5106d847...e799

C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2B74.TMP.EXE.exe

Sample File

Binary

Malicious

»

Mime Type	application/vnd.microsoft.portable-executable
File Size	983.02 KB
MD5	9fefc97d1a3bd960172df2a64e402684
SHA1	157ad8ea6d0a34210bc3cfd0dafa0ef8c7ceba54
SHA256	5106d847e6fecd52295ab7e01ce2e7525e3107f6a2d4dd3fc2956a8db970e799
SSDeep	12288:Un6+4hPrN4P3Do/+uOojcJ3l3gczIE9OhBRQmXDVZUtOWrUGR8oUEQF9+Mc7OI/a:Un6xwMc5lQc59OhvQmrCcGRnUEQb0ju
ImpHash	0cfa8cc8e37944d56ac786d8fc674750
Parser Error Remark	Static engine was unable to completely parse the analyzed file

File Reputation Information

»

Severity	Blacklisted
First Seen	2019-09-14 03:51 (UTC+2)
Last Seen	2019-09-15 05:12 (UTC+2)
Names	Win32.Trojan.Ramnit
Families	Ramnit
Classification	Trojan

PE Information

»

Image Base	0x400000
Entry Point	0x49a3d6
Size Of Code	0xa7800
Size Of Initialized Data	0x2f2ea00
File Type	FileType.executable
Subsystem	Subsystem.windows_gui
Machine Type	MachineType.i386
Compile Timestamp	2018-11-17 09:11:20+00:00

Version Information (2)

»

InternalName	sdnzsdj.ole
ProductVersion	2.9.21.7

Sections (6)

»

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x401000	0xa771c	0xa7800	0x400	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	7.95
.data	0x4a9000	0x2f28e08	0x19800	0xa7c00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	0.07
.idata	0x33d2000	0x830	0xa00	0xc1400	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	5.02
.gfids	0x33d3000	0x10ac	0x400	0xc1e00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	1.01
.rsrc	0x33d5000	0x3bd8	0x3c00	0xc2200	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	6.27
.reloc	0x33d9000	0xec4	0x1000	0xc5e00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	6.35

Imports (2)

»

KERNEL32.dll (74)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
CreateTimerQueueTimer	0x0	0x33d2000	0x2fd2178	0xc1578	0xbd
CompareStringW	0x0	0x33d2004	0x2fd217c	0xc157c	0x64
VirtualProtect	0x0	0x33d2008	0x2fd2180	0xc1580	0x4ef
GetHandleInformation	0x0	0x33d200c	0x2fd2184	0xc1584	0x1ff
WriteFile	0x0	0x33d2010	0x2fd2188	0xc1588	0x525
TerminateProcess	0x0	0x33d2014	0x2fd218c	0xc158c	0x4c0
lstrlenA	0x0	0x33d2018	0x2fd2190	0xc1590	0x54d
LocalAlloc	0x0	0x33d201c	0x2fd2194	0xc1594	0x344
ExitThread	0x0	0x33d2020	0x2fd2198	0xc1598	0x11a
GetNumberFormatA	0x0	0x33d2024	0x2fd219c	0xc159c	0x231
LoadLibraryA	0x0	0x33d2028	0x2fd21a0	0xc15a0	0x33c
lstrcatW	0x0	0x33d202c	0x2fd21a4	0xc15a4	0x53f
CloseHandle	0x0	0x33d2030	0x2fd21a8	0xc15a8	0x52
GetProcAddress	0x0	0x33d2034	0x2fd21ac	0xc15ac	0x245
ExitProcess	0x0	0x33d2038	0x2fd21b0	0xc15b0	0x119
FormatMessageA	0x0	0x33d203c	0x2fd21b4	0xc15b4	0x15d
CreateFileW	0x0	0x33d2040	0x2fd21b8	0xc15b8	0x8f
DecodePointer	0x0	0x33d2044	0x2fd21bc	0xc15bc	0xca
UnhandledExceptionFilter	0x0	0x33d2048	0x2fd21c0	0xc15c0	0x4d3
SetUnhandledExceptionFilter	0x0	0x33d204c	0x2fd21c4	0xc15c4	0x4a5
GetCurrentProcess	0x0	0x33d2050	0x2fd21c8	0xc15c8	0x1c0
IsProcessorFeaturePresent	0x0	0x33d2054	0x2fd21cc	0xc15cc	0x304
QueryPerformanceCounter	0x0	0x33d2058	0x2fd21d0	0xc15d0	0x3a7
GetCurrentProcessId	0x0	0x33d205c	0x2fd21d4	0xc15d4	0x1c1
GetCurrentThreadId	0x0	0x33d2060	0x2fd21d8	0xc15d8	0x1c5
GetSystemTimeAsFileTime	0x0	0x33d2064	0x2fd21dc	0xc15dc	0x279
InitializeSListHead	0x0	0x33d2068	0x2fd21e0	0xc15e0	0x2e7
IsDebuggerPresent	0x0	0x33d206c	0x2fd21e4	0xc15e4	0x300
GetStartupInfoW	0x0	0x33d2070	0x2fd21e8	0xc15e8	0x263
GetModuleHandleW	0x0	0x33d2074	0x2fd21ec	0xc15ec	0x218
RtlUnwind	0x0	0x33d2078	0x2fd21f0	0xc15f0	0x418
GetLastError	0x0	0x33d207c	0x2fd21f4	0xc15f4	0x202
SetLastError	0x0	0x33d2080	0x2fd21f8	0xc15f8	0x473
EnterCriticalSection	0x0	0x33d2084	0x2fd21fc	0xc15fc	0xee
LeaveCriticalSection	0x0	0x33d2088	0x2fd2200	0xc1600	0x339
DeleteCriticalSection	0x0	0x33d208c	0x2fd2204	0xc1604	0xd1
InitializeCriticalSectionAndSpinCount	0x0	0x33d2090	0x2fd2208	0xc1608	0x2e3
TlsAlloc	0x0	0x33d2094	0x2fd220c	0xc160c	0x4c5
TlsGetValue	0x0	0x33d2098	0x2fd2210	0xc1610	0x4c7
TlsSetValue	0x0	0x33d209c	0x2fd2214	0xc1614	0x4c8
TlsFree	0x0	0x33d20a0	0x2fd2218	0xc1618	0x4c6
FreeLibrary	0x0	0x33d20a4	0x2fd221c	0xc161c	0x162
LoadLibraryExW	0x0	0x33d20a8	0x2fd2220	0xc1620	0x33e
GetStdHandle	0x0	0x33d20ac	0x2fd2224	0xc1624	0x264
GetModuleFileNameW	0x0	0x33d20b0	0x2fd2228	0xc1628	0x214
MultiByteToWideChar	0x0	0x33d20b4	0x2fd222c	0xc162c	0x367
WideCharToMultiByte	0x0	0x33d20b8	0x2fd2230	0xc1630	0x511
GetModuleHandleExW	0x0	0x33d20bc	0x2fd2234	0xc1634	0x217
GetACP	0x0	0x33d20c0	0x2fd2238	0xc1638	0x168
HeapFree	0x0	0x33d20c4	0x2fd223c	0xc163c	0x2cf
HeapAlloc	0x0	0x33d20c8	0x2fd2240	0xc1640	0x2cb
FindClose	0x0	0x33d20cc	0x2fd2244	0xc1644	0x12e
FindFirstFileExW	0x0	0x33d20d0	0x2fd2248	0xc1648	0x134
FindNextFileW	0x0	0x33d20d4	0x2fd224c	0xc164c	0x145
IsValidCodePage	0x0	0x33d20d8	0x2fd2250	0xc1650	0x30a
GetOEMCP	0x0	0x33d20dc	0x2fd2254	0xc1654	0x237
GetCPInfo	0x0	0x33d20e0	0x2fd2258	0xc1658	0x172
GetCommandLineA	0x0	0x33d20e4	0x2fd225c	0xc165c	0x186
GetCommandLineW	0x0	0x33d20e8	0x2fd2260	0xc1660	0x187
GetEnvironmentStringsW	0x0	0x33d20ec	0x2fd2264	0xc1664	0x1da
FreeEnvironmentStringsW	0x0	0x33d20f0	0x2fd2268	0xc1668	0x161
LCMapStringW	0x0	0x33d20f4	0x2fd226c	0xc166c	0x32d
SetStdHandle	0x0	0x33d20f8	0x2fd2270	0xc1670	0x487
GetFileType	0x0	0x33d20fc	0x2fd2274	0xc1674	0x1f3
GetStringTypeW	0x0	0x33d2100	0x2fd2278	0xc1678	0x269
GetProcessHeap	0x0	0x33d2104	0x2fd227c	0xc167c	0x24a
HeapSize	0x0	0x33d2108	0x2fd2280	0xc1680	0x2d4
HeapReAlloc	0x0	0x33d210c	0x2fd2284	0xc1684	0x2d2
FlushFileBuffers	0x0	0x33d2110	0x2fd2288	0xc1688	0x157
GetConsoleCP	0x0	0x33d2114	0x2fd228c	0xc168c	0x19a
GetConsoleMode	0x0	0x33d2118	0x2fd2290	0xc1690	0x1ac
SetFilePointerEx	0x0	0x33d211c	0x2fd2294	0xc1694	0x467
WriteConsoleW	0x0	0x33d2120	0x2fd2298	0xc1698	0x524
RaiseException	0x0	0x33d2124	0x2fd229c	0xc169c	0x3b1

ole32.dll (2)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
CoIsOle1Class	0x0	0x33d212c	0x2fd22a4	0xc16a4	0x45
ProgIDFromCLSID	0x0	0x33d2130	0x2fd22a8	0xc16a8	0x14b

Icons (1)

»

Memory Dumps (7)

»

Name	Process ID	Start VA	End VA	Dump Reason	PE Rebuild	Bitness	Entry Points	Actions
buffer	1	0x002B0020	0x0034425F	Marked Executable	-	32-bit	0x002B17E2	... Memory Dump Actions Download Dump Go to process
buffer	1	0x04D40000	0x04E59FFF	First Execution	-	32-bit	0x04D40000	... Memory Dump Actions Download Dump Go to process
buffer	5	0x00210020	0x002A425F	Marked Executable	-	32-bit	0x002117E2	... Memory Dump Actions Download Dump Go to process
buffer	5	0x00210020	0x002A425F	Content Changed	-	32-bit	0x00211F7B	... Memory Dump Actions Download Dump Go to process
buffer	5	0x033E0000	0x034F9FFF	First Execution	-	32-bit	0x033E0000	... Memory Dump Actions Download Dump Go to process
buffer	18	0x00280020	0x0031425F	Marked Executable	-	32-bit	0x002817E2	... Memory Dump Actions Download Dump Go to process
buffer	18	0x04C40000	0x04D59FFF	First Execution	-	32-bit	0x04C40000	... Memory Dump Actions Download Dump Go to process

Local AV Matches (1)

»

Threat Name	Severity
Trojan.GenericKD.32452318	Malicious

C:\Windows\System32\drivers\etc\hosts

Modified File

Text

Malicious

»

Mime Type	text/plain
File Size	7.92 KB
MD5	360d265eddea8679c434a205f7ade7ad
SHA1	e17d843f610e0283904e201195360525ae449a68
SHA256	5a1597c0d29dd475e33cd8889d7d848037a8c17bad0f3daa022fb889e0db7ead
SSDeep	96:vDZEurK9q3WlSyU0FXmGZll0TOHyF9fAHLmttA/ZKTKdIlMHqzoCGbXx:RrK9FU0FXmGZll06m9fAH6AhKTK9Cax

Local AV Matches (1)

»

Threat Name	Severity
Gen:Trojan.Qhost.1	Malicious

C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\TQA_umDM14EkRmKehkUw.pdf.kvag

Dropped File

PDF

Malicious

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\TQA_umDM14EkRmKehkUw.pdf (Modified File)
Mime Type	application/pdf
File Size	56.38 KB
MD5	9fbf86977f1f2923d86745377e517452
SHA1	98ffd4dd05f6b8948aaa013eb59a17752c63c6e5
SHA256	c740912fca8b0c2ddb3d49b2fd78805643e3b89c33fd86b8d9bcc07667460173
SSDeep	1536:Kpbh06VknPGm3y4Q92bkoT7+s6zZ34CcC9LoEdUAherD9W:K868uue2QmTDe9heVW

YARA Matches (3)

»

Rule Name	Rule Description	Classification	Score	Actions
PDF_Missing_startxref	Malformed PDF without startxref; possible obfuscation	-	4/5	... YARA Actions Show Ruleset Show Match
PDF_Invalid_version	Invalid version in PDF magic bytes; possible obfuscation	-	4/5	... YARA Actions Show Ruleset Show Match
PDF_Missing_EOF	Malformed PDF without EOF marker; possible obfuscation	-	3/5	... YARA Actions Show Ruleset Show Match

C:\Users\5p5NrGJn0jS HALPmcxz\Documents\applvCx 7 7q.pdf

Modified File

PDF

Malicious

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\applvCx 7 7q.pdf.kvag (Dropped File)
Mime Type	application/pdf
File Size	98.83 KB
MD5	b71b040c91627f3fe9c6c41608b60fb6
SHA1	7bc69b18c52caa2f356d937a35d9d485b921dd42
SHA256	e6f0ee3227f2aa5d954d36bc2c32b5a486ef25ba0bb3dc6b966a5f8b061a6892
SSDeep	3072:nEwQoH7MumxW0PvYVYuaWzU2yLdG1o5U/rg6C:nEoHQumyVYxWQ2yLIo5CG

YARA Matches (3)

»

Rule Name	Rule Description	Classification	Score	Actions
PDF_Missing_startxref	Malformed PDF without startxref; possible obfuscation	-	4/5	... YARA Actions Show Ruleset Show Match
PDF_Invalid_version	Invalid version in PDF magic bytes; possible obfuscation	-	4/5	... YARA Actions Show Ruleset Show Match
PDF_Missing_EOF	Malformed PDF without EOF marker; possible obfuscation	-	3/5	... YARA Actions Show Ruleset Show Match

C:\Users\5p5NrGJn0jS HALPmcxz\Documents\cIMF3tKpAi.pdf

Modified File

PDF

Malicious

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\cIMF3tKpAi.pdf.kvag (Dropped File)
Mime Type	application/pdf
File Size	29.42 KB
MD5	ad759a3d5222a42cc9422b3891f2f1fa
SHA1	eede002a074fc2835cd5790550a7ab84195f3507
SHA256	13ee975829bb14684a9289f6dad1c578440302938f35c57a5e6d278a0bd1fdf8
SSDeep	768:2UeMQD0KiqgTbk2LpYvdTacXW4OdQWSV4J+sq4X5SnvtGXo+:2UfqiqC7tkT+OWSVq/X5sY

YARA Matches (3)

»

Rule Name	Rule Description	Classification	Score	Actions
PDF_Missing_startxref	Malformed PDF without startxref; possible obfuscation	-	4/5	... YARA Actions Show Ruleset Show Match
PDF_Invalid_version	Invalid version in PDF magic bytes; possible obfuscation	-	4/5	... YARA Actions Show Ruleset Show Match
PDF_Missing_EOF	Malformed PDF without EOF marker; possible obfuscation	-	3/5	... YARA Actions Show Ruleset Show Match

C:\Users\5p5NrGJn0jS HALPmcxz\Documents\i8DRxWeUJn.pdf.kvag

Dropped File

PDF

Malicious

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\i8DRxWeUJn.pdf (Modified File)
Mime Type	application/pdf
File Size	23.75 KB
MD5	6f99fab44fefba3f25b9c1aab14760ec
SHA1	6d7f9338c2738c9b0f6e4cf341b7fb4825380752
SHA256	a753898cdd276285d39fcdb164dac35bc91514128895adae1acab2a70ad50684
SSDeep	384:SnpaGusJ5PMB/aK3SJ6p0AIty3M9E1Vu4PbOKAi2kGVe74KqY/ae5KOM7nKpkCQX:qpaZsrM3SJVAItnE3tlBbkoae5dM7Kf0

YARA Matches (3)

»

Rule Name	Rule Description	Classification	Score	Actions
PDF_Missing_startxref	Malformed PDF without startxref; possible obfuscation	-	4/5	... YARA Actions Show Ruleset Show Match
PDF_Invalid_version	Invalid version in PDF magic bytes; possible obfuscation	-	4/5	... YARA Actions Show Ruleset Show Match
PDF_Missing_EOF	Malformed PDF without EOF marker; possible obfuscation	-	3/5	... YARA Actions Show Ruleset Show Match

C:\Users\5p5NrGJn0jS HALPmcxz\Documents\WzADlxLJE55HVxluBPw.pdf

Modified File

PDF

Malicious

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\WzADlxLJE55HVxluBPw.pdf.kvag (Dropped File)
Mime Type	application/pdf
File Size	3.55 KB
MD5	36b6979fe233c61e20fb74252ecbd1e7
SHA1	d325a6bfbbca6b80ed7fcf9a5fdfcbf4e1a0120f
SHA256	1e4b14df7499b9a0b9ddc0f432ab34890f772e2f918646d8ed1c5875ce94cf58
SSDeep	96:W9j1FZU1IYCDjhhieiESJTqvC0j5wRAIs:q5Py6iSASCcMrs

YARA Matches (3)

»

Rule Name	Rule Description	Classification	Score	Actions
PDF_Missing_startxref	Malformed PDF without startxref; possible obfuscation	-	4/5	... YARA Actions Show Ruleset Show Match
PDF_Invalid_version	Invalid version in PDF magic bytes; possible obfuscation	-	4/5	... YARA Actions Show Ruleset Show Match
PDF_Missing_EOF	Malformed PDF without EOF marker; possible obfuscation	-	3/5	... YARA Actions Show Ruleset Show Match

C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\16ec01a8-9cb0-4fd9-9d7a-ff79ab43a52d\updatewin1.exe

Downloaded File

Binary

Malicious

»

Also Known As	c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\temporary internet files\content.ie5\x9ohk109\updatewin1[1].exe (Downloaded File)
Mime Type	application/vnd.microsoft.portable-executable
File Size	272.50 KB
MD5	5b4bd24d6240f467bfbc74803c9f15b0
SHA1	c17f98c182d299845c54069872e8137645768a1a
SHA256	14c7bec7369d4175c6d92554b033862b3847ff98a04dfebdf9f5bb30180ed13e
SSDeep	6144:7qZQGv0d4dW6efSyahstfKVkW5XXnXXfXXXWXXXXHXXXXBXXXXgXXXXX5XXXXiXk:2ZQGXdPe6qU6W5XXnXXfXXXWXXXXHXXE
ImpHash	0bcca924efe6e6fa741675d8e687fbb3

File Reputation Information

»

Severity	Blacklisted
First Seen	2019-01-16 22:21 (UTC+1)
Last Seen	2019-07-21 22:40 (UTC+2)
Names	Win32.Trojan.Kryptik
Families	Kryptik
Classification	Trojan

PE Information

»

Image Base	0x400000
Entry Point	0x402d76
Size Of Code	0x1c200
Size Of Initialized Data	0x2c200
File Type	FileType.executable
Subsystem	Subsystem.windows_gui
Machine Type	MachineType.i386
Compile Timestamp	2017-07-24 12:23:54+00:00

Version Information (3)

»

FileVersion	7.7.7.18
InternalName	rawudiyeh.exe
LegalCopyright	Copyright (C) 2018, sacuwedimufoy

Sections (5)

»

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x401000	0x1c07e	0x1c200	0x400	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	6.62
.rdata	0x41e000	0x463e	0x4800	0x1c600	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	5.26
.data	0x423000	0x1c6a8	0x17400	0x20e00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	5.83
.rsrc	0x440000	0xa578	0xa600	0x38200	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	6.88
.reloc	0x44b000	0x1968	0x1a00	0x42800	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	6.34

Imports (4)

»

KERNEL32.dll (102)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
ExitThread	0x0	0x41e028	0x21afc	0x200fc	0x105
GetStartupInfoW	0x0	0x41e02c	0x21b00	0x20100	0x23a
GetLastError	0x0	0x41e030	0x21b04	0x20104	0x1e6
GetProcAddress	0x0	0x41e034	0x21b08	0x20108	0x220
CreateJobSet	0x0	0x41e038	0x21b0c	0x2010c	0x87
GlobalFree	0x0	0x41e03c	0x21b10	0x20110	0x28c
LoadLibraryA	0x0	0x41e040	0x21b14	0x20114	0x2f1
OpenWaitableTimerW	0x0	0x41e044	0x21b18	0x20118	0x339
AddAtomA	0x0	0x41e048	0x21b1c	0x2011c	0x3
FindFirstChangeNotificationA	0x0	0x41e04c	0x21b20	0x20120	0x11b
VirtualProtect	0x0	0x41e050	0x21b24	0x20124	0x45a
GetCurrentDirectoryA	0x0	0x41e054	0x21b28	0x20128	0x1a7
GetACP	0x0	0x41e058	0x21b2c	0x2012c	0x152
InterlockedPushEntrySList	0x0	0x41e05c	0x21b30	0x20130	0x2c2
CompareStringW	0x0	0x41e060	0x21b34	0x20134	0x55
CompareStringA	0x0	0x41e064	0x21b38	0x20138	0x52
CreateFileA	0x0	0x41e068	0x21b3c	0x2013c	0x78
GetTimeZoneInformation	0x0	0x41e06c	0x21b40	0x20140	0x26b
WriteConsoleW	0x0	0x41e070	0x21b44	0x20144	0x48c
GetConsoleOutputCP	0x0	0x41e074	0x21b48	0x20148	0x199
WriteConsoleA	0x0	0x41e078	0x21b4c	0x2014c	0x482
CloseHandle	0x0	0x41e07c	0x21b50	0x20150	0x43
IsValidLocale	0x0	0x41e080	0x21b54	0x20154	0x2dd
EnumSystemLocalesA	0x0	0x41e084	0x21b58	0x20158	0xf8
GetUserDefaultLCID	0x0	0x41e088	0x21b5c	0x2015c	0x26d
GetSystemTimeAdjustment	0x0	0x41e08c	0x21b60	0x20160	0x24e
GetSystemTimes	0x0	0x41e090	0x21b64	0x20164	0x250
GetTickCount	0x0	0x41e094	0x21b68	0x20168	0x266
FreeEnvironmentStringsA	0x0	0x41e098	0x21b6c	0x2016c	0x14a
GetComputerNameW	0x0	0x41e09c	0x21b70	0x20170	0x178
FindCloseChangeNotification	0x0	0x41e0a0	0x21b74	0x20174	0x11a
FindResourceExW	0x0	0x41e0a4	0x21b78	0x20178	0x138
GetCPInfo	0x0	0x41e0a8	0x21b7c	0x2017c	0x15b
SetProcessShutdownParameters	0x0	0x41e0ac	0x21b80	0x20180	0x3f9
GetModuleHandleExA	0x0	0x41e0b0	0x21b84	0x20184	0x1f7
GetDateFormatA	0x0	0x41e0b4	0x21b88	0x20188	0x1ae
GetTimeFormatA	0x0	0x41e0b8	0x21b8c	0x2018c	0x268
GetStringTypeW	0x0	0x41e0bc	0x21b90	0x20190	0x240
GetStringTypeA	0x0	0x41e0c0	0x21b94	0x20194	0x23d
LCMapStringW	0x0	0x41e0c4	0x21b98	0x20198	0x2e3
GetCommandLineA	0x0	0x41e0c8	0x21b9c	0x2019c	0x16f
GetStartupInfoA	0x0	0x41e0cc	0x21ba0	0x201a0	0x239
RaiseException	0x0	0x41e0d0	0x21ba4	0x201a4	0x35a
RtlUnwind	0x0	0x41e0d4	0x21ba8	0x201a8	0x392
TerminateProcess	0x0	0x41e0d8	0x21bac	0x201ac	0x42d
GetCurrentProcess	0x0	0x41e0dc	0x21bb0	0x201b0	0x1a9
UnhandledExceptionFilter	0x0	0x41e0e0	0x21bb4	0x201b4	0x43e
SetUnhandledExceptionFilter	0x0	0x41e0e4	0x21bb8	0x201b8	0x415
IsDebuggerPresent	0x0	0x41e0e8	0x21bbc	0x201bc	0x2d1
HeapAlloc	0x0	0x41e0ec	0x21bc0	0x201c0	0x29d
HeapFree	0x0	0x41e0f0	0x21bc4	0x201c4	0x2a1
EnterCriticalSection	0x0	0x41e0f4	0x21bc8	0x201c8	0xd9
LeaveCriticalSection	0x0	0x41e0f8	0x21bcc	0x201cc	0x2ef
SetHandleCount	0x0	0x41e0fc	0x21bd0	0x201d0	0x3e8
GetStdHandle	0x0	0x41e100	0x21bd4	0x201d4	0x23b
GetFileType	0x0	0x41e104	0x21bd8	0x201d8	0x1d7
DeleteCriticalSection	0x0	0x41e108	0x21bdc	0x201dc	0xbe
GetModuleHandleW	0x0	0x41e10c	0x21be0	0x201e0	0x1f9
Sleep	0x0	0x41e110	0x21be4	0x201e4	0x421
ExitProcess	0x0	0x41e114	0x21be8	0x201e8	0x104
WriteFile	0x0	0x41e118	0x21bec	0x201ec	0x48d
GetModuleFileNameA	0x0	0x41e11c	0x21bf0	0x201f0	0x1f4
GetEnvironmentStrings	0x0	0x41e120	0x21bf4	0x201f4	0x1bf
FreeEnvironmentStringsW	0x0	0x41e124	0x21bf8	0x201f8	0x14b
WideCharToMultiByte	0x0	0x41e128	0x21bfc	0x201fc	0x47a
GetEnvironmentStringsW	0x0	0x41e12c	0x21c00	0x20200	0x1c1
TlsGetValue	0x0	0x41e130	0x21c04	0x20204	0x434
TlsAlloc	0x0	0x41e134	0x21c08	0x20208	0x432
TlsSetValue	0x0	0x41e138	0x21c0c	0x2020c	0x435
TlsFree	0x0	0x41e13c	0x21c10	0x20210	0x433
InterlockedIncrement	0x0	0x41e140	0x21c14	0x20214	0x2c0
SetLastError	0x0	0x41e144	0x21c18	0x20218	0x3ec
GetCurrentThreadId	0x0	0x41e148	0x21c1c	0x2021c	0x1ad
InterlockedDecrement	0x0	0x41e14c	0x21c20	0x20220	0x2bc
GetCurrentThread	0x0	0x41e150	0x21c24	0x20224	0x1ac
HeapCreate	0x0	0x41e154	0x21c28	0x20228	0x29f
HeapDestroy	0x0	0x41e158	0x21c2c	0x2022c	0x2a0
VirtualFree	0x0	0x41e15c	0x21c30	0x20230	0x457
QueryPerformanceCounter	0x0	0x41e160	0x21c34	0x20234	0x354
GetCurrentProcessId	0x0	0x41e164	0x21c38	0x20238	0x1aa
GetSystemTimeAsFileTime	0x0	0x41e168	0x21c3c	0x2023c	0x24f
FatalAppExitA	0x0	0x41e16c	0x21c40	0x20240	0x10b
VirtualAlloc	0x0	0x41e170	0x21c44	0x20244	0x454
HeapReAlloc	0x0	0x41e174	0x21c48	0x20248	0x2a4
MultiByteToWideChar	0x0	0x41e178	0x21c4c	0x2024c	0x31a
ReadFile	0x0	0x41e17c	0x21c50	0x20250	0x368
InitializeCriticalSectionAndSpinCount	0x0	0x41e180	0x21c54	0x20254	0x2b5
HeapSize	0x0	0x41e184	0x21c58	0x20258	0x2a6
SetConsoleCtrlHandler	0x0	0x41e188	0x21c5c	0x2025c	0x3a7
FreeLibrary	0x0	0x41e18c	0x21c60	0x20260	0x14c
InterlockedExchange	0x0	0x41e190	0x21c64	0x20264	0x2bd
GetOEMCP	0x0	0x41e194	0x21c68	0x20268	0x213
IsValidCodePage	0x0	0x41e198	0x21c6c	0x2026c	0x2db
GetConsoleCP	0x0	0x41e19c	0x21c70	0x20270	0x183
GetConsoleMode	0x0	0x41e1a0	0x21c74	0x20274	0x195
FlushFileBuffers	0x0	0x41e1a4	0x21c78	0x20278	0x141
SetFilePointer	0x0	0x41e1a8	0x21c7c	0x2027c	0x3df
SetStdHandle	0x0	0x41e1ac	0x21c80	0x20280	0x3fc
GetLocaleInfoW	0x0	0x41e1b0	0x21c84	0x20284	0x1ea
GetLocaleInfoA	0x0	0x41e1b4	0x21c88	0x20288	0x1e8
LCMapStringA	0x0	0x41e1b8	0x21c8c	0x2028c	0x2e1
SetEnvironmentVariableA	0x0	0x41e1bc	0x21c90	0x20290	0x3d0

USER32.dll (10)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
CloseClipboard	0x0	0x41e1d8	0x21cac	0x202ac	0x47
BeginPaint	0x0	0x41e1dc	0x21cb0	0x202b0	0xe
CallMsgFilterW	0x0	0x41e1e0	0x21cb4	0x202b4	0x1a
PeekMessageA	0x0	0x41e1e4	0x21cb8	0x202b8	0x21b
MapVirtualKeyExW	0x0	0x41e1e8	0x21cbc	0x202bc	0x1f1
RegisterRawInputDevices	0x0	0x41e1ec	0x21cc0	0x202c0	0x242
GetClipboardSequenceNumber	0x0	0x41e1f0	0x21cc4	0x202c4	0x113
CountClipboardFormats	0x0	0x41e1f4	0x21cc8	0x202c8	0x50
GetDialogBaseUnits	0x0	0x41e1f8	0x21ccc	0x202cc	0x11d
GetClassLongW	0x0	0x41e1fc	0x21cd0	0x202d0	0x109

GDI32.dll (9)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
PolyTextOutW	0x0	0x41e000	0x21ad4	0x200d4	0x23c
CreateCompatibleDC	0x0	0x41e004	0x21ad8	0x200d8	0x2e
Rectangle	0x0	0x41e008	0x21adc	0x200dc	0x246
SetStretchBltMode	0x0	0x41e00c	0x21ae0	0x200e0	0x289
SetPixelV	0x0	0x41e010	0x21ae4	0x200e4	0x284
GetClipBox	0x0	0x41e014	0x21ae8	0x200e8	0x1aa
CreateDiscardableBitmap	0x0	0x41e018	0x21aec	0x200ec	0x35
StrokeAndFillPath	0x0	0x41e01c	0x21af0	0x200f0	0x29c
GetBitmapBits	0x0	0x41e020	0x21af4	0x200f4	0x191

SHELL32.dll (4)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
ShellExecuteW	0x0	0x41e1c4	0x21c98	0x20298	0x118
ShellAboutW	0x0	0x41e1c8	0x21c9c	0x2029c	0x110
DuplicateIcon	0x0	0x41e1cc	0x21ca0	0x202a0	0x23
DragQueryFileA	0x0	0x41e1d0	0x21ca4	0x202a4	0x1e

Icons (1)

»

Memory Dumps (10)

»

Name	Process ID	Start VA	End VA	Dump Reason	PE Rebuild	Bitness	Entry Points	Actions
updatewin1.exe	6	0x00400000	0x0044CFFF	Relevant Image	-	32-bit	-	... Memory Dump Actions Download Dump Go to process
updatewin1.exe	6	0x00400000	0x0044CFFF	Content Changed	-	32-bit	0x004023F7	... Memory Dump Actions Download Dump Go to process
updatewin1.exe	6	0x00400000	0x0044CFFF	Content Changed	-	32-bit	0x0040DB13	... Memory Dump Actions Download Dump Go to process
updatewin1.exe	6	0x00400000	0x0044CFFF	Content Changed	-	32-bit	0x00409A4F	... Memory Dump Actions Download Dump Go to process
updatewin1.exe	6	0x00400000	0x0044CFFF	Content Changed	-	32-bit	0x00401810	... Memory Dump Actions Download Dump Go to process
updatewin1.exe	6	0x00400000	0x0044CFFF	Process Termination	-	32-bit	-	... Memory Dump Actions Download Dump Go to process
updatewin1.exe	11	0x00400000	0x0044CFFF	Relevant Image	-	32-bit	-	... Memory Dump Actions Download Dump Go to process
updatewin1.exe	11	0x00400000	0x0044CFFF	Content Changed	-	32-bit	0x004023F7	... Memory Dump Actions Download Dump Go to process
updatewin1.exe	11	0x00400000	0x0044CFFF	Content Changed	-	32-bit	0x0040DB13	... Memory Dump Actions Download Dump Go to process
updatewin1.exe	11	0x00400000	0x0044CFFF	Content Changed	-	32-bit	0x00401810	... Memory Dump Actions Download Dump Go to process

