Advanced File Analysis System

CREATED / DROPPED FILES

File Path	Type and Hashes
C:\Users\user\AppData\Local\Temp\DM_yDk9Jw0okW\ApplicationDebug.log	Type : ASCII text, with CRLF line terminators MD5 : c085d5451020159ec84ad5063d0faff7 SHA-1 : c32a9b21952ec1a2cb5dfffc8a6ddb0f5070692a SHA-256 : 5e82a976a9e3a193b2366954d94b8e919ab4d75b1573295684664a9e5d85f80d SHA-512 : 6deb0d3ca9c7368dfff5ac08da8d700debeda9c16f1d48175e3bf3e909c7db50d4a64b8373d81732901119ebaecb1684b0ab22ed1b0047a2b6241e0fbadf08eb Size : 0.114 Kilobytes.
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD	Type : data MD5 : 547178fdb77ad5c4c45b26d59000cf03 SHA-1 : 0d78b3681b84cfa1a9037df5c292b819a6fa3cd3 SHA-256 : 8199b723d52c0efc0c229f3bd9e5b04c112bf39b8ca09034361a465a33e48a5b SHA-512 : 8e9b1e3168c5e8e451dc43211390beb1160043b8114f5c5b70d01512de3983b28451ee33470afb62691f946d253ece92f4134e4278a8b2b338e7275a7aac147d Size : 1.754 Kilobytes.
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157	Type : Microsoft Cabinet archive data, 6509 bytes, 1 file MD5 : 33b39e2a516ef730a8fa922894f0fbd5 SHA-1 : 03d455583dda59215d945af76af6293b202f586f SHA-256 : 9446e8f2056fea3ac1365a809ada04602606242c396f72ffe42fd1b781c24cba SHA-512 : 75763aa13b43eb96294b0f84e13106611198872e06fb79f4af4f35d020ed0add9d8d1b42fe7ec2c6340ac8e08b182f83469d813087c321c878f96970c8112267 Size : 6.509 Kilobytes.
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FC5A820A001B41D68902E051F36A5282_E98D75262B3D5D962FC8706E05221C8A	Type : data MD5 : 8debb52d796ec3c66d821dd85883a64d SHA-1 : 7a35b6b8240bfdb156a078da17344de0fc81d3d0 SHA-256 : 95d11288275bc6ff8e75c09ef5d25b3b59a05994c7a5ea67c1a532dde22c1292 SHA-512 : 6f44b7fc7a158b253b1a44af74fc91cb416484c256081430220a924776889291b560574ef08194937ab71a49338c41b316bfb7cac833961af00d423619a69cb1 Size : 0.471 Kilobytes.
C:\Users\user\AppData\Local\Temp\nsvA7B1.tmp	Type : GIF image data, version 89a, 1 x 1 MD5 : 28d6814f309ea289f847c69cf91194c6 SHA-1 : 0f4e929dd5bb2564f7ab9c76338e04e292a42ace SHA-256 : 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015 SHA-512 : 1d68b92e8d822fe82dc7563edd7b37f3418a02a89f1a9f0454cca664c2fc2565235e0d85540ff9be0b20175be3f5b7b4eae1175067465d5cca13486aab4c582c Size : 0.035 Kilobytes.
C:\Users\user\AppData\Local\Temp\DM_yDk9Jw0okW\DownloadManager.exe	Type : PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows MD5 : 19fb006a1aa00ec8517f021a87c35e08 SHA-1 : 00c02fd53c775e6d35ceb4d0b5091bd9b3bd5785 SHA-256 : 72b9e4f2ca323e96bf94ca0633980ab0b25a8020f82bb228d8e1b3e08ebfdbf3 SHA-512 : 25fef7a05178f42b08e3de7e71bf05305b9c9ec03e65fe3d630386991a8e6c67584aa3d02bb9130d8119b3afa28e46e74ada9b6faa369dfc962786d374034d72 Size : 1447.984 Kilobytes.
