyfZhYHJGlREv6Y/xu9QHGMEYqWOqZmD:LcsaCirEdZyLYH8iJu9+GMBZZC
ImpHash	-

c:\users\keecfmwgj\documents\gadgp30\ahvikv6bhgp\9dbeojadwjynbxb\ugb vvdin.pdf.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Documents\gADgp30\ahvIkv6BhGP\9dBEoJADWjyNbxb\uGb VVDiN.pdf.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	42.72 KB
MD5	96c633ea8c4ca2dc14d57c48f0dbedf9
SHA1	a940d11de42fdb09620d6748ad5f152359c9eccc
SHA256	8a0de635eef6ae052bc93ea712423f362f8c6131f521656d929a85396c114488
SSDeep	768:d9hAJZ/oemGD1P+NkAuBgo6qedTDCFF/OtxsNisU2GjpH:1sZ/oemGYNXd7sxVFGj1
ImpHash	-

c:\users\keecfmwgj\music\vazma_d1fuafei4nm_9.mp3.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Music\vAZMA_D1FuafeI4nm_9.mp3.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	41.97 KB
MD5	d49e66a75f0d60ba26b4eb5ba565b8e3
SHA1	925b835bd95c1352edd9420b74353d286531fc1d
SHA256	055a52cf1872b7fa3dca042b79076567b8dd04821b79bc79696eb19b8ce505c5
SSDeep	768:qNdz912cD6KmPSAuuMYO2/i5BK4RJObzJMS/IkQzHMHM/XXHo+0UBV4TVY938gm:qNj124tOg3mzB/z8XY8z4Ca
ImpHash	-

c:\users\keecfmwgj\pictures\bimh.png.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Pictures\BiMH.png.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	41.89 KB
MD5	d01eaa8449e7706376d666ff2a483cd5
SHA1	720e4ba2e1a2693b946c81d5f2022becec2c038a
SHA256	3ed81e36b36c1dfded79352d4f5d84cd453c6b1fd9fffdcccc3c08edf50664d9
SSDeep	768:Cw5x5dE0cRRvjLOc3I8kAHmOGlSqzK+U3JR2HIEU/l+qfb2f8UaCFEwgqv:7H5q0cRRPOc3I8kBlF43JQHqN+abrmFv
ImpHash	-

C:\Users\kEecfMwgj\Pictures\hwQvkSY6qIajdf.jpg.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\pictures\hwqvksy6qiajdf.jpg.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	41.50 KB
MD5	ecd0f98f42d2117086d6c697157847e9
SHA1	72833949fd9c4fca1c221627bd6077ce2c9c88e7
SHA256	a201b847758164f63c76bcae9584f04c01387aee3820073e66782596ae6dbc2a
SSDeep	768:Y+7qa06MOs48MNqt56Do1NcaIRp94bZNZKDsh9Cb6/XhMgMTZZ4udna:YCvzs4fNKUo1xU4bjZKDohxMgA5da
ImpHash	-

c:\users\keecfmwgj\music\sr45lfbmn\hngdqi3uzhk02\ql4itmgkfkq\li_8a-uy.wav.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Music\sR45lfBmn\HnGdqI3uzhk02\qL4ItMgKfKQ\Li_8A-UY.wav.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	40.50 KB
MD5	0345b17f1ba5750e5f0af21a9998ee7b
SHA1	74953db07cddba5a4c05b6cac00035b177fab60b
SHA256	c01a20319d21070b2246e76ea0ea942882508c5f2603b40ff34eb1f6d2f52aa2
SSDeep	768:c2OXZf/XZ1QvHKWpat4mET7aAfKvOAeGR2iqgvctXOe:KffZZ9tyvI2C8H
ImpHash	-

C:\Users\kEecfMwgj\Pictures\-20cBzLDzX_KXyz1k60.png.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\pictures\-20cbzldzx_kxyz1k60.png.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	40.48 KB
MD5	ed4f7610c79810f36a3699a829f0851a
SHA1	d113b555093c3cb32ca7572865cb9b961a93efcb
SHA256	a5cdbcf0120cf4f97c13b0851956ff054b14f53b3517d5d19be090667df7fa6f
SSDeep	768:nC4EgD2wYnaM6zKCLuAH+SNwPuk23kwUanD0P/SWp0w7tddoyUaEIwbEjxnpCW:nJEi2wYnozKCLuAH+cwGVU4Ds5/t86E4
ImpHash	-

c:\users\keecfmwgj\documents\gadgp30\ahvikv6bhgp\appn7n4ht lo.pdf.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Documents\gADgp30\ahvIkv6BhGP\apPn7N4hT Lo.pdf.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	40.33 KB
MD5	0da844d011daec5b8b79f6d32efceea5
SHA1	f6bf085ba86b293d0ff13762927851307fcadee1
SHA256	36450c6d7ff601cd6543fb38a6eecb0bb069063df3276d16038ba322d56c3f0e
SSDeep	768:bPf2ssCR6U9aTM543FV1t89AWhYg0iWaRy2hF193OonIVC4nHzZV7ENczRYvw:RZc7T5t89AW63raJhF1FOonIzlVAizyI
ImpHash	-

C:\Users\kEecfMwgj\Pictures\mh_2oAjD6IQO.gif.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\pictures\mh_2oajd6iqo.gif.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	39.64 KB
MD5	5f609911e00528e08ee4db6d0de50414
SHA1	7b0d21e81d8a1812cd2d828e96711ff60a9bcde6
SHA256	5baaa1665fc5fcf36c9bce0a070a4083cc594e1a83cd5e3109e4a7c7dd9ba9ea
SSDeep	768:AA+Ob1WO9R5u+doqcPHg+HLyyKWrOASk11ugInOM4QGEYBGPwg+V2S4Sn:AA+OhRRQEoZvgylrsoJIO4bZqVT4Y
ImpHash	-

c:\users\keecfmwgj\documents\gadgp30\qjecmq\9bdyanhq-v\j_xc70wda-y.xlsx.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Documents\gADgp30\qJEcmQ\9bDYANhq-V\j_XC70WdA-Y.xlsx.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	38.51 KB
MD5	2d7eee9cde5971927f361b56b628fcbe
SHA1	8b782368f7f8e9738ce053a68a2ef3dfa6944dd2
SHA256	e61b085fc26e324f42ae1360489eeb321c23cf2411d613123b429f8068bb963b
SSDeep	768:+Snh7gdmot+REKLVW19/KMqlWJ/fR5quxKVexJS2FWH:+Ah0d/cREWWXKXlWtR5qu0EFWH
ImpHash	-