Local AV Matches (1)

»

Threat Name	Severity
Trojan.GenericKD.31534187	Malicious

C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\16ec01a8-9cb0-4fd9-9d7a-ff79ab43a52d\updatewin2.exe

Downloaded File

Binary

Malicious

»

Also Known As	c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\temporary internet files\content.ie5\x9ohk109\updatewin2[1].exe (Downloaded File)
Mime Type	application/vnd.microsoft.portable-executable
File Size	274.50 KB
MD5	996ba35165bb62473d2a6743a5200d45
SHA1	52169b0b5cce95c6905873b8d12a759c234bd2e0
SHA256	5caffdc76a562e098c471feaede5693f9ead92d5c6c10fb3951dd1fa6c12d21d
SSDeep	6144:vLgbC0mVQlY+3aKn7n4CTHcXXnXXfXXXWXXXXHXXXXBXXXXgXXXXX5XXXXiXXXXP:vGCtQlb3aKzvT8XXnXXfXXXWXXXXHXXf
ImpHash	5921adaaf66f8c259aeda9e22686cd4b
Parser Error Remark	Static engine was unable to completely parse the analyzed file

File Reputation Information

»

Severity	Blacklisted
First Seen	2019-01-16 22:21 (UTC+1)
Last Seen	2019-09-04 10:43 (UTC+2)
Names	Win32.Trojan.Qhost
Families	Qhost
Classification	Trojan

PE Information

»

Image Base	0x400000
Entry Point	0x402d64
Size Of Code	0x1c200
Size Of Initialized Data	0x2c800
File Type	FileType.executable
Subsystem	Subsystem.windows_gui
Machine Type	MachineType.i386
Compile Timestamp	2017-11-21 06:08:45+00:00

Version Information (3)

»

FileVersion	5.3.7.82
InternalName	gigifaw.exe
LegalCopyright	Copyright (C) 2018, guvaxiz

Sections (5)

»

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x401000	0x1c03e	0x1c200	0x400	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	6.62
.rdata	0x41e000	0x45ec	0x4600	0x1c600	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	5.34
.data	0x423000	0x1cde8	0x17c00	0x20c00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	5.8
.rsrc	0x440000	0xa724	0xa800	0x38800	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	6.88
.reloc	0x44b000	0x195c	0x1a00	0x43000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	6.33

Imports (4)

»

KERNEL32.dll (98)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
ExitThread	0x0	0x41e024	0x21ae8	0x200e8	0x105
GetStartupInfoW	0x0	0x41e028	0x21aec	0x200ec	0x23a
GetLastError	0x0	0x41e02c	0x21af0	0x200f0	0x1e6
GetProcAddress	0x0	0x41e030	0x21af4	0x200f4	0x220
GlobalFree	0x0	0x41e034	0x21af8	0x200f8	0x28c
LoadLibraryA	0x0	0x41e038	0x21afc	0x200fc	0x2f1
AddAtomA	0x0	0x41e03c	0x21b00	0x20100	0x3
FindFirstChangeNotificationA	0x0	0x41e040	0x21b04	0x20104	0x11b
VirtualProtect	0x0	0x41e044	0x21b08	0x20108	0x45a
GetCurrentDirectoryA	0x0	0x41e048	0x21b0c	0x2010c	0x1a7
SetProcessShutdownParameters	0x0	0x41e04c	0x21b10	0x20110	0x3f9
GetACP	0x0	0x41e050	0x21b14	0x20114	0x152
CompareStringA	0x0	0x41e054	0x21b18	0x20118	0x52
CreateFileA	0x0	0x41e058	0x21b1c	0x2011c	0x78
GetTimeZoneInformation	0x0	0x41e05c	0x21b20	0x20120	0x26b
WriteConsoleW	0x0	0x41e060	0x21b24	0x20124	0x48c
GetConsoleOutputCP	0x0	0x41e064	0x21b28	0x20128	0x199
WriteConsoleA	0x0	0x41e068	0x21b2c	0x2012c	0x482
CloseHandle	0x0	0x41e06c	0x21b30	0x20130	0x43
IsValidLocale	0x0	0x41e070	0x21b34	0x20134	0x2dd
EnumSystemLocalesA	0x0	0x41e074	0x21b38	0x20138	0xf8
GetUserDefaultLCID	0x0	0x41e078	0x21b3c	0x2013c	0x26d
GetDateFormatA	0x0	0x41e07c	0x21b40	0x20140	0x1ae
GetTimeFormatA	0x0	0x41e080	0x21b44	0x20144	0x268
InitAtomTable	0x0	0x41e084	0x21b48	0x20148	0x2ae
GetSystemTimes	0x0	0x41e088	0x21b4c	0x2014c	0x250
GetTickCount	0x0	0x41e08c	0x21b50	0x20150	0x266
FreeEnvironmentStringsA	0x0	0x41e090	0x21b54	0x20154	0x14a
GetComputerNameW	0x0	0x41e094	0x21b58	0x20158	0x178
FindCloseChangeNotification	0x0	0x41e098	0x21b5c	0x2015c	0x11a
FindResourceExW	0x0	0x41e09c	0x21b60	0x20160	0x138
CompareStringW	0x0	0x41e0a0	0x21b64	0x20164	0x55
GetCPInfo	0x0	0x41e0a4	0x21b68	0x20168	0x15b
GetStringTypeW	0x0	0x41e0a8	0x21b6c	0x2016c	0x240
GetStringTypeA	0x0	0x41e0ac	0x21b70	0x20170	0x23d
LCMapStringW	0x0	0x41e0b0	0x21b74	0x20174	0x2e3
LCMapStringA	0x0	0x41e0b4	0x21b78	0x20178	0x2e1
GetLocaleInfoA	0x0	0x41e0b8	0x21b7c	0x2017c	0x1e8
GetCommandLineA	0x0	0x41e0bc	0x21b80	0x20180	0x16f
GetStartupInfoA	0x0	0x41e0c0	0x21b84	0x20184	0x239
RaiseException	0x0	0x41e0c4	0x21b88	0x20188	0x35a
RtlUnwind	0x0	0x41e0c8	0x21b8c	0x2018c	0x392
TerminateProcess	0x0	0x41e0cc	0x21b90	0x20190	0x42d
GetCurrentProcess	0x0	0x41e0d0	0x21b94	0x20194	0x1a9
UnhandledExceptionFilter	0x0	0x41e0d4	0x21b98	0x20198	0x43e
SetUnhandledExceptionFilter	0x0	0x41e0d8	0x21b9c	0x2019c	0x415
IsDebuggerPresent	0x0	0x41e0dc	0x21ba0	0x201a0	0x2d1
HeapAlloc	0x0	0x41e0e0	0x21ba4	0x201a4	0x29d
HeapFree	0x0	0x41e0e4	0x21ba8	0x201a8	0x2a1
EnterCriticalSection	0x0	0x41e0e8	0x21bac	0x201ac	0xd9
LeaveCriticalSection	0x0	0x41e0ec	0x21bb0	0x201b0	0x2ef
SetHandleCount	0x0	0x41e0f0	0x21bb4	0x201b4	0x3e8
GetStdHandle	0x0	0x41e0f4	0x21bb8	0x201b8	0x23b
GetFileType	0x0	0x41e0f8	0x21bbc	0x201bc	0x1d7
DeleteCriticalSection	0x0	0x41e0fc	0x21bc0	0x201c0	0xbe
GetModuleHandleW	0x0	0x41e100	0x21bc4	0x201c4	0x1f9
Sleep	0x0	0x41e104	0x21bc8	0x201c8	0x421
ExitProcess	0x0	0x41e108	0x21bcc	0x201cc	0x104
WriteFile	0x0	0x41e10c	0x21bd0	0x201d0	0x48d
GetModuleFileNameA	0x0	0x41e110	0x21bd4	0x201d4	0x1f4
GetEnvironmentStrings	0x0	0x41e114	0x21bd8	0x201d8	0x1bf
FreeEnvironmentStringsW	0x0	0x41e118	0x21bdc	0x201dc	0x14b
WideCharToMultiByte	0x0	0x41e11c	0x21be0	0x201e0	0x47a
GetEnvironmentStringsW	0x0	0x41e120	0x21be4	0x201e4	0x1c1
TlsGetValue	0x0	0x41e124	0x21be8	0x201e8	0x434
TlsAlloc	0x0	0x41e128	0x21bec	0x201ec	0x432
TlsSetValue	0x0	0x41e12c	0x21bf0	0x201f0	0x435
TlsFree	0x0	0x41e130	0x21bf4	0x201f4	0x433
InterlockedIncrement	0x0	0x41e134	0x21bf8	0x201f8	0x2c0
SetLastError	0x0	0x41e138	0x21bfc	0x201fc	0x3ec
GetCurrentThreadId	0x0	0x41e13c	0x21c00	0x20200	0x1ad
InterlockedDecrement	0x0	0x41e140	0x21c04	0x20204	0x2bc
GetCurrentThread	0x0	0x41e144	0x21c08	0x20208	0x1ac
HeapCreate	0x0	0x41e148	0x21c0c	0x2020c	0x29f
HeapDestroy	0x0	0x41e14c	0x21c10	0x20210	0x2a0
VirtualFree	0x0	0x41e150	0x21c14	0x20214	0x457
QueryPerformanceCounter	0x0	0x41e154	0x21c18	0x20218	0x354
GetCurrentProcessId	0x0	0x41e158	0x21c1c	0x2021c	0x1aa
GetSystemTimeAsFileTime	0x0	0x41e15c	0x21c20	0x20220	0x24f
FatalAppExitA	0x0	0x41e160	0x21c24	0x20224	0x10b
VirtualAlloc	0x0	0x41e164	0x21c28	0x20228	0x454
HeapReAlloc	0x0	0x41e168	0x21c2c	0x2022c	0x2a4
MultiByteToWideChar	0x0	0x41e16c	0x21c30	0x20230	0x31a
ReadFile	0x0	0x41e170	0x21c34	0x20234	0x368
InitializeCriticalSectionAndSpinCount	0x0	0x41e174	0x21c38	0x20238	0x2b5
HeapSize	0x0	0x41e178	0x21c3c	0x2023c	0x2a6
SetConsoleCtrlHandler	0x0	0x41e17c	0x21c40	0x20240	0x3a7
FreeLibrary	0x0	0x41e180	0x21c44	0x20244	0x14c
InterlockedExchange	0x0	0x41e184	0x21c48	0x20248	0x2bd
GetOEMCP	0x0	0x41e188	0x21c4c	0x2024c	0x213
IsValidCodePage	0x0	0x41e18c	0x21c50	0x20250	0x2db
GetConsoleCP	0x0	0x41e190	0x21c54	0x20254	0x183
GetConsoleMode	0x0	0x41e194	0x21c58	0x20258	0x195
FlushFileBuffers	0x0	0x41e198	0x21c5c	0x2025c	0x141
SetFilePointer	0x0	0x41e19c	0x21c60	0x20260	0x3df
SetStdHandle	0x0	0x41e1a0	0x21c64	0x20264	0x3fc
GetLocaleInfoW	0x0	0x41e1a4	0x21c68	0x20268	0x1ea
SetEnvironmentVariableA	0x0	0x41e1a8	0x21c6c	0x2026c	0x3d0

USER32.dll (12)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
CloseClipboard	0x0	0x41e1c4	0x21c88	0x20288	0x47
GetSubMenu	0x0	0x41e1c8	0x21c8c	0x2028c	0x16b
LoadBitmapA	0x0	0x41e1cc	0x21c90	0x20290	0x1d0
BeginPaint	0x0	0x41e1d0	0x21c94	0x20294	0xe
CallMsgFilterW	0x0	0x41e1d4	0x21c98	0x20298	0x1a
PeekMessageA	0x0	0x41e1d8	0x21c9c	0x2029c	0x21b
MapVirtualKeyExW	0x0	0x41e1dc	0x21ca0	0x202a0	0x1f1
RegisterRawInputDevices	0x0	0x41e1e0	0x21ca4	0x202a4	0x242
SetWindowsHookExW	0x0	0x41e1e4	0x21ca8	0x202a8	0x2b0
GetClipboardSequenceNumber	0x0	0x41e1e8	0x21cac	0x202ac	0x113
GetDialogBaseUnits	0x0	0x41e1ec	0x21cb0	0x202b0	0x11d
MessageBoxIndirectA	0x0	0x41e1f0	0x21cb4	0x202b4	0x1fb

GDI32.dll (8)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
CreateCompatibleDC	0x0	0x41e000	0x21ac4	0x200c4	0x2e
PlayEnhMetaFile	0x0	0x41e004	0x21ac8	0x200c8	0x230
ScaleViewportExtEx	0x0	0x41e008	0x21acc	0x200cc	0x258
SetStretchBltMode	0x0	0x41e00c	0x21ad0	0x200d0	0x289
SetPixelV	0x0	0x41e010	0x21ad4	0x200d4	0x284
CreateDiscardableBitmap	0x0	0x41e014	0x21ad8	0x200d8	0x35
AddFontResourceW	0x0	0x41e018	0x21adc	0x200dc	0x7
SetDeviceGammaRamp	0x0	0x41e01c	0x21ae0	0x200e0	0x271

SHELL32.dll (4)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
ExtractAssociatedIconA	0x0	0x41e1b0	0x21c74	0x20274	0x24
ShellExecuteW	0x0	0x41e1b4	0x21c78	0x20278	0x118
ShellAboutW	0x0	0x41e1b8	0x21c7c	0x2027c	0x110
DragQueryFileA	0x0	0x41e1bc	0x21c80	0x20280	0x1e

Icons (1)

»

Memory Dumps (6)

»

Name	Process ID	Start VA	End VA	Dump Reason	PE Rebuild	Bitness	Entry Points	Actions
updatewin2.exe	7	0x00400000	0x0044CFFF	Relevant Image	-	32-bit	-	... Memory Dump Actions Download Dump Go to process
updatewin2.exe	7	0x00400000	0x0044CFFF	Content Changed	-	32-bit	0x00402350	... Memory Dump Actions Download Dump Go to process
updatewin2.exe	7	0x00400000	0x0044CFFF	Content Changed	-	32-bit	0x0040D7C3	... Memory Dump Actions Download Dump Go to process
updatewin2.exe	7	0x00400000	0x0044CFFF	Content Changed	-	32-bit	0x0040C0D3	... Memory Dump Actions Download Dump Go to process
updatewin2.exe	7	0x00400000	0x0044CFFF	Content Changed	-	32-bit	0x00401730	... Memory Dump Actions Download Dump Go to process
updatewin2.exe	7	0x00400000	0x0044CFFF	Process Termination	-	32-bit	-	... Memory Dump Actions Download Dump Go to process

Local AV Matches (1)

»

Threat Name	Severity
Trojan.AgentWDCR.SVC	Malicious

C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\16ec01a8-9cb0-4fd9-9d7a-ff79ab43a52d\updatewin.exe

Downloaded File

Binary

Malicious

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\16ec01a8-9cb0-4fd9-9d7a-ff79ab43a52d\updatewin.exe (Downloaded File)
Mime Type	application/vnd.microsoft.portable-executable
File Size	277.50 KB
MD5	e3083483121cd288264f8c5624fb2cd1
SHA1	144a1dd6714ff4b5675c32f428d1899e500140a5
SHA256	114ccacb7ca57c01f3540611fdf49e68416544da8d8077f5896434a4b71b01dd
SSDeep	6144:JMLLGApbfLsx8TsvD6OD61XXnXXfXXXWXXXXHXXXXBXXXXgXXXXX5XXXXiXXXX56:JMLdpMdhDyXXnXXfXXXWXXXXHXXXXBXK
ImpHash	1755b6d950f72981fdcd1be68f24e7b3
Parser Error Remark	Static engine was unable to completely parse the analyzed file

File Reputation Information

»

Severity	Blacklisted
First Seen	2019-01-16 22:21 (UTC+1)
Last Seen	2019-09-04 09:39 (UTC+2)
Names	Win32.Trojan.Kryptik
Families	Kryptik
Classification	Trojan

PE Information

»

Image Base	0x400000
Entry Point	0x402d7c
Size Of Code	0x1c200
Size Of Initialized Data	0x2d400
File Type	FileType.executable
Subsystem	Subsystem.windows_gui
Machine Type	MachineType.i386
Compile Timestamp	2018-02-19 08:26:47+00:00

Version Information (3)

»

FileVersion	8.8.10.11
InternalName	sutazaxidi.exe
LegalCopyright	Copyright (C) 2018, huxonulow

Sections (5)

»

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x401000	0x1c09e	0x1c200	0x400	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	6.62
.rdata	0x41e000	0x4636	0x4800	0x1c600	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	5.25
.data	0x423000	0x1d5a8	0x18400	0x20e00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	5.8
.rsrc	0x441000	0xa826	0xaa00	0x39200	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	6.84
.reloc	0x44c000	0x1974	0x1a00	0x43c00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	6.34

Imports (4)

»

KERNEL32.dll (100)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
ExitThread	0x0	0x41e020	0x21af4	0x200f4	0x105
GetStartupInfoW	0x0	0x41e024	0x21af8	0x200f8	0x23a
GetConsoleAliasesW	0x0	0x41e028	0x21afc	0x200fc	0x182
GetLastError	0x0	0x41e02c	0x21b00	0x20100	0x1e6
GetProcAddress	0x0	0x41e030	0x21b04	0x20104	0x220
BackupWrite	0x0	0x41e034	0x21b08	0x20108	0x18
GlobalFree	0x0	0x41e038	0x21b0c	0x2010c	0x28c
LoadLibraryA	0x0	0x41e03c	0x21b10	0x20110	0x2f1
GetNumberFormatW	0x0	0x41e040	0x21b14	0x20114	0x20f
AddAtomA	0x0	0x41e044	0x21b18	0x20118	0x3
FindFirstChangeNotificationA	0x0	0x41e048	0x21b1c	0x2011c	0x11b
GetStringTypeW	0x0	0x41e04c	0x21b20	0x20120	0x240
VirtualProtect	0x0	0x41e050	0x21b24	0x20124	0x45a
GetACP	0x0	0x41e054	0x21b28	0x20128	0x152
SetProcessShutdownParameters	0x0	0x41e058	0x21b2c	0x2012c	0x3f9
CompareStringW	0x0	0x41e05c	0x21b30	0x20130	0x55
CompareStringA	0x0	0x41e060	0x21b34	0x20134	0x52
CreateFileA	0x0	0x41e064	0x21b38	0x20138	0x78
GetTimeZoneInformation	0x0	0x41e068	0x21b3c	0x2013c	0x26b
WriteConsoleW	0x0	0x41e06c	0x21b40	0x20140	0x48c
GetConsoleOutputCP	0x0	0x41e070	0x21b44	0x20144	0x199
WriteConsoleA	0x0	0x41e074	0x21b48	0x20148	0x482
CloseHandle	0x0	0x41e078	0x21b4c	0x2014c	0x43
IsValidLocale	0x0	0x41e07c	0x21b50	0x20150	0x2dd
EnumSystemLocalesA	0x0	0x41e080	0x21b54	0x20154	0xf8
GetUserDefaultLCID	0x0	0x41e084	0x21b58	0x20158	0x26d
GetDateFormatA	0x0	0x41e088	0x21b5c	0x2015c	0x1ae
GetSystemTimes	0x0	0x41e08c	0x21b60	0x20160	0x250
GetTickCount	0x0	0x41e090	0x21b64	0x20164	0x266
FreeEnvironmentStringsA	0x0	0x41e094	0x21b68	0x20168	0x14a
GetComputerNameW	0x0	0x41e098	0x21b6c	0x2016c	0x178
FindCloseChangeNotification	0x0	0x41e09c	0x21b70	0x20170	0x11a
FindResourceExW	0x0	0x41e0a0	0x21b74	0x20174	0x138
GetCurrentDirectoryA	0x0	0x41e0a4	0x21b78	0x20178	0x1a7
GetCPInfo	0x0	0x41e0a8	0x21b7c	0x2017c	0x15b
GetTimeFormatA	0x0	0x41e0ac	0x21b80	0x20180	0x268
GetStringTypeA	0x0	0x41e0b0	0x21b84	0x20184	0x23d
LCMapStringW	0x0	0x41e0b4	0x21b88	0x20188	0x2e3
LCMapStringA	0x0	0x41e0b8	0x21b8c	0x2018c	0x2e1
GetLocaleInfoA	0x0	0x41e0bc	0x21b90	0x20190	0x1e8
GetLocaleInfoW	0x0	0x41e0c0	0x21b94	0x20194	0x1ea
SetStdHandle	0x0	0x41e0c4	0x21b98	0x20198	0x3fc
SetFilePointer	0x0	0x41e0c8	0x21b9c	0x2019c	0x3df
GetCommandLineA	0x0	0x41e0cc	0x21ba0	0x201a0	0x16f
GetStartupInfoA	0x0	0x41e0d0	0x21ba4	0x201a4	0x239
RaiseException	0x0	0x41e0d4	0x21ba8	0x201a8	0x35a
RtlUnwind	0x0	0x41e0d8	0x21bac	0x201ac	0x392
TerminateProcess	0x0	0x41e0dc	0x21bb0	0x201b0	0x42d
GetCurrentProcess	0x0	0x41e0e0	0x21bb4	0x201b4	0x1a9
UnhandledExceptionFilter	0x0	0x41e0e4	0x21bb8	0x201b8	0x43e
SetUnhandledExceptionFilter	0x0	0x41e0e8	0x21bbc	0x201bc	0x415
IsDebuggerPresent	0x0	0x41e0ec	0x21bc0	0x201c0	0x2d1
HeapAlloc	0x0	0x41e0f0	0x21bc4	0x201c4	0x29d
HeapFree	0x0	0x41e0f4	0x21bc8	0x201c8	0x2a1
EnterCriticalSection	0x0	0x41e0f8	0x21bcc	0x201cc	0xd9
LeaveCriticalSection	0x0	0x41e0fc	0x21bd0	0x201d0	0x2ef
SetHandleCount	0x0	0x41e100	0x21bd4	0x201d4	0x3e8
GetStdHandle	0x0	0x41e104	0x21bd8	0x201d8	0x23b
GetFileType	0x0	0x41e108	0x21bdc	0x201dc	0x1d7
DeleteCriticalSection	0x0	0x41e10c	0x21be0	0x201e0	0xbe
GetModuleHandleW	0x0	0x41e110	0x21be4	0x201e4	0x1f9
Sleep	0x0	0x41e114	0x21be8	0x201e8	0x421
ExitProcess	0x0	0x41e118	0x21bec	0x201ec	0x104
WriteFile	0x0	0x41e11c	0x21bf0	0x201f0	0x48d
GetModuleFileNameA	0x0	0x41e120	0x21bf4	0x201f4	0x1f4
GetEnvironmentStrings	0x0	0x41e124	0x21bf8	0x201f8	0x1bf
FreeEnvironmentStringsW	0x0	0x41e128	0x21bfc	0x201fc	0x14b
WideCharToMultiByte	0x0	0x41e12c	0x21c00	0x20200	0x47a
GetEnvironmentStringsW	0x0	0x41e130	0x21c04	0x20204	0x1c1
TlsGetValue	0x0	0x41e134	0x21c08	0x20208	0x434
TlsAlloc	0x0	0x41e138	0x21c0c	0x2020c	0x432
TlsSetValue	0x0	0x41e13c	0x21c10	0x20210	0x435
TlsFree	0x0	0x41e140	0x21c14	0x20214	0x433
InterlockedIncrement	0x0	0x41e144	0x21c18	0x20218	0x2c0
SetLastError	0x0	0x41e148	0x21c1c	0x2021c	0x3ec
GetCurrentThreadId	0x0	0x41e14c	0x21c20	0x20220	0x1ad
InterlockedDecrement	0x0	0x41e150	0x21c24	0x20224	0x2bc
GetCurrentThread	0x0	0x41e154	0x21c28	0x20228	0x1ac
HeapCreate	0x0	0x41e158	0x21c2c	0x2022c	0x29f
HeapDestroy	0x0	0x41e15c	0x21c30	0x20230	0x2a0
VirtualFree	0x0	0x41e160	0x21c34	0x20234	0x457
QueryPerformanceCounter	0x0	0x41e164	0x21c38	0x20238	0x354
GetCurrentProcessId	0x0	0x41e168	0x21c3c	0x2023c	0x1aa
GetSystemTimeAsFileTime	0x0	0x41e16c	0x21c40	0x20240	0x24f
FatalAppExitA	0x0	0x41e170	0x21c44	0x20244	0x10b
VirtualAlloc	0x0	0x41e174	0x21c48	0x20248	0x454
HeapReAlloc	0x0	0x41e178	0x21c4c	0x2024c	0x2a4
MultiByteToWideChar	0x0	0x41e17c	0x21c50	0x20250	0x31a
ReadFile	0x0	0x41e180	0x21c54	0x20254	0x368
InitializeCriticalSectionAndSpinCount	0x0	0x41e184	0x21c58	0x20258	0x2b5
HeapSize	0x0	0x41e188	0x21c5c	0x2025c	0x2a6
SetConsoleCtrlHandler	0x0	0x41e18c	0x21c60	0x20260	0x3a7
FreeLibrary	0x0	0x41e190	0x21c64	0x20264	0x14c
InterlockedExchange	0x0	0x41e194	0x21c68	0x20268	0x2bd
GetOEMCP	0x0	0x41e198	0x21c6c	0x2026c	0x213
IsValidCodePage	0x0	0x41e19c	0x21c70	0x20270	0x2db
GetConsoleCP	0x0	0x41e1a0	0x21c74	0x20274	0x183
GetConsoleMode	0x0	0x41e1a4	0x21c78	0x20278	0x195
FlushFileBuffers	0x0	0x41e1a8	0x21c7c	0x2027c	0x141
SetEnvironmentVariableA	0x0	0x41e1ac	0x21c80	0x20280	0x3d0

USER32.dll (11)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
CloseClipboard	0x0	0x41e1d4	0x21ca8	0x202a8	0x47
SendNotifyMessageA	0x0	0x41e1d8	0x21cac	0x202ac	0x264
BeginPaint	0x0	0x41e1dc	0x21cb0	0x202b0	0xe
CallMsgFilterW	0x0	0x41e1e0	0x21cb4	0x202b4	0x1a
PeekMessageA	0x0	0x41e1e4	0x21cb8	0x202b8	0x21b
MapVirtualKeyExW	0x0	0x41e1e8	0x21cbc	0x202bc	0x1f1
RegisterRawInputDevices	0x0	0x41e1ec	0x21cc0	0x202c0	0x242
GetClipboardSequenceNumber	0x0	0x41e1f0	0x21cc4	0x202c4	0x113
SetUserObjectInformationA	0x0	0x41e1f4	0x21cc8	0x202c8	0x29f
GetDialogBaseUnits	0x0	0x41e1f8	0x21ccc	0x202cc	0x11d
GetMessageW	0x0	0x41e1fc	0x21cd0	0x202d0	0x14e

GDI32.dll (7)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
CreatePolyPolygonRgn	0x0	0x41e000	0x21ad4	0x200d4	0x4b
CreateCompatibleDC	0x0	0x41e004	0x21ad8	0x200d8	0x2e
SetStretchBltMode	0x0	0x41e008	0x21adc	0x200dc	0x289
SetPixelV	0x0	0x41e00c	0x21ae0	0x200e0	0x284
GetCharWidth32A	0x0	0x41e010	0x21ae4	0x200e4	0x1a0
CreateDiscardableBitmap	0x0	0x41e014	0x21ae8	0x200e8	0x35
BitBlt	0x0	0x41e018	0x21aec	0x200ec	0x12

SHELL32.dll (7)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
ShellExecuteW	0x0	0x41e1b4	0x21c88	0x20288	0x118
ShellAboutW	0x0	0x41e1b8	0x21c8c	0x2028c	0x110
ExtractIconA	0x0	0x41e1bc	0x21c90	0x20290	0x28
ShellExecuteExA	0x0	0x41e1c0	0x21c94	0x20294	0x116
FindExecutableA	0x0	0x41e1c4	0x21c98	0x20298	0x2d
DragQueryFileA	0x0	0x41e1c8	0x21c9c	0x2029c	0x1e
ExtractIconW	0x0	0x41e1cc	0x21ca0	0x202a0	0x2c

Icons (1)

»

Local AV Matches (1)

»

Threat Name	Severity
Trojan.AgentWDCR.SUF	Malicious

C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\16ec01a8-9cb0-4fd9-9d7a-ff79ab43a52d\4.exe

Downloaded File

Binary

Malicious

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\16ec01a8-9cb0-4fd9-9d7a-ff79ab43a52d\4.exe (Downloaded File)
Mime Type	application/vnd.microsoft.portable-executable
File Size	228.50 KB
MD5	37cc975a1257bf260308fe30e1d3e7ee
SHA1	934dd52f58b4889d94c52a53afb6a44e61422839
SHA256	cbc5c6867c6caeaa956ccf8828d1618422dc87b21fd3a78653a0c601b29533a8
SSDeep	6144:TB7zXtjRsqev8Xzgim10MbZcAFd01DhMy30PyutDi:xzXtjRsqU8DNmpLj01DhPUhi
ImpHash	8b9f50f81754827854da2426bdda9baf

File Reputation Information

»

Severity	Blacklisted
First Seen	2019-08-26 17:48 (UTC+2)
Last Seen	2019-09-10 02:49 (UTC+2)
Names	Win32.Trojan.Grp
Families	Grp
Classification	Trojan

PE Information

»

Image Base	0x400000
Entry Point	0x403af7
Size Of Code	0x11e00
Size Of Initialized Data	0x4a20400
File Type	FileType.executable
Subsystem	Subsystem.windows_gui
Machine Type	MachineType.i386
Compile Timestamp	2018-08-31 00:14:32+00:00

Sections (5)

»

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x401000	0x11d0a	0x11e00	0x400	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	6.66
.rdata	0x413000	0x22070	0x22200	0x12200	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	6.3
.data	0x436000	0x49fba20	0x1a00	0x34400	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	3.08
.rsrc	0x4e32000	0x1d48	0x1e00	0x35e00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	6.09
.reloc	0x4e34000	0x14d4	0x1600	0x37c00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	6.45

Imports (3)

»

KERNEL32.dll (131)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
SleepEx	0x0	0x41303c	0x342c0	0x334c0	0x4b5
GetModuleHandleW	0x0	0x413040	0x342c4	0x334c4	0x218
IsBadReadPtr	0x0	0x413044	0x342c8	0x334c8	0x2f7
FormatMessageA	0x0	0x413048	0x342cc	0x334cc	0x15d
GetConsoleAliasExesW	0x0	0x41304c	0x342d0	0x334d0	0x194
EnumTimeFormatsW	0x0	0x413050	0x342d4	0x334d4	0x112
GetUserDefaultLangID	0x0	0x413054	0x342d8	0x334d8	0x29c
GlobalAlloc	0x0	0x413058	0x342dc	0x334dc	0x2b3
GetFirmwareEnvironmentVariableA	0x0	0x41305c	0x342e0	0x334e0	0x1f6
IsValidLocale	0x0	0x413060	0x342e4	0x334e4	0x30c
GetThreadSelectorEntry	0x0	0x413064	0x342e8	0x334e8	0x290
GetCalendarInfoA	0x0	0x413068	0x342ec	0x334ec	0x179
FormatMessageW	0x0	0x41306c	0x342f0	0x334f0	0x15e
SetConsoleCP	0x0	0x413070	0x342f4	0x334f4	0x42c
WritePrivateProfileStructW	0x0	0x413074	0x342f8	0x334f8	0x52d
FindNextVolumeW	0x0	0x413078	0x342fc	0x334fc	0x14a
GetConsoleAliasW	0x0	0x41307c	0x34300	0x33500	0x195
GetTapePosition	0x0	0x413080	0x34304	0x33504	0x280
GetFileAttributesW	0x0	0x413084	0x34308	0x33508	0x1ea
GetAtomNameW	0x0	0x413088	0x3430c	0x3350c	0x16e
GetCompressedFileSizeA	0x0	0x41308c	0x34310	0x33510	0x188
GetTimeZoneInformation	0x0	0x413090	0x34314	0x33514	0x298
lstrlenW	0x0	0x413094	0x34318	0x33518	0x54e
GetFileSizeEx	0x0	0x413098	0x3431c	0x3351c	0x1f1
SetThreadLocale	0x0	0x41309c	0x34320	0x33520	0x497
FindFirstFileA	0x0	0x4130a0	0x34324	0x33524	0x132
OpenMutexW	0x0	0x4130a4	0x34328	0x33528	0x37d
InterlockedFlushSList	0x0	0x4130a8	0x3432c	0x3352c	0x2ee
GetCurrentDirectoryW	0x0	0x4130ac	0x34330	0x33530	0x1bf
GetLongPathNameW	0x0	0x4130b0	0x34334	0x33534	0x20f
BindIoCompletionCallback	0x0	0x4130b4	0x34338	0x33538	0x39
HeapSize	0x0	0x4130b8	0x3433c	0x3353c	0x2d4
OpenSemaphoreA	0x0	0x4130bc	0x34340	0x33540	0x383
HeapUnlock	0x0	0x4130c0	0x34344	0x33544	0x2d6
LockFileEx	0x0	0x4130c4	0x34348	0x33548	0x353
SetComputerNameA	0x0	0x4130c8	0x3434c	0x3354c	0x427
EnterCriticalSection	0x0	0x4130cc	0x34350	0x33550	0xee
SetTimerQueueTimer	0x0	0x4130d0	0x34354	0x33554	0x4a4
GetPrivateProfileStringA	0x0	0x4130d4	0x34358	0x33558	0x241
LoadLibraryA	0x0	0x4130d8	0x3435c	0x3355c	0x33c
CreateSemaphoreW	0x0	0x4130dc	0x34360	0x33560	0xae
LocalAlloc	0x0	0x4130e0	0x34364	0x33564	0x344
GetExitCodeThread	0x0	0x4130e4	0x34368	0x33568	0x1e0
TransmitCommChar	0x0	0x4130e8	0x3436c	0x3356c	0x4cb
AddAtomW	0x0	0x4130ec	0x34370	0x33570	0x4
OpenEventA	0x0	0x4130f0	0x34374	0x33574	0x374
GetCommMask	0x0	0x4130f4	0x34378	0x33578	0x181
OpenJobObjectW	0x0	0x4130f8	0x3437c	0x3357c	0x37b
GetProcessShutdownParameters	0x0	0x4130fc	0x34380	0x33580	0x251
CancelTimerQueueTimer	0x0	0x413100	0x34384	0x33584	0x46
FreeEnvironmentStringsW	0x0	0x413104	0x34388	0x33588	0x161
VirtualProtect	0x0	0x413108	0x3438c	0x3358c	0x4ef
GetFileTime	0x0	0x41310c	0x34390	0x33590	0x1f2
GetShortPathNameW	0x0	0x413110	0x34394	0x33594	0x261
OutputDebugStringA	0x0	0x413114	0x34398	0x33598	0x389
DuplicateHandle	0x0	0x413118	0x3439c	0x3359c	0xe8
CloseHandle	0x0	0x41311c	0x343a0	0x335a0	0x52
MoveFileWithProgressW	0x0	0x413120	0x343a4	0x335a4	0x365
lstrcpyA	0x0	0x413124	0x343a8	0x335a8	0x547
ReadConsoleW	0x0	0x413128	0x343ac	0x335ac	0x3be
ReadFile	0x0	0x41312c	0x343b0	0x335b0	0x3c0
FlushFileBuffers	0x0	0x413130	0x343b4	0x335b4	0x157
WriteConsoleW	0x0	0x413134	0x343b8	0x335b8	0x524
SetStdHandle	0x0	0x413138	0x343bc	0x335bc	0x487
QueryDosDeviceA	0x0	0x41313c	0x343c0	0x335c0	0x39f
UpdateResourceA	0x0	0x413140	0x343c4	0x335c4	0x4de
GetFullPathNameW	0x0	0x413144	0x343c8	0x335c8	0x1fb
SetEndOfFile	0x0	0x413148	0x343cc	0x335cc	0x453
IsBadHugeReadPtr	0x0	0x41314c	0x343d0	0x335d0	0x2f5
GetDriveTypeW	0x0	0x413150	0x343d4	0x335d4	0x1d3
TlsGetValue	0x0	0x413154	0x343d8	0x335d8	0x4c7
lstrlenA	0x0	0x413158	0x343dc	0x335dc	0x54d
WriteConsoleOutputCharacterW	0x0	0x41315c	0x343e0	0x335e0	0x522
GetCommModemStatus	0x0	0x413160	0x343e4	0x335e4	0x182
SetProcessAffinityMask	0x0	0x413164	0x343e8	0x335e8	0x47e
GetFullPathNameA	0x0	0x413168	0x343ec	0x335ec	0x1f8
GetCommandLineW	0x0	0x41316c	0x343f0	0x335f0	0x187
GetVolumeNameForVolumeMountPointA	0x0	0x413170	0x343f4	0x335f4	0x2a8
DefineDosDeviceW	0x0	0x413174	0x343f8	0x335f8	0xcd
IsProcessorFeaturePresent	0x0	0x413178	0x343fc	0x335fc	0x304
EncodePointer	0x0	0x41317c	0x34400	0x33600	0xea
DecodePointer	0x0	0x413180	0x34404	0x33604	0xca
GetCommandLineA	0x0	0x413184	0x34408	0x33608	0x186
RaiseException	0x0	0x413188	0x3440c	0x3360c	0x3b1
RtlUnwind	0x0	0x41318c	0x34410	0x33610	0x418
IsDebuggerPresent	0x0	0x413190	0x34414	0x33614	0x300
GetLastError	0x0	0x413194	0x34418	0x33618	0x202
ExitProcess	0x0	0x413198	0x3441c	0x3361c	0x119
GetModuleHandleExW	0x0	0x41319c	0x34420	0x33620	0x217
GetProcAddress	0x0	0x4131a0	0x34424	0x33624	0x245
MultiByteToWideChar	0x0	0x4131a4	0x34428	0x33628	0x367
WideCharToMultiByte	0x0	0x4131a8	0x3442c	0x3362c	0x511
LeaveCriticalSection	0x0	0x4131ac	0x34430	0x33630	0x339
HeapFree	0x0	0x4131b0	0x34434	0x33634	0x2cf
HeapAlloc	0x0	0x4131b4	0x34438	0x33638	0x2cb
SetLastError	0x0	0x4131b8	0x3443c	0x3363c	0x473
GetCurrentThreadId	0x0	0x4131bc	0x34440	0x33640	0x1c5
GetProcessHeap	0x0	0x4131c0	0x34444	0x33644	0x24a
GetStdHandle	0x0	0x4131c4	0x34448	0x33648	0x264
GetFileType	0x0	0x4131c8	0x3444c	0x3364c	0x1f3
DeleteCriticalSection	0x0	0x4131cc	0x34450	0x33650	0xd1
GetStartupInfoW	0x0	0x4131d0	0x34454	0x33654	0x263
GetModuleFileNameA	0x0	0x4131d4	0x34458	0x33658	0x213
WriteFile	0x0	0x4131d8	0x3445c	0x3365c	0x525
GetModuleFileNameW	0x0	0x4131dc	0x34460	0x33660	0x214
QueryPerformanceCounter	0x0	0x4131e0	0x34464	0x33664	0x3a7
GetCurrentProcessId	0x0	0x4131e4	0x34468	0x33668	0x1c1
GetSystemTimeAsFileTime	0x0	0x4131e8	0x3446c	0x3366c	0x279
GetEnvironmentStringsW	0x0	0x4131ec	0x34470	0x33670	0x1da
UnhandledExceptionFilter	0x0	0x4131f0	0x34474	0x33674	0x4d3
SetUnhandledExceptionFilter	0x0	0x4131f4	0x34478	0x33678	0x4a5
InitializeCriticalSectionAndSpinCount	0x0	0x4131f8	0x3447c	0x3367c	0x2e3
Sleep	0x0	0x4131fc	0x34480	0x33680	0x4b2
GetCurrentProcess	0x0	0x413200	0x34484	0x33684	0x1c0
TerminateProcess	0x0	0x413204	0x34488	0x33688	0x4c0
TlsAlloc	0x0	0x413208	0x3448c	0x3368c	0x4c5
TlsSetValue	0x0	0x41320c	0x34490	0x33690	0x4c8
TlsFree	0x0	0x413210	0x34494	0x33694	0x4c6
LoadLibraryExW	0x0	0x413214	0x34498	0x33698	0x33e
IsValidCodePage	0x0	0x413218	0x3449c	0x3369c	0x30a
GetACP	0x0	0x41321c	0x344a0	0x336a0	0x168
GetOEMCP	0x0	0x413220	0x344a4	0x336a4	0x237
GetCPInfo	0x0	0x413224	0x344a8	0x336a8	0x172
GetConsoleCP	0x0	0x413228	0x344ac	0x336ac	0x19a
GetConsoleMode	0x0	0x41322c	0x344b0	0x336b0	0x1ac
SetFilePointerEx	0x0	0x413230	0x344b4	0x336b4	0x467
HeapReAlloc	0x0	0x413234	0x344b8	0x336b8	0x2d2
LCMapStringW	0x0	0x413238	0x344bc	0x336bc	0x32d
OutputDebugStringW	0x0	0x41323c	0x344c0	0x336c0	0x38a
GetStringTypeW	0x0	0x413240	0x344c4	0x336c4	0x269
CreateFileW	0x0	0x413244	0x344c8	0x336c8	0x8f

USER32.dll (4)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
InvalidateRgn	0x0	0x41324c	0x344d0	0x336d0	0x1bf
GetClassInfoExW	0x0	0x413250	0x344d4	0x336d4	0x10d
GetMonitorInfoW	0x0	0x413254	0x344d8	0x336d8	0x15f
CharNextW	0x0	0x413258	0x344dc	0x336dc	0x31

ADVAPI32.dll (14)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
CreateServiceA	0x0	0x413000	0x34284	0x33484	0x80
QueryServiceConfigW	0x0	0x413004	0x34288	0x33488	0x224
ConvertToAutoInheritPrivateObjectSecurity	0x0	0x413008	0x3428c	0x3348c	0x75
RegEnumKeyExW	0x0	0x41300c	0x34290	0x33490	0x24f
RegisterServiceCtrlHandlerW	0x0	0x413010	0x34294	0x33494	0x288
ObjectDeleteAuditAlarmA	0x0	0x413014	0x34298	0x33498	0x1eb
RegOpenKeyExW	0x0	0x413018	0x3429c	0x3349c	0x261
EnumServicesStatusW	0x0	0x41301c	0x342a0	0x334a0	0x102
RegConnectRegistryW	0x0	0x413020	0x342a4	0x334a4	0x234
GetNumberOfEventLogRecords	0x0	0x413024	0x342a8	0x334a8	0x143
RegSaveKeyW	0x0	0x413028	0x342ac	0x334ac	0x278
RegQueryValueExW	0x0	0x41302c	0x342b0	0x334b0	0x26e
AccessCheckByTypeResultListAndAuditAlarmA	0x0	0x413030	0x342b4	0x334b4	0xc
InitiateSystemShutdownA	0x0	0x413034	0x342b8	0x334b8	0x17b

Icons (1)

»

Local AV Matches (1)

»

Threat Name	Severity
Trojan.GenericKD.41651045	Malicious

C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\16ec01a8-9cb0-4fd9-9d7a-ff79ab43a52d\5.exe

Downloaded File

Binary

Malicious

»

Also Known As	c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\temporary internet files\content.ie5\x9ohk109\5[1].exe (Downloaded File)
Mime Type	application/vnd.microsoft.portable-executable
File Size	406.50 KB
MD5	3b8bc9110753815fdcbdb6aecb0f92fa
SHA1	2f3bbf9dbc0957a6fc23bd81c031de78a2fd4940
SHA256	e23f2e452ca27e821ed6ce386e1e7d5996be52edc1ce678e80ff2aad0edfb30e
SSDeep	6144:KsXr5zq+Jdx2I5uwQuOL7Yr3VIp5IM0deqjoJG01jSi:KsXIwyI4wQu67M3VIpyMieq2G0dS
ImpHash	b01a4d108991e42fd4e112ba14463a72

File Reputation Information

»

Severity	Blacklisted
First Seen	2019-07-12 05:43 (UTC+2)
Last Seen	2019-09-10 02:50 (UTC+2)
Names	Win32.Trojan.Rdn
Families	Rdn
Classification	Trojan

PE Information

»

Image Base	0x400000
Entry Point	0x42b07e
Size Of Code	0x4d000
Size Of Initialized Data	0xc1200
File Type	FileType.executable
Subsystem	Subsystem.windows_gui
Machine Type	MachineType.i386
Compile Timestamp	2019-01-12 12:28:11+00:00

Sections (6)

»

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x401000	0x4cee0	0x4d000	0x400	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	6.27
.rdata	0x44e000	0xa32e	0xa400	0x4d400	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	5.04
.data	0x459000	0xab158	0x2600	0x57800	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	1.99
.idata	0x505000	0x1ee5	0x1400	0x59e00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	3.71
.rsrc	0x507000	0x895c	0x8a00	0x5b200	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	4.59
.reloc	0x510000	0x1de6	0x1e00	0x63c00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	4.73

Imports (4)

»

KERNEL32.dll (94)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
ReadConsoleA	0x0	0x505340	0x1050a8	0x59ea8	0x3b4
WriteProfileStringW	0x0	0x505344	0x1050ac	0x59eac	0x532
WriteProfileSectionA	0x0	0x505348	0x1050b0	0x59eb0	0x52f
LoadLibraryA	0x0	0x50534c	0x1050b4	0x59eb4	0x33c
GetProcessPriorityBoost	0x0	0x505350	0x1050b8	0x59eb8	0x250
GetTempPathW	0x0	0x505354	0x1050bc	0x59ebc	0x285
IsProcessorFeaturePresent	0x0	0x505358	0x1050c0	0x59ec0	0x304
GetTickCount	0x0	0x50535c	0x1050c4	0x59ec4	0x293
SleepEx	0x0	0x505360	0x1050c8	0x59ec8	0x4b5
GetSystemDirectoryA	0x0	0x505364	0x1050cc	0x59ecc	0x26f
SetConsoleCP	0x0	0x505368	0x1050d0	0x59ed0	0x42c
FormatMessageA	0x0	0x50536c	0x1050d4	0x59ed4	0x15d
EnumTimeFormatsA	0x0	0x505370	0x1050d8	0x59ed8	0x110
FreeUserPhysicalPages	0x0	0x505374	0x1050dc	0x59edc	0x166
EnumSystemLocalesA	0x0	0x505378	0x1050e0	0x59ee0	0x10d
GetLocaleInfoA	0x0	0x50537c	0x1050e4	0x59ee4	0x204
GetUserDefaultLCID	0x0	0x505380	0x1050e8	0x59ee8	0x29b
ReadFile	0x0	0x505384	0x1050ec	0x59eec	0x3c0
GetModuleHandleA	0x0	0x505388	0x1050f0	0x59ef0	0x215
VirtualProtect	0x0	0x50538c	0x1050f4	0x59ef4	0x4ef
GlobalAlloc	0x0	0x505390	0x1050f8	0x59ef8	0x2b3
FindClose	0x0	0x505394	0x1050fc	0x59efc	0x12e
SetTapeParameters	0x0	0x505398	0x105100	0x59f00	0x48d
GetFileTime	0x0	0x50539c	0x105104	0x59f04	0x1f2
LCMapStringW	0x0	0x5053a0	0x105108	0x59f08	0x32d
HeapReAlloc	0x0	0x5053a4	0x10510c	0x59f0c	0x2d2
GetLastError	0x0	0x5053a8	0x105110	0x59f10	0x202
HeapFree	0x0	0x5053ac	0x105114	0x59f14	0x2cf
HeapAlloc	0x0	0x5053b0	0x105118	0x59f18	0x2cb
GetProcAddress	0x0	0x5053b4	0x10511c	0x59f1c	0x245
GetModuleHandleW	0x0	0x5053b8	0x105120	0x59f20	0x218
ExitProcess	0x0	0x5053bc	0x105124	0x59f24	0x119
DecodePointer	0x0	0x5053c0	0x105128	0x59f28	0xca
GetCommandLineA	0x0	0x5053c4	0x10512c	0x59f2c	0x186
HeapSetInformation	0x0	0x5053c8	0x105130	0x59f30	0x2d3
GetStartupInfoW	0x0	0x5053cc	0x105134	0x59f34	0x263
WriteFile	0x0	0x5053d0	0x105138	0x59f38	0x525
WideCharToMultiByte	0x0	0x5053d4	0x10513c	0x59f3c	0x511
GetConsoleCP	0x0	0x5053d8	0x105140	0x59f40	0x19a
GetConsoleMode	0x0	0x5053dc	0x105144	0x59f44	0x1ac
UnhandledExceptionFilter	0x0	0x5053e0	0x105148	0x59f48	0x4d3
SetUnhandledExceptionFilter	0x0	0x5053e4	0x10514c	0x59f4c	0x4a5
IsDebuggerPresent	0x0	0x5053e8	0x105150	0x59f50	0x300
EncodePointer	0x0	0x5053ec	0x105154	0x59f54	0xea
TerminateProcess	0x0	0x5053f0	0x105158	0x59f58	0x4c0
GetCurrentProcess	0x0	0x5053f4	0x10515c	0x59f5c	0x1c0
EnterCriticalSection	0x0	0x5053f8	0x105160	0x59f60	0xee
LeaveCriticalSection	0x0	0x5053fc	0x105164	0x59f64	0x339
FlushFileBuffers	0x0	0x505400	0x105168	0x59f68	0x157
InitializeCriticalSectionAndSpinCount	0x0	0x505404	0x10516c	0x59f6c	0x2e3
DeleteCriticalSection	0x0	0x505408	0x105170	0x59f70	0xd1
FatalAppExitA	0x0	0x50540c	0x105174	0x59f74	0x120
HeapCreate	0x0	0x505410	0x105178	0x59f78	0x2cd
HeapDestroy	0x0	0x505414	0x10517c	0x59f7c	0x2ce
GetStdHandle	0x0	0x505418	0x105180	0x59f80	0x264
GetModuleFileNameW	0x0	0x50541c	0x105184	0x59f84	0x214
SetConsoleCtrlHandler	0x0	0x505420	0x105188	0x59f88	0x42d
FreeLibrary	0x0	0x505424	0x10518c	0x59f8c	0x162
InterlockedExchange	0x0	0x505428	0x105190	0x59f90	0x2ec
LoadLibraryW	0x0	0x50542c	0x105194	0x59f94	0x33f
GetLocaleInfoW	0x0	0x505430	0x105198	0x59f98	0x206
TlsAlloc	0x0	0x505434	0x10519c	0x59f9c	0x4c5
TlsGetValue	0x0	0x505438	0x1051a0	0x59fa0	0x4c7
TlsSetValue	0x0	0x50543c	0x1051a4	0x59fa4	0x4c8
TlsFree	0x0	0x505440	0x1051a8	0x59fa8	0x4c6
InterlockedIncrement	0x0	0x505444	0x1051ac	0x59fac	0x2ef
SetLastError	0x0	0x505448	0x1051b0	0x59fb0	0x473
GetCurrentThreadId	0x0	0x50544c	0x1051b4	0x59fb4	0x1c5
InterlockedDecrement	0x0	0x505450	0x1051b8	0x59fb8	0x2eb
GetCurrentThread	0x0	0x505454	0x1051bc	0x59fbc	0x1c4
GetModuleFileNameA	0x0	0x505458	0x1051c0	0x59fc0	0x213
FreeEnvironmentStringsW	0x0	0x50545c	0x1051c4	0x59fc4	0x161
GetEnvironmentStringsW	0x0	0x505460	0x1051c8	0x59fc8	0x1da
SetHandleCount	0x0	0x505464	0x1051cc	0x59fcc	0x46f
GetFileType	0x0	0x505468	0x1051d0	0x59fd0	0x1f3
QueryPerformanceCounter	0x0	0x50546c	0x1051d4	0x59fd4	0x3a7
GetCurrentProcessId	0x0	0x505470	0x1051d8	0x59fd8	0x1c1
GetSystemTimeAsFileTime	0x0	0x505474	0x1051dc	0x59fdc	0x279
SetFilePointer	0x0	0x505478	0x1051e0	0x59fe0	0x466
WriteConsoleW	0x0	0x50547c	0x1051e4	0x59fe4	0x524
MultiByteToWideChar	0x0	0x505480	0x1051e8	0x59fe8	0x367
SetStdHandle	0x0	0x505484	0x1051ec	0x59fec	0x487
Sleep	0x0	0x505488	0x1051f0	0x59ff0	0x4b2
RtlUnwind	0x0	0x50548c	0x1051f4	0x59ff4	0x418
GetCPInfo	0x0	0x505490	0x1051f8	0x59ff8	0x172
GetACP	0x0	0x505494	0x1051fc	0x59ffc	0x168
GetOEMCP	0x0	0x505498	0x105200	0x5a000	0x237
IsValidCodePage	0x0	0x50549c	0x105204	0x5a004	0x30a
HeapSize	0x0	0x5054a0	0x105208	0x5a008	0x2d4
RaiseException	0x0	0x5054a4	0x10520c	0x5a00c	0x3b1
CreateFileW	0x0	0x5054a8	0x105210	0x5a010	0x8f
CloseHandle	0x0	0x5054ac	0x105214	0x5a014	0x52
GetStringTypeW	0x0	0x5054b0	0x105218	0x5a018	0x269
IsValidLocale	0x0	0x5054b4	0x10521c	0x5a01c	0x30c

USER32.dll (3)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
SetWindowsHookA	0x0	0x50555c	0x1052c4	0x5a0c4	0x2cd
GetMenuBarInfo	0x0	0x505560	0x1052c8	0x5a0c8	0x14c
ClientToScreen	0x0	0x505564	0x1052cc	0x5a0cc	0x47

GDI32.dll (5)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
OffsetWindowOrgEx	0x0	0x5052fc	0x105064	0x59e64	0x23f
GetSystemPaletteUse	0x0	0x505300	0x105068	0x59e68	0x213
GetLogColorSpaceA	0x0	0x505304	0x10506c	0x59e6c	0x1ee
SetDIBColorTable	0x0	0x505308	0x105070	0x59e70	0x287
MoveToEx	0x0	0x50530c	0x105074	0x59e74	0x23a

MSIMG32.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GradientFill	0x0	0x50552c	0x105294	0x5a094	0x2

Icons (1)

»

Memory Dumps (8)

»

Name	Process ID	Start VA	End VA	Dump Reason	PE Rebuild	Bitness	Entry Points	Actions
5.exe	10	0x00400000	0x00511FFF	Relevant Image	-	32-bit	-	... Memory Dump Actions Download Dump Go to process
buffer	10	0x0062DC70	0x0064958F	Marked Executable	-	32-bit	-	... Memory Dump Actions Download Dump Go to process
5.exe	10	0x00400000	0x00511FFF	Content Changed	-	32-bit	0x0041A684	... Memory Dump Actions Download Dump Go to process
5.exe	10	0x00400000	0x00511FFF	Content Changed	-	32-bit	0x00403274	... Memory Dump Actions Download Dump Go to process
5.exe	10	0x00400000	0x00511FFF	Content Changed	-	32-bit	0x00407D24	... Memory Dump Actions Download Dump Go to process
5.exe	10	0x00400000	0x00511FFF	Content Changed	-	32-bit	0x00406C4C	... Memory Dump Actions Download Dump Go to process
5.exe	10	0x00400000	0x00511FFF	Content Changed	-	32-bit	0x00413FF0	... Memory Dump Actions Download Dump Go to process
5.exe	10	0x00400000	0x00511FFF	Process Termination	-	32-bit	-	... Memory Dump Actions Download Dump Go to process

Local AV Matches (1)

»

Threat Name	Severity
Trojan.GenericKD.32145393	Malicious

C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Administrator.contact.kvag

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Administrator.contact (Modified File)
Mime Type	application/octet-stream
File Size	67.11 KB
MD5	073d0b79d3801861ac621d2ab53d9297
SHA1	ef67b3f46f1154980429dabddfa8b3f930025c2c
SHA256	58e051d6b696e027274422f57d5aae3bbde1f3474a25f77c02fd5a358b01f4f7
SSDeep	1536:4qaLCLp+f/WAKxYrNWjQwfInngq6ulqa2qxBJ5NXCRiI7aeK:4vkp+XU6NWj7fE6unTjNXOMeK

C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\asdlfk poopvy.contact.kvag

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\asdlfk poopvy.contact (Modified File)
Mime Type	application/octet-stream
File Size	1.47 KB
MD5	4ab3dd43b56c9972836c39d4b30c2bf9
SHA1	1dd418e0c840e9fd31112b5b9f3b91111e89e3f4
SHA256	6b3ceb2b82cf8aa48f4cf4187e0418e146257abbb728c47c28a7371675b57211
SSDeep	24:Ii/7bQmRvlQhl15tzUVKAuSK457p5eYNelQNp3yXtYUBtmhF5est0C7zUGLSxCTO:Ii/nQmRGft67K4AXa3lUf+FwsBMfxCTO

C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\sikvnb huvuib.contact.kvag

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\sikvnb huvuib.contact (Modified File)
Mime Type	application/octet-stream
File Size	1.47 KB
MD5	08904289819108d5ae44c566c690a715
SHA1	8412ec4b2886f8d099be7d2a90c2f334d5ec2e49
SHA256	aa547dc96bfeab4ac4640893265719ce5abc8de43758eed694a463eac6c24d96
SSDeep	24:+ZgR92SyWxP2LkjGyQEHhyCBwyiOTAf53v2nYuDuJoYQvCpEOk8xxas3MUo0Q6XJ:+Zgz2SyutjGL9oifQu4cEOk8jFXWuCPC

C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2B74.TMP.EXE.exe

Modified File

Binary

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2B74.TMP.EXE.exe.kvag (Dropped File)
Mime Type	application/x-dosexec
File Size	983.35 KB
MD5	2d71cd943e3355cbc2b4543078f46b7d
SHA1	1bd41d6f206b88ad2264bb4c109d31138cb3bcd4
SHA256	a58bcc6b255aa985e4b6a0070b0e0a8be035ae9d2223cb0edb73c28be87ffcb6
SSDeep	24576:8J2iPfMlJawMc5lQc59OhvQmrCcGRnUEQb0j7:i2iPfMlJaw3Qc7CQkCUEQbQ

Memory Dumps (7)

»

Name	Process ID	Start VA	End VA	Dump Reason	PE Rebuild	Bitness	Entry Points	Actions
buffer	1	0x002B0020	0x0034425F	Marked Executable	-	32-bit	0x002B17E2	... Memory Dump Actions Download Dump Go to process
buffer	1	0x04D40000	0x04E59FFF	First Execution	-	32-bit	0x04D40000	... Memory Dump Actions Download Dump Go to process
buffer	5	0x00210020	0x002A425F	Marked Executable	-	32-bit	0x002117E2	... Memory Dump Actions Download Dump Go to process
buffer	5	0x00210020	0x002A425F	Content Changed	-	32-bit	0x00211F7B	... Memory Dump Actions Download Dump Go to process
buffer	5	0x033E0000	0x034F9FFF	First Execution	-	32-bit	0x033E0000	... Memory Dump Actions Download Dump Go to process
buffer	18	0x00280020	0x0031425F	Marked Executable	-	32-bit	0x002817E2	... Memory Dump Actions Download Dump Go to process
buffer	18	0x04C40000	0x04D59FFF	First Execution	-	32-bit	0x04C40000	... Memory Dump Actions Download Dump Go to process

C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\73vID7uoOX7691K_8lf.flv.kvag

Dropped File

Video

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\73vID7uoOX7691K_8lf.flv (Modified File)
Mime Type	video/x-flv
File Size	96.02 KB
MD5	eea86be2be4b6660caab94f0a66ef5c7
SHA1	712f157cb6bc5484282846b27a648dca18f83d1c
SHA256	6049f0e52055c992cc6779301bb5d4e0bd963b318fe0fe098098d16a9a530116
SSDeep	3072:FYbs/QCQcC6SGxvi5BfspU/Eo+wLP7sqrmu/RLN:M7n6SGxviT0+x1FmeRLN

C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\93DUD_DP1S6Odp.m4a.kvag

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\93DUD_DP1S6Odp.m4a (Modified File)
Mime Type	application/octet-stream
File Size	52.16 KB
MD5	0b3c5a6bbc13e56e27b6454de5a75568
SHA1	705a1d58b87f556836bb303ea60a70ebf9b05aeb
SHA256	2b04456a692cca215c904375934e0b63be336c2847de03b9d44e5be7b6b0e291
SSDeep	768:Xe84GCfgQNV8SKHdWbLNLT45tF2PsGZrqK84ssD0G3yNYR3P1ilAlXcv1cok:Xe84jf5Nk/C158433l19ilAlXmI

C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ac94nmxutgBcO_sO.mkv.kvag

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ac94nmxutgBcO_sO.mkv (Modified File)
Mime Type	application/octet-stream
File Size	82.38 KB
MD5	d482c8a26cd2f99a1412afe32dd03486
SHA1	e3beb85ddfb053ef7d5ec221548f94d99924ad2a
SHA256	f98b29bff30a8034235acbf3988f10bab5389bcbcbe6d346d55d3ca6dae04261
SSDeep	1536:ZdmKXAJqpDMJJL8qWMCVHL6G6oe4FY0DNV7fHB/ujEFEGExxaFr:KJ+DMJJL6t6G6oe+DbhSEeG8Yr

C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\AVR2QWSJN.m4a.kvag

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\AVR2QWSJN.m4a (Modified File)
Mime Type	application/octet-stream
File Size	35.01 KB
MD5	e31a55225fb657e48f0d4652ca54e750
SHA1	78bc18c892834768530740acd9055afe1861f930
SHA256	e3edef319bcdfaf3d51d6aaa20c6a61e4177badbd8e3853ff6cedc75af8479fb
SSDeep	768:ctDdBAEmFdiuxsz3R+jgHU9reVjT+qihybulKkrCd6laIHwdMbgZ:ctoECvxEux9iVjqhouYkrCd68MA

C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\bPwpx4 hRUfmt26EN U.m4a.kvag

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\bPwpx4 hRUfmt26EN U.m4a (Modified File)
Mime Type	application/octet-stream
File Size	13.01 KB
MD5	8c2da2a47a3a6c0170fe142805130798
SHA1	17b37faf414be19e56c94085f44a046a2c9fe21d
SHA256	c2062709c797882efe2084a3f56554e0a10f71c7819aae21412aa9427581c35f
SSDeep	384:jenAwNkos8TIewWBWG30QeCZtThiSJxThCA:jenDFBWGEpCLoSJxThp

C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\CE eygFl g2Xt.mp3.kvag

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\CE eygFl g2Xt.mp3 (Modified File)
Mime Type	application/octet-stream
File Size	68.92 KB
MD5	796aad78e3c5e9851db891649642ec43
SHA1	750b4261b829ecee536c284e6c5a7f69a7e775f2
SHA256	142458a231d6386857d65b8de93ec0395f61a94acf2420b71ab28dbfd80fb7b8
SSDeep	1536:jas3U1kwMoK1Tlz0bkLI50O+wbdYvi94rqgfIxwbFAevD:Gx1DM7zjI5IMdYasSxwbFAeL

C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ERSLB.bmp

Modified File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ERSLB.bmp.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	41.55 KB
MD5	25355d38fadb3ddb5879333be1f7d8c0
SHA1	227357864018db88af325e87ecba69f2e98afaea
SHA256	dca51e610c70e68f7325d50fa219ffbfb731e3fda30867f2dcd58a64b8b4f2eb
SSDeep	768:79kAchMUC2veWrl0sY8gytjtgCyWz7fGpxuVqU:7hl2hrGsY8gyhtgqeTM

C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\FhmDa9mexQyl2j5W.jpg.kvag

Dropped File

Image

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\FhmDa9mexQyl2j5W.jpg (Modified File)
Mime Type	image/jpeg
File Size	72.10 KB
MD5	484b868d0e300edf84381e75c665a51e
SHA1	66f90d0307957cbaa5e23cbd142b217b97ea7b80
SHA256	8cc361aee6f3618474b9d1b20d9a47978b662c6f653e767819ff55e8b4caf4c8
SSDeep	1536:iQ4h0nyNQqSBtoLSNXyTRvBLFvzbr6pi7u1OKXYkIsrM2qZW3uMu4ooN:iZFNQqSBtaT1JLFb36CuBYBDBZFMfn

C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\FPcskdkXDA2.gif.kvag

Dropped File

Image

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\FPcskdkXDA2.gif (Modified File)
Mime Type	image/gif
File Size	94.23 KB
MD5	bd38c446c98f28af1cf87944b51cb575
SHA1	b7759aa3d749e5ddf55499141b361a6cd8e026b5
SHA256	4f30d8a724f7035a1d28f3f4b81739b1ff63950a1d7a0007ec0154b316c218a3
SSDeep	1536:exAS/AUvQEwrirydl2XOCdwDkobBNy7h2Hcc4H2gJcT0xKTQ0EyJ5heL4vq:exASRJwOrDXmBNy7EcV3zxKNJKQq

C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\I0kpPdyNQrVUZUse2i.doc.kvag