c:\users\keecfmwgj\desktop\e06hth3voha0d\2 kc0zg1 rmrjok_gy.png.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Desktop\E06hTH3VoHA0d\2 KC0ZG1 RMrJoK_gY.png.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	38.47 KB
MD5	9db9778f9c9373d74110f4467a651b81
SHA1	bc5c72c29389443297446cd990e9412f25ea4636
SHA256	f35548e3840816ab1f22fccfc5d519b051b321e22cba0f2351d6e47ffa365ac2
SSDeep	768:ZTsSTaVFnLR3yJoE9I/c1fqMHfZeJkREVwyYozTm2vmBWs:RraHxyJTAc1f9fMJHz72
ImpHash	-

c:\users\keecfmwgj\music\sr45lfbmn\hngdqi3uzhk02\o5kq9mr4cc\n8sigxftdmtkczh\waroxvlp.wav.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Music\sR45lfBmn\HnGdqI3uzhk02\O5Kq9mR4CC\n8siGXFTdMtKcZh\wARoxvlp.wav.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	37.11 KB
MD5	d9076ef45491f93c85d7804c9c42bd90
SHA1	f032cd0d305cfa919f3fd9e7a5906b7c6fd70a68
SHA256	223f420922a8990ff59b429b0c90c35a811512649a3ce3972599e16e52bbd467
SSDeep	768:MAquOnFMZynNLJIcVWVkWyx73FR9ffd7Ote9+CY1G:MW27LJ4V5y9/93dcI+CY1G
ImpHash	-

c:\users\keecfmwgj\pictures\qjmibj2csojvn7un2o.bmp.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Pictures\QJMIbj2cSoJVN7un2O.bmp.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	37.06 KB
MD5	554d03eb24e442425a8e9af83ebb64ae
SHA1	d8b7c37e0c2934897efd243301380f0ffd522182
SHA256	4190bc07768212b18635d98fe68ce1c1d5bf1e1ca19003b72039c460b757149f
SSDeep	768:fLeKbD02dWsuCBtDIRzHOQPRLIe4W58+HBhME0AwdY5ti9RNbj:fLeqm8CFxLOA86yE0Aw+5ti9RNbj
ImpHash	-

C:\Users\kEecfMwgj\Pictures\kwI_sPi1.png.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\pictures\kwi_spi1.png.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	36.94 KB
MD5	c850649d99b6a7352b0df3a9574346a1
SHA1	210d68bdebc212a388aee183e4c25d2a42ad3e11
SHA256	77553e052f0a975911da42aedc8e0bf2196f346c820208d6391ec7d82a89b507
SSDeep	768:yG4OGE3T4Z4mxJrWC9OVqV6tsCN8QxM5t71EOR:y/OGeTKBJioOVCMsCNBM5thzR
ImpHash	-

C:\Users\kEecfMwgj\Desktop\aYGQHCFalP7ms.bmp.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\desktop\aygqhcfalp7ms.bmp.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	35.61 KB
MD5	41abfed2a147949bc6bc10823691d9e7
SHA1	d83444d1ea78f8db11cd79fa10678f27e13dfc16
SHA256	95c750156132a986aa4168864e150db452ff15c579a83f959f72871795c12b6f
SSDeep	768:PfNmW3l8gh8nC7UAImIbCermypmDUjvm3YIbij3ZZMkE70j:PVmW3v17UAIH+erm27vm31ibZZy0j
ImpHash	-

C:\Users\kEecfMwgj\Pictures\F-RYQ.jpg.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\pictures\f-ryq.jpg.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	34.26 KB
MD5	c554638826982135d063beb2c965f512
SHA1	eaec73e00ad02af715d16f9c60853a5c7acfe650
SHA256	2489cd2c6a01050aaac1f6cba713f712d6f6efd5583304c09c76e6383a430bbf
SSDeep	768:uZwmCC9vV7CcggoHGzIR9IkkJ/uHjdaKLmDkaeIpu:90/2cgG0R9AqmEI4
ImpHash	-

c:\users\keecfmwgj\desktop\lf z_nda58jhfm.pdf.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Desktop\Lf Z_NDA58Jhfm.pdf.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	33.56 KB
MD5	c4bcb08bb5037a134e057218102b0b27
SHA1	437e355b1c47e5e2f708e195c7f312d3cd3d8b84
SHA256	78a0ed85c5f5dcd07142420b81df004eb51543322a6763dbc502f1e0980b7fea
SSDeep	768:Z6Clbp/oD50AV7So4k6+M4t35xbIy2TWfNIiBDi9XXLa36:Z6apq/V7STyM4lnbATWfp5i9O36
ImpHash	-

C:\Users\kEecfMwgj\Music\sR45lfBmn\HnGdqI3uzhk02\qL4ItMgKfKQ\RE3_9X-yu-SSwhMc.mp3.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\music\sr45lfbmn\hngdqi3uzhk02\ql4itmgkfkq\re3_9x-yu-sswhmc.mp3.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	32.86 KB
MD5	a2c340a4dbf33657dae63dccddac62da
SHA1	73cf8b78e3c5cf5e6d78cf39d48862fedb825203
SHA256	450ed002f4b8c7f83e80c1e4976741808594d4d7cb523c304290af1e3bf19dbc
SSDeep	768:VeVZD0qeVoPYNizH4/rx+ETrcWAVvHaKPyPwi/b2KEF:VAZqVyil/AETG5HaKPy4EaN
ImpHash	-