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\I0kpPdyNQrVUZUse2i.doc (Modified File)
Mime Type	application/octet-stream
File Size	32.04 KB
MD5	7fe1d841d6798a206101d94b63ac76c8
SHA1	9c17557902cce0c48c9d8168d7b0b3d2f78a3d0d
SHA256	93fc8bfe07041c1f7bdab20f42eb2c457d091ccac5637da10ba2c8e9c28fa839
SSDeep	768:Hsq1VKbKobDc2tImCuFz8oeYwBSA1azxZ:0Wob1IC8oeYxAMxZ

C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\IA6oM qudfY.doc

Modified File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\IA6oM qudfY.doc.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	37.54 KB
MD5	5dc3f0c1b6bc5f885fe3400d1cdacf4c
SHA1	71040381a0c686c53acc0ba994c16fb6751169ee
SHA256	049fa417cab31bd792637cf1fa29c7b627989d06bbb62a7feb54826d36fe46e1
SSDeep	768:THg3/yc5GXRWEfAc0yDuLcFMg2hambWjF0f3ftrwJdst:TAPycGi4Lmysftrw7st

C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\K3H_YJ9Dlj 2XD.swf.kvag

Dropped File

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\K3H_YJ9Dlj 2XD.swf (Modified File)
Mime Type	application/x-shockwave-flash
File Size	50.53 KB
MD5	a59a6f3f739083969329bda9b5d6af63
SHA1	9a4b6ed4ca77c5d65f8bd9748ace3447a879c754
SHA256	e51a6f29dd584392a16ac90d819e526abbe70a376e6966d4119bcb571450027d
SSDeep	1536:G/VcOT/+8SnVS5tNMD//fykknIJzK4TEAU2c4x:eVjLS0tNMz/akknDwx

C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\K7kimO.bmp.kvag

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\K7kimO.bmp (Modified File)
Mime Type	application/octet-stream
File Size	43.14 KB
MD5	faed8cd9d8d5d6f8f466e0092414f9dc
SHA1	bddae288a3a4250640df0feb24e6ff0ea100d021
SHA256	09ce9bc17816cc319f692466dcac86f2fa88878dc8de048ce7436a22915b9ea9
SSDeep	768:7b2HhOzZGZeBQ9o2DaP2tIBvBOzCwwKbxPW5V5vXcYPX7WmbnIK5AVZfW8z:7SszZGYQpaP2SdBQbIjpMYPX7JrIsArF

C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\mGWda9.mp3

Modified File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\mGWda9.mp3.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	82.70 KB
MD5	8bf57b777bc65de47d0056d871ec3033
SHA1	7e581497a0af0c259e0a64906761aacf15e7151a
SHA256	e464a266e3fe9491f81931633448bad632ed44d0944b93926700322f1ba60bc1
SSDeep	1536:MKjvfVgoJV1lbVtArbqYN/VGmD3dlPNuVuf6IEsbuM1Gwc3NW4il4VWOzhJ0l:pjvtgoHhtArPGmD3dl4uf6uXc3til4Vi

C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\t_hQ4n.mp3.kvag

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\t_hQ4n.mp3 (Modified File)
Mime Type	application/octet-stream
File Size	76.61 KB
MD5	8bf92dc4b8de26d3dd0cebf2884385a3
SHA1	31f118aa62bbbc5fc88fa52726be8869a239c2bc
SHA256	1319299112a9282726fe3537432f7e52327fc2c680f7e5052639c71363287f1c
SSDeep	1536:yGR/hgnbQj6924v3vtSwlIeWSIM4EtGe0g/wVVmcViQdBBsU:nR+bQWfvtSredXtGFg4VVm4ZsU

C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Uiap nVn-UUVgXikA_Du.avi.kvag

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Uiap nVn-UUVgXikA_Du.avi (Modified File)
Mime Type	application/octet-stream
File Size	52.39 KB
MD5	d65fda9c57056c7bb84dcf42b2b0da60
SHA1	2512443066f184d2e7f9ff66ec40c665a962728b
SHA256	f32263898519af018a9429dc6e6de60ef3488a7b3b9de88c5f01ab563c38e8c0
SSDeep	768:IYHAo7557ekHTxVIZiWpRnmgwQfKCCrV5Mu5tYD6saneIJTit0Uv8q75AFFHHs:IYgs5gkHTx1WPmgbC15tYUJTw0W8nK

C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Vg6XpIzB5IOETRduC0mW.jpg

Modified File

Image

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Vg6XpIzB5IOETRduC0mW.jpg.kvag (Dropped File)
Mime Type	image/jpeg
File Size	50.74 KB
MD5	7263f84f6054e3f4092f2e74f9ea31c6
SHA1	b6d57a35c45320fd050692baba7d30c9ae9de8cf
SHA256	869f5acd883f21fc0b81090eb8c25eaf783df5f8b391ada81c512885f972d5fb
SSDeep	768:bbMco3yvRzPsg8lPvzBYInIrUXo4zdN3rqyww7BXKHweqVrzbCqdfr0yq3FlrrJ:/MTC6XVOjIXNh9rR7BaQeTqdfr0ywprJ

C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\VX-tXZ7p07rm2KlA.wav

Modified File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\VX-tXZ7p07rm2KlA.wav.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	23.13 KB
MD5	f50af79d1a87ce84a9d2daa82f64059f
SHA1	97a33faf1dd27765ad235b27838be547a9919d60
SHA256	2fdbdde204eaaba1d357b0bca2ae432f375dfabd78d80696540a3221a457027d
SSDeep	384:UZsjP+c7wl7Yv3mdJKwaMCyG7hQmXIcbd0Er8BdvedQIvRpk8CXRoYk8DIQykiQg:EsjY1Ys/2hfd0EKdved1kVXeUyvQq0M

C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\yFpkKpBBWpZMakq.jpg

Modified File

Image

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\yFpkKpBBWpZMakq.jpg.kvag (Dropped File)
Mime Type	image/jpeg
File Size	55.46 KB
MD5	c80c3a0e4ad4324ef0b36c213fd301da
SHA1	cb263c5ea3a12a9bb6a438f295adc2b63606b7f1
SHA256	3ae955a3c5761cb9d7fcab1863c3f53aad5773d71a08d3ae922d4bbbedc9eff0
SSDeep	1536:zBMNbJvQHGydXEH2fsk4fKgydUvRYbxr9Uehg6ckz:zBMrvQHGydXs5fKmJ0UehW4

C:\Users\5p5NrGJn0jS HALPmcxz\Documents\07oX6.docx.kvag

Dropped File

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\07oX6.docx (Modified File)
Mime Type	application/zip
File Size	70.95 KB
MD5	c891062c391b4befd7c9bb78dbee0574
SHA1	c75790b6a35ad297eaeb6d05ca3d029d4322b93e
SHA256	a9f842895ff68bf14917fb02507a5f88f58702d1a27ea0be25b9919de70e81b5
SSDeep	1536:VR9mR1NXhR3LdENceq2qrBDFPMqVsOOS44oOiR7H/02Ol:r9WNXh7EWrBJsHS44Of02S

C:\Users\5p5NrGJn0jS HALPmcxz\Documents\4uLO0.docx.kvag

Dropped File

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\4uLO0.docx (Modified File)
Mime Type	application/zip
File Size	72.64 KB
MD5	4737b1b2c5b3e6ab7cb574f769224aaa
SHA1	b086182b7ee7ec9d7fa0661e699bf2cfc03c6bcd
SHA256	9c28a53c8606849cc08bab5b2207980d09791791f35be92b0fd32bcb3b3898b8
SSDeep	1536:7DfCK0Vb52MCQVf+k01RgPWpCH20rGTCnnyrfb5XaHTMR66G+R4mFRh:H9E52bS2k0DOUCXKMtH4Rfmmd

C:\Users\5p5NrGJn0jS HALPmcxz\Documents\7JC_yCO.odt

Modified File

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\7JC_yCO.odt.kvag (Dropped File)
Mime Type	application/zip
File Size	62.59 KB
MD5	9ee18004520aaf7d2fa1751c4a473c93
SHA1	0865a3f3a8c541a3ad3c39ad34f9476805e30c95
SHA256	12992adab447e48b985f3b96fc5bd073e24bb49ee94b06529c68fa7970383191
SSDeep	1536:nSyK0Y5Bl2Ty3F2SN/IzHMeANt9uuUs8C08VSj4U2toQgHfyA88fS:SyK0Y5z2TariANCuUs8dJ32yQCq/8fS

C:\Users\5p5NrGJn0jS HALPmcxz\Documents\8EZD4fe-JzDo4-iwb.ots.kvag

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\8EZD4fe-JzDo4-iwb.ots (Modified File)
Mime Type	application/octet-stream
File Size	30.95 KB
MD5	d2ac720d126b84927140edf6af30fc57
SHA1	a1de287494492525fd2b6d2e8bd148677f2ead1d
SHA256	52fa7ff92dd00fa2fff6e9740774add2390d367e1662ccaa57c71adf3bf659c4
SSDeep	768:+40BmeCAFef65f7n1dWr0vGTQ0xKvslOA4rov+W0yQoHlsi:+XBm30p7nHWr0L0EvYhQoHlh

C:\Users\5p5NrGJn0jS HALPmcxz\Documents\9xmij.pptx

Modified File

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\9xmij.pptx.kvag (Dropped File)
Mime Type	application/zip
File Size	54.01 KB
MD5	ff60bcce4e59e7f81cbdff54cc882eba
SHA1	893afec46a697179cd4cae28dedfad876d967561
SHA256	16c8ee9db72db84839624175d23616c176bd379c5d3f06eee5d937cba7435d49
SSDeep	1536:+cx+CI+GQA9BDBdkG+NveKisgHmQDgBv7luWanWB:+k+CvGzwNLis+5D7WCO

C:\Users\5p5NrGJn0jS HALPmcxz\Documents\A-wDiWAFo.ots

Modified File

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\A-wDiWAFo.ots.kvag (Dropped File)
Mime Type	application/zip
File Size	38.24 KB
MD5	eaaa27f71a94cc1872e1763d52704f2a
SHA1	13314ca69e4db6a1ccfb67440ca62ca2d3db18b3
SHA256	5dc8c984cb7678fd94c80da713c56e5b27673055481b99c6bd817e7d24477e52
SSDeep	768:lvovkCpYjWfdCtxRZ+pnNSiuFq3cVoWvRkmAjVrk/YXAnak9ohBLH:us2VCN0SifLWJf/akChp

C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BUCN1gpGmAwuDQN0e.ppt

Modified File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\BUCN1gpGmAwuDQN0e.ppt.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	9.95 KB
MD5	471813edb725faa68371f0aba4616772
SHA1	9bba8ab999f069492f753120a254192e80c44dc5
SHA256	38ed4cb8f93da79bb8767c34bb0123e1698a94561cb5279c29ee9e7598779ef4
SSDeep	192:xpcqnPaGKbiVcHGerdnNoCAgowPR/yqerULZGBAXfcdzYfIbTfC4caX3k:x1nPfKuimerdnNoCIUKrRAaMGfPcaX0

C:\Users\5p5NrGJn0jS HALPmcxz\Documents\CJmRkQ5JiE_lg0ZYg.docx.kvag

Dropped File

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\CJmRkQ5JiE_lg0ZYg.docx (Modified File)
Mime Type	application/zip
File Size	14.19 KB
MD5	ce6309296cedcd1d83d40034e8cbe604
SHA1	6604e61c274d1cd53bf54a850a569af919709ad4
SHA256	6b9396b34bc2562222041b9d7615be079d4da4e425dcff6e3e316176884515ae
SSDeep	384:UtteX1Ua7N0WqTw6YtUakVoFR0ktV2m/CoaP:yUFt7NrqUSaMLktV2HoaP

C:\Users\5p5NrGJn0jS HALPmcxz\Documents\CqP6Ff j5ryAP9m.csv.kvag

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\CqP6Ff j5ryAP9m.csv (Modified File)
Mime Type	application/octet-stream
File Size	33.33 KB
MD5	64e924286ae2c488ad1040f8c95eee63
SHA1	7eb0d61f880cb101ae90a9abad6cf466ab13e603
SHA256	6473a8ba90bf3f2061b05f63a8d6a408f5a7044157c5dafffc5df251f764f04a
SSDeep	768:HZF0ZXbM8fTw5pzaKTy/PbSoon5YfksolUAGqNNldUn2+C6oQ:5KDM5pzsOFykTU5qN/dU65Q

C:\Users\5p5NrGJn0jS HALPmcxz\Documents\e29DgY3qW.docx

Modified File

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\e29DgY3qW.docx.kvag (Dropped File)
Mime Type	application/zip
File Size	66.24 KB
MD5	1c9ee04aacf3a4ffd1f326353c0119c3
SHA1	42eb1ded11e26bf6771a60bcfb6597e2d8832510
SHA256	a1ed4da0a050b6c3c7ec636517be9525fc3ace3033f75dcc07e775152b3b1ad5
SSDeep	1536:gpSasdlhqmzLCZE6pRUpnZYjWwj2jkykthsdFc2AGeXWST:/asdl7CZEwRSGjb3MHc2wXV

C:\Users\5p5NrGJn0jS HALPmcxz\Documents\EeFAgU3hDZ4U9MuXcsJ.rtf

Modified File

Text

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\EeFAgU3hDZ4U9MuXcsJ.rtf.kvag (Dropped File)
Mime Type	text/rtf
File Size	64.65 KB
MD5	03c5b5b805c56d70b5eeb17dc19f5aa8
SHA1	c8082f6cd50976ca51233603e5669246ef8e2fc0
SHA256	0f641beb02d7fd87b13462e393f44e5db464ad7279dcefbbbb87ae6b88d9097e
SSDeep	1536:tyGcnROJZRW2NL5EF+m2uMkk5WkUtPE2Mifxk7oJNzF+OAcO1y:QGcRwRW21EEm2TDmtc2Mi2ytF+OAc/
Parser Error Remark	Static engine was unable to completely parse the analyzed file

RTF Information

»

Document Content Snippet

»

2IR$Dvw7jЋx+B`>iά)WO40r"MJ:=;l"KHtbUd@-FYsxF3Jˋ왪E0j'?,4̕[V>Q6;XBq*<`6d3Xi?dq n(>q3ݚe7B0hGY.yK;cժ8-J50)1L_ב55ѽfCj!X2͞.3`,4Q'Yr?,ƹ1XrQ˜ߒ/D˂;~J%/yĝ+Qie^ *يDbPۤ²Nw7ڠəQoM>]#cO=o~$(Y$oǪ~bv诡ŶZa<NEV c3`?zUZ)CG<5],@ILKV2$.Bmo?䙭+!nBrF^fƨr2J(J?dA]lLxOD GUJD۟H̳d@`'.9q[i)bД3W]u2"Sߴxt4l$5Ykip(:LUUo^i!JJWB[rLTa3`=Z<WW^=Q|wEZMR `|,l8T!7 |0ODuj-jE,%V#^/Ҡ4Qu;:@ LdQi6]k̚k %أxEFeߩ+_$oˢjϔ33i;7_JUA֒r&uZx_ʼ#Vtl7*ێmdϚCfwq`mnYϨ&cn&=u* z#5]ZpXkAcGU'_lI9i.8UN M*wʱɞYw13,Ap9t@qƄ[9!:d7@އEx2k_l#҃G,bK=jzut-hIH_qho/Z}3Oi]L2ߦHuY3≶eDM=mťL+OH/UƮ_@']Tȉp )+8cu5 Y3]prDE_x/+Phځ%Jc0lyU &3`ݧp]XJy(ە]ʙR#Ί3'NSt3z;9TAdlscVG=>ʒ#G͛PyJ-?6-7qY+-gqᣑ~cm~`BcZTd]Rh3L 1o0?qHwN!Ƕ;:淜ڜ:䊦 ZX9йqǰ9[Gw'S,_λpzh e94k7FKE28M`5ͤ*yy*Y&ol׏sBV$i&4UK=+_SvP&Uq|jJ$[pFRč#j!m+d%U.y0]@!>rWƜCEhqM4z0__B@j"`DVRycٌ)4֏Z2E^P2XթM^VH|yMѶafk=X)zKWiMkG힎jp7:ğ ...

C:\Users\5p5NrGJn0jS HALPmcxz\Documents\FGXg53O8b.pps.kvag

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\FGXg53O8b.pps (Modified File)
Mime Type	application/octet-stream
File Size	11.71 KB
MD5	39c65659e869e2ffbd9b5060e130f1ce
SHA1	0d8949bb1b7d5c6076c254912d62d91266ecb0e0
SHA256	a5dc10daf2967462ec9060be6b6329bed4067d2c598ae1e9868b4206f49e6c01
SSDeep	192:cOHorj31WOomp1E11YX3skhoCvDS7pyWUfZ8Lqx6/Y5/LnVaJO0b8uwgf0mg:cOHor5WipWHYnsdAS7cfZ8L+VtQJiuwZ

C:\Users\5p5NrGJn0jS HALPmcxz\Documents\GSo0hbTz23.rtf

Modified File

Text

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\GSo0hbTz23.rtf.kvag (Dropped File)
Mime Type	text/rtf
File Size	17.60 KB
MD5	585e21c0aa7ed7d0425b672b2eb7828e
SHA1	4386d28ead83849a80bea2cb1fdc940cb1250eff
SHA256	a03771c1de89ffce2a5da8919ce04ff955faf742c5e5fe87d3655f07c255aaa4
SSDeep	384:zZ56NR0YYd9jUyeie1UXpsLJKrra9Lej4bGCbI5nUvkMxIKX4xvEh:zZ8OPjUyei2UXpsdKrcLu4bFmokU4dEh
Parser Error Remark	Static engine was unable to completely parse the analyzed file

RTF Information

»

Document Content Snippet

»

B*<G/y(v̘F2b$0/=4jͶЍa1ogz/̺ԯ%4 US=*1G#t4QT8pмy>P;X(tkU)AfEu܊pE(c12,4%V]a 6Ae9ʽWyG]eY^>9R^:(HW-grYHYj+MRjhe:pݯ4Z]8i Y'jȗFD-(ùtZ+_$V459*QQ]l6yI$Amy!]&՟0U`R޶F c[mӿZX7v5LHB?5PXz%xH^/Ȗ2noP*Hysw6l<X !v+V'6Xw@w鯰Xm 6m`77ae|p8Ŋ'ΕXUZMh퀍+&ɭ#w(gp*n+=51hHGa꯽&J So"9>5R|%&&Xc,H|H2S(йhэb$Rb=&NUgfc~ii?%pÛ79(U/4E9LL&RݱW(h5)5C_rjH7ۗK`-`e⢽#`G$=ȩ5_vo͂$ӝNݩGmfho; M64@b[|"MFUq)R=?O;LItBL9*2Byy#X5e,;2ѝh"*3ki:X8Hq7v|σ_ nQ*%/.*?Tqy((,Snйۘa+$U$6KGm^o,Idʗ5TwAYz񇣡#4@Aq%Ď#;Iٛ1j$Fbe))E%#qIcѡ%&n&]XTQCqңYq|sL[`gItfcĴZbƞCWhݾ| c$ u*cL!?^NA.Xi:WF;霣.+UH,e':9nn ~mۮDեW><yrTJE(1:60ˉkuˀIHKc-:)C4EzS-դ~/$n|g5.ѕf(*t #C熟iGvYФ:3ԣt=|`ZzeE&,?3* `|`+b6+0sŢYIe盫_JW`!sS^̿t`=ʝm`j%Ⱝ:Ӽ[ei[+u׬P&W]?b>C9㭼|'pPf^/Znk64Rw@qVo1-5M7$|R*J,k"sޢVQz(cg!|X8r9-+)exykTqB[QM[twfHj8Lc7Yą%z"L[ZT$<Lb^441'$DuVK huo!_$v<Xv,JVr%%Ft$WW?,E#oQaJNH-=xIEspo5-s,/Q ...

C:\Users\5p5NrGJn0jS HALPmcxz\Documents\JF7e24yFrvj874pRbz.xls.kvag

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\JF7e24yFrvj874pRbz.xls (Modified File)
Mime Type	application/octet-stream
File Size	8.51 KB
MD5	3891acd0ba2afbd112bde9230c2522b1
SHA1	5d084995906cb63a64a4169ce28f8bee058d3523
SHA256	24e215866f24d2413c0599c1ce8016bf6947fa5d0e699944d47da4e2c12ce3b1
SSDeep	192:fitGuWmRH8fzPojSvJEw2tnMPHQD9xfhhN:KGuWmRHkzPojSOw2B86xfhhN

C:\Users\5p5NrGJn0jS HALPmcxz\Documents\kGiZali 3xcty.ots.kvag

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\kGiZali 3xcty.ots (Modified File)
Mime Type	application/octet-stream
File Size	36.32 KB
MD5	efed2d44143ca67345097dfcb2cd775b
SHA1	636c9038025179ebee70b323487c649e678ba7cf
SHA256	2d4ca44a22ecdf70a3c9022a8a231a573cb718d75e83332304b3564425ee6914
SSDeep	768:NNnSbdSBHMksx+UxF0kGWClOekPV6krsZziqkCxy/MuF2HP:NNSdllGW+bkrsZ+qSM8eP

C:\Users\5p5NrGJn0jS HALPmcxz\Documents\M3c6UFv6B8YP8gKAw.pptx.kvag

Dropped File

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\M3c6UFv6B8YP8gKAw.pptx (Modified File)
Mime Type	application/zip
File Size	90.42 KB
MD5	082a70ed4d4ec910d5f329cbcf38ab4f
SHA1	07f2050a8353495af7f74f62d4403fb0dc0788b9
SHA256	69eca0b2cd48d81f43b18ffe61c2a1ed6b50c39ef0d553e24d4e4d9d3bc1e5fb
SSDeep	1536:ZFdLFrXdPDR06/ue83lfIQFhjCQej2QCwX49jD56qwbcAPDvjuNpQx//zTYkceEi:ZFdLlXdPF08EChhbS6PgAPeNpQxX4kKi

C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Nqt6s-h.rtf.kvag

Dropped File

Text

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Nqt6s-h.rtf (Modified File)
Mime Type	text/rtf
File Size	47.08 KB
MD5	8cdbbd75a9a32e7b48423a38855611a7
SHA1	84063114c879b5841de6303d06f600a625193ef0
SHA256	f19f8193fd0c3ecb316f1552f410f70cbf64e94697bf5c039ef7744e838dba04
SSDeep	768:UbSG2hnj0xebKZNTSQqkzZxWUU7j2y3m/xZbNk3DXQnDlR52VeE8dMwITC6c:oElj0guMOXny30Xxk3DwDlRgXvTm
Parser Error Remark	Static engine was unable to completely parse the analyzed file

RTF Information

»

Document Content Snippet

»

[[z)-ʻ ;[c=3yVt;mo6ۗqj`L`K^㑑xfQN_Ql.QVЄmqṙS (ECÐlX#5D=zy:0+R߬z[I6QՂ;8j&7W-X-@K_%Ҡ |3(yLp.kk$xFЕH!V0UUGHGV]ZU2yW˩2M*0=͇wJrB;`Ef^ om@iadCuE^XO]E=:Ot7ۅ+կ􎁶%0X@(-WFaRIeoVQL4ܘH `BApn#&ٯ3`ҧ9A[M5("%;,QJR]@ iW"M^'$ÎBni󞒽0#sla^-oZOV̺,e,Lpp;=Hv|$HR=Unl$ƦoGY(KeU؟0`b,%nэo2/$pMިkQ8ձ5`+CԪr˙pB-e!L+QZ,2COX'$/]˯o~o&=DmK0(|*>p͆-jEԷjY/܄"uߊ͂HsxL0t^tV~Dߎk87K,5NV4#,$q/Ldġ"?b֫ipƘ?XMkjP7Vht.w26#dpFf)^W^6͞:оzyX]t]EH10z&0I9->8)s%AKnn<,43͌AlyEz%k*;͒7A)Wz^ B 4%M;0Uts6PǶRy@jem>F]`9ӡڈƹsѕuokXO14F^~Vsz)+Kg@,Jmvv~I^Rn6+;Toۑ:JɊJצ-Y7+LJ]ߍJw.`j£gVnH;%^mldkҥ؟ sDzz4ra-l հ#<xBk_^<&'U֮VdX"`ht "Z|v.ֱe";9$WlRG`5_WM5W|#^UҡM<JQ.'xP1|PyU/HQgx(ck=RD'=8Ɔo4h']~F7۷6=>H80m^U6ęḥ'B_t魤gE鐱zT4:ʤ"%ÄإjZт"r߰q_~Ws[Hx&)d~$L^vG9Irέ~wA3K8FM6ZmKA>)MiTK6;E8LY1be]ŝ`͉ Bvk:͹v`W33]_y'5FR*^O,> !HxBv8e6i;JTc`gTvmjޛatl̴Ӗ` ;9@t:N5IŠf.[7xyCLlԷDk6;. ...

C:\Users\5p5NrGJn0jS HALPmcxz\Documents\OiTQ4Y77X9w.ppt

Modified File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\OiTQ4Y77X9w.ppt.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	48.43 KB
MD5	c9af8bbd69d3c0b0c4e815082a67aee2
SHA1	61b0845715e6ab3c18c41447ec458f8817dae9e3
SHA256	57e7cb974cc58505e0dc0e4b3934d2fe5c1b4c262324124739f6776974baa079
SSDeep	1536:D3FRFsrWawyIhM5DOJuBPoqS0ppPEQ0FDaid4v:hqWawyKJkoqzpeQ0/4v

C:\Users\5p5NrGJn0jS HALPmcxz\Documents\pP5LKp.rtf.kvag

Dropped File

Text

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\pP5LKp.rtf (Modified File)
Mime Type	text/rtf
File Size	17.98 KB
MD5	45816e6101be2ef7fd305ebbea1924cd
SHA1	0b6687ea126779cc25a10ac3a88291ff92a9f7c5
SHA256	3a19e2cd415df65e93cd872f12d3cefe6ac103cc9c93d4e36bc5c0e982a23243
SSDeep	384:ILOX9oTReg6t6EQss1Lz0V/xH9DiyRdpWUUCy1AXbOSf0:ILYoT96t6E/sVzAp0yECyabOS8
Parser Error Remark	Static engine was unable to completely parse the analyzed file

RTF Information

»

Document Content Snippet

»

n>JV>cP^)$r=ASxy՘ ݞϒ93P4qpg)fnZbPsM^.>&4FArcocfc"*~G5G $ 5ɪG˜9252[;`v@y7Q"lJoCT^ՔVk]ܸt(0stDn?b<M>jI: ;hCb'"jĴ|oU)#8/NbItICR-uQMIeqjKMxʚl'vzH<]x"YfWO@$T3'ȏipdĥ+Wo|?A<Vhq&-g#o^'^j<0XMG(f~2NC#Y9(jD ?/SްoOZHI-S_ܕ:tr!ByEMǖ),hD|ݍb=Xe>mN9>S@hr괃?gk8gDbC;ڸf7-)1tosԝ_!,;q`)lD^6h/..KT ΍=EQۢmQxv%g&%XWRqhOs]8--^fW]po1_qgcҏ<s<2/zTsnl쀸iRi-l;ZwB纀?7Қ5V24g+)ZQ_d@Ӈ͖tӫ5msɕE=ϬF ٤J.RJ v蒿4m__$2%H#EKji';WfPʵڑeFC1Ss@?f/)0RYmL0׈kps5bS-']>ms8 dKjH&,AkYv`ݜKp=&FB9PMOϩ "]vet#?')p^&L)痱Dpv.8R%U2I9!KL^oh ]7#v84 "VccB#(g4`Eߖ𶛙ړ嬓aE9'&7AM!Dq*0JQh.Y?B3&n_:teh:>8~w]Rt( BrXp%m%r_9qYCEP_ȢrI(E7)q6ci>5m;!$bh#kىi_ +)Pjܪ8uU1b|'D0dVoT*?d.sxdۓ8ʕж2A1U*U܎37!hk lt?yta` "W㐠CnD$n-i]¸ɉ*Szv9RēOsM&U?W/xz0X-MZpxؒ/%1z c3]2q=sІZYD K'(2j۪:qr)Jjvfߴ]F>֕tYơds%*+ vX,@|e<YMJDi.d-YUNNn;gj=i<r;&h#hUT:W;myղw9O?ddafqah@JMۡ"J,MS4z! ͋n)Ec~ꐔt.;e|:آJx ...

C:\Users\5p5NrGJn0jS HALPmcxz\Documents\PRVnBgxJ5.odt

Modified File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\PRVnBgxJ5.odt.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	38.21 KB
MD5	6de22a6e20da7c96e12449092af55763
SHA1	71c15c369db960b8aa94f5fdec982d91cbc9aa8a
SHA256	96884386873c524f734063cefa278b8d360c0657ce86eebed67bfb6ff3e6b201
SSDeep	768:4mIOnoZ7fM9fdLgCLOY0cJ8Pi2fP/V1MJF2SAiNTXncSAsHF1O6+Um3FRm0:4NOnMSdD3JOi2fnVhziTFF1ONR3FRm0

C:\Users\5p5NrGJn0jS HALPmcxz\Documents\qvceNH5FTtN.rtf

Modified File

Text

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\qvceNH5FTtN.rtf.kvag (Dropped File)
Mime Type	text/rtf
File Size	15.80 KB
MD5	039bb3cfc44f348074c8511763fbaf64
SHA1	e461b2d22904377a7fae9a36a10be9baf4ed8c8c
SHA256	d1e0a193a5a7d4939880825c38f1ddb80c57c06eaf630513f1eb694d25b2ad87
SSDeep	384:6hd6utXvF0CJ2yOiIOepC7czHC2o9BFxY:6fVZd0ROeecu3bFxY
Parser Error Remark	Static engine was unable to completely parse the analyzed file

RTF Information

»

Document Content Snippet

»

:ҩ2&Q'|ʎvjm|l5*7/e"xȒB#>Hˑ9ats"76w٢93*WD"xY]lTߙnRVZP0LLNRg;U%Q%jJRl^-3MQ1~*nSE.BA*%C2q.S-N7Dh#7?LǛ9 mnձPٔ!UʽuyY76V,3M+goߕWLrgkvOʯaSC処vU,zq+'< dMm_JVM٥>:Q?zŲPDY܏@Fb/F+5!],||ha,-p4]QS4DCkn/QvÞ_4t(#D0;lTZ16ów7h:"Pt<E07~7<C=Ά)%We*hXprVQ9/q6eX6hOc6&Xa&LلZ~aXTc<B7c ֩rrg/Z:3dz4=Gm9)E֎jQC̣]Or%l`IB,9Ih+eGJAk^TRm[Hmp``qMq[uÃOu5mc-577Qzj(7Shy]Ƚ>~CCQX2HU""Ƌ=S?ԅ9FΔ1 (YW 2Z%[aL7T-LUx%e((Ͻ^hDn,qu/5f:ce1^KܴYR-+?KkuccXݒx32wN/y]D=TED'*IyEN?b?LMˀT:'3$):r(aƱ]z`k/ViDi2~Bz_/p|pWzl^iݺы`"m%Bѓo%<srmN8=uؖ7K]R3gKj(CIThgdʳS60>[G&?!=)d8D'*W#^TxlwDo1NBE@1ul)ǜlrJTl>ۺ^t1ڡճD"f ޒK slQMo1',)NI&7~*BYbB_)<ZڿM?oF9Ӵʟv'Ku(Bʺ5 G&d(b~,[ ɴ~P@!1z.(׬]dnܨ"-͌0aoD`8h e`72s?/n:+i%,;aEhu,etSZH䔹WOS̙HK4uJ6%`3jl<=P<]RDg?y&z]ɯDTXoWZŻ˻QHfqFvUXHCŊGt;MZݧYk)&Wǅчk)4i|&|+Է"<<ɑHwqsp(+vP5S:GGѨ2bN<j$"EUpTE$C6ꂹh:r^!7s˦qzZ#ꦢBak&ˑ|YW|gk.i[G-ٳ ...

C:\Users\5p5NrGJn0jS HALPmcxz\Documents\QY6CDvI9g4eui.pptx.kvag

Dropped File

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\QY6CDvI9g4eui.pptx (Modified File)
Mime Type	application/zip
File Size	93.45 KB
MD5	6b5435f4c20ec871f8717ebebb59c234
SHA1	bc8d9f1b908616e8780f9755ddbac79b45600825
SHA256	b1e86ebf4dd7c8c22c004516c31663feb731b838bc60b019b6d890ffac6854a7
SSDeep	1536:R6RNIBpXbg0mS9TJdyfokHoh5qh2aiySgOFwXslxtqEq7NdrtI0hqDzKKqC:sRNwXM0mS9zhkIhFwSvIs/0sDzKKr

C:\Users\5p5NrGJn0jS HALPmcxz\Documents\RMMC2E_QGSZx-2yz.rtf

Modified File

Text

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\RMMC2E_QGSZx-2yz.rtf.kvag (Dropped File)
Mime Type	text/rtf
File Size	4.12 KB
MD5	b45b7e5b552a7335030f8a60910a3fb7
SHA1	efb710068c71d55f5b367e91e4a6e68609c9f55c
SHA256	535b0c627a707c73fdefd4214902e8af9ecd66ed5d867dc0784db2d36d408acb
SSDeep	96:W3iBcqwTRknrLc0oMHWSTdMEN3Ov73EUpJ7gc8j:rsenrLTopS59Ov7zxq
Parser Error Remark	Static engine was unable to completely parse the analyzed file

RTF Information

»

Document Content Snippet

»

+ͦb||`!@XE=X*S1"cx@d׀췑a!7EW)=EMaFڋ(o$-TdYՙxNXb1gnN*pڲ|ue(2%j`/u(7Ҳ^;VO?2,k:fcs%Z8TũBblMH`$R<n세_bmwQE0[$qOFkx|z0':5IR4QBO/TQݥ'?؟1c~ؾ`P0QgHUڅ$֛4B!%WH_휋/ӫzҾKñ;M<j ~-g^aTH'ƾfadʂLEڴ33bՆ~Hï,KVrhy5y>5U!/*ts䖣7+:1K4_( F`.f˹,ݞc-x^XrN|(0E:hW6.@yj@ny(VjvyC8ŜޯSɽ?_0zYFyC'K~m)4HQ;Z8;Ī_=9s!qJCQ47|#:. h6e$vn) =NnqVj3Rw9L40rr'~W;4~˰?e3Wr-KwS1##á`U>sg8&VQdN:"J'֣y:W R~,̚[e7_+В=-L._:8#d$T++5!ǅ_D(˓AVdGºhI+Z-re|(2W],RO˸!F>Iveȯh`H<k1&-Z18Jzb~).AaoB@aM28t/EzGiqo.1vM.mheၐw'gPet'IGy3IJaYAt5)_/iSZCI'^~aӁZţtǓaD%WtΛ#⡌qZ;^?]J7p)ϲqޮW/i/3K-57fd:Fy VݛIJ'PiÝe"5َ$!ӱ]dT0z[d _>0I2췪77Y)l@+C~G2DjlbqT9C;+UK7+ZskV!#u>V~%AԂ2^ey|8)袉&Bͣ/۝j3뙝>Uf<G5xQAJ\v~wNGMH?EvZZe|N/kKCu,(,$|=6v@lzEbiTMo?U쎳X8<?4$z;dAaxF988M2tҐI܌2=_*3V*;ޗP<p!(N p^uN[Z^m1Ucw>y'ϝ8Ǔx>QN ;7U٠TYwoxn~;+D0[Z=R-Blmz=8<հ%/ k،R37wPZ]'7cL#aehV^7W0^&~:LTCoOOX屯Cǵu/ڴ5fݨ2C<v ...

C:\Users\5p5NrGJn0jS HALPmcxz\Documents\S9TDRhPkSv5vLHzMFlW.odt

Modified File

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\S9TDRhPkSv5vLHzMFlW.odt.kvag (Dropped File)
Mime Type	application/zip
File Size	92.22 KB
MD5	e7c1144f6009b1c68f5497de3286b455
SHA1	47fcd71726306711ef82e10829a3d9dcb842f65b
SHA256	1e31fd534870f1da5b6fb4b6368eacc6b50f76456afbed272cfefb93d40746ca
SSDeep	1536:H2/DC2LU3iZ0Omj2W1cR0xwqclgFbfGMDlKwGVKLJT5QQG8gzOSK5VwnfO7tKbag:H2/DltS6b0vhJhJGcLl6QGtOSK5Vwfyu

C:\Users\5p5NrGJn0jS HALPmcxz\Documents\sQiZZ.docx

Modified File

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\sQiZZ.docx.kvag (Dropped File)
Mime Type	application/zip
File Size	80.27 KB
MD5	a22745160d1b7810961ffc428e96f7cc
SHA1	8e71a2fe0b388816e56e5bddc402e315ffc19a3f
SHA256	6c9df98330a8403bc1e2c9fc8c5e24724a336bbfa38c6d542ec8b8a05bea3544
SSDeep	1536:dhId6VXydcdFHczVFDRNSs38q9YHuqb5NnVT3PtXT6rNagSU17hfRRw:kd6V8cbcVFDbSe9IfN/tj6rg/U17/Rw

C:\Users\5p5NrGJn0jS HALPmcxz\Documents\TzAPiAs6qAhraI.odp.kvag

Dropped File

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\TzAPiAs6qAhraI.odp (Modified File)
Mime Type	application/zip
File Size	67.15 KB
MD5	f9e80669b893abe6afc92bff4adcb822
SHA1	5dacbe4a45f1600b948d52f563379103990c1ba9
SHA256	2010deb5033e09545a21141f69f047421ad6f55772ad2554a75aa081cc30785b
SSDeep	1536:ViZjPWtyPMbqx7UvzPORUOPfIiCcVrjU2MfLwtbncl:ViZjPrPyGqclPf9CojjMfcy

C:\Users\5p5NrGJn0jS HALPmcxz\Documents\WIAI1.xlsx

Modified File

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\WIAI1.xlsx.kvag (Dropped File)
Mime Type	application/zip
File Size	26.27 KB
MD5	796b946a8c37799018a18792472fed94
SHA1	39913947afbe94b9dc98eea0c57eb12a1734d9c8
SHA256	de02b8f84b9332f07516b40451aaf12c89841b174e05c60f9431652b4d801f58
SSDeep	768:ZBxQiN4hHCe7FB6/qjIrnCehrDS+K3/8kPUX:ZMimb6/qjIrCedO+K3/8kPUX

C:\Users\5p5NrGJn0jS HALPmcxz\Documents\xJBVQQII-j.xls

Modified File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\xJBVQQII-j.xls.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	56.51 KB
MD5	1b43f091138ad324b4958e595dd35eae
SHA1	380fb425aeef4e477ac32a0a9f99b3c06b5dac54
SHA256	a264a96396f1ac6b18b5f2adf60a6a8a234086c81d977852f2ca0dc967ad3288
SSDeep	768:kQP9prhFDsjQyLDVNjCV0bE5jJiKcTjCjz2t55Q3dHpGN0DTLw2RLHbR60fwq5So:DfDssQQV0KJ3cTjCi0tJzwwL00IqBjF

C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XpuS4jw10.docx.kvag

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\XpuS4jw10.docx (Modified File)
Mime Type	application/octet-stream
File Size	15.19 KB
MD5	9ee37e8a119ada297102438feb6f60c5
SHA1	a54a8682fc8249faaf1be4df5ed695a0936752ae
SHA256	abd0a86d66ec054ae0378010de07aa7d35c319f897788d05c633ac9bdac7a94d
SSDeep	384:ac8OxWcZMnxsmLe9gK2ZJt7B6H5xcvEpb6sKozPaeHnBw9iRAEWG:ac8XcanuEeWHt96ZyvKGst/HM6Z

C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ZKPjo8JohJqXPt0egkjs.pptx

Modified File

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ZKPjo8JohJqXPt0egkjs.pptx.kvag (Dropped File)
Mime Type	application/zip
File Size	54.95 KB
MD5	99045faa3ebe197ff8061986b06e3a18
SHA1	0443b689cb256408ab1826fa19de59e13ce03bd1
SHA256	b9fd064fd6cd449ab2f6e12ca1c5f15af6aab9abfe2de73872bb92a8e79f7ca4
SSDeep	1536:F/nfsqiS3DGNNEqaPbKLvh880J1LfLsuEYvX23SN:FvfFisG0fPbMeJLfLsuEpk

C:\Users\5p5NrGJn0jS HALPmcxz\Music\1a20kzVE_cVBJfA1si.mp3

Modified File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Music\1a20kzVE_cVBJfA1si.mp3.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	10.16 KB
MD5	aa5121c4d4673a5f8ca2ad904be0462e
SHA1	3ae97294e102c4bb071d81539488f0afba2c558c
SHA256	2b2d82288b625637f8c5db46bd9900e2a7a613f561f3aa4fa8d5329be5473108
SSDeep	192:MuJU67DiJbNgFb8O8SHqu0PIZGwnBpKlbzqqdBuKNPDuOeOFt5F7Lyp8+iFw:XJHvUb8jeu0PIZBnLKZzdBuKluOeOlJC

C:\Users\5p5NrGJn0jS HALPmcxz\Music\2VWfH-tyMn.wav

Modified File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Music\2VWfH-tyMn.wav.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	85.75 KB
MD5	88ea58bb2b699ad1e53ab3ecded414e6
SHA1	a3d058fedd2c85f047e4fee51a463a0abda317de
SHA256	e05f3c1d663d7a46edef6fbc3046f2770cb9ee6b51f6dee65d9e0a1ac91b33cc
SSDeep	1536:OAW0bbh2CAQqPk1pSvdoOTdXZefGO6p6X7o9J8yplh7U7Z8Lu4HYKN/3grQ:jZbw5TPk+FoadXZeuJp6X7M8krG2XHY2

C:\Users\5p5NrGJn0jS HALPmcxz\Music\EImepXLJ4.m4a.kvag

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Music\EImepXLJ4.m4a (Modified File)
Mime Type	application/octet-stream
File Size	19.71 KB
MD5	11d36f9a23cfe5aaeb71871b564ce769
SHA1	b1a12e907bbe9d2ba45f5b16d817e11fa049f450
SHA256	2b5e53790a888b62dbb0efc3e2af7812728da957eb6032e297505f596b78c2ce
SSDeep	384:L2JANtB0ZrVhtPBo3KcfOXDQbl4jIiOhstHb/ocPo1gWrDJ4VGdb/hJ:CJANtBSBBFcf6OijIiOKpPgVfX

C:\Users\5p5NrGJn0jS HALPmcxz\Music\HaZTaX Zg1qKL.mp3

Modified File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Music\HaZTaX Zg1qKL.mp3.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	75.26 KB
MD5	e82d96c7d24be372218fbf5de90c171b
SHA1	940ef2d1e40ec4a813742393bd6354548f6f621d
SHA256	d1901e1f71cbb8a997a36473783bd227080b73a10266ad8b495b52bc6e92319a
SSDeep	1536:iJM0rLc0KnsU7lgW6pedmxLYJW6SanaSL0YMd+2Tu2d:iC0/c/nUWDd6LN6xazY32d

C:\Users\5p5NrGJn0jS HALPmcxz\Music\hZq26AwDROO OI ep.m4a

Modified File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Music\hZq26AwDROO OI ep.m4a.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	95.05 KB
MD5	6035b63e493d10fa5c55c62471a5a8a0
SHA1	5d7dc177f192f233fe1dbe987168ab2810c1155a
SHA256	f231f7522aca35bc6eafb9e3fbcf0b7c780741903d55f2a08f9460b70228f7e1
SSDeep	1536:f+4Zi/ubD3cixQ5ukhN2GKLKNwJk7h3BtGnwWUKj7TGbw0yZK4j9aM+PA:DZZ3cia4d4h3BkPUeTzB9BqA

C:\Users\5p5NrGJn0jS HALPmcxz\Music\KpgK4Eq8VgZx.wav

Modified File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Music\KpgK4Eq8VgZx.wav.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	30.06 KB
MD5	da39bcd0b71590d9bddc44eb637c2b61
SHA1	594eb251b8ac4eaa0079936ca88ce738dfafaf48
SHA256	7fbaf63d8c2d778204782a3729d86595bd57e08a1f680b4afdc42ce7970f84e2
SSDeep	768:n0v6vo4ARqqG3Z5IrPrgdK6XFN5QyZ36eRYE1VnW0c:n0SfwMUc8wNyqq

C:\Users\5p5NrGJn0jS HALPmcxz\Music\oksjJ.wav

Modified File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Music\oksjJ.wav.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	57.75 KB
MD5	69d702d3b351c49d9671c4ff77a6425b
SHA1	7b57ae369259974d4405cdf36df6d69cd54048dc
SHA256	4f8685bdddfb5b48d2235059e1fc0ddeac435a8e60829a370be68ce75e989fe6
SSDeep	768:qpctqtYEJUxJul+wc3H1BEBoEVAnfmzvh8R/gR580rTTgARF/Jbn5GfwIErgv+:vEJUcl5aXEV8OzvhFDvHR5GhErf

C:\Users\5p5NrGJn0jS HALPmcxz\Music\P0kZ 5sEUj-Qr3n_8v.wav

Modified File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Music\P0kZ 5sEUj-Qr3n_8v.wav.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	11.20 KB
MD5	3d6397f2b5a444393aeee21bf92c99d5
SHA1	df7d7b4ba8dea73b4dfc9816d6f14aa0bb958183
SHA256	9dc11e04d21332faf8e47d872390f74587a1dcd0ca2f8cd07ed300e3677a72d4
SSDeep	192:gfqAiFo2/TCN3u28sGPt0TfTnBSJbzBnI8Y+WMe16A1ilBAvWbr:gyAMvQel1t0/BSJBnIHZMd/lBAvWv

C:\Users\5p5NrGJn0jS HALPmcxz\Music\V8CZiiS8yq6173-jiD.mp3.kvag

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Music\V8CZiiS8yq6173-jiD.mp3 (Modified File)
Mime Type	application/octet-stream
File Size	26.90 KB
MD5	1588212076097c72a4181f0655ab735a
SHA1	c8735f640def341120f496ceb0a5c1eb4908454f
SHA256	ab2ef01f6293bd04b4439eb69f531f3de0cb731d2ace4f5a53f132379bbb9e14
SSDeep	768:cmXgvRVWVi3n3UukRbc7sMMklAo74cxBqVYgh:cmQZV0inoRbIPD7VxBg3

C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\5eZyg.gif.kvag

Dropped File

Image

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\5eZyg.gif (Modified File)
Mime Type	image/gif
File Size	75.55 KB
MD5	f8db203bd0d2decf5a2b863158227ee8
SHA1	d3df4a81d53ba4acc5ece4535a069128491f91d3
SHA256	8070818ecfb215ce35135c68fbea3c31373c1a9d551c54036e39328b4f75ac24
SSDeep	1536:ERj2UIdnCitB4TXqoc2y6Tp7KYJwh22DajAFhm8QfQpQ4uAo0B+Pnl6zvE7A:ejxIdCNTc2y61KYJwh22Da0bmgQIoA+k

C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\ANRz7BiMGjif1lT.jpg.kvag

Dropped File

Image

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\ANRz7BiMGjif1lT.jpg (Modified File)
Mime Type	image/jpeg
File Size	64.84 KB
MD5	d6afb55ed2c76652f1b4f37b03d45aa5
SHA1	635c434c0b04f96f11d318a2ec5989e644227fd7
SHA256	8183960d93ec48486f389312bdcdd5566fd0b57b6c4fa1d78368b2dce569229a
SSDeep	1536:zxF1tdI52PrE26rueMpQCN9n9hy9RuORRUWh:lFFI5QHeMOG9n9w/dRh

C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\bEXqr-0RskHd.bmp

Modified File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\bEXqr-0RskHd.bmp.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	98.07 KB
MD5	23d30001c9bedc3d216c9afcb07eeb78
SHA1	3406bbe324532aeeef8833b9a870b18c4c660e2d
SHA256	d61d6abf11c535cf42d0ebc3b5320a221d879ffc60101d614d4e8d1615e69776
SSDeep	3072:UF09fUWdCmyqWDPphTrNvFM+k8Ge76fOveJD0vsO:UFSWbph3MdNfva1

C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\C7F4 Wc1xIRcM1R.bmp.kvag

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\C7F4 Wc1xIRcM1R.bmp (Modified File)
Mime Type	application/octet-stream
File Size	38.66 KB
MD5	3e9da67fa6a9824fc862b93c32797cc0
SHA1	3ba1b78c6dce32673af926b9042d915cd5096695
SHA256	bec07a00546d95031a150f8894bb25f990c4b1900c75f26ad9ed9f60f45072b2
SSDeep	768:Lv/3OXIza6zl8wn8O+/SdAP3e6TXMj+nQngP3N8kcDV/rC:7/+4tmwn8O+/SyPFbMghvQDV/u

C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Cq3m_40ULsX.bmp

Modified File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Cq3m_40ULsX.bmp.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	7.30 KB
MD5	c93c55fe137cb273dfc462c6fee55f7b
SHA1	96cfe011947401a7484574f776382678141fdc7a
SHA256	44e4fabe10806dbaa8a5c077f99735f3b658d0b95a4afcfb203f87f54b315bb2
SSDeep	192:aU3CJq5ljXWAoni97lftYdp6kveqxuzNA:kC5fep6kWqIA

C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\d fvuJCkm tkxAy.bmp.kvag

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\d fvuJCkm tkxAy.bmp (Modified File)
Mime Type	application/octet-stream
File Size	36.08 KB
MD5	15c7757e21b9177ab3e4d1ea6b12515e
SHA1	bc9147f9bb9225f33b1dd1f4d289409fa812d431
SHA256	89e01ac627e4b70bcc7f9795a80bd2c49d7d8359bfd0c54b4534c9086e46bc6f
SSDeep	768:GMAQq2Ucs+mZDEqGtqMUmXGyCO4lWnXbei6PPu8nJkuTDWcM9d:GXx2QHEqBMUmWyxbeieumJk0VM/

C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\iIl9 Kf6dOpe1lUAjHX.png.kvag

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\iIl9 Kf6dOpe1lUAjHX.png (Modified File)
Mime Type	application/octet-stream
File Size	69.83 KB
MD5	82c11adf38275f469fa89fcd090b79c0
SHA1	9d450bf5d5572907e23c5d8e074c9e4fe0dd2a42
SHA256	08771d1e62d2a4a0c0123f1a7ea4cb0786741f7b39b83fcf11fa7d40bbe12002
SSDeep	1536:NQt0mWxvVkcqb8kaiTd+c2a9892/Lwa3HxaNY+ubSLeVAf:NQ+1d/aTd+c2a9P/13HIarbSyVAf

C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\jH6B7Hxu.gif.kvag

Dropped File

Image

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\jH6B7Hxu.gif (Modified File)
Mime Type	image/gif
File Size	25.96 KB
MD5	36cf940244ad22680f3bda40d09eb0f9
SHA1	740ffda17217a70f1affe5bbe08861cef3d7124c
SHA256	88bbfcf088c4847863c6700dc4a261318dd3a860589ae9a3a2bae50f54b1c0f4
SSDeep	768:FM2UYZJ1kEYjZuPmB0PV0NKS19/rd7pEArLKKq:FM23RYjZH0N0NKYp79Kb

C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\OrlE5DDk6Qs.bmp.kvag

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\OrlE5DDk6Qs.bmp (Modified File)
Mime Type	application/octet-stream
File Size	31.67 KB
MD5	de6c8906e4abcd1241d4d993974b7310
SHA1	6db7961f55144abdcac64fe207f1fa997e548652
SHA256	010a2cce0a3342ef1d60feb476b4587898142146408ba78eac3d2ae92b8fc1bd
SSDeep	768:PgsdrugLnM3VvfttBIMXNvx73uRLUij5+T1c+2Jcu557/NvR0:PgZ3V3PBIqneRLmT1cPJ15FBR0

C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\p7jOmY0YHtfEDXHjzMJ-.jpg

Modified File

Image

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\p7jOmY0YHtfEDXHjzMJ-.jpg.kvag (Dropped File)
Mime Type	image/jpeg
File Size	8.67 KB
MD5	fe5203707a72e1b2c944c74698b32a5e
SHA1	e34ef71b34714faf726ea57bc0789b15eb4ccf37
SHA256	23598a0e47e6cef5e4d45cf39375acf301943e87696bf1b30889b20212a4a430
SSDeep	192:6vJPcVrSA43U9E+Nq/9A6gyk0aG29gx9fQ/JkIkk1OT:gJp1Emn/h4gx9Kk5kK

C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\RCRu7.gif.kvag

Dropped File

Image

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\RCRu7.gif (Modified File)
Mime Type	image/gif
File Size	92.95 KB
MD5	f24f1fe79ca4451994b26bdfb9d43b6f
SHA1	4358ade3769fc2a0dcaac79ca78af824eb8b6273
SHA256	212bb9fb56df10aa8a77ccd10d2d3b58d87205dd1dec612dc0d2da540969a84c
SSDeep	1536:dJw3zOi32+Iuf+8QiZaIxpl6GZ+2daRYdrkRw/mTuvj09I7oAxbDfMNB+JqhcQPo:zSzOy2+IumArMwr0uvjHkUXfMNaqhZ0

C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\sM6ixwL8Pn6854du50BY.jpg.kvag

Dropped File

Image

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\sM6ixwL8Pn6854du50BY.jpg (Modified File)
Mime Type	image/jpeg
File Size	4.36 KB
MD5	979270a32bd9879b45c4f7f5e0eb5629
SHA1	8b7dc8324ab2042620b65926e83dce2665965ec5
SHA256	da1de0c8e100a002329bc73ac3abd96e9f987b12da29bc2f57ea91392c7377c4
SSDeep	96:SMKG07HrJqoQpgXMZi4vqsWNc0NjZMAjX3hfIXRBArZ:RKG0/HQW8yNe6X3lIjAF

C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\whuSlBZPh.jpg.kvag

Dropped File

Image

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\whuSlBZPh.jpg (Modified File)
Mime Type	image/jpeg
File Size	73.15 KB
MD5	df9b7d652052adab1dab42f36a896b86
SHA1	66d5f9b59ee6aa560f2594dd8a56d6f355851280
SHA256	62b2d5c755124b06267c02c3cf08ea0ab1cdb9dfe82b24585a0a1e00c724dcfc
SSDeep	1536:96wGM17iFF1pbwvkCGTFTMimqtqG7F81mt6O9qufxclHMtr:QeeFxbUxGEqQG7F818ci

C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\wuoRnmzpakY.jpg

Modified File

Image

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\wuoRnmzpakY.jpg.kvag (Dropped File)
Mime Type	image/jpeg
File Size	38.96 KB
MD5	d82421cb407e5660bb4da2c1f6a6991e
SHA1	5319e462523a30e7834ce7d9589bafe7fde922cb
SHA256	efef781291e8e1d8d8d188b06a824be013b5a2aaccb8fbf70168f60ff23ff86b
SSDeep	768:CNTwQDPPiBIxrbrEgbfU+s9uPaoW71TFb8zAnHxrYfSkKsk6cZ1:y8Q7Pyorbggfs9bhTFYz4rqKH

C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\wvBPa9.gif

Modified File

Image

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\wvBPa9.gif.kvag (Dropped File)
Mime Type	image/gif
File Size	25.51 KB
MD5	6ed917ad979b074604bb8c354443c422
SHA1	be876b5a40b81b76b3dcb1add4a439d30b029569
SHA256	7b1d38b1ef9e2b4edc07eb7cce02787f9cabf34ee595c251e77ec79ae02a81cc
SSDeep	768:+Hoaso81M1IOFTNFI9xzmrlxd0wMJA/9KrzM:+HzIOzmXzmBn02AM

C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\X4f2vPCr2a.bmp.kvag

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\X4f2vPCr2a.bmp (Modified File)
Mime Type	application/octet-stream
File Size	44.65 KB
MD5	fccce3307aa601f5d3d44be68d51486d
SHA1	43058a18ae92e4576995dab2b36ecb3ef073b211
SHA256	3c086509519e8b9cc91568c6bf6d8aba45f9346c19fcfecdadae2f3edb6eb9ac
SSDeep	768:T4FZ0gdhzPJCyBj8Ggfa6i6bmmxRl3Mp15xhSzz5INDvbafyay16D6:IZjd9hCgjGS6tbm+qpRIzgMyaE

C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\x5DOOinBD.jpg

Modified File

Image

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\x5DOOinBD.jpg.kvag (Dropped File)
Mime Type	image/jpeg
File Size	51.09 KB
MD5	d60f66932781cb30156afd89ca44e04b
SHA1	7189993f8891d45a67eed8ad54eec6d8359dc251
SHA256	03e278ba7c32f7f6b20b34e53c36da43d74c02e76712ff98dfb45ce1fffd4488
SSDeep	1536:7TombnBuWQJIhwaPzd/ex0GvwDMeAbX98d07ezjbZ:7Tpb8WQJip/a0GeMFt8aabZ

C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\xT5AxUm6MKKi2KE.bmp

Modified File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\xT5AxUm6MKKi2KE.bmp.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	30.79 KB
MD5	5a53af2928e18ed1ea707acbfe12872c
SHA1	537f4c829952e9cd5a26d79207947d7ecc2e8100
SHA256	7d9f8d9b75274851960254b59f6d4ddeef145bdb2606109b4a88dc7df80093d6
SSDeep	768:E1pZx4bHI/kQGk3t85G2uW4Z/8VdNNmNXyj/edWL+8UYG:GZ+MkX554Z/Ed7dj/eULyR

C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Yjdn_ho1.jpg

Modified File

Image

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Yjdn_ho1.jpg.kvag (Dropped File)
Mime Type	image/jpeg
File Size	63.48 KB
MD5	5e7642b95a82dfef6c7c3ef41bbcd573
SHA1	1853c5f5e74dd11d33bc688ef3b1c460a69561ae
SHA256	15a6f7d5a86a2de1bb0347b6490398ef40cb557a6657e454ae57a9df76f9def1
SSDeep	1536:ehGOuRmuRBRG8MVn/Yso6EHvl9wn8qXlBQWdBGA/Odg:ehDYxRG8MlgZ6Zn8j+6O

C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\ZRwVhWTmgDeFVw4ZRxb.gif.kvag

Dropped File

Image

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\ZRwVhWTmgDeFVw4ZRxb.gif (Modified File)
Mime Type	image/gif
File Size	97.28 KB
MD5	8945ee0ddc192d00f7d246060688a76a
SHA1	ed0cde1cc52ffff96a73c98ec29e82cce299a886
SHA256	d621db4b4314390acd8dd27f51904f79559d3ac6f732590944290b66327f9609
SSDeep	3072:2xLp7uwVZ5acMMe8YzTo3in3ZLlhmgXKbhw52:a5DZAcMIgToSn3Zzd6bm2

C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\_pUGM.png

Modified File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\_pUGM.png.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	85.47 KB
MD5	48e0f3b13a3cce311ec892c139088dab
SHA1	5524f02d83c800c6e5d6ea9ba7b3178ccdf26bab
SHA256	39005b79139ea0d1ff6c06a554fd0a4d0e7a4780bb392a8394438bf514e4af29
SSDeep	1536:Tf5qnBK25danPJ7eaSHJsdmaVypmsJ5XJlakfz4NDY9B5pELO7QSDmuYVatwiN:Tf5q9YxyaSmdHyp1J5XeC4NE5pELO7NF

C:\Users\5p5NrGJn0jS HALPmcxz\Videos\4 Bc.flv.kvag

Dropped File

Video

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\4 Bc.flv (Modified File)
Mime Type	video/x-flv
File Size	5.32 KB
MD5	fbac351c7f26694f06c000263ad41311
SHA1	3e7343bd9d9afaaaabc5b23c16256dbad78c7d18
SHA256	6e36843af454d94dddb0c77b9d8edf9a5247f583e53eb051da1f57bb34fc34cb
SSDeep	96:JWSlDx9BBZUUP/0bqsgsCY0UuPEYcYC+Nsw4XRoP05UdMpHlrV0Y6GKjE:1lDbBnt/Oqsge0hPEY4+3UM2FgG+E

C:\Users\5p5NrGJn0jS HALPmcxz\Videos\FKhUWfx-d 3P.mp4

Modified File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\FKhUWfx-d 3P.mp4.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	97.04 KB
MD5	55ff76470630fe2ba9509f2f9482d6e1
SHA1	1184d0f4cbaec420be2ae0122cc102f8c2056fce
SHA256	e195bba05d51b5db430a2b9e577f56798567d37da13b257184014cb35e833d1f
SSDeep	3072:O7dp2ldUeh56QjKBDAdcuFQtXJFNWhBcKSW:Ldz56x9AdxFQDecKl

C:\Users\5p5NrGJn0jS HALPmcxz\Videos\oMZDvujBwo0QTetEg.mp4.kvag

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\oMZDvujBwo0QTetEg.mp4 (Modified File)
Mime Type	application/octet-stream
File Size	28.27 KB
MD5	4767eb20d076871b1df496b93ddc2ac6
SHA1	cc8c0cb74889eba1be06610a457e884837910973
SHA256	fd761db9384658b22a94e4a05d3f35bedd65aac3b1f3f55c31b6324f10b16ce0
SSDeep	384:RVY1DNoCkOHOk2J8SDb3zTuKwTcGyvEPGpq/FTrXIxyRjidRhzRuzsBLkp+YRfR+:YwbIU3jqJcvvE4M10xy4PhzRXSz47qc

C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\MnXmRfGpxPOeczS\AWCJ.swf.kvag

Dropped File

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\MnXmRfGpxPOeczS\AWCJ.swf (Modified File)
Mime Type	application/x-shockwave-flash
File Size	33.19 KB
MD5	62b078757c999f853a0fdafb454f2624
SHA1	a005f7cb23915f09e508e56bbf8434cc37b640e2
SHA256	338325e60f6b01011d8214c4dd9bcda4001f20d8edd514a811c20f7b105e3b2f
SSDeep	768:LHWzbfaQuXtT9PyoJUQBPeqVCmpSAVOqPW9VH4ehJCYewj8N8R9MBX0:LH+f9gtp6qPJdpSAo/YehJCYewj649M6

C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\MnXmRfGpxPOeczS\e8jYy.bmp

Modified File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\MnXmRfGpxPOeczS\e8jYy.bmp.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	46.83 KB
MD5	2d25306ed0d2ce6f2f32a67ae99f0b19
SHA1	c8cc0a2292216f0b4b921371bbb8131f60fe4b4b
SHA256	dd8e66a2fc0519323135c450fc724716182a3815b9d7d330893f9507991efd40
SSDeep	768:u8syc1lVTyGMj+5DQyl6kOSiTsIHwSBbRX6wnhgIGiSXDMK0UcDH:u8sTAlj+5D36kOSaBbRvnh5GiSXdcDH

C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\MnXmRfGpxPOeczS\jpbeM _K1sn_lkYkaR.xlsx.kvag

Dropped File

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\MnXmRfGpxPOeczS\jpbeM _K1sn_lkYkaR.xlsx (Modified File)
Mime Type	application/zip
File Size	91.12 KB
MD5	8b848272644daf2f41b015c7b1299e5e
SHA1	be9786a281b2a279d17884546159dcffaf472cb1
SHA256	b9568267b347870e6c830c1cba763e296cbd746154bba7730669f69cdc321ecf
SSDeep	1536:t36c73nVnFIbrARir2ZjKKePCJBSfJCBf/qTxyBcj3DEtYk/qFZd7hzaAsbxPhyG:483nVnErARiKjKKgCJBmUiTp3eYk/qF6

C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\MnXmRfGpxPOeczS\nIRMb.avi.kvag

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\MnXmRfGpxPOeczS\nIRMb.avi (Modified File)
Mime Type	application/octet-stream
File Size	91.93 KB
MD5	437a87f541b31a111bdcba2145d8ada7
SHA1	323a7a605626efbdb27e8acb559fda4807f7cf5c
SHA256	18e3bd66d35fbe8fc0f5865b9c088cbb88abc8d8b1f5cb497d7954a87f466fb5
SSDeep	1536:n4CFm/+E4of+xukBFv28WtllL89422zkurIkdWmxrG6eV83TXLHa/1S3Zx5QFjo+:n7m/euknWq+fksWSGPV8K/1S7qhokWJc

C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Outlook Files\voeimd@djhreuu.uhd.pst

Modified File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Outlook Files\voeimd@djhreuu.uhd.pst.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	265.33 KB
MD5	a6722e1a7fefce73e93c87c640f53058
SHA1	e6acd664406faeacf7b765caea53f56d14a29b8f
SHA256	f29449d2c4d20948d53b6a3c2375761b8b6f0fc5115b4878f91463626c89ab17
SSDeep	3072:5lcl4V73qHX1pPQXhDu84btdqxLTMWw0emZ50UqgmpYz/KR9:7h53q3DPQXJuDtdmXY0nb7z/m

C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft Store.url

Modified File

Text

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft Store.url.kvag (Dropped File)
Mime Type	text/x-url
File Size	468 bytes
MD5	6a14171fa2090e8d5d7859ea7a795056
SHA1	8b0301c21e3d72ff4bf06fa2d2e108715e9e41f1
SHA256	a2f246549a0d9e562cc655dc0b06e3d95b712833d532bf997ac28e81bfe4560d
SSDeep	12:2tlbRhZsuT8prZwUU2GGIoLT3D7rIAW9b6dHQQELcii9a:4bTT8tJU2ioL37rLtdHpELbD