C:\Users\kEecfMwgj\Documents\zm9nla-NPD71l4thrEn.xls.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\documents\zm9nla-npd71l4thren.xls.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	32.33 KB
MD5	a74774cb4d95efe216f142a2b023ef6e
SHA1	e1b169ab459cf19d49c114b6a52759f4e6af0733
SHA256	fdafe882325a70e738d50a846df931722fd4e1c59f19b6851b401e7c22471b6a
SSDeep	768:OhRGoywfbY1iT8B76EpW9dHlPQs6DAoHBfpyAaN6ECnZ7HsaY:O3z896EUrHdQs6DHppydCZ7Hs7
ImpHash	-

c:\users\keecfmwgj\pictures\gn4io1vv8uthsx.png.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Pictures\Gn4IO1VV8utHsX.png.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	31.28 KB
MD5	6787095c46184564aa44bf497ae4f4d9
SHA1	7656fe8e4b21469ec4a56d38cad41819cc1594ba
SHA256	354508e4b82a4b0d81e45955855efd853ef2426a5035a7e715218e537a97ecfb
SSDeep	768:bmxTeHoRUkt4wa46GZ4Of2DpUQPs7sLb/:bmdU8ZrVQPs7sf
ImpHash	-

c:\users\keecfmwgj\documents\qdt8j-_xcq 65llcpzig.pptx.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Documents\qDT8j-_Xcq 65lLCPzig.pptx.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	29.70 KB
MD5	b5fadaa7af6f4ff2b4add8263203fc44
SHA1	ff34c0620349c44c190d6e2ce84609c8ddaee3f8
SHA256	24094bb37a0d069d23bda61d33474ba70e4378bd58d39994b64ffdbff858cada
SSDeep	768:3o3xQhT2kIw2o/18T6PEJYqsAQoV1c+UCJCr5oYheJX3X:3YQN2eVEdQy1cgJCr7h2X3X
ImpHash	-

c:\users\keecfmwgj\pictures\tfnlk 0smrt1_1xww.gif.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Pictures\TfnLK 0sMrt1_1XwW.gif.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	29.36 KB
MD5	71a205814eb3893ab3f804b50e48e7fa
SHA1	1916b08137648f5b0b842d14a89cf817c767ea5f
SHA256	49d147b5cdc9df105c880b372f8dbc18458d7585026d3e749528132e1ccd524c
SSDeep	768:htxc8mmiuHs1OcYG8NhLhGCRNGYvMlxQLpKIvL52pJGy7:XO9Og8N2CRFMl+LpKIz5sJZ
ImpHash	-

C:\Users\kEecfMwgj\Documents\gADgp30\ahvIkv6BhGP\9dBEoJADWjyNbxb\DgJ _YHDeXbtu1aaa9P7.pptx.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\documents\gadgp30\ahvikv6bhgp\9dbeojadwjynbxb\dgj _yhdexbtu1aaa9p7.pptx.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	29.08 KB
MD5	fd16a3ee41cfd129e3d7022775f63f6d
SHA1	2be762cfa0f9366f2bfcd1e9234bafbd623c3961
SHA256	d84f4d69d5bb1879cf13bd80d0b1be638db6ccf91b1550f70e1c5e6b77f93cd8
SSDeep	768:7xCb6bSlMKd2UL8kyfMFR9jMPoGc7tG+BvNQCT:lEGSJdXItfwSPoHtG4vNQA
ImpHash	-

C:\Users\kEecfMwgj\Pictures\v30MfWJ0Z.jpg.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\pictures\v30mfwj0z.jpg.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	28.16 KB
MD5	bb3d68c80d835c81b669ffe3f8f0f15a
SHA1	6e3140335e729c6ff114571ee9798756db092a64
SHA256	2092b2bf529afcefc0eae35505ece1403ac3c783d59700d4d1399d512d671f1a
SSDeep	768:Txg+99WDZj/pB02tc/1TNWyfbeDSkJRTKCy++KjgIulKZQ4:Vg+9c/c2tc/1cyBoRTfyTKjXN
ImpHash	-

c:\users\keecfmwgj\pictures\gm5d9kgelxbt.png.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Pictures\gM5d9KgElxbt.png.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	26.67 KB
MD5	4517988610c693aba0e01f2cb04ae4b9
SHA1	54d195956c645f58fb5ffb1e59903988d8464f15
SHA256	e297a17c99bbed4c0963db8287a5ff390247d03a72a060ad0c04a2c523f5eab8
SSDeep	384:vArg0IAEEfoLLaSlIjWBeVGBVwff0Tl1eUa6xOuvt98WuWscielfj2:v5rGoLLaSlXBerff0T3VOuv0fcielfi
ImpHash	-

C:\Users\kEecfMwgj\Documents\gADgp30\qJEcmQ\Z0wgHK\n2mooDz97hN Hy_Rw.doc.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\documents\gadgp30\qjecmq\z0wghk\n2moodz97hn hy_rw.doc.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	25.17 KB
MD5	260023a5b8b3f5a557151d3848e9dc04
SHA1	a29660f9b9824f36ea75a4f456e880af8a728d6c
SHA256	b44aae7dae20d884467694ee538427be6185cb745ecb213911fbf6fa9a4dc0ae
SSDeep	768:T5kv7PZiUfmxhXZVpLM/twtNBwbS1BrBxUPb6C:T5kvzZiJZTM7bSHzUj6C
ImpHash	-

C:\Users\kEecfMwgj\Videos\TXd5XhbVM_gRmGa.mp4.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\videos\txd5xhbvm_grmga.mp4.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	25.12 KB
MD5	21da27cfe125d9c2b0c8519ad61d76bd
SHA1	4a970e0e65fa7c62d8d433d50580ab92d2560a7c
SHA256	5c5d16bed3ebf999377f7a62c8e3750efd043369cff963604e2ef4321a24c55c
SSDeep	768:mrvUJNdzYqnS2u4EsrDD/1ABz93lxUtj+BIH5:MvUJHYEXu4fD/SMtOIZ
ImpHash	-

C:\Users\kEecfMwgj\Pictures\dLcXhG3aWfBaiR.gif.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\pictures\dlcxhg3awfbair.gif.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	24.78 KB
MD5	1e3078cd133d699596aeb4ccc2e89172
SHA1	14440d6c3c77c182cc056b75d66db8d768135492
SHA256	9315c9391bf0c43e01475bccee8a530041d3d2626b7f8013abe32e4d58c68cce
SSDeep	384:c2vHyzMeEP1zdtYqqx1mbcfg84I3gdO4ftjlwU8tlAAB30ze64RPG:7vH4MeotYqqx1mj84IKfUUymyueG
ImpHash	-

c:\users\keecfmwgj\pictures\y a649h.jpg.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Pictures\y A649h.jpg.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	24.70 KB
MD5	b8a473b170603d0e6dbc666479ba6c91
SHA1	8990f310a4a05aaae0c489167e888c7c0cb1136f
SHA256	9a890251708b8caabb2ec2e4f53df7cc4772321016181f2f1ea658f74231551d
SSDeep	384:h/AIFEY8/rb+griX/GkDkJfHf1ay5Oij6RtGOYm/Ouf70WGUmaPYp46aopwYFniN:KVYg0DiHfcyAijMEOHWuoWGUdYaMiN
ImpHash	-

c:\users\keecfmwgj\music\m9te.wav.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Music\M9Te.wav.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	24.47 KB
MD5	6c15ca4a2299c00b9f88627b0d90a1ca
SHA1	9766f3641fa4e4a1c881f2bcf5e3e7e8e42f0966
SHA256	04d5e5f770e50d6961941f77bb31c5b9e7b2e8c33a17df9639c8553224b7881f
SSDeep	768:wUihlfeHqWSfBCxCvUVItUxiS2ALX6u/VNIUvYSG:WL7sEUV6S2Ab6mNI04
ImpHash	-

c:\users\keecfmwgj\pictures\09ijundbva.gif.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Pictures\09iJUNDbva.gif.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	23.89 KB
MD5	43eef82307672ab797654fbee2d9fda1
SHA1	3e03bfd74a625677d81fdbe3e49347b4109ad056
SHA256	eb0a5ab441858e6fc41007aa207d6501171706d969e24e1d321425a51991dc34
SSDeep	384:haqbbxo9A8ZGTgaGEzKQVABDIkK3jHowkpfXdG/wdRJ6y7ZFFukakGGnX5w+kQRx:wqJWVQ8gz1WGkK3jIFfXM/wdRQy7tugT
ImpHash	-

c:\users\keecfmwgj\desktop\m3w-q0rzrfukl\ztjhwwr6z7cu6mtrpn.jpg.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Desktop\M3w-Q0RZrFUkL\ztjhWWR6z7cU6mtRPN.jpg.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	21.42 KB
MD5	cd8e6ac9e9bf8991b43d99ff163f0e02
SHA1	cbc3275fb445ad90b5a742de6d17f34202483af7
SHA256	c859e8900eae6214d6c8a94f517d9cfb141e587024201aec72ebe8c006b0688e
SSDeep	384:CQ+ezXxx5nJzi2YW48nItRxLcNN/KsWeuai9RygfijzQVuLnMOXXmeri8sRE9k87:L+IBx5nd1Py8PNluBifUYn1XXSjE5RDt
ImpHash	-

C:\Users\kEecfMwgj\Desktop\M3w-Q0RZrFUkL\cDzt.ppt.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\desktop\m3w-q0rzrfukl\cdzt.ppt.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	21.22 KB
MD5	7897ebe775722dc805dc6ea72cef660a
SHA1	2dca2f8f7030b28f7b05a476297057066bbb337d
SHA256	538ccda2d98e4b68f7b265316b72faf7237ceb535335f895447e9ebedaea4f24
SSDeep	384:1LQDTdpOu72PRvN36V9+WRnIvGq863vqgeqtwEjxDFeNwxFoscTsKnoCJcZ5QGQL:1c0PRFKaWRnIIEeQlkwNVTQGQL
ImpHash	-

c:\users\keecfmwgj\videos\z8vxfzj-jnzgo.mp4.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Videos\Z8vxFZJ-jnzGO.mp4.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	19.33 KB
MD5	7aeb5df6db2fe33b5d60c943e45807f1
SHA1	cfbb0426d2938a9f48978fbbfcc96e33b57f2bd1
SHA256	039c8f3ed3deef27c1dfbdd3a54221a0650df6532290177eb3edc81b4e512f40
SSDeep	384:BlS+RVy7BnSaKC/iemOIkbzEWY/MiDlQOCN7LkJ/o82Clyav:/Pez/zZIeoWY/jDlVCY1Vvv
ImpHash	-

c:\users\keecfmwgj\videos\h1j7hblziw7l.avi.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Videos\H1J7hBLzIW7L.avi.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	19.31 KB
MD5	a64dc577efd829e21401e14a82c0d894
SHA1	20d9610637f01b813fb42f412c26a3f6cc357dbd
SHA256	85e271c0eda333f5c00242ec7482cd2125cf59e31ac6966ac57f83a8260fbf31
SSDeep	384:H91EFrw9YpWbwar5RSxi2tXm2wLQuR/ozh2OsH9MtO0M7O5bwj4:H91JW8war5RMJs2wLxR/oFduGO0M6f
ImpHash	-

c:\users\keecfmwgj\music\sr45lfbmn\hngdqi3uzhk02\m5v7vilpsbu fn\2-hxc4lfdhsq_mkvo.mp3.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Music\sR45lfBmn\HnGdqI3uzhk02\M5V7viLPSBu Fn\2-hXC4LFdHsq_mKvo.mp3.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	19.09 KB
MD5	c34361fb99fc1fb320df7992e84b2b82
SHA1	df0f837d8cf9e8d9cabd7004ad9eab1fdf6d064d
SHA256	78b6fba081d323bf751f2406e692527359e3cc4506dc2595b88e01c0ee4acf5b
SSDeep	384:SECY/R1+xLBLUWb55ZvCqO9IYkFcjHIeVbR29/Q3UmIMjj9jouNc1:/CYJgLBLR/ZvCp9IYk4I0bA9iU8SEc1
ImpHash	-

C:\Users\kEecfMwgj\Desktop\E06hTH3VoHA0d\BtaCh0Rv1i6GNNdmI.png.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\desktop\e06hth3voha0d\btach0rv1i6gnndmi.png.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	18.25 KB
MD5	1e9a2d931eb5c53f1299c07ee1632fe3
SHA1	777bd7f2bfc6580bafe08f6d5dc022b9e9e59cf3
SHA256	9b1d46658d392bc49324587ab7f48ed7ebdab21aedf3e8edc1b84eb518258bb3
SSDeep	384:KECGtJeIFUp+HeH1xbVsE4M5ipfRZZDMstoKvqKeO/MmEASTj4BSGH+8FP2YuY:tCGtAEUKeTVx4M+nWstoKvqKeWKjTjZs
ImpHash	-