C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Entertainment.url

Modified File

Text

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Entertainment.url.kvag (Dropped File)
Mime Type	text/x-url
File Size	467 bytes
MD5	66e6335e40413e2ac572803fa3def3c7
SHA1	561214ac24f556d83a34d99ca619d7c8ccf773fb
SHA256	6613a0810b488796d102e8d41c22a95d87148420cf7560f1b50cc82d742ce380
SSDeep	12:sEN/QShJ8H2qBSlTMtovOxdUgTTT5HV/F1rn9cSHynpELcii9a:sE1/OLoTUx9p5n9UpELbD

C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN.url

Modified File

Text

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN.url.kvag (Dropped File)
Mime Type	text/x-url
File Size	467 bytes
MD5	d61b7904e4849487757574916fd8dc5d
SHA1	19750a22c959658efbd2674c1abf0b3c53dea1d4
SHA256	42eb70361ccd3a3d3d873f5965bf4340cbce7e804fa17313a47445b3d84c96b0
SSDeep	12:5E60gN7TlEVBTv0QIYD+09URuzskLELcii9a:W60gNT6hDn9URugkLELbD

C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Get Windows Live.url.kvag

Dropped File

Text

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Get Windows Live.url (Modified File)
Mime Type	text/x-url
File Size	467 bytes
MD5	b3a802bdee5891f9114e123a7621daaf
SHA1	35c8a789732858d42d567722cd1370f1a9736673
SHA256	83c127e8589ead3f69d418d26150c31e5af072498b33fac57d158814ba8f000e
SSDeep	12:K7K8GTVM1FWwJSrB7H7GnoBtpRELcii9a:K7Hy8xoBtHELbD

C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Gallery.url.kvag

Dropped File

Text

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Gallery.url (Modified File)
Mime Type	text/x-url
File Size	467 bytes
MD5	4539fde6dd1a77cffd6792761facefc1
SHA1	681b40d200f473ceb9ee49765e1d6f9908a32305
SHA256	5d15e2399b77ca875d993865bfd6b892b3c2244a908470b5851543c4e96b068a
SSDeep	12:OWTiKQdbIUtZnQFb9jMTf3TlRwNr/SOEvojELcii9a:OkAhnQjMTwNTZLELbD

C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Mail.url

Modified File

Text

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Mail.url.kvag (Dropped File)
Mime Type	text/x-url
File Size	467 bytes
MD5	650ade5e7c10d76bd7f128087c9c31e0
SHA1	a55a17723c7a498f6f2ddc02e008f6530c962f5c
SHA256	2e7b85759ef0ec38bd156088fcd68e02bbaff0bab0920818d0c1743eb6072783
SSDeep	12:kfoyJ8/xhZXpmbwuW/NNMP+sYkME+v0aU9FzfhELcii9a:kQyodpaW/HlLkqvK3hELbD

C:\Users\5p5NrGJn0jS HALPmcxz\Music\JMb5K DyX7\-oCX.m4a

Modified File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Music\JMb5K DyX7\-oCX.m4a.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	59.86 KB
MD5	8659c618f3791bbc9d0d86446dc76bf4
SHA1	994d21f0a8f4eeadb684d46cbca0793235eeb4fb
SHA256	665d325955bf7c4b2b203f43891d1b9687312abcc939a25e40351bf1e90f27b9
SSDeep	768:dK6hY5C2EkA3qM/+henek2JbuVFirs9oHqAnQZleDK7COvQ5THcpDsdBrpS:q5VEk09nqhuVFcaZleXOiHcpD

C:\Users\5p5NrGJn0jS HALPmcxz\Music\JMb5K DyX7\2mCixPQ C.mp3

Modified File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Music\JMb5K DyX7\2mCixPQ C.mp3.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	44.87 KB
MD5	14c7517edb3c79cd97a6d47eb4834ed0
SHA1	b8dd1e5dc7cc70ddb09c0dfc55dc027a0c3635d7
SHA256	2d25afd47abc5ce308188a493217cac0d577ad6e9cc408388015e0a2c0381a7e
SSDeep	768:7OPlYNpRFse2qmCyYvHbpMpoKKlqb6Ob2ne2TH2F2G24kvJB0RP:MApDsesCfvHbepNKlCWH2F2G2RL0d

C:\Users\5p5NrGJn0jS HALPmcxz\Music\JMb5K DyX7\PgkQ-pJhsE-sX.wav

Modified File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Music\JMb5K DyX7\PgkQ-pJhsE-sX.wav.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	21.66 KB
MD5	af13080daef207aa6c31d75de5c122bc
SHA1	991fbea5c5403f7b9dadb3c6b6029ea39facdf23
SHA256	201818339c7b8ddcbc6c57c04d438873d367360015c1a753917da6eebfff0ad2
SSDeep	384:6E8MDB+4e/Ipz1BesZ58YyzpBULrhpJvn7smaX+iXfAAnTRhXxFclqmPinbiEE1J:MMDIIbBesiXULTp7sRnjTRt7pmpJ9IBa

C:\Users\5p5NrGJn0jS HALPmcxz\Music\JMb5K DyX7\Q1rdrJ4P3K0f1VBWsz.mp3

Modified File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Music\JMb5K DyX7\Q1rdrJ4P3K0f1VBWsz.mp3.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	51.03 KB
MD5	a2411b62d587491757a351087f796778
SHA1	0cb6c2f815a1f23de9e29808bdb3dafa07cddbb9
SHA256	ee68044600a7a2f87ebf0f6ce3fcdb271ce7d6b31db3a292284f32adf4e7aa8a
SSDeep	1536:B99o7+AfMNF/UyWT8iMhFMbfKY/RoNmi20:BI+AfAF/UyWT8iuoONmi20

C:\Users\5p5NrGJn0jS HALPmcxz\Music\JMb5K DyX7\tWwlSFL.wav

Modified File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Music\JMb5K DyX7\tWwlSFL.wav.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	6.42 KB
MD5	92ebd3ef96fe539d01520176637edb52
SHA1	fd9d15f6c4732943001befe60963b054efb6edc7
SHA256	c9d6089338f90ee3fd3f743004988358bdf97d4cbf22498fca805e42103263c7
SSDeep	192:kRl73vX5wMQ3+L5gomEm2B7QwdCmgHIwqZvJnLGZlo:kRlrOtO+yNQwmuLGc

C:\Users\5p5NrGJn0jS HALPmcxz\Music\JMb5K DyX7\X1zSPuHiS_u.m4a.kvag

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Music\JMb5K DyX7\X1zSPuHiS_u.m4a (Modified File)
Mime Type	application/octet-stream
File Size	45.31 KB
MD5	82c248a26d4f20bfe46fbc7595b6be4b
SHA1	1a37c7680acff36dbd0873db50c87f640b880731
SHA256	a3a99c5ebb17978268ce6ad9170473ff473c77845909137e1f940ad67a799a57
SSDeep	768:0/MRt8OuddSuIY9iEPVEGVjVjwv45a1tafC10AAnwYzq/afohAH6f:0at8NdLiUVEGVV8ekafSYwYzq/12af

C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PO z8nOyg\aej6fnJj8N.flv

Modified File

Video

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PO z8nOyg\aej6fnJj8N.flv.kvag (Dropped File)
Mime Type	video/x-flv
File Size	85.34 KB
MD5	91748d35e3ec705d0b30a3a418eda569
SHA1	13607b3771eabcc577915713f070fc60ca5ec4a3
SHA256	3edbe765c7bc00e7cc0c6527101fa0d46d1ef0ffbc05ea8c802d53446792c8fd
SSDeep	1536:0UENA2KMTsIh9k7MOSQpRntRIhYqAsegpTwF561mNchW9JnoGofJ99pCNpk:0UENA239k7+QpRngXcj45hW8GofJ99pX

C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PO z8nOyg\W7BUx mN-XW3vrl8O8.avi

Modified File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PO z8nOyg\W7BUx mN-XW3vrl8O8.avi.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	86.62 KB
MD5	671070ba8631622b744cec846d5cde38
SHA1	4ecfb126e715929a6709ad34dc59c26254b13b12
SHA256	4f811b1072adbab564735717adec6900a60bf7dd6131fafd7c6b11addfbb4ee3
SSDeep	1536:Y3ulDrVW7EZFut1w1mVfdn3WEmteyKWucrOKY5QRPv1VAC4IbG413l4+t/0DZqq9:Yuln+uc/mWf4NeKi6FNVAePDt/0Vqq9

C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PO z8nOyg\WyJb_BisdCRy2SL.mkv

Modified File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PO z8nOyg\WyJb_BisdCRy2SL.mkv.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	96.58 KB
MD5	ddf19cdb9a6d0ff4bb765de18027861a
SHA1	e25d29f63741604a147d626dbbdb27cda986eca6
SHA256	ec3e730e346c8aa88a0ebc15c8b36f64cfeb9fb4b3b8b668e3e8a947d9433428
SSDeep	1536:pg4U5F7TpduSYW6q372zkItniAze9P7kh/2L/ffRrT6S537LmFXFrUzsQSIY+DPz:s5F/vuU6qL2QItXz1h/2LlTRZWF9ez

C:\Users\5p5NrGJn0jS HALPmcxz\Videos\_Iy8x9AH9E4iyV\epV aWEiH73AG5N_wmnM.mkv.kvag

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\_Iy8x9AH9E4iyV\epV aWEiH73AG5N_wmnM.mkv (Modified File)
Mime Type	application/octet-stream
File Size	48.53 KB
MD5	f4521e1c33188a81e0ee694e48a5f311
SHA1	1e1a8a09c08a2b81d45c09ddc567d7128756b5c1
SHA256	3a0cfc7b0427fa97c806ad05bd98c18ef51d8cdb571fb7cf3d636752b8572d8a
SSDeep	768:WVm3zVqTUFAZ1+9URxBV9wavEEiqF3ldV3Y1tm5AZGgC/mfCSN9SplFUSfDN0+:UypqeELVVfM9qldK1tmKO/eP4pNrz

C:\Users\5p5NrGJn0jS HALPmcxz\Videos\_Iy8x9AH9E4iyV\PiczzFq_WT9ja-21xQgt.mp4.kvag

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\_Iy8x9AH9E4iyV\PiczzFq_WT9ja-21xQgt.mp4 (Modified File)
Mime Type	application/octet-stream
File Size	34.22 KB
MD5	6314291318275a5fc020030c45642c7d
SHA1	4145cf43268cfaccc8ba6874f7c158ec4dda4735
SHA256	18cff32f0f0041e9b74e3290a225ba5eaf4bbae3de017ef9577e1ce7319fbb16
SSDeep	768:gu4Lwc3CwrckIbI+XMGVPqmLDp4HoXMvLVYDfSIMUpRtf74Bh033q:gu4zCwrNI1MG5x9XILVjIzdMBh033q

C:\Users\5p5NrGJn0jS HALPmcxz\Videos\_Iy8x9AH9E4iyV\uGZW.swf.kvag

Dropped File

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\_Iy8x9AH9E4iyV\uGZW.swf (Modified File)
Mime Type	application/x-shockwave-flash
File Size	74.30 KB
MD5	c2a8488e8e4a13bf6332a0d8c9ff0cf7
SHA1	c3147bf3a57741cee0c0ac01fa292c23e6a0046a
SHA256	5ccd37683ed3a1b708d073b7046d1a07b885d6d1038728c6e911ab7fab39ee00
SSDeep	1536:aRiTR3dzhBnUSC2Pjjo0qRWDm24zjGQ5VcQVwUSWbeEQIqBz133vSw3Hm:aRi5n/sOJU/bV8z13fSw3m

C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\MnXmRfGpxPOeczS\RynyhXN0v\4a8tVKirG4kf_.swf.kvag

Dropped File

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\MnXmRfGpxPOeczS\RynyhXN0v\4a8tVKirG4kf_.swf (Modified File)
Mime Type	application/x-shockwave-flash
File Size	16.98 KB
MD5	8cbadd9dd57fbc104a66c804dac37c78
SHA1	6a14771c043f8e0a502d85b81634fd518222b31f
SHA256	1350ea4e724d7d92b8e7b7099c862e03f07c5f558edd95cbb64769f1fb9083b2
SSDeep	384:AJbpYMOVS2HktTrjqmYWFLs4pr9Oo8Q8h/IGmUyA5nd784:ebfOVSfYWq4pb8lh/IG95u4

C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\MnXmRfGpxPOeczS\RynyhXN0v\7D6iArC91 Gvdvs4fzbE.mp4.kvag

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\MnXmRfGpxPOeczS\RynyhXN0v\7D6iArC91 Gvdvs4fzbE.mp4 (Modified File)
Mime Type	application/octet-stream
File Size	65.89 KB
MD5	3fabdd7c50ecf8cbfa21635422fa56f2
SHA1	48bf00c3271e38bbac36d28a1ff47657a1b1eabb
SHA256	fde7de4d4bc9ec1b3ef9035877a1c170e14503e162403d5040e0a3ad173965b0
SSDeep	1536:5JrZB4P6nx3Et7cOOd9IM+5gvvkeXTSyDRccPwbQVaCK2MazBOd:/rW6nytMAj0/qcYUwCK2MazBOd

C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\MnXmRfGpxPOeczS\RynyhXN0v\ggUgd4m76uyf-R7.ots

Modified File

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\MnXmRfGpxPOeczS\RynyhXN0v\ggUgd4m76uyf-R7.ots.kvag (Dropped File)
Mime Type	application/zip
File Size	34.50 KB
MD5	30d49f8dec841b44d6de962fd224a263
SHA1	7b4664bab4df28f56ebd10d076c1f243e350bb37
SHA256	cb1f22a8258df3ddfcdd5ca82992c648f426ce19e5f8009a78548fccaf6f93ec
SSDeep	768:vC2rMIQxUYUMud9qnV+4YoRehLgALG/Hl1eJ7BKDpO34G3oXD:vCPIQxUYUM89qV+x9DcHe9KwoGYXD

C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\MnXmRfGpxPOeczS\RynyhXN0v\hd_I5QL.swf.kvag

Dropped File

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\MnXmRfGpxPOeczS\RynyhXN0v\hd_I5QL.swf (Modified File)
Mime Type	application/x-shockwave-flash
File Size	88.29 KB
MD5	1574bbe0f404eb470984ae2dbe518dc0
SHA1	44c7ab6535e4ae1b1e6e72c98dd7ce0329f0309e
SHA256	382db6d7c2301f7e9716f67c41c62c230db1a3fd8587a5232d247098a5abf62f
SSDeep	1536:utcfoR8N6aqSoc6gU4h41hK9u/mQRt1vG+F4DYVmMWrQaR52K+uZCbKlXt4sEk5V:utcfiu65WZUV7/mQRt1e+F4DYVmvR2uV

C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\_private\folder.ico.kvag

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\_private\folder.ico (Modified File)
Mime Type	application/octet-stream
File Size	29.55 KB
MD5	e43e9d3a847cff2b11f823533b2cb2ec
SHA1	50f4fae045d091eaecc794918acf631674a2765f
SHA256	3541c1ee5831cec68ca32402853b3921c80ea788762f778fb4bb9614a0e58fa9
SSDeep	768:27qa/TA8nXOgAbpzTT8/8wA/IQujhPLAjIQBnak5ehja:27qd8ab9TTJwMHsP7kkhu

C:\Users\5p5NrGJn0jS HALPmcxz\Music\JMb5K DyX7\dDJH0qEgeh8-fL\1lRBjZRQOlow.mp3

Modified File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Music\JMb5K DyX7\dDJH0qEgeh8-fL\1lRBjZRQOlow.mp3.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	63.27 KB
MD5	0d9d1ea4d3d0ecb80739ea31c9bd68a1
SHA1	c4977c349c2e119ab713e67b8165b95909ad26fc
SHA256	20de33c3d3fc967998ffc1ee856151f8f65666d0b42837fccf532a4699f69a84
SSDeep	1536:IXBlcAwrXvroLgOegTMExCqJnvsBYhce9RYBKKE4rWLrHgFn:IXrlwQgJsNPYYhceYMKp0HYn

C:\Users\5p5NrGJn0jS HALPmcxz\Music\JMb5K DyX7\dDJH0qEgeh8-fL\6xt4FsFvWcFUHy94.mp3

Modified File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Music\JMb5K DyX7\dDJH0qEgeh8-fL\6xt4FsFvWcFUHy94.mp3.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	50.92 KB
MD5	19ce4097b5bfeef8030ac3b65412dc53
SHA1	f4f6088be68ddf85d62c79e5fc20d6a1f777aa1d
SHA256	69d75df8f4ac122707b0626db8ba86c93bcca03f32b897d10901701f283c6a6c
SSDeep	1536:M3LME+0l6mtPdXoV/ncvSIpB3ZC3I3cZsrz:M3LME+0l5d4V/cdvITa

C:\Users\5p5NrGJn0jS HALPmcxz\Music\JMb5K DyX7\dDJH0qEgeh8-fL\N-2ZB.m4a

Modified File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Music\JMb5K DyX7\dDJH0qEgeh8-fL\N-2ZB.m4a.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	5.48 KB
MD5	e5627b6d4b5e75c0694e7319c7e8eeca
SHA1	9be58ffd0992836df2d2f7b178d542a5cc500d09
SHA256	c624cb84c6071282ed61ebaefa1f93630816fc64ecb2548c86714b37e4b61689
SSDeep	96:ict+JujW5DvhdjnCY2sMWzK5YmI970xoFZQnaIFKouFwfioCrj3U04QrqLjQO:0gjW5rfj//K47+eZNGiwf5CE0hWz

C:\Users\5p5NrGJn0jS HALPmcxz\Music\JMb5K DyX7\dDJH0qEgeh8-fL\Qne4-mFXNX7U_TH6.wav

Modified File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Music\JMb5K DyX7\dDJH0qEgeh8-fL\Qne4-mFXNX7U_TH6.wav.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	21.83 KB
MD5	cfa8425cbb80699e1574f4a851dfec80
SHA1	8ac53ae73f9f1395c714f536c2e0e228b4024843
SHA256	2dcd32aea62b807343b4264ae1ce2d6524142d0de1aef4eb78e47953e228d6a0
SSDeep	384:qW+GJBa9BXCqkd22ovXnbEXY5lYfRDcboNnTrWpFb3XeNiiQVGQtcBXf2+U4UYxS:q4JBf9ovXYXBpY0Bf6bneiVRsU4UYdc3

C:\Users\5p5NrGJn0jS HALPmcxz\Music\JMb5K DyX7\dDJH0qEgeh8-fL\XO SmK4Aq5-.mp3

Modified File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Music\JMb5K DyX7\dDJH0qEgeh8-fL\XO SmK4Aq5-.mp3.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	91.40 KB
MD5	73765ae5f9aff296a4394ae667d000c1
SHA1	ee5d532fcaa4eeff2f4c11ca7014dbe9f574c235
SHA256	b6365610c2b13436a217a28a675150d7077e0227a3142a268a904d25326647f9
SSDeep	1536:nMC1bsvvtFi+Tas7jAIg9h7JbnciLfphBi3dwh2xfqhrKB+vdZtjZtJ2dCkRLgpD:BsdBacjAzrFbncmfc3dwxhykZJcdCkBO

C:\Users\5p5NrGJn0jS HALPmcxz\Music\JMb5K DyX7\QgLkms-\79lY3UJfi7jg-Rw.mp3

Modified File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Music\JMb5K DyX7\QgLkms-\79lY3UJfi7jg-Rw.mp3.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	70.99 KB
MD5	ddabc50b96afabbc246c686cdc367a0f
SHA1	119d7247936febd255fb8f31df030709301db896
SHA256	79147e3c49ca7eb87f6a1b7a1f0ad2fd1812ac274fcf95f988909a99b179dfb3
SSDeep	1536:5lSWa1LVU7FBK7Gj54pN11//kPDW2n1fvFvximga+nFY1K5MSzYu:rSWsUBwUPDWq13FvYFp5MIF

C:\Users\5p5NrGJn0jS HALPmcxz\Music\JMb5K DyX7\QgLkms-\AqxNzxwgHCKuzfsCaCH8.mp3

Modified File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Music\JMb5K DyX7\QgLkms-\AqxNzxwgHCKuzfsCaCH8.mp3.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	82.74 KB
MD5	6c55fd1a834dcd959db1020bf2915729
SHA1	e411ab869d2f54b4831525bb32fa6bd03fc77b61
SHA256	964d63a3d05cc98ad2f85fed9c418a1e89a81e83ae8ac44bf7e0126e0795a7e9
SSDeep	1536:Hm9/9xaWNRXGKPQ4zG7NwaVrVq6+G7vQQU1H8wAqJW:A9sWrX44YVYWYxlCqJW

C:\Users\5p5NrGJn0jS HALPmcxz\Music\JMb5K DyX7\QgLkms-\kwaxsk4m.m4a

Modified File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Music\JMb5K DyX7\QgLkms-\kwaxsk4m.m4a.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	27.49 KB
MD5	3bc8ee2692af8a7a6f732f234c8e6662
SHA1	c87cf81741636f5ccd072c0b48702c8ca35f623b
SHA256	c8e819b74156d0ae6838975998cbd3545955d46b33e4cd1b4148fa730874bbb7
SSDeep	384:EkJuA6XsIHJAfDlp8sBufITbF1LrS0pFylyRGxOaEea8BAI80LkaMyyp2Lb4Z4E/:Ee6pmpMSTrSmFygPLea8WMby8LbJuV

C:\Users\5p5NrGJn0jS HALPmcxz\Music\JMb5K DyX7\QgLkms-\PwRjCl.mp3

Modified File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Music\JMb5K DyX7\QgLkms-\PwRjCl.mp3.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	57.80 KB
MD5	045498740c34d6d3c6e48009c716ba2e
SHA1	edee10e97ab28ff9265396b4ad5995bd58e7ea18
SHA256	7878eb885820cdb9fbabb06bdd8e94390238f96e4fa8b9cbe243bed0b61a06b4
SSDeep	1536:GWN2Uy8dNZ4XoVts+bzOZkao1T+/aOLcKZ:GWNNsog+byZto1T+FFZ

C:\Users\5p5NrGJn0jS HALPmcxz\Music\JMb5K DyX7\QgLkms-\Rg0qjq6f3-pfCaRPB.mp3.kvag

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Music\JMb5K DyX7\QgLkms-\Rg0qjq6f3-pfCaRPB.mp3 (Modified File)
Mime Type	application/octet-stream
File Size	41.54 KB
MD5	3dda16b2c00655ac02f8198a822a2cd0
SHA1	7baa36ca9ac4441e54d2607d159c4fc613ab4185
SHA256	26570eb6629439d8df0901b0525565000e6dfc37cfd60184d96df0b1198c7e41
SSDeep	768:I+072kDGpaTjHkbkQUIIfIOs1hrm7S87ZE1abisMOiezJ2tmt8XAWNQ:pnWTjEbkoIgOs1ha7OabisJx2tmtkAIQ

C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PO z8nOyg\E8MPONl9OoHt_q1Da\76xpNeygNMpcG-mLxW.avi

Modified File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PO z8nOyg\E8MPONl9OoHt_q1Da\76xpNeygNMpcG-mLxW.avi.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	22.06 KB
MD5	4238a38d543653faeaa2c2a3a8185afd
SHA1	386940ea19e74c44d0690619c58c3f410c6f107c
SHA256	864d7889b1d281808355f0068ab44caf9e06c5f075947cd9aee7d61ccda00250
SSDeep	384:wBCvLsLlonn/3r0CQa/qkoPakwxB3gga0qDT4IDoDyz2+KLK7VZMWlOf9kcf:wBCgS/3ZQCPB3grNTfbK1LK7VcfOQ

C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PO z8nOyg\E8MPONl9OoHt_q1Da\jZj0QHRQWui3.flv.kvag

Dropped File

Video

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PO z8nOyg\E8MPONl9OoHt_q1Da\jZj0QHRQWui3.flv (Modified File)
Mime Type	video/x-flv
File Size	68.63 KB
MD5	a3843c3eaaf85395d886a0660c47c0ef
SHA1	8840da6aed58ef32ae4056f5e0a23927da3bc323
SHA256	f0f0c539b460a7b0d527c6c5a38f4560c58d589e478bb09294613205937dc169
SSDeep	1536:MfeAX0bGxTPduuZlkeCkIJF/W2SPmLJjjt/GP7sFgAyRkPP0axCradX+U:aDX0cXknW29FJsACRmQ+dXr

C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PO z8nOyg\E8MPONl9OoHt_q1Da\RCr-WbxWBDI_9yc2.avi

Modified File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PO z8nOyg\E8MPONl9OoHt_q1Da\RCr-WbxWBDI_9yc2.avi.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	11.39 KB
MD5	9d886dd66f42a1b18ce37483321aa232
SHA1	23e35ab3841be846c0d2e800576a49b17c3df6bc
SHA256	fe006daf97444634e8d6831e9a3fef5b94145d800d12fb13d7d423bd471148fe
SSDeep	192:neCe0PjrrsjtR+TeCZPXnbQjo6xV5yEsolajXOUbBmS+UQGkAfIIk1Lgd4GEQC9d:nXeajm+TeCtXbioiVgUlajXOUbB3RGIK

C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PO z8nOyg\qC5iE91o3\4HsAslPDmPtlJF74pOu.swf

Modified File

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PO z8nOyg\qC5iE91o3\4HsAslPDmPtlJF74pOu.swf.kvag (Dropped File)
Mime Type	application/x-shockwave-flash
File Size	78.90 KB
MD5	95434141bdaa593f1cbc94515d6b7b0d
SHA1	6c3a97a67f544434a9d9bd52041c0f1cc83058da
SHA256	ba5f43370452e579e0ba26c3fc5b0222040bf72d359b3b61d5c9f034eb3c8b72
SSDeep	1536:DQXvKLU2gqSfSDfks8wnQ2K5j60HoxoRKeG0jSYx4Z0Ovn7o7CuMVqQq6prFI:GCLaqrP8p2Evo2UeG0jc0O/7eZSYI+

C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PO z8nOyg\qC5iE91o3\exaDYDv--4LV5xHD.swf

Modified File

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PO z8nOyg\qC5iE91o3\exaDYDv--4LV5xHD.swf.kvag (Dropped File)
Mime Type	application/x-shockwave-flash
File Size	44.14 KB
MD5	7ce54f1eaf95649452984d0168bf8487
SHA1	4cefc85a4896dbc686b096bffe17536831eaaea0
SHA256	45dae4f716d7b57b3450e3ca191048f8c3a3e4e5fb58e9c41f34ce90ace07c9a
SSDeep	768:SvbqXFhGlksO94n9bQhb8twRxX5gksKYNlZrV63eFC0KkSh0E2GAOOyciEqNew:S2XF4/1my+YjZrV6uFx540ErAOOFqNt

C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PO z8nOyg\qC5iE91o3\F72ymb.mp4.kvag

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PO z8nOyg\qC5iE91o3\F72ymb.mp4 (Modified File)
Mime Type	application/octet-stream
File Size	71.32 KB
MD5	912d409f9eb3e4067dca9e19ed882126
SHA1	5ea7c30f9bf2185fbf8024c740712ecc25809406
SHA256	007faa9907e0e2253d02fc8b40b757cb1f82cc97a01a5e49131b6193e47925b9
SSDeep	1536:u7pxmKDFo6yjRulcTceU3Rzs7d7e9NT/L+MKTOyOeqxRH3kcS6a:u7rmEhyjwk2s7dweSTz3vS6a

C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PO z8nOyg\qC5iE91o3\Fpn5 rIQgKEMen.mp4

Modified File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PO z8nOyg\qC5iE91o3\Fpn5 rIQgKEMen.mp4.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	95.62 KB
MD5	45ef858b226d64a2183c1d5318e0ac21
SHA1	6b9340f5798118af798f090b180e32f169f7903c
SHA256	d3272a6f6f993e055645bda5a4959d7c15f842f3bd71773d4e9ede183de725c4
SSDeep	1536:j4Vb+uE6HPTh3mpONcKjRpb2NUrZ/1M54Lm3nX9tIdvUIq4J66YMmYLBNgYfSyRZ:ruzPTJmpONPjc5VX9tiqx+4dbY

C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PO z8nOyg\qC5iE91o3\ZVpUd0FLYyHkQN.mp4.kvag

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PO z8nOyg\qC5iE91o3\ZVpUd0FLYyHkQN.mp4 (Modified File)
Mime Type	application/octet-stream
File Size	58.19 KB
MD5	741e485200bb9f56bacc3170260d6963
SHA1	10032943fce22bbae51c8176ad431d11ac1aad6a
SHA256	9cde7748a41c3404914f97632c4e0c342125bbd856ac492e94035742ece8e39c
SSDeep	1536:Q1H61uL26HTTJ/gafrqJ3KgPSUXPDM+Y3XCs3f:Q1a1utTiafrqJagaUXiisv

C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PO z8nOyg\E8MPONl9OoHt_q1Da\EKLgt3560oqvlMqYdD\OVSC.swf

Modified File

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PO z8nOyg\E8MPONl9OoHt_q1Da\EKLgt3560oqvlMqYdD\OVSC.swf.kvag (Dropped File)
Mime Type	application/x-shockwave-flash
File Size	55.66 KB
MD5	5a99a822661dc966bfd43bebe4de21e2
SHA1	3d0babc75b4fdc21863b0626493000204f8de68a
SHA256	7e959fcc50b30359d7233b9a49ade070bc26b2c17b617e9a46fbc9dae11d4b78
SSDeep	1536:tepaBfh2QL8N7ep0SPSKx66TyLwmkvDAfQFMo1keHn14:X/gNKqeBxdcwTYQFMin14

C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PO z8nOyg\E8MPONl9OoHt_q1Da\EKLgt3560oqvlMqYdD\UhhXjArBY.swf.kvag

Dropped File

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PO z8nOyg\E8MPONl9OoHt_q1Da\EKLgt3560oqvlMqYdD\UhhXjArBY.swf (Modified File)
Mime Type	application/x-shockwave-flash
File Size	64.48 KB
MD5	ff05c3e33f9042f72d7b9e6e721f3aa1
SHA1	ecf2848fbc2206f855e2329715334d5209954e59
SHA256	51d803906547568f9b6a4e61fbdb2c438c5ba289601f72fd648f8e7bcf415c8c
SSDeep	1536:/42RsHbw5oV62Ua2fWH/+ETZff/+FRrSzBF7QutttsU:w2Gbx32bETtf23UFjttX

C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PO z8nOyg\E8MPONl9OoHt_q1Da\EKLgt3560oqvlMqYdD\vy43O2Ond- g.swf.kvag

Dropped File

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PO z8nOyg\E8MPONl9OoHt_q1Da\EKLgt3560oqvlMqYdD\vy43O2Ond- g.swf (Modified File)
Mime Type	application/x-shockwave-flash
File Size	34.75 KB
MD5	294f84b55298a61220785463d7235dbe
SHA1	002d5b0c3eb1fdcb8d0bfa0c1ee92528b845648a
SHA256	b1f8feed9c124e8f5fd77e300c90ef69741bf5a0fd4ddaeb81fe88eb09c4e20b
SSDeep	768:vEvzLbTfvSYIKY2NM4T/dtrhgXJqMNfNmkKgqBy7:8vz7fvSbKdT/n2qMNfNmkK1m

C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PO z8nOyg\E8MPONl9OoHt_q1Da\vdLT\A0XrY9 WNokaAWv.flv.kvag

Dropped File

Video

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PO z8nOyg\E8MPONl9OoHt_q1Da\vdLT\A0XrY9 WNokaAWv.flv (Modified File)
Mime Type	video/x-flv
File Size	6.51 KB
MD5	36fd387fb001eb5b8cf80a4a62b650e6
SHA1	68fb77289e00c9e8c5cdd07d653681a452b8fe8b
SHA256	0e63fbe88049dec5ff951ec3dc93f54e3acb7b8c6c436e0dfce5beab96c75ee6
SSDeep	96:aXkuR7Eqh07poPVkddDYXB/xa40v6TKIo06IK+k8SvSj/yClMiy+48PZ+kYiOnSF:humftdERVKIoGK+ivEykBnR+kt