C:\Users\kEecfMwgj\Pictures\qNxgBCMJFfZZ 6.bmp.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\pictures\qnxgbcmjffzz 6.bmp.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	17.62 KB
MD5	99e185abf1d534dd830d199b0a9ca143
SHA1	4b42341af9a4d5b54ea87830c38b0f856f48c4b8
SHA256	c865cb57a3d943ed2135b8e0e790bfbaf0a67d75ec0eb38f0d92374094a5b3a2
SSDeep	384:fo9cXf9yKq36XWHRvQWt8P3FjcD8kC4dIwu21IXgBsmpw8wBc4KZlzbv8:mcXF/Q6GHxQvP31JkC4djvIXgBjYX4lM
ImpHash	-

C:\Users\kEecfMwgj\Documents\gADgp30\qJEcmQ\9bDYANhq-V\tirKK9 byo0\dP47.doc.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\documents\gadgp30\qjecmq\9bdyanhq-v\tirkk9 byo0\dp47.doc.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	17.37 KB
MD5	eff6fd77d09a529de9c972bb10647b52
SHA1	746826a43eb8c1d0ad4677adf46a56fa672f8b50
SHA256	c8d69816f228c5d92bcdef126b88f9f3f97ba0e92c999a96a4f7ef9c22667a94
SSDeep	384:x90pXr1pykiAvk9rCdi5DYJdmsQlVmx/k8LgBAzTXmrlWsxUTMEgU:oR37iAvirCdi5cxIVmxf0BAzT2rlPjEV
ImpHash	-

C:\Users\kEecfMwgj\Desktop\bnnQ2Y.png.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\desktop\bnnq2y.png.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	15.37 KB
MD5	82493d5acc0a9025c928d193b5bf2371
SHA1	9564d8d73fbeea67ad0685e3d6361ba496042bfa
SHA256	6947b73d6cca5651f9134feb91dacf4b4080025f9cf3cc12e230d165ed28e3f6
SSDeep	384:0DLYBakPoYH5NmgsSM4IzVE9RWakWKKhK3O1Y:0HYBaOj7ZNM4s2bvkWK+G
ImpHash	-

C:\Users\kEecfMwgj\Desktop\E06hTH3VoHA0d\JhXCNVX54s7.png.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\desktop\e06hth3voha0d\jhxcnvx54s7.png.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	15.20 KB
MD5	36740210d2202312c7e79dfd0df325d2
SHA1	afa94aea4b2a880d7d4f48d8915bd0cc867b7095
SHA256	88231ddcf7f2bf245d626949b0d93dfe4d65367eab25e5ad474b087723d9de28
SSDeep	384:rQtSUbmI5BSKVkF4UYnkAz+UtqUNKYXj7X+g:stSw5BBkFeFaFeKs2g
ImpHash	-

C:\Users\kEecfMwgj\Documents\yl14C.docx.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\documents\yl14c.docx.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	14.72 KB
MD5	dd7a599e41d92d449ed3949d39aee2ac
SHA1	f274b042843b9bc688a6554a21606c4419921da3
SHA256	c437d04f871e6424c828969fdeec8aa4509e5c6063f0c26478bf9d26c8f878a7
SSDeep	384:6aURdCml2ynz1id9qRZFnLyVXKcma9LaFTdKsYZM:1Q3nZMaZcYbaIFkRM
ImpHash	-

c:\users\keecfmwgj\documents\gadgp30\qjecmq\_e4_60ksbs_d7zx.pptx.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Documents\gADgp30\qJEcmQ\_E4_60KSBs_D7ZX.pptx.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	14.14 KB
MD5	65f3b7f8edd8858b08d6c57982a109e3
SHA1	c08d3e9ff181ca9426a95950842911becb0c53ba
SHA256	75275ef7e3aab964d0230a3818dcf3b17ee352a9b466b41b5d641a7fc856b141
SSDeep	384:PRLMvPwMB4n81Yr4I8oSAAtOwHRuRQjVR21hof:JLMvPFB4n81QgRiQf21hof
ImpHash	-

C:\Users\kEecfMwgj\Pictures\gJalnSM9o_s.jpg.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\pictures\gjalnsm9o_s.jpg.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	13.95 KB
MD5	591c904196a6e03a46f9553da6c697c5
SHA1	7cdfe4e2da75fc1df1a72db9bd757daba321f7c7
SHA256	5516ef7b3486c11ef001d9013dc0f278a48975d59c85fb75f0688f897d84be6c
SSDeep	384:L6fMypOFPIj85m+tuwp1UDPlg3+lTP20up9tFDBgX:LyTj8m+A+KC3OPc9tbgX
ImpHash	-

c:\users\keecfmwgj\pictures\neejrl4diryjsv.bmp.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Pictures\NEEjRL4DiRYJSV.bmp.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	12.26 KB
MD5	b79323714e5dbc05083775c884b5eb3d
SHA1	913fcf257036b54a734e4e24d933a77e34cbc30a
SHA256	05f38573d14f446971064b7c2532d797739fefbfe7489b6fbf4225f019df8abc
SSDeep	384:GXqDtr2CXlSUu2ETX8b/2g6Xm33Kb07f0DBcBaUeJ:xDTXlSh38akancq
ImpHash	-

c:\users\keecfmwgj\pictures\2r7o-shzef3qr6zs_c.gif.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Pictures\2R7o-shzeF3qr6Zs_C.gif.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	11.73 KB
MD5	2e4d88ca80883e916e8bc4e432ccc8ff
SHA1	52ccc49ccb5a0417b92aca32711507eb2f34c89e
SHA256	0088e1df8972886c8622e3d5f52f87f64e8c0db4c143a2c9161e44ea1cd25b0f
SSDeep	192:oKqthut9xa8qTDmt+BWhgggnjVnwPlAgYgF/sVuzzDcMWTZ5lyAs8H5oI:oKqqtqHOt+wOggnNwPldYgFEyzGTVBs8
ImpHash	-

c:\users\keecfmwgj\music\sr45lfbmn\hngdqi3uzhk02\o5kq9mr4cc\69v7zlnse_6kw0ym e.mp3.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Music\sR45lfBmn\HnGdqI3uzhk02\O5Kq9mR4CC\69V7ZlNsE_6KW0Ym e.mp3.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	10.41 KB
MD5	ef7199f63c2da41f0799f4eebbb913a2
SHA1	dfa0ea72fb274707feae949e7b69a9258a8ee5bf
SHA256	9e3742ea024c4b6a27ff7268b6f93acdd7686ab96f1da65d048bc05b3b72e84d
SSDeep	192:wtiL4rzdSK7FTljr0rSLXAjWeEA6gDxQ6vEjjQOD4hYwsvWt97ggvpPey:0zP5N0rSj3D7gO6vqnvqUght
ImpHash	-

C:\Users\kEecfMwgj\Music\sR45lfBmn\HnGdqI3uzhk02\jW54Ba8xSbY.wav.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\music\sr45lfbmn\hngdqi3uzhk02\jw54ba8xsby.wav.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	10.30 KB
MD5	ce4e221932f296d262edb27586bb17e9
SHA1	9e8bae5eacea7ca69b5c269f5f14c43b6fa935d2
SHA256	2ccb28df41fa02450046408495adc46b186989e5a02a6e356a1a332eb487e080
SSDeep	192:ZcN18q3QG0cwhLi+hglSAqeWKdJwZrti8fIXm4Hf+3PKRn23hDCuxY/2f:iWG0cyLbUmmIIUn4/+/2n7c
ImpHash	-

c:\users\keecfmwgj\music\sr45lfbmn\hngdqi3uzhk02\o5kq9mr4cc\n8sigxftdmtkczh\xu9kprwq9.mp3.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Music\sR45lfBmn\HnGdqI3uzhk02\O5Kq9mR4CC\n8siGXFTdMtKcZh\xU9kprwq9.mp3.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	9.92 KB
MD5	0129bc748e77f546f435739cabd46602
SHA1	b9bf61169b7150251bea36c11818e69aae805030
SHA256	9ab6a4c5ba3d6374398b51b1ca1f5904fde4cf58dafcb0dd23eb149f2c96df06
SSDeep	192:R5DGSun0KOUFU3JXHyig9VHcBKXeIK8HEVuP5kdoaeldJpvMHOiN5OOTii:fGZz3CJXIXcKXeGH52+ldEdnOOTii
ImpHash	-

C:\Users\kEecfMwgj\Documents\tbolTOBf6oytAdVf.xls.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\documents\tboltobf6oytadvf.xls.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	9.55 KB
MD5	1f4cb6099fa30ac478c7b328a721f7b4
SHA1	0584a78550776b74d055772ef34323b15604de39
SHA256	276436b4dce497a38dca49137571beaa5824ef69f70cada037abfe9f77710a3e
SSDeep	192:A6Ho/fLEBpS8X9uJo8+JzBv3rOB52XJwL4Gao4I:zHo3LEjqt+JpCrso4GahI
ImpHash	-

c:\users\keecfmwgj\documents\gadgp30\ahvikv6bhgp\n_go2 uxegr7yuru5exh\nfwtjiionnnx.ppt.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Documents\gADgp30\ahvIkv6BhGP\n_Go2 uXegR7yuru5EXh\nFwTJIIoNnNX.ppt.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	8.64 KB
MD5	b767299e89b2ae0607a8029447995c62
SHA1	5fd6f7c732eb605866531c4a42282534e62e6253
SHA256	677e6de07df80a6649d4974f22ac2dc9a0c0121e73420941275bcd91f2f306ac
SSDeep	192:EQdvsaZiPOPMQThpjtL5Gg8biNMWzKTFqBFe+8QFl4n1R1PQVT/kT95S:htZitEr55fMWcmc+/l4nFQA95S
ImpHash	-

C:\Users\kEecfMwgj\Pictures\ut5I85Hmrtdjra4F.jpg.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\pictures\ut5i85hmrtdjra4f.jpg.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	8.26 KB
MD5	e6f265154c18ecf4da8bd99674184873
SHA1	df9f9037d8a5002eae43d41cef47902fa203f4b3
SHA256	49e1a97172dd5b92de31bee589c86752e112dfb3a3287fb4dde06c67e839b347
SSDeep	192:LdBieGSpr3BRivh1iiTLE7hZMpJqMR7bHs16/:Dieta1dLE7Imibr
ImpHash	-

C:\Users\kEecfMwgj\Music\sR45lfBmn\HnGdqI3uzhk02\M5V7viLPSBu Fn\XXq4gabRA0W.wav.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\music\sr45lfbmn\hngdqi3uzhk02\m5v7vilpsbu fn\xxq4gabra0w.wav.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	8.22 KB
MD5	0a8b86fdba87712710f468157f3c404c
SHA1	df6f995454497b1aa032753a8f135f8424943ed4
SHA256	f2146e1641dc3a7f78f39b7002ced47a9ba62502a1c92951f5f71bbffbc574fc
SSDeep	192:VQemmS3jUwQ0r2x+PB2Nir4PlPYEnWs1eNMpRKrdKPYAjEgs2/LjZv+Vtxyhp:OmSgwu+YoUPOEnd4NrdKPYjgs2/LjsVE
ImpHash	-

c:\users\keecfmwgj\appdata\local\gdipfontcachev1.dat

Dropped File

Stream

»

MIME Type	application/octet-stream
File Size	8.03 KB
MD5	72fb647b2d0483e680783b144fe9cc8a
SHA1	a91a706ae2b1d6070e2d68c42dfa487baa906731
SHA256	2be64981c880589971a44f69e41bd016120f06a6475e3ba3aed629edeaecc8a9
SSDeep	3:5tmlNlv08s:5tmi8s
ImpHash	-

c:\users\keecfmwgj\videos\wctn_hgh2xhblipzt0o.avi.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Videos\wCtn_HGh2XHBliPZt0O.avi.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	7.17 KB
MD5	d33815e1b2ae413fae6f9190d8d44bc4
SHA1	16eb5b139b69a6e37cd4bd70d6ffd0290dd28d1b
SHA256	10663e99ff5e295979fe779f776bbc53b07896be38d142ba39d5b64fb3636047
SSDeep	96:epfiJHeIl/K159FHKsZueX7HL24mgmZAPfd4dZ0liOjzivL7B+GOfh8PbTii3eDM:84H9l/C3ZlfrL0A9Y0liHL7rcOCi3DR
ImpHash	-