C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\index.dat.kvag

Dropped File

Stream

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\index.dat (Modified File)
Mime Type	application/octet-stream
File Size	32.33 KB
MD5	adce6a660a179ab3b05b89fce16fd8a3
SHA1	4ad1cb47094a6ab97ea70df358307d6c07a8882b
SHA256	806fca15f5b23599e78be180c65ce4cd6919281f8cf95c2d82038a95119ec3d5
SSDeep	768:sxpHiwgRopGK5utmrrdH4Sm81nS+APhR7UAaZi6FrFpX:1wrpKtEhrnaPnUCSJR

c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat

Modified File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	64.00 KB
MD5	2db89fb48fd886b621627751f2ae15ed
SHA1	e2f78c6a535f4ba230a4470402b6f905f0b4c066
SHA256	dfc9aeb2ad6900a7b836db92a36a9d2162c84551134c0291757cc352206a3166
SSDeep	384:gnjyLKYBfFVZJptKF2KTFZTCzXTtX+Yih9aX5Jqiq+AN:6OLKYBdVZJptKF2KTFZTCzp++8

c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\cookies\index.dat

Modified File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	32.00 KB
MD5	74d69403f4a938faa28298c110bc71c3
SHA1	c016f27979d48a90bb341ccf7ffef41a3955f4d5
SHA256	8b9d3a6a22778e368c9e81397e2b1af64b9739f7ade535966708f34bcf6eada9
SSDeep	48:qMhaLouhzppiksLSLWFM+AWi3QTGnbYbQWy58V4l9:qO7appiksLSLaH0QCnMbQ5ll9

c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\history\history.ie5\index.dat

Modified File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	64.00 KB
MD5	039fe07d0e06dd21f4177be44cfd010d
SHA1	499912c98748c2d74cd6ada990889dde57b9df19
SHA256	bf45dcf38db14e0f47a24fa2e54990aa8ada6bc7705213a3e7c0c0d9e46817a2
SSDeep	192:TZVaIEEr5WSSZWSUSFSLSSS9SRS4S3SQSASzSwS5SZSqSDS7tS5SqSBS0SQS2S6F:lVaAr8Z+4a6K6s3YnMSPxp9/

c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\temporary internet files\content.ie5\x9ohk109\geo[1].json

Dropped File

Text

Unknown

»

Mime Type	text/plain
File Size	465 bytes
MD5	d6727470681ecc2ca56bbd0486b4fa97
SHA1	693756ab251ef2d82a91d94a2e5b78a9604d8bac
SHA256	8b37ae3083eb3bb497d0de9aa0f48e4fa2b893726e2a9787e6dad0ecd40d9613
SSDeep	12:YCJcjmdVQVCRbwXhCdEVQVPB8yPt0fRbIRAJdxFQVyrhmXoB2SH4:YODQVCRbwxCCQVvV0fRbI2JdxFQVyNm5

C:\Users\5p5NrGJn0jS HALPmcxz\_readme.txt

Dropped File

Text

Unknown

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\_readme.txt (Dropped File)
Mime Type	text/plain
File Size	1.09 KB
MD5	26a93b018cea80222ce8fddb0dbfaee1
SHA1	ebef5bdc29345d9d1eb35d4627fe960775d393ef
SHA256	1e14927c49fa2e2774da09e1da7fa848b03949e2cc2b4b2dffcf125df20f4784
SSDeep	24:FSimHPnIekFQjhRe9bgnYLuWErmFRqrl3W4kA+GT/kF5M2/kDJJRKEz:NmHfv0p6WErPFWrDGT0f/kN7

C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\Deployment\deployment.properties.kvag

Dropped File

Stream

Unknown

»

Mime Type	application/octet-stream
File Size	1.03 KB
MD5	90b720bc050a57187c0c6ab2e7fc07d3
SHA1	7f7642394e0f3e12b1c8a7abaca6c65a5d834aaf
SHA256	ef9145c813b6fdde5653cf7073ed76f0afbb692084ac81d5bba5449a43de1306
SSDeep	24:YyyU50l75JBCN8igDl3D5e0H3QmiHy3cRPbB32GASqUoxOewuqELbD:3L50ldJBrigDzGRy3WPVVASqUQwuHD

c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\temporary internet files\content.ie5\x9ohk109\get[1].php

Downloaded File

Text

Unknown

»

Mime Type	text/plain
File Size	559 bytes
MD5	cbcc3e0e7cece4c5c4352f6bac9941a5
SHA1	dfaeced7c320aa68c9df96f1202cf353c5f12cd2
SHA256	47776efbb5d5da84aab5082ff3f3693fd57a249a4551f0d63aee6b49aadae47b
SSDeep	12:YGJ68ezntTBBWmqZZ1Oo2hUncNFjwn9XDQLqsS559EM:YgJ6ntTBglZZ1OHicNF89zVsgzEM

C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Aclviho ASldjfl.contact

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Aclviho ASldjfl.contact.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	1.48 KB
MD5	1e3e85fa1aac761331b856277dc2eae6
SHA1	fe843ddca98d58835852241b8e0da08d1701cf35
SHA256	f55829dfacb34ade19f851aed0bdb2c82e3f95d2ae0b8bf8ca8fc922b2ade2f3
SSDeep	24:SpPqov88gBRpoptBJRZ0uQ/NLo3dtWwGhV7dA6DjB7dpUC+0MW0E+D18OwsOSNRs:SpyyRERpo/ULo3mRdnPFUC+0MfjZYSNm

C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\chucu jadnvk.contact.kvag

Dropped File

Stream

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\chucu jadnvk.contact (Modified File)
Mime Type	application/octet-stream
File Size	1.48 KB
MD5	1ba472da56cd7c90093b638194a19c46
SHA1	21c00f808179d77f579a6bae1d5fd89e58ed48a7
SHA256	dd3da1976c25dab8bc07f7b7c9acdc9851e4275c3da8c3eb83d40943866aa6dc
SSDeep	24:CjoTBZVPgQrYhJRJr6P7PR64yE+vU0kmU7llzUCzKcMvAdyp5csXyoWpFQELbD:CyBfYQcPjI95ym1f4hLAkp5cIMD

C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\lulcit amkdfe.contact.kvag

Dropped File

Stream

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\lulcit amkdfe.contact (Modified File)
Mime Type	application/octet-stream
File Size	1.47 KB
MD5	1807ac06aba9d2d30f4b57571c8c87e3
SHA1	030c786df8761c2f011e09636d6708d95e7a56ff
SHA256	fc8290613bb4b45572a16c746b4c80999ddc4a83500fc3a2c65ea88fef405ceb
SSDeep	24:Mc7vVxH3XnwiXT8hGNL6AVS2haCT5C0MBPdhKigniHfWW4FPpe2564KoEFELbD:MOX3XHvWAVyCtC0MBPd0/THDjEMD

C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\pV3yVe.avi

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\pV3yVe.avi.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	87.14 KB
MD5	d534cf087c58790bef69ffba51f3f496
SHA1	7c030401d837b89c6724066acef26f6bc635366f
SHA256	17165cd76284e00edbe3b2b33fe92c6f9fd2c230bf48d628b3a2b7e5be601462
SSDeep	1536:Z9nXp0lQTpm7Q+gct9bKAcZ1FqZo0s9Z6YPc9xg9HxiQUBcQ4pp/fn5t:TnXpcQThli5KAcZjVZ6YPcbg9kJBc33z

C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\RnJF6TCUGQ_2QRhsIz.wav.kvag

Dropped File

Stream

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\RnJF6TCUGQ_2QRhsIz.wav (Modified File)
Mime Type	application/octet-stream
File Size	60.94 KB
MD5	fc1260368e897f96f9c9e35042153b47
SHA1	d0f9da826457b183ad836e4bae6ea8567af858b1
SHA256	bd62d16d99d98e310f7cc995ad0fe48589b2a08cf47c7b980a1cd186faef3548
SSDeep	1536:7O7fHxPmMpgzKaUHpk+FFI6hA00Hml8eO8OpfoD:7UfHwMezJUHpkMOyymLO8OpfoD

C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\s9_5sxP4UTReq1w-S0Dp.jpg.kvag

Dropped File

Image

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\s9_5sxP4UTReq1w-S0Dp.jpg (Modified File)
Mime Type	image/jpeg
File Size	2.26 KB
MD5	caff69eb24099d8ad2ad03a848f2377d
SHA1	b5d115919fc59bed75e6d5656d75a60e0b538227
SHA256	d9feb35de82b10f9cbf3f36fdd4c2e8ea90ab9704ebbc07a0e6cc85aedf88776
SSDeep	48:Hr79MHkqjMqWz+IkcBM4xvsCmqtg6xX/77cNa4o6glzrQ7R10XD:uxMKYMJCmqtg6xzp/l5

C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\un2NZ0.ots.kvag

Dropped File

Unknown

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\un2NZ0.ots (Modified File)
Mime Type	application/zip
File Size	40.95 KB
MD5	06ac8a95bb930e15fa12250d07c8cb2a
SHA1	3db5b09720b62d854c773a3549d732e843cb779f
SHA256	201e1b5a03bc0e35386b894640b22261c967c81b0d4b7c729e173723e3760d9b
SSDeep	768:MKo23UMl0Hk/ZwDCG38aaeFMBuO9CIUmYpgo8gj05TIG5QjKHf2tJ:no2xgk/ZwD/0ZBYBp7T05TIGKtJ

C:\Users\5p5NrGJn0jS HALPmcxz\Documents\0qm3q9iPSe2R.ppt

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\0qm3q9iPSe2R.ppt.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	31.26 KB
MD5	249837352738b58541082cb52330c212
SHA1	a37024831fdf4de7345b44016b1ba393216674ed
SHA256	00f41b3b15235143ffcd56b641ca4a2c264412c7412fc71a012d413d363e6de8
SSDeep	768:G+ZB1G73HZhhTMqmF/kYyGoeOLMSAFxCR6Hho:FZD45nMqmF/vvROLMSOxCCy

C:\Users\5p5NrGJn0jS HALPmcxz\Documents\2o28EiG.odp.kvag

Dropped File

Stream

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\2o28EiG.odp (Modified File)
Mime Type	application/octet-stream
File Size	3.71 KB
MD5	556b095858e4e367f7a43517dc5735dd
SHA1	9891018ae77741c81d52ea7dc03ee00195ca1050
SHA256	e85e6c87e7a60d27e9a4d40e2338a3b0be0ff7bb25befc4a0b74b4d9133a0932
SSDeep	96:zseZszs7l4zeYs1HrO5dPgpLfjOh0UkpbK1yg+AQYk:zseZnl4zeYshrODPwf6h0rpUyg+AQR

C:\Users\5p5NrGJn0jS HALPmcxz\Documents\8YZ957hMKqh_.odp

Modified File

Unknown

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\8YZ957hMKqh_.odp.kvag (Dropped File)
Mime Type	application/zip
File Size	71.50 KB
MD5	6f99f119fe085ba423cdf79338b1d104
SHA1	bd70444a7e0771b853dfbd89ce991b83b19f715c
SHA256	f74924755587dcf34b8b940a52f232c7ac079e3311f506efa9929113cefe5c73
SSDeep	1536:QIquLGZkj6E3rJ1WFf9pS5wPznpYYGDjF7JSBH6DQ2jl3ZaQJ:QBTkLsVpognpYjDJ7JSB12x3Zaq

C:\Users\5p5NrGJn0jS HALPmcxz\Documents\aPJJoH4o5A99cXyI.ods.kvag

Dropped File

Unknown

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\aPJJoH4o5A99cXyI.ods (Modified File)
Mime Type	application/zip
File Size	65.23 KB
MD5	41429fafad5372d3eff8eadb57fb09c2
SHA1	d55c5c5bbfba8acf7ae4215570b973f97e863b20
SHA256	5d8fb60a40bd6d50706f0c27cf1f35878b1548479e8a80b9dc406acd46a26944
SSDeep	1536:PcX9pYR/hWHDoAANscmptTQTzbok4MJt0YscUXriM4zhkFBR5t+:Pct+/QaNytTYzUkrqYscUXKzCFB0

C:\Users\5p5NrGJn0jS HALPmcxz\Documents\c2fsy0lIXf9fL9D_.xlsx.kvag

Dropped File

Unknown

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\c2fsy0lIXf9fL9D_.xlsx (Modified File)
Mime Type	application/zip
File Size	72.81 KB
MD5	938a7d0f2d7bcf8ec2069b61efb08be0
SHA1	656e80b9d947c60ca7d38d55395a059b93ba55f8
SHA256	31a064ba39967fb6661df2811cd7fe52e3b8f03deb8449a03e2b1110d067cafe
SSDeep	1536:ZH3IIfY6OcXR3nXC9hII6tSVojueivjVjfVJnqn8Kxlsc6MiNpsgFS1:hIgYdcVK51Gu3JxJnqjjf3iHxY

C:\Users\5p5NrGJn0jS HALPmcxz\Documents\cbbKLa 8g2jylz.xlsx.kvag

Dropped File

Unknown

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\cbbKLa 8g2jylz.xlsx (Modified File)
Mime Type	application/zip
File Size	48.04 KB
MD5	c62073b0fdd3e816d7c7c423bc8fe654
SHA1	9df1651c510e5425746bdebb09c4867f99a7fe26
SHA256	e358cc6e4a1135b19504a6e3d1ff9ef860e854bafe5c920f98bf3d029380fe21
SSDeep	768:oDWrbHW+14VHuPxS8K9mPPFTcCOy/+kWP5yJb3eNwUS5FwQT7KMDy5B5:dry+aVHq5K5/y+P5yJb3vUSkk7LcB5

C:\Users\5p5NrGJn0jS HALPmcxz\Documents\F-3985rHMiViUc6cgm.xls

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\F-3985rHMiViUc6cgm.xls.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	2.55 KB
MD5	dd2a0eb688aea61c3ff6381b21ae190a
SHA1	43bad27456d550608ae4f71b200b098f8209b080
SHA256	31438605bb732cefe76a4e1633448ce71fe6f7d20f48f78070ed4d332565f432
SSDeep	48:ZNlO48/P2z5s4xtrFB9yPZaGJyhUy341mnwFQT3jmHkiYg4OsqCh1AmdC3Z26D:P5g0t1yRXJbyI1GwW/YkThCChTS

C:\Users\5p5NrGJn0jS HALPmcxz\Documents\flz_m1D.xlsx

Modified File

Unknown

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\flz_m1D.xlsx.kvag (Dropped File)
Mime Type	application/zip
File Size	82.55 KB
MD5	6bc488bd2a92cdd01c20864e69c91416
SHA1	5d551dc962187964467d53bb540303ae4d3b44a9
SHA256	2b1681551baa52df069d0baba668a476e6dfc119bbb51ab169c021b92077472b
SSDeep	1536:5/z50wXrxwOWW+vSgEweHG9cqNo/6x64N5KWYGpiruTZt7/q2y0oKMdu:5/zllWW+v1eH026x64uWDpiru1tCxg

C:\Users\5p5NrGJn0jS HALPmcxz\Documents\hqdY2gjPn5Eci.docx.kvag

Dropped File

Unknown

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\hqdY2gjPn5Eci.docx (Modified File)
Mime Type	application/zip
File Size	33.62 KB
MD5	2e9d582f8fc7059f5f36554c6e7036a0
SHA1	184c1d65b5ee96181ad1b069c245deaed4b31aa6
SHA256	e45af5b56fab9fe578885b3d7a1d0a0c5cbc1d55d12b92a6eb98f35ada791305
SSDeep	768:kJIJI2IDNCOI63Zwk/4EJl37s80JbdfLxWd5i89ToRpXc2ThTY077Pqcj7:+5RRCZgZwk/423Y8AHWTiy4pXLx7Prj7

C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mUv_SkYk3fldq1.pps

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\mUv_SkYk3fldq1.pps.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	44.39 KB
MD5	202c72163115938707740edc18f70d44
SHA1	313115b18dc57473c9f0363ea4b90e720a8445c8
SHA256	a1e0676da5d2ab2bd8d6132654dede21e7698962912d36ef99dd5135530f8bcd
SSDeep	768:1ZoKfRbuYhC1Yx0oeRqpLs4Et/W/Cblbi8Y34uPK6QdsdBCWEz23vvxqYh/AvYrq:zzhKYxVecpLjW/W/CxW6PldCEi3v4S/S

C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Ndagl35.xlsx.kvag

Dropped File

Unknown

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\Ndagl35.xlsx (Modified File)
Mime Type	application/zip
File Size	62.44 KB
MD5	39463a66fc376aed1a68c35a01ff696d
SHA1	8289c1878e1b5ea90841f4108a5deaa8be134442
SHA256	48e312824ec5aa6789f378c3e71104ebcbe4c6699c9a5e96e1f920601dba8961
SSDeep	1536:z7Xm+3Vzxa+5PE1qNxK8scAJJtsy4aauz+zapKaijSSCfG:Xm+F5c1QK8scA7SyhdpI/hC+

C:\Users\5p5NrGJn0jS HALPmcxz\Documents\OzU-IttpwwBuAxnEt.ppt

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\OzU-IttpwwBuAxnEt.ppt.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	58.70 KB
MD5	28d59f4e57b0f5ea6ef91f7dd32641b1
SHA1	0579f20929202757b2f8bc4e6fd176eca23b41fd
SHA256	fc0f90915c5a685c5474fba6a3f50d1893f4bddf2debae398322c59c3f3da1f5
SSDeep	1536:6JhaPYLHoLHY1c6C7LSB0J8o7Svdss9bEy:UaPoOHY187LbJSdsCb3

C:\Users\5p5NrGJn0jS HALPmcxz\Documents\QUr6Wv.xlsx

Modified File

Unknown

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\QUr6Wv.xlsx.kvag (Dropped File)
Mime Type	application/zip
File Size	67.11 KB
MD5	986929dedc60ad0fa4191271bfd3db35
SHA1	94f636f005f117d716d34db8ad698a53a8842845
SHA256	655728f36ff43e30ab77bb4036da306f37a275c09170575b74ed0103df7c28ac
SSDeep	1536:kxySVR4ghe7WjC7iAYQRuRG5oElURFijhR8IVk7bEugF9A:c74b7KQ7WEMFiduIKbD

C:\Users\5p5NrGJn0jS HALPmcxz\Documents\uQLXRscP6.docx.kvag

Dropped File

Unknown

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\uQLXRscP6.docx (Modified File)
Mime Type	application/zip
File Size	97.18 KB
MD5	79ee33a10d13b76ee84e90a9863c762b
SHA1	81368132b5f8824d6a15f59aa1165259689a04cc
SHA256	d6f77c160cba4f675194ba80f2692eaddd4963d7bdd99afce6cdeb3d1b6df18e
SSDeep	3072:wCppPKen6GZrtxRsT7+tYw43P3BF4IW8arP09:wCLPKBGZBsT7+tcxF4IWns9

C:\Users\5p5NrGJn0jS HALPmcxz\Documents\wMsDH0dZaz.pptx

Modified File

Unknown

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\wMsDH0dZaz.pptx.kvag (Dropped File)
Mime Type	application/zip
File Size	97.04 KB
MD5	fde04423d1473a855ae2f624cc999b14
SHA1	1c671ca947fcaf50713bdf09e60e73198edfe1b3
SHA256	791771718215b28310785f3bdfdd2e220d14bbc23a227cb1e9cd207cc0e5c3f5
SSDeep	1536:qx/wYxdbLRg7ABmta/cPKPcuss/qIuF8Qm3SimXWWBPjwt3a+jPRntB:HcdbNg7kmU8uss/qn/nZ7NEB

C:\Users\5p5NrGJn0jS HALPmcxz\Documents\xHKfg1buDW5Et.ots.kvag

Dropped File

Stream

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\xHKfg1buDW5Et.ots (Modified File)
Mime Type	application/octet-stream
File Size	24.59 KB
MD5	4e2f80fa10c7d07b73b10ecec172e1b4
SHA1	f14d1691be2306631f5d9a0a3338f6ca56cb33fb
SHA256	62353644a12db2402bcaec67927124399813e31b6c5095002beace43cbb8fca5
SSDeep	768:GE+k3+xITLDSvs/5994j0Za0ai+k1laaje+w2ILjRNfNT:Vkx6Bj4W1/Jqme+OtNN

C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ZuqvG17IH9puQg8B.pptx

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ZuqvG17IH9puQg8B.pptx.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	32.05 KB
MD5	2f65965aa7103fadd8f81c73a0ac674a
SHA1	9dfbb8e0bb9306ac08111b44cd4b696afd0070d5
SHA256	0da1815ca04bb59df33fc2857fae60ef8e5c01a84bf2a30f9af02059592778fd
SSDeep	768:iHJtoiOJP73DIH1V2txyQXDUssroMlD8If8v+Hj8fuEdmRjBey:iH7rOJDg6mnTlD8q8vFuEd0BL

C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ZX_nv6ome8v9IO5Mvi.ppt.kvag

Dropped File

Stream

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\ZX_nv6ome8v9IO5Mvi.ppt (Modified File)
Mime Type	application/octet-stream
File Size	38.38 KB
MD5	caf99664bc065b8bc6c9148403583410
SHA1	d9185f6c6ddc73cd6403bc660763b9370db7301d
SHA256	e07ab44dde39aa664f630413b493c9d09332684bcb5bbcf1c2e6227eb54b5fbf
SSDeep	768:eRYi9eNbpjtpUrArdHmfaQVavmtPmumLntPGZkiTT0LdQ:eB9eNnpUrArFGVavmMuN9Tf

C:\Users\5p5NrGJn0jS HALPmcxz\Documents\_dmLJ1 KFGu.odp.kvag

Dropped File

Stream

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Documents\_dmLJ1 KFGu.odp (Modified File)
Mime Type	application/octet-stream
File Size	44.93 KB
MD5	32969589281edfccd6711ececbbf02c1
SHA1	b2cee5d1a30c4163331aa7616f97414a5823736d
SHA256	93ca52cfe34fe8aaec27f370216cd938057886c902827d960ffbd7dc83dc0d13
SSDeep	768:bioQxvDRnlrgx8PaJh9wB24yTHxN2ri1qtZYZZG6jeLhyVZsi:bdQlxlsyPaJ/wB2TdEri1YEHCly4i

C:\Users\5p5NrGJn0jS HALPmcxz\Music\5lR8cXfV8AUdqEIQ87t.mp3

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Music\5lR8cXfV8AUdqEIQ87t.mp3.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	73.00 KB
MD5	1464e3c751efa5a25369607a9116269e
SHA1	a43223c716d7dd500166ae9cab131bb219b5f7e8
SHA256	6ca96f85d789befb6e2d03c5b7b46895ce138faca01523dc420c9cb31228d543
SSDeep	1536:gwjDBoqihBQxgymmiKBL4XlftCDsqFvkvc/5pwJH1l+rB3ZBdb:gwJ0iSymmMXxtDqFGVl+lJBB

C:\Users\5p5NrGJn0jS HALPmcxz\Music\AX5dw-yk.wav

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Music\AX5dw-yk.wav.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	91.45 KB
MD5	07e0517a55543dd3b494aa95d4ad8ed4
SHA1	f7d2bbc64b79d85e3f67f0a96874a3c5f784ac80
SHA256	791bbb99a6a035ca54c0dc3cb13a3161bff0f4a2a0830cc1d0ac79c0efbb1b8e
SSDeep	1536:L0oa7y9TMcrG8cfsddA2rd8owjy2Ji2AE/gD35z3iQB77SklQQSsi:L0py9TMJ8cEHA2r7G4S/gD3xSQTe0i

C:\Users\5p5NrGJn0jS HALPmcxz\Music\EcgP9ne1dlBj.mp3

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Music\EcgP9ne1dlBj.mp3.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	84.15 KB
MD5	fca49b7f434763f57f6b8bf2ef8c7542
SHA1	18746c0c5a2504203afb9d7268d650dae70b879e
SHA256	c53c72f8abcdf8b31a374bd2960abeedebc7eaec6526f52c0d9172160b1fc518
SSDeep	1536:p45o+yF5Kc7XrAn+bazonizJzjGij3zjLIA0pAiPFwtXFOiPhKr0q7:p4GBtPAnKa6iJjGij3zIA0pAqFwtXFPQ

C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\-9kI8q.png

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\-9kI8q.png.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	12.93 KB
MD5	2623a95ebf3e0fae2b6422237c99b989
SHA1	b4ae875cd311d233f798a23cf6c13b5bd50db401
SHA256	510d24b93576c56bd2388f3440f52bc47b647a647a3d756bc6ff8873f581d08e
SSDeep	384:8Jcj/WsaoIc5K77TddAKB4J1zrS2Cb/Bm8x2ZXbW6:8J4Ic5K7/rAKGJ1zFCjBP8W6

C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\8WI455-IeTtDu5ufHo.bmp

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\8WI455-IeTtDu5ufHo.bmp.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	71.11 KB
MD5	29b5bff715ad89fde85d402dc07b1524
SHA1	4cd92d0d0c99472103ca24928b9fda7731e1a087
SHA256	2b52754cc89164ce1a539359860a2e5bbe6e6ad408d19e7d0ab4a1c2802fa479
SSDeep	1536:qBkPV0rLBGd63tgfllg0GdemfzeVpjIujXQ609SbGbKm/gciq7:tPirApjg0Gd5KUSgKGbbb

C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\AIlA315n8k.jpg.kvag

Dropped File

Image

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\AIlA315n8k.jpg (Modified File)
Mime Type	image/jpeg
File Size	30.67 KB
MD5	3c905c0039366a0072211098a54b021f
SHA1	cdf667da79afec754d5e38856657837873577857
SHA256	7a23a7457bc8db52473ac76b6500027409649ce2a08364eaf46ce0122fca649a
SSDeep	768:ieOaahBetSO0DcRZdamV1ACZ+EUD17ZSQ2mleTqMJ+srbvI+:0aeqSO8cRZ8mV1MdKVaeOMJ+sPI+

C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\BdqNz1PxzX3wOPjw.png

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\BdqNz1PxzX3wOPjw.png.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	97.22 KB
MD5	dd6802a6d6bd1da754d8784e0c8319c4
SHA1	faaeca90c2cdfda9cdbd8f0a815060a33a8d52e0
SHA256	9c0b04886c9e97d41d3ede0765f4a4a4008853f10f5e18e8e4063e9d4c00e2c4
SSDeep	3072:vRW4O284YnDzlTkE9XFSarjhOmivcmIwK0lREDIWV8W:5WJrDSE91SanivIGl2DI+/

C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Gy-VQuUkc4SKj_omZAJ1.bmp

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Gy-VQuUkc4SKj_omZAJ1.bmp.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	89.30 KB
MD5	da300aaa66a8152c19151a7ad26bb646
SHA1	6d03cb5eabe2cf78df1d54ccae1f23556021eca6
SHA256	b119abe5c560d15071c3575cf72d9b11cb6c2aa9bb0e1811ea1d26f9eb44438e
SSDeep	1536:/KleeGROlryhmHcoRMjGjuMt67c1Qashi5u9OxjKFap/4eWn:ileolrNcoRMju36ML5oO8Fbzn

C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\iZQNS6PXH2.bmp

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\iZQNS6PXH2.bmp.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	98.90 KB
MD5	6668a73dd6dca4e06167405f94d0a48f
SHA1	cde191bc9211aade7758c50e12e31117c4b6a466
SHA256	e8ccd1ff99c3ff5a5da6d524d0eeedc61a1c17679f14f7a985457be7642e89a9
SSDeep	3072:dwZchF1UzUUeuL98asrI81hmXN4jH+XpT11mUuRBp:d3fUzv98asrIV4jH+X111eL

C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\l6PS7hO-iIQ_NKlEq pK.png.kvag

Dropped File

Stream

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\l6PS7hO-iIQ_NKlEq pK.png (Modified File)
Mime Type	application/octet-stream
File Size	25.96 KB
MD5	a481155bc6bdd60e213fb35590ccaaf9
SHA1	b1731b079b3a330e5f8e2f8c81572cb7a67cf1ad
SHA256	e6015f8139bf6dd6e21b25fd58bd8e76073e16f7c466aedb83b9382fefb133c0
SSDeep	768:ppaXO3MInMxNGDh09ACVNu0bTMFmiZpiigK8LYW:uInO4Dh02iNubciZy

C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\M4rm6k3.gif

Modified File

Image

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\M4rm6k3.gif.kvag (Dropped File)
Mime Type	image/gif
File Size	23.63 KB
MD5	508628b52b1b087530682aded1809e62
SHA1	1c765e24d6cc2a900957c8f7e69fb3c96b4097d2
SHA256	dfaf7e4f4200aae04200b70ea3220c6cce0a63a6dc283c5018f9c5ce638dc7e5
SSDeep	384:mBRuLE6FEmhUnU94WiLtQa4dH3uBnQNh2HW3F0KWb0oVEwXocXk9Hticv88EVAId:mBYAnmh594HydXuAhumcb0+EQTXM3mDd

C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\UGs 1G.png

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\UGs 1G.png.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	78.26 KB
MD5	e34e22417a8599a70f9fdc8f4ea23a62
SHA1	0c1541d5716a01692ce1caa138751583152c1bfc
SHA256	626778bdc9525660235ffbe232178efa0c4e7634c79c53aa74c53fe444d02ae3
SSDeep	1536:PtQZ+TBEkpJcvb0pG8KPB2YIPWUvpp4pVWAbFw/4S14EGm1W4:PGZ+a8Jcz0MYzvpSTq/44l9L

C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Uk30lTmUkDiXk.png.kvag

Dropped File

Stream

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\Uk30lTmUkDiXk.png (Modified File)
Mime Type	application/octet-stream
File Size	52.91 KB
MD5	02c5ef2b6501af14ca56768c37043ab3
SHA1	7a95e7025689a79e356b335e71edadc69c8ecbe7
SHA256	8185be957ae411715b64a54dd48321d02be3352fd97e4c5454e99f1cf8ca4c05
SSDeep	1536:M7KRN1C/75QHawYWmLJ1i+bzO6hQm4s8j7KX5NCEwhJSBO:xllHawYV1i+b9QTN725NCE9O

C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\uQNlTbt2ZLDW28.png

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\uQNlTbt2ZLDW28.png.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	1.93 KB
MD5	450d6594f16d222a659592142ab9ae67
SHA1	09250b72c43161a8763110141887836239dd2b56
SHA256	1e7362e1b2d7a016b6ce9e9521b7a907cf2b4c6b2dfb53b95ca1ef69a24a0e83
SSDeep	48:6I8ne2eCltwLj5zTiocy2q/PuRO6ezSkWyUwLmBkXitBIYU28gxU7lD:4/kdz/czq/GWlUrUEaTjgWh

C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\vvqVqmO9vV2.png.kvag

Dropped File

Stream

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\vvqVqmO9vV2.png (Modified File)
Mime Type	application/octet-stream
File Size	70.18 KB
MD5	94db2534e683233bf417fb64f7124059
SHA1	300194eb45b349c8a68331ff039818802d308a5f
SHA256	e38405772a5ea8d3fc4f11651a3ebff6b679e3d2d43f205a44618e7015c10a18
SSDeep	1536:hc2pjgWWIbNx7zr5CT7LUcVYAoTMglam44h6jS2xZ55olepel:G2pj5NxY82oDdhKhxuLl

C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\W5kM7vMzTh0L6va.bmp

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\W5kM7vMzTh0L6va.bmp.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	24.70 KB
MD5	a14fb02322a3b951ae1c7022eb5789e6
SHA1	a537496781511c715ecce45dd67e8dc2da4c5510
SHA256	f3843982b7a8871ccaae26854056a6f8382ad9541e11534b5437e8418a412689
SSDeep	384:3SAmvcjvrlW9Pjd0d5Y38EfAHp7GbIf0ERWIqgynGFkVBy1zZKC:3MOjlwbdqaYzfAIRynUkVBaZ5

C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\zLSSWoma9-HlG53.gif.kvag

Dropped File

Image

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\zLSSWoma9-HlG53.gif (Modified File)
Mime Type	image/gif
File Size	74.69 KB
MD5	03064f97a7a56637d06c594be15a8ee5
SHA1	29375641f90ff6a8b8ba4b8834abc7dddaa251a2
SHA256	155418cb98797ab585c479163801a4646b107dcae0d1a9ee8dda94d2cde07858
SSDeep	1536:Z7s1XcLnDvgxxWVGKa8kZdEKejfCIMWZay/JdTBJpJT2SDKMV1QsVbFAN:Z7EXcLsxMVB+dEVfCIpPdxJzDbQsRFAN

C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\_oKd7ir99lD.png

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\_oKd7ir99lD.png.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	44.67 KB
MD5	801a34de7bdb5c474c44b0530ba72767
SHA1	b99e06e56f50206ed8bc29f135a152833d2b5cc5
SHA256	10871d35b94c8694e6fc472306c5690b6ba01831297d3549f8ad9af73c0b0e77
SSDeep	768:vaTsTXsgrhQ9FXUkl6fv5pFCZDjbGRo2leFZybrrEuR4N+oz563Y7sWS4PlExrE:vaTY8UIXO3FCZDOu2liQP4K4go96QHAI

C:\Users\5p5NrGJn0jS HALPmcxz\Videos\MYQH9-tR9ltp09e.flv.kvag

Dropped File

Video

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\MYQH9-tR9ltp09e.flv (Modified File)
Mime Type	video/x-flv
File Size	4.72 KB
MD5	cbbedc992ab4eda0a5855535467746c2
SHA1	9886f3219f9dc3dc465f0b3e4d2ce1e4ca598b26
SHA256	6e3e82bafd3c2b8029a800582bce2190cc32d8af6c4a0d5c97e928ae7cc1bc65
SSDeep	96:QT0Agm3rV0rrj4M0+9TTUkIwCrvE2CGU/8/QxRWokSKJfX1C9oBlkxmufn+d3H:4gm3B6j1FIwmFRoD6VlGoQcuna