C:\Users\kEecfMwgj\Pictures\CRAGPLrxjBWjbAs_pS.jpg.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\pictures\cragplrxjbwjbas_ps.jpg.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	6.25 KB
MD5	7e8e48c942b52b2907ccdce2086dea1b
SHA1	d9d6a8ae43c3a194a034a604c0a27823e51d32bc
SHA256	4344ca461620c066747fe78180686ffa952030ee43584cc4a9d897c5374191f4
SSDeep	192:GBvJ9/6krynJ/SOVyQk61ECUR3uSdDv+hqyxV:GBvvTyBSgNkjReSdD2hdxV
ImpHash	-

c:\users\keecfmwgj\documents\gadgp30\ahvikv6bhgp\n7u6-hdfzcmk12ax.ppt.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Documents\gADgp30\ahvIkv6BhGP\n7u6-hdfZCMK12Ax.ppt.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	5.25 KB
MD5	164bb219600c4050a925262eb6e26f80
SHA1	47cd857646292b043221529fab7003dc3dba9cb3
SHA256	d69461131d88a15fbf64eba37702c8017c52f10066f2e7dc9fb431565c405101
SSDeep	96:IUP6QyfppJ+k7WNHlZyIvLBKho+/iYpw5jdBI1I68squjyWzbYACVWw3swAeA:DP6QILKll4OLB8O5jdebuIVUACT6eA
ImpHash	-

C:\Users\kEecfMwgj\Documents\WindowsPowerShell\Modules\Cipher\Cipher.psm1

Dropped File

Text

»

Also Known As	Cipher.psm1 (Accessed File, Dropped File)
MIME Type	text/plain
File Size	5.23 KB
MD5	3d12427e874b39d71842b55ac7a7a800
SHA1	7ff7b0da46a3cad3ed82e8ffa79de0e9a05a5f49
SHA256	05cbcd057e2b47ddaf0b74ddf01b86ebd9b9ecbaa5cc66f8f9fdf02cd22e017d
SSDeep	48:h/4o45qLH5bLIeLRMLDMLMU6iQ45ugmSpsjFVixHT2333WH59LGTRL1kLGLbXAvN:hZ45iZApU/xMg0syH+AHsSQS6HF0aaA3
ImpHash	-

C:\Users\kEecfMwgj\Desktop\E06hTH3VoHA0d\OUWK.mp3.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\desktop\e06hth3voha0d\ouwk.mp3.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	4.37 KB
MD5	51cc37e61984c5022c7725079894cbfa
SHA1	4459f547d089ce229a64ebc9f1e8830c7c91eadd
SHA256	42abece8b8374ec41a384407d5a12b116dc74d1f27fa597a49114f09dd248acf
SSDeep	96:CVA4ZUurgY4XusHBYt6ZXYAwKmjeEVm1Jba1uSAPrWBUrJiRqL:Ce4ZJrgYQHY6ZXYAylVWJbaUjWFqL
ImpHash	-

C:\Users\kEecfMwgj\Music\M-QP9r3m\5q7ybWyiM4zx.wav.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\music\m-qp9r3m\5q7ybwyim4zx.wav.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	4.17 KB
MD5	cd977366110364259c2bc26e0b186cd7
SHA1	64ab03904dfac1d8ed2689e848e669645ba6661a
SHA256	6aed588650635d21c3e6b3ed5845e2c3c6c373efa37fcc5519c486a5b0080b98
SSDeep	96:JhRTCQUGVQ77TsTqvSP4u7CyV8UVNFsqaXy5Qx0rgCjoMUmNC9Grl6:J/TCQJVQ3oTq3u7gUVD9WGKCbU0Cyl6
ImpHash	-

C:\Users\kEecfMwgj\Music\sR45lfBmn\HnGdqI3uzhk02\O5Kq9mR4CC\n8siGXFTdMtKcZh\YBZFeG9.wav.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\music\sr45lfbmn\hngdqi3uzhk02\o5kq9mr4cc\n8sigxftdmtkczh\ybzfeg9.wav.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	2.87 KB
MD5	0a01faf0ddbef31e76f24d402e20dacb
SHA1	7613622bcaf1f6bddc252ca9aa46ea5c7019cab4
SHA256	7f7296bab0b7169ea969fa7e8b0fcd6fcc43eb3151a6b854656054cd2b253733
SSDeep	48:fsSyyqND3gh2G4MpKfbrVwvELdEiZzkvBneaF9OBh3spcL3+CqUHf8DC/+mxSQ:keqNjgEMpLE5EiZC5Q12caA/8u/+msQ
ImpHash	-

c:\users\keecfmwgj\documents\a_x_tiv5stl.docx.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Documents\A_x_tiv5stL.docx.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	2.84 KB
MD5	adc381132a8b47417b0b34c06316a80d
SHA1	67c3c3a4531372e79a3f4d1bc13cb0d690feec98
SHA256	2928485fd3c9ef5962e3568e8237ec98bbac8740e91ee4508617c465166d0535
SSDeep	48:1TC7WM6Oi4VPqiFaME3OliyzyLX3deOGKjQP29ycJTJvyVJxEnL:1T0H6f+PqcaMQOg+Kju2pTJvyVJa
ImpHash	-

C:\Users\kEecfMwgj\Desktop\E06hTH3VoHA0d\BRmtCoyPLlLg.jpg.Syrk

Dropped File

Stream

»

Also Known As	c:\users\keecfmwgj\desktop\e06hth3voha0d\brmtcoyplllg.jpg.syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	1.80 KB
MD5	f4437dc6fbd1a7ab2d4fe05e2627726e
SHA1	c17d37d6465968d17cb44ac5a1ccfeec4f669d69
SHA256	03863fc164d35e106d1445e224f6222348204961b1f6081117a390079330811e
SSDeep	48:fJqS6W5l7yHGFfc09kpiyZN/mG1VTmiiBlOv5SnYrOtgcj:fJqS6mlmmnQxZhmG1lniGmg+
ImpHash	-

c:\users\keecfmwgj\videos\zhli4r.mp4.syrk

Dropped File

Stream

»

Also Known As	C:\Users\kEecfMwgj\Videos\ZHli4r.mp4.Syrk (Accessed File, Dropped File)
MIME Type	application/octet-stream
File Size	1.61 KB
MD5	e977eb251261cd3c6f7eec825461b468
SHA1	517364a36b22cd5369ce230346376e6b1db4812e
SHA256	57fcc7081a456cfee4e3e0752d88f3d18e2fd82b76186f70e76829ca2b3dbf6b
SSDeep	48:iWMcz1hxYIOBR6WK5rq59fCUeXYig4ggDwKN419:i1aYnRAZqTfXeygXa
ImpHash	-

C:\Users\kEecfMwgj\Documents\WindowsPowerShell\Modules\Cipher\cry.ps1

Dropped File

Text

»

Also Known As	cry.ps1 (Accessed File, Dropped File)
MIME Type	text/plain
File Size	692 Bytes
MD5	c99f89478b297cbe016c623c63f6ca6c
SHA1	6922c82d1d10439a9286625cb9a0e21addd85a26
SHA256	2a57109b5ba1058449ab54984eda14294d760a252a0af44af3d37270dc1ad0ad
SSDeep	12:iSwKkElKakQg6rzW1JPCtnmvyWS6jnY7mN2riQhWORfCK6WORfyo8xUy:iSwKkqpdifCyyNrkMJuyoiUy
ImpHash	-

C:\Users\kEecfMwgj\Desktop\Readme_now.txt

Dropped File

Text

»

MIME Type	text/plain
File Size	234 Bytes
MD5	abdd1c2a8db8264cfe48bc1fb17079c7
SHA1	25abaccaaf1cd4b1abc10b1df0d73d65cd89e967
SHA256	dca72b1d0a3327a56de391757ba37e384359876ac3d1e3d3c10f2e8f8b4b2d1d
SSDeep	6:Q8lQAfbFr3BUmNCosU+FEMwElel+sXQBKv:QeQAfJr3BUCJKEyleg9Kv
ImpHash	-

C:\Users\kEecfMwgj\AppData\Local\Temp\EDB2.tmp\EDB3.tmp\EDB4.bat

Dropped File

Text

»

MIME Type	text/plain
File Size	159 Bytes
MD5	577ef607f79ddbf5cbd050778f58fdd9
SHA1	18d37ac638576014c1c3abd7c2f023c6e40d6351
SHA256	1f5900bf3f1044b0469612875a23c6f8d3569608ac1ee27ed77fcbc0131dbdfe
SSDeep	3:NNgIDbnZOaHF5hdCl+GjkoLHA8EEcoH+fyM1K/RFofD6tRQx0koJ:N3QaH9dCUX8tcoH+H1MUmt2Pk
ImpHash	-

C:\Users\Default\AppData\Local\Microsoft\+dp-.txt

Dropped File

Text

»

MIME Type	text/plain
File Size	64 Bytes
MD5	d707d1f1c016cc409483fc9f3b7dcbb6
SHA1	8ffa40cd6c0e7f51bb63269de504d97c4ee06fe3
SHA256	54d1ffe932df5cddabe81236dedb09062af18ff956d8f60afd67f6282b094a66
SSDeep	3:QYvNWlj9WioyoyIIj0y:DFw5oyIS0y
ImpHash	-

C:\Users\Default\AppData\Local\Microsoft\-pw+.txt

Dropped File

Text

»

MIME Type	text/plain
File Size	31 Bytes
MD5	31edf3a6c9225d778fe93662830d172b
SHA1	d7bb909da83edbef5ba5a9f214f4ba726afd7b53
SHA256	ba89a9d2bcd68421d979cce7880013eef84ce7bf5fb7d4f095719334a28defa6
SSDeep	3:Vlj9Wiov:DK
ImpHash	-

C:\Users\Default\AppData\Local\Microsoft\-i+.txt

Dropped File

Text

»

MIME Type	text/plain
File Size	26 Bytes
MD5	4e4320ecd1a32fce82f3a54ebd808c98
SHA1	f759f8dd621f228496c0682c35bb750d56af7e9d
SHA256	6d8a951f265ef56f25b2341322d3fc205af4a914da83880fa45a263213d5ed69
SSDeep	3:iIIj0y:iIS0y
ImpHash	-

C:\Users\kEecfMwgj\AppData\Local\Temp\EDB2.tmp

Dropped File

Empty

»

Also Known As	C:\Users\kEecfMwgj\AppData\Local\Temp\EDB2.tmp\EDB3.tmp (Accessed File, Dropped File) C:\Users\kEecfMwgj\AppData\Local\Temp\EDB2.tmp\EDB3.tmp\ (Accessed File) C:\Users\kEecfMwgj\AppData\Local\Temp\EDB2.tmp\EDB3.tmp\EDB4.tmp (Accessed File, Dropped File) C:\Users\kEecfMwgj\AppData\Local\Temp\EDB2.tmp\EDB3.tmp\EDB5.tmp (Accessed File, Dropped File)
MIME Type	application/x-empty
File Size	0 Bytes (not extracted)
MD5	d41d8cd98f00b204e9800998ecf8427e
SHA1	da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SSDeep	3::
ImpHash	-

aff8cb711b2b7e38bd15a3620a0c873727c0140afb26ca8959ff2a4b77ecc2c2

Extracted File

Image

»

Parent File	C:\Users\kEecfMwgj\Desktop\Setup.exe
MIME Type	image/png
File Size	28.32 KB
MD5	2e33937f2de0020190850b8ccb3df004
SHA1	e8f005c127ff10033ce4f78556344bb2504ec3fc
SHA256	aff8cb711b2b7e38bd15a3620a0c873727c0140afb26ca8959ff2a4b77ecc2c2
SSDeep	768:6UfUr+dycTY4v+y/xP67+VTURLeUOpwJT4+:ArI/Tb/xw+VTURSUO9+
ImpHash	-

Remarks (1/1)

There are no files for this filter

There are no files in this analysis

Classifications

Threat Names

Before

After

WHOIS Domain Information