C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\MnXmRfGpxPOeczS\cPQuzY v_o s.bmp

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\MnXmRfGpxPOeczS\cPQuzY v_o s.bmp.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	31.39 KB
MD5	700ad58ec373739c2b5a8ebf2b2275c4
SHA1	2f550fccede8cca9ea5be6b083c86cb8e318ea65
SHA256	815bb167245d9f963c6df1b6fe7eed49d5fc3b7148712e6abdd1857c9673da25
SSDeep	768:hqbGb5qvv0eydUCvSCGkXuThZqZrjwpqVTcQxlU8AXeJd9waKjodeGLK:Hbq0/dNvSCG/XqZH+8/L9waKIK

C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\MnXmRfGpxPOeczS\JawS.mp4.kvag

Dropped File

Stream

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\MnXmRfGpxPOeczS\JawS.mp4 (Modified File)
Mime Type	application/octet-stream
File Size	72.71 KB
MD5	72b744d3a6840bc99e3eeea2c51eb5aa
SHA1	a5a0093d40c1823cb598c1db54e98cd080675e6b
SHA256	8afafc1651bde86a67216003c365d4646b946c0c38cbb48fddb1913ac1fd6fcc
SSDeep	1536:UTN6W6Y2sShtUhOcH4V0XPEn691AL13IasHV38IidnsH28AmGss+erHcRi:U3/j7kOV8VmWd2skRi

C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\MnXmRfGpxPOeczS\Ly7OJHzcLLYB H_Z.m4a

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\MnXmRfGpxPOeczS\Ly7OJHzcLLYB H_Z.m4a.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	85.14 KB
MD5	e024b785c5bbd34660b254ba4d1f7c06
SHA1	7d765430a4a3071fdf95923d17432ec0cf6d9e1d
SHA256	455151496add5da35860720f4e6b7c869ed8da8c8d5a25cbf9472144f0fb8d6c
SSDeep	1536:sMVoZXmHCCmnU328yXe/Gqtg+q1kLEE2BLVsRRTQXp7hFyRte9Tx9/D3TRR:9VoZXmeLXe/nyKEE2BLV+QXp2RtetxJb

C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\MnXmRfGpxPOeczS\Q2iWyxqWtvZV30.mkv.kvag

Dropped File

Stream

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\MnXmRfGpxPOeczS\Q2iWyxqWtvZV30.mkv (Modified File)
Mime Type	application/octet-stream
File Size	28.19 KB
MD5	8e9eb4b101a1d6aa460e399e6dc07673
SHA1	2c25d2a68a113a2988ff1950039f6c78f402567a
SHA256	077388c333d6e27b50e6244246ad3d44b917da4afaf06b73c4bcd30823ca2712
SSDeep	384:HZT+EYoW8l29kBFCE8m7ryScca2YOVHabBFcFjuCTFR5QDak8e1zApMWnif+DFHC:w/z9765YbbByFRT5Q58e1OMU5ir6M9B

C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\MnXmRfGpxPOeczS\xKt-nxaBrLKyf.m4a.kvag

Dropped File

Stream

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\MnXmRfGpxPOeczS\xKt-nxaBrLKyf.m4a (Modified File)
Mime Type	application/octet-stream
File Size	96.83 KB
MD5	d7442cec98fb6d643891a736b2ca4e60
SHA1	548fce186b8abd453befc8e7709d0aa5b94fc97b
SHA256	a5cdb4054d540dc6e7808221231bb3e4cebe586773fc2420b2f48ab6a2796939
SSDeep	3072:t/DTKmxuLdxXbfNvbVRnYgegTgib1JWnaeEMewxelQr6J:p37uzblvBnTgu1g3EMNelQr6J

C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\MnXmRfGpxPOeczS\zEPqRnNSMkR2u9.pptx.kvag

Dropped File

Stream

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\MnXmRfGpxPOeczS\zEPqRnNSMkR2u9.pptx (Modified File)
Mime Type	application/octet-stream
File Size	30.92 KB
MD5	f997b27120935b56187e369a09123ada
SHA1	5759b8ff6bcf7aacba684066f7694db1c93f2a61
SHA256	f61e871e1826922ff1c3d996df6b5ab0397b1df1ad4fcfba3facdf51c2239b31
SSDeep	768:9gSfZLj3gXIBvPzzdhmb38SZeJ86WL9lRh1fxYVzSHqsujf:aSV3OIBTzwsROL71fAPxjf

C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Suggested Sites.url

Modified File

Text

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Suggested Sites.url.kvag (Dropped File)
Mime Type	text/x-url
File Size	570 bytes
MD5	7724f2294cdd42d5a03c00d439a6e367
SHA1	117cb790006a1318bdb6d689f409282f485fd157
SHA256	99d8e851a354356d7d5cc73b6394aca653daba25d07119ea61794e7bdaf9a1b2
SSDeep	12:cBLSHUB5mM+EwpG9Ak8U3hgJojdGpV6X0MnQYuRjyAwWhpxELcii9a:cBLlmG9LgrC0SQYuoAwWhpxELbD

C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Web Slice Gallery.url

Modified File

Text

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Links\Web Slice Gallery.url.kvag (Dropped File)
Mime Type	text/x-url
File Size	560 bytes
MD5	5a25f310eb436eee97142e1d6b01f542
SHA1	f882ba12b9ce25b06e31f1c564f220e7f63a4573
SHA256	ea97e82a4028c0c7913aaa8d56d5a3d4b290fca3a15dc20989cfdfd64367976c
SSDeep	12:HXs8hi1jiDGZ02QxgapbfiHmyp7zwKNwJ6QO7qQVViuZ4W7ELcii9a:HX30NRZ02hapW/ziJO38w7ELbD

C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE Add-on site.url

Modified File

Text

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE Add-on site.url.kvag (Dropped File)
Mime Type	text/x-url
File Size	467 bytes
MD5	57e9a4718e598899bf225750266c606c
SHA1	aaf1b6efa8f8fc532249f0e555f2d91fb4ea2a4e
SHA256	7c122cef94f22e6e934db684e23d44f2dcb0612fbd87b6f64418d64952ab0f20
SSDeep	12:W4xMcfbmCqAaDRFhtwh0BTKMNrdjELcii9a:WxcfHkRFhtzGMXELbD

C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE site on Microsoft.com.url.kvag

Dropped File

Text

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\IE site on Microsoft.com.url (Modified File)
Mime Type	text/x-url
File Size	467 bytes
MD5	e4d362baea5cbf84912b26385f60d2e2
SHA1	89e3dbfa1551ab73d616460b42b6cb2c4a7f91e1
SHA256	2afada0d625850b495a7ae3fc0871efb1d34282dc5c3b1567253ed6b3dcb0a08
SSDeep	12:lMYMs4UBhDWK7QVDFBcgB4hkwZ2l8YX8AELcii9a:lZMyFWKoDFaG8djIELbD

C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Home.url.kvag

Dropped File

Text

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Home.url (Modified File)
Mime Type	text/x-url
File Size	467 bytes
MD5	19a6afcea6123c9fe1b138758697db01
SHA1	558e5d93d31ce8a2ddc1d8130940ee0694164a12
SHA256	94c2a624174fa7d45218ae0c7be00d601dc36584fdd1557d3734b10ee1028fd4
SSDeep	12:hd9zyC1lU05XuJrLV1glVpEMroRvgQuiLpELcii9a:L9zyCjdXuJrB1g3pEiYLpELbD

C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Work.url.kvag

Dropped File

Text

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Microsoft Websites\Microsoft At Work.url (Modified File)
Mime Type	text/x-url
File Size	467 bytes
MD5	7776ba90f9caac70322675fecf82217b
SHA1	64f39c8559c0c0e4cafcc22f8dd6ee306af6ec07
SHA256	1dd4f49675986c835f0c4fc99c3bf2a674dee4b052ee2976c3cc463636555d6e
SSDeep	12:aR9BS2mF4w+vuEUxr2oO2ldsynQM9ELcii9a:aR3vma9GE8r2oO2lqynL9ELbD

C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Autos.url.kvag

Dropped File

Text

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Autos.url (Modified File)
Mime Type	text/x-url
File Size	467 bytes
MD5	8956b20a9c65269ffaca3981b24255f0
SHA1	dd3ffacf16f1217b63137d443e81b3c771a4eff8
SHA256	99d8680cacd1b79b511671a3ec26c7e05e31767f28e9a2da7a1009e1efd69e9b
SSDeep	12:tvb6eK97L50V21EVa5uDuMqNkt2lYUn8OELcii9a:tvb6/7L5W21EkAuMmktOYUn8OELbD

C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Money.url

Modified File

Text

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Money.url.kvag (Dropped File)
Mime Type	text/x-url
File Size	467 bytes
MD5	cf559a55611e0e25f5c81b0d09317edd
SHA1	a2f2bfac83d14fee96411843c8f852a14278bf58
SHA256	6392eb10dcd4c002c7af917babd748b09f0937cfc59f7b04623ad8b8d081fe69
SSDeep	12:YdPROoYhOn516Suh8fWGq50FPKXyELcii9a:YT+Oa/8fiGRKCELbD

C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Sports.url

Modified File

Text

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSN Sports.url.kvag (Dropped File)
Mime Type	text/x-url
File Size	467 bytes
MD5	65fb0ac758e3f736cc8053c9733543c5
SHA1	ea91f6310c6020c0e2e2fdd6c963e40934d16612
SHA256	f1c1fcad11717a12575c91a35ace4199174c2a049b4239fe05a41661a70ea755
SSDeep	12:jd2hG6LLclAS/YUTzeW8Rg4dj8PrL8oEELcii9a:jdwG6fVzgGgDL85ELbD

C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSNBC News.url

Modified File

Text

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\MSN Websites\MSNBC News.url.kvag (Dropped File)
Mime Type	text/x-url
File Size	467 bytes
MD5	1c33ff1251698dacbc55b664240ad4e1
SHA1	e188025fa521a80e0428cbdda84fbcf64c95da08
SHA256	eed762c12b46517f12187f71ab5cef4948c12504bd2a5f1b4c3b897d9fe6d906
SSDeep	6:JAqDTaa6h2IHYv+ev4ewqtYy1hxWoysHgRjtkvZMKIpb3S2j6OrHpFZoGyqtkVyi:9TcAd4KqsFxKpOq1b5kVIS0zFELcii9a

C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Spaces.url

Modified File

Text

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Favorites\Windows Live\Windows Live Spaces.url.kvag (Dropped File)
Mime Type	text/x-url
File Size	467 bytes
MD5	98f9bfb6f697fe08be4e21e5901fe273
SHA1	82aaada2c60da566619bd0decae685a02912287f
SHA256	076538f8b93391552c8273458965e2d2d4a6bc7705c5f8aaaa8fcc48ee135e41
SSDeep	12:hoU/nu4ihHaovMwjgVRlZAHc8mAnDC5iP4RY8MjELcii9a:KUPu4ih6kMwjKRrG3nDCvRYdjELbD

C:\Users\5p5NrGJn0jS HALPmcxz\Music\JMb5K DyX7\4IqXBq8-5-MGXyBDR.wav

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Music\JMb5K DyX7\4IqXBq8-5-MGXyBDR.wav.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	59.98 KB
MD5	d5e7c4b8256ea7759e5a3b1288b6e2c7
SHA1	7e51b5f1cf4e8325ef597fa3befa300c7a3d2cfa
SHA256	5cfbe24d94fca1ea6abb625aca47479dcff2c8e526566053e0be8a2ebbf1a903
SSDeep	1536:bfwesUW6+kMgkjja1Cl+TL68Bd4ikjn8Sh:bf178gk3gCl+f68/4ign7h

C:\Users\5p5NrGJn0jS HALPmcxz\Music\JMb5K DyX7\DDvvo5tjuRsdtvEYSI3d.m4a.kvag

Dropped File

Stream

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Music\JMb5K DyX7\DDvvo5tjuRsdtvEYSI3d.m4a (Modified File)
Mime Type	application/octet-stream
File Size	55.24 KB
MD5	e6312f11d51114cee0b0f05e3e4aa5eb
SHA1	4eff617db067a6c1ec76bd25677e0de14171a6be
SHA256	78f8c0f7ad18e6bd2d97b472c9767e596ccb71fe14f0b0d68b477e106e4f02a9
SSDeep	1536:MLIMRfhP/4capIeJDdSrI4HTCUEsqSCX/9:jM9hXL2DrWtOSCP9

C:\Users\5p5NrGJn0jS HALPmcxz\Music\JMb5K DyX7\HRoUkT40t Y.wav.kvag

Dropped File

Stream

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Music\JMb5K DyX7\HRoUkT40t Y.wav (Modified File)
Mime Type	application/octet-stream
File Size	45.73 KB
MD5	e2d5d58c361964198dfc272787179499
SHA1	c2e94c0cbceeac1269565388a30ff68816ab896b
SHA256	b78438413115f734d3f4699e66d3ef83a26867379845bdd0104aaf603100666c
SSDeep	768:MiT7b7+qDbaa+B9Obm7VyhuW8AzEJFP6i9/WfnB7OMXgvzkcRx8L+LbYYtKlbwTU:v7byqDbv+fObm74omIJd6i9/QBKi8zrU

C:\Users\5p5NrGJn0jS HALPmcxz\Music\JMb5K DyX7\XEg6.mp3

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Music\JMb5K DyX7\XEg6.mp3.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	89.52 KB
MD5	d9a4be17da4b57242569455aacf902ed
SHA1	0132b2eed009f10effc247b75531f86998680fe2
SHA256	04bd46c37664376edda80aaa2f5398ddc5f2e3b3f5fcdf5f01607a3d89df1807
SSDeep	1536:syzbRS23vd7Momuy9Hi5pkBJ+whkHxmQka5/4qx4IXqNBInAoCboX1SqvWxw+w:bw23vSH9aw+nRmpeQC4IX0InARbY1zQQ

C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PO z8nOyg\AWlsu7Qii7PrJnZs.mkv.kvag

Dropped File

Stream

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PO z8nOyg\AWlsu7Qii7PrJnZs.mkv (Modified File)
Mime Type	application/octet-stream
File Size	57.48 KB
MD5	ca0d67268fe2daa3f6c5b5d33a2f2e2d
SHA1	599db1cc2f6bf35cfe90e7f270321043f0210c15
SHA256	94687688e16a87fdaaaeb0b695ecb743020d85d3a90de623ae0c38f32e895769
SSDeep	1536:UvRlCHcxgwJvd1G2HGbIINQTi3Q77/aIvlro:Upl6cFdMAFiQ1aIvlro

C:\Users\5p5NrGJn0jS HALPmcxz\Videos\_Iy8x9AH9E4iyV\t2PkRgeqeSAZ.flv

Modified File

Video

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\_Iy8x9AH9E4iyV\t2PkRgeqeSAZ.flv.kvag (Dropped File)
Mime Type	video/x-flv
File Size	42.80 KB
MD5	4119eefcb54e733a9ea913d52c81b0da
SHA1	0fba924340d619feb630c0088a3718a8c73396d2
SHA256	4beaf849361dee23772430b17985bf820bf256c6921acd2bf5ad5b0cdc7ee442
SSDeep	768:/knc8MBoqQmns+ggZEp99eGnoyVf+g8VIFd/h3WVtE9ge0rc7m3mQOsC8HD:2nMBfjGgZqeGnrss/xWV8p0Q7SmdAD

C:\Users\5p5NrGJn0jS HALPmcxz\Videos\_Iy8x9AH9E4iyV\vYSVT88he-_OipIO5cJM.mp4.kvag

Dropped File

Stream

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\_Iy8x9AH9E4iyV\vYSVT88he-_OipIO5cJM.mp4 (Modified File)
Mime Type	application/octet-stream
File Size	89.13 KB
MD5	faf0c9a7002955130944956cd93a1508
SHA1	24950fc2a57b372967d611dfac44a7203be32346
SHA256	034c0ad74ae2fd36589efe80e184b1268c5d2e95a877266f78a654fafd4add00
SSDeep	1536:OlCj8aFfeDPWgM0ucby6HyZCMq0fJAwhGshA+FZX5o4u3m1wsF7LwmDypim:4hakDPWgM0ugy6Hag0fuwRZFlFuW1wCE

C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\MnXmRfGpxPOeczS\RynyhXN0v\FDcvm.m4a.kvag

Dropped File

Stream

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\MnXmRfGpxPOeczS\RynyhXN0v\FDcvm.m4a (Modified File)
Mime Type	application/octet-stream
File Size	61.40 KB
MD5	25e54f235e988e51ed682310b9032d87
SHA1	47ca91c8570d728bbbbba454aadd301e91525077
SHA256	497122a0a1ce9096fac3611b1eda552dcc93a52f372bfc1caf7ef8480a672ed7
SSDeep	1536:ij1Y10Ip4OyPCj/TlJJAzS9C3wWG5h1o1dexC:ipY10vO/jblJqzSCAWG5o1dcC

C:\Users\5p5NrGJn0jS HALPmcxz\Music\JMb5K DyX7\dDJH0qEgeh8-fL\blTUlW3w8qpPB0Z.mp3

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Music\JMb5K DyX7\dDJH0qEgeh8-fL\blTUlW3w8qpPB0Z.mp3.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	4.18 KB
MD5	3afd7a8290406aa0bf28b7eeea24e0ce
SHA1	1c92c3033090b13b01e35579ef2692185b361125
SHA256	4ae3f52edd650f2c831bb6739c37422cb9208e16045155b2fb6477e62d3cd368
SSDeep	96:F30gj6yQItXGsG0PfRpKCd+btmEYppCx6H2mQqXXkW:F30VyQ2fRpKCgoEEWM2FCt

C:\Users\5p5NrGJn0jS HALPmcxz\Music\JMb5K DyX7\dDJH0qEgeh8-fL\Gjnn6ZYKu.mp3

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Music\JMb5K DyX7\dDJH0qEgeh8-fL\Gjnn6ZYKu.mp3.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	78.23 KB
MD5	d38c25fcf3ad07396e33d0c245448816
SHA1	9c11a0d7721e96af5bcdacdfc8f9793ed31fc397
SHA256	c7e85dad87c35ca0d67c2f959a9c329f1bd161c5e18404d4937448c3ae420529
SSDeep	1536:0YHY4V7TToSHXR134qX3fEiTidE0QsU6eC/RIABVS02kDeY2qh:19Trn5X3fEX2siGIABE02kDQqh

C:\Users\5p5NrGJn0jS HALPmcxz\Music\JMb5K DyX7\QgLkms-\2sbAazIL4MPt q50L6sn.mp3.kvag

Dropped File

Stream

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Music\JMb5K DyX7\QgLkms-\2sbAazIL4MPt q50L6sn.mp3 (Modified File)
Mime Type	application/octet-stream
File Size	29.54 KB
MD5	89c776117984bb18516cb4c50db372ad
SHA1	e1bb7115c8713cdf5a413acc3d6390639e87aecb
SHA256	25ae65929a86e376240d52ffa7c41dd3440cf7acc20d4d07f4bfaf3c5396a753
SSDeep	768:L2YWUB4db+O526CHVMSDHQqNrh7z+vg9p1TfTX9xcqd/ORO6PRJ:L2YWUsbr5/C1bDQqrmg1T7Xww6/

C:\Users\5p5NrGJn0jS HALPmcxz\Music\JMb5K DyX7\QgLkms-\53Gdf_RYd2_0WEu.mp3

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Music\JMb5K DyX7\QgLkms-\53Gdf_RYd2_0WEu.mp3.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	29.38 KB
MD5	5272f36c410eae016d683726d6d2367e
SHA1	75c260bf3801a55557c18d3a675906536d8f0485
SHA256	fac60249082acf986db8e7bd918cf24c01093d8c338dc5d2e0335acdff6da786
SSDeep	768:v+StCg76pc0gPJ7v8kRHtSpEaJqnIbsmj7muzGU3LGMAJZH:yKIkRHspEaJi5mOuzhLGbH

C:\Users\5p5NrGJn0jS HALPmcxz\Music\JMb5K DyX7\QgLkms-\HBTr-UABKsVOi1XyIF.m4a

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Music\JMb5K DyX7\QgLkms-\HBTr-UABKsVOi1XyIF.m4a.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	98.50 KB
MD5	0cb971da60a9d5063b09a367ba880e1d
SHA1	c27048dbb6dff81e708fe49ecc17ff89c9d9f252
SHA256	1c2c0b9184f2676b19a423e138554862c0215a616e5b7ddf0e5d534b19d69d91
SSDeep	3072:lRe7wVXwOJjzCOpQkKK1Ihw2FQT+vZeJd6xr5w:+rOhbpQSvuKSe

C:\Users\5p5NrGJn0jS HALPmcxz\Music\JMb5K DyX7\QgLkms-\RmrshUTwC7.mp3

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Music\JMb5K DyX7\QgLkms-\RmrshUTwC7.mp3.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	94.66 KB
MD5	f885a32fc5919b94bdb27d20feb5b62d
SHA1	aa0a5be95334102494962d515a6e48e2139314d4
SHA256	6d59f73db3cde1c2965569c00aa21d20c5ac8ff2ee88a2b75309de5c23694e42
SSDeep	1536:6084GlruN5otzmhiDRIKGe4zHR1dx/rlrG0hZOGROwxK3B7nRB/BCZj3vvqRq/NE:E4G9k2tKhaDKHPdx/rlrGEROwxK3BEvw

C:\Users\5p5NrGJn0jS HALPmcxz\Music\JMb5K DyX7\QgLkms-\XxlqXWdRx.wav

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Music\JMb5K DyX7\QgLkms-\XxlqXWdRx.wav.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	48.27 KB
MD5	72f6bb27eb4adfd7ca780bac04d987d5
SHA1	3ef0f35fdb05e6f60118a5efd03fd566dedf6747
SHA256	f79385aeac2f1f30f62f553b209203a907e275d3ffe8d47e36b61199af47805a
SSDeep	1536:oaK/ZTsqnUMWMtOHqqfAi1uZ17+Z4z2VpTDn3Mn+c97yuXIVR/W:BuZ7nUM4BO7b8Z3u93XIVQ

C:\Users\5p5NrGJn0jS HALPmcxz\Music\JMb5K DyX7\QgLkms-\_nxiTSIPFD8.mp3

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Music\JMb5K DyX7\QgLkms-\_nxiTSIPFD8.mp3.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	13.46 KB
MD5	ab41861898e5cfac5790b5d459ee4fb2
SHA1	b722e7937a559ce59a5b1be6e8038a48429859b7
SHA256	5b9efb503d3ca1f932b25693b9492c55f508a1e1f50f0c290633ca53570e07c7
SSDeep	384:QAtUIOmIYUf0VHZJQLsZ92evP5ELV2ZTG5:vK3sVHZJQaUevOVl

C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PO z8nOyg\E8MPONl9OoHt_q1Da\Rf5aukjBz6H8tbn.avi

Modified File

Stream

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PO z8nOyg\E8MPONl9OoHt_q1Da\Rf5aukjBz6H8tbn.avi.kvag (Dropped File)
Mime Type	application/octet-stream
File Size	16.79 KB
MD5	b7cfbae576cb315b0a9181aa1762ac10
SHA1	658243a881fcfd19b0b911c5b9ee01b085ecbc4d
SHA256	d77e88ea278f4cb53406bc5b664d630929f699de9310dbb4414946878d564254
SSDeep	384:kUWi56dk8i4fuZisBH9J7K5AuuqpJS6OFE3mG/xURyvmL:Lp6t2NB7R6OFyl/xURYmL

C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PO z8nOyg\E8MPONl9OoHt_q1Da\yp4Gqi-sptD2Jeuxd_nS.mp4.kvag

Dropped File

Stream

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PO z8nOyg\E8MPONl9OoHt_q1Da\yp4Gqi-sptD2Jeuxd_nS.mp4 (Modified File)
Mime Type	application/octet-stream
File Size	21.47 KB
MD5	ee0f62052e0ac610d148553dd44390cd
SHA1	491536bc406238afeeb1aa1ed06bfce3965a5c26
SHA256	00e4f146416bbcb9ff8a10fe550438319633d75fbc8de6fc70e64686655343eb
SSDeep	384:3mCuPU2/HbixakHHt+En+m6x9Y2YM8dlo7gFGw9vNjVxQo9Kgd9H2D+L:WCuPUGHbi3HH8Y2helo7yZzjt9WiL

C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PO z8nOyg\qC5iE91o3\dFcnG6SW.avi.kvag

Dropped File

Stream

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PO z8nOyg\qC5iE91o3\dFcnG6SW.avi (Modified File)
Mime Type	application/octet-stream
File Size	24.66 KB
MD5	4894d4b3f679826387102df4e37b21af
SHA1	d805b47d7e26fe187ff82ece6dadddce792137c6
SHA256	84108d05d142218b9ea0535e62d749f095e081586430ae73a10cde37ef31fba5
SSDeep	768:8sBsztDEFJ8JcO7qk1ctVEoRksGQ6OEFXC:ilJcO71ct/yiKS

C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PO z8nOyg\E8MPONl9OoHt_q1Da\EKLgt3560oqvlMqYdD\9KFuOftvE.flv.kvag

Dropped File

Video

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PO z8nOyg\E8MPONl9OoHt_q1Da\EKLgt3560oqvlMqYdD\9KFuOftvE.flv (Modified File)
Mime Type	video/x-flv
File Size	29.45 KB
MD5	3a0d56c8e96a5c441df6e895c569ca99
SHA1	cd0c081fe9f2d3d0057f1fd7fb211f28717c5b43
SHA256	2fd0518b63a4af1d7e8b7b9bb8f862fa20b640d9ff9317e7b2d18c003ff64120
SSDeep	768:acB68rXGtO67vz4oWaeQKnuklcmsCX1zg4sQ2+4Dh:accRtDL4oPEuyHv1E24t

C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PO z8nOyg\E8MPONl9OoHt_q1Da\EKLgt3560oqvlMqYdD\uQ8X_zB.flv

Modified File

Video

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PO z8nOyg\E8MPONl9OoHt_q1Da\EKLgt3560oqvlMqYdD\uQ8X_zB.flv.kvag (Dropped File)
Mime Type	video/x-flv
File Size	91.09 KB
MD5	38e04e7d088bd5975a6dc3f27e54f4d6
SHA1	db233d5ae5115efd76a10233dbead4088c99900d
SHA256	7dd9f4acf988dc02001d58dc68654b51b6a1dd4847b69f63b7618f752bed75c6
SSDeep	1536:ImOJMW0FM5O8AC/3EEZskBaLZ/oLimFuiXO6zlV2X4LI/GCOB:1O2WSOOSc2skBKZgL9FDe6JV2X4L4GCi

C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PO z8nOyg\E8MPONl9OoHt_q1Da\vdLT\ZPzmVLw7V.mkv.kvag

Dropped File

Stream

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\Videos\PO z8nOyg\E8MPONl9OoHt_q1Da\vdLT\ZPzmVLw7V.mkv (Modified File)
Mime Type	application/octet-stream
File Size	66.70 KB
MD5	8fd1ca80b9a946cb0fbb6cd52291e2e6
SHA1	f91e3ccd0ce98e7b610f93e4f17df3788da7222d
SHA256	4d074e11421a03f17d752c03e492b6b28749a04d32d4d083559de8f715731693
SSDeep	1536:h4M0nDdI4+5YROIKm7MUbVwdMv2byJon12Me9C0:h4NnGRYRO8Mc9VJo12Xx

C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Adobe\Acrobat\10.0\rdrmessage.zip.kvag

Dropped File

Stream

Not Queried

»

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Adobe\Acrobat\10.0\rdrmessage.zip (Modified File)
Mime Type	application/octet-stream
File Size	41.83 KB
MD5	925f00590a7492487653f18ec7cb0280
SHA1	30fa3ec2ad42726886378d9eba6672f679160f1d
SHA256	a5d9d1d7248f6ce8afb872bc77b8344588464adc9bd6ca73b2cfff7b39f5c965
SSDeep	768:8SvNZCw5sfMXOY9Mi04JsxkKyIx3Zsm3B5CXa5iu4byEr/Lep7g5QMGme9p3B:8sbmfM+Y9NJWkKtx3Zsm3B0MKRr/LX5U

c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\ietldcache\index.dat

Modified File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	256.00 KB
MD5	6852149628dae385c68c7a9db7028560
SHA1	c6e02c929ec99f984b04876816024c3a39b88ccb
SHA256	53ae38a5bdbd72f76bf578f6c36e0b54a994003f535dbc1b469c12f3a169e3a4
SSDeep	384:p8JEJH45Y0z6hKO59HqXRIhHPQ3NGjt3hAJnNH0kHf9QV9wRULzArvCCjgnF5TRy:pTHcEt8jdjFQg2cEbcaaoQARz40LG

C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\script.ps1

Dropped File

Text

Not Queried

»

Mime Type	text/x-powershell
File Size	49 bytes
MD5	f972c62f986b5ed49ad7713d93bf6c9f
SHA1	4e157002bdb97e9526ab97bfafbf7c67e1d1efbf
SHA256	b47f85974a7ec2fd5aa82d52f08eb0f6cea7e596a98dd29e8b85b5c37beca0a8
SSDeep	3:uIHeGAFcX5wTnl:/eGgHTl

C:\SystemID\PersonalID.txt

Dropped File

Text

Not Queried

»

Mime Type	text/plain
File Size	42 bytes
MD5	3e3208d0076c61b1d0f4191669f37b57
SHA1	b4bef84564a31658d56cbfbd454e15e85c265df9
SHA256	e88c04817278bfb409d81d9d4aeb4b4050dcc98064f67b0f91988b40c4d42447
SSDeep	3:sbRqE7qmmn:CqEGn

C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\au.msi.kvag

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	181.33 KB
MD5	78ae0d969fbdc265601dca397739d957
SHA1	02e9d368a96bd7b382dfd2c8c6ac76c2ceb8a694
SHA256	084c6315f23cc177d51ec9068bb4282e190be726324fa2b2da209b3637d3ea85
SSDeep	3072:7nJEO44XtKudp3dsL/raEPJr0e4yhDK0NTWcUwyVsqG2:7nJEO4etKuT2LZPxRK5cUP232

C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\jre1.7.0_45\Data1.cab.kvag

Dropped File

Unknown

Not Queried

»

Mime Type	application/vnd.ms-cab-compressed
File Size	24.17 MB
MD5	fca1a41ae8d4399a27939abfbef99ab6
SHA1	764171a83afb17c835786490e58addc1f3b11e5c
SHA256	5adae0026623193459ee900dde7aa3a330732a01e26e193df40a9b1b34c32685
SSDeep	196608:EDWdNm7l//upum9uxpfp4uZ8q7zEqaZswqLhQTcvlj9/z2H7DLKH8:Edl//upum9QtEqaeqc3/iH3mH8

C:\Users\5p5NrGJn0jS HALPmcxz\Documents\My Shapes\Favorites.vss.kvag

Dropped File

Unknown

Not Queried

»

Mime Type	-
File Size	0 bytes
MD5	d41d8cd98f00b204e9800998ecf8427e
SHA1	da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SSDeep	3::

C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\AU\au.cab.kvag

Dropped File

Unknown

Not Queried

»

Mime Type	application/vnd.ms-cab-compressed
File Size	568.42 KB
MD5	76419e096a351fd4c143464f977c1de7
SHA1	f6e5b6f7e5ce5b1ef03731c4246282e10dfabe63
SHA256	2dca93620e1b380b4e2c81bb8af1b235f8ad444ff5b13e7c5308f09dcf063c0e
SSDeep	12288:XLJSfv3HyY4hyMPezVNK9TcS5RyjDUI6Eh/MOhTU:XlO3zMPgyTx6jDUbE2II

C:\Users\5p5NrGJn0jS HALPmcxz\AppData\LocalLow\Sun\Java\jre1.7.0_45\jre1.7.0_45.msi.kvag

Dropped File

Stream

Not Queried

»

Mime Type	application/octet-stream
File Size	885.83 KB
MD5	dee4ad897697e141f53af21556727a33
SHA1	443836de7a21ea28a7aac184f47c1ed246afad9c
SHA256	2e213d6cdf20a494d546647d4ab5df8698103b73dcd132e267485683a93a295d
SSDeep	12288:SFYccluV5hNvymIPnikseAPsJpfjt3PEB:yYcUK5hNvtIPnGuTftEB

Remarks (2/3)

Remarks

There are no files for this filter

There are no files in this analysis

WHOIS Domain Information

Before

After