C:\Users\user\AppData\Local\Temp\nsfA752.tmp\pwgen.dll	Type : PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows MD5 : a555472395178ac8c733d90928e05017 SHA-1 : f44b192d66473f01a6540aaec4b6c9ac4c611d35 SHA-256 : 82ae08fced4a1f9a7df123634da5f4cb12af4593a006bef421a54739a2cbd44e SHA-512 : e6d87b030c45c655d93b2e76d7437ad900df5da2475dd2e6e28b6c872040491e80f540b00b6091d16bc8410bd58a1e82c62ee1b17193ef8500a153d4474bb80a Size : 17.269 Kilobytes.
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FC5A820A001B41D68902E051F36A5282_E98D75262B3D5D962FC8706E05221C8A	Type : data MD5 : 88b1779fb750632a8672655aca6adeda SHA-1 : d2c2eaa08b9d6adcdb396f212660e4a1e6768a85 SHA-256 : ed4534b84ef2aba6121b3748c89ee9d1c24d2d3bf3c03cded8b6a5cf2b7cd898 SHA-512 : b3818ad79cf34124e5c03a818032b892def6acf45d390df1d9d4942448c3bcb0c1071703db07dd6f11c4248373cb04d51499ae03f5144081bf6690ec7f246fc4 Size : 0.444 Kilobytes.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0D3JCK2E\b9d332c3e7[1]	Type : ASCII text, with no line terminators MD5 : 5c9da71976fb9d00f82e61c7e496ba06 SHA-1 : 58884fb0e24a399213205ad35db27e6011bd149c SHA-256 : f69a13217482dc43f25e74cfcb9391d0f06d22501f10f5cb5e413d2d98a5cd23 SHA-512 : dbc11417f6342430d30220b7a4f141f05801520c429cc1c80fec974ba840af1d4c316395cf9b12aafbc36f04795a0558beaec690d43c31fbb86175c2b41557ef Size : 0.057 Kilobytes.
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416	Type : data MD5 : 55540a230bdab55187a841cfe1aa1545 SHA-1 : 363e4734f757bdeb89868efe94907774a327695e SHA-256 : d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb SHA-512 : c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 Size : 1.302 Kilobytes.
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_93E4B2BA79A897B3100CCB27F2D3BF4F	Type : data MD5 : c8860acd1d387fd2094820c0270f5a14 SHA-1 : 30fcc6fe87507c906ea7cca16223d348b6a2d907 SHA-256 : d4e35f29a6c87b8e28eb78d648da5f83214116d370f67a674e6cc9dfea8936d9 SHA-512 : 736e5201a0da3b9b86866d82cfcf1d3d0dcae0d612c995b6a3ca203ca5be453f2f97e011fba0e23370a6453124266485ec67083f2235b15ff5bf9309c486aa8c Size : 0.442 Kilobytes.
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157	Type : data MD5 : a001280dde88dafe3b9d7db33597aa98 SHA-1 : 1df19de7af5f00fcc114e8cd4468de056fcb39dd SHA-256 : 84e08a41b2500b8d151b7dc0e9a6814465e43077578ed7f37c94a5e369bf177e SHA-512 : 150b89020c5be14ac6496d1df8d395c81dc0267f268ea47cac88da975f0f861e9ce4bd6fa0c06c8360a88e0a5147906a10dd81ce756552cfa18ec14271fe4e8e Size : 0.342 Kilobytes.
C:\Users\user\AppData\Local\Temp\nsfA752.tmp\inetc.dll	Type : PE32 executable (DLL) (GUI) Intel 80386, for MS Windows MD5 : c498ae64b4971132bba676873978de1e SHA-1 : 92e4009cd776b6c8616d8bffade7668ef3cb3c27 SHA-256 : 5552bdde7e4113393f683ef501e4cc84dccc071bdc51391ea7fa3e7c1d49e4e8 SHA-512 : 8e5ca35493f749a39ceae6796d2658ba10f7d8d9ceca45bb4365b338fabd1dfa9b9f92e33f50c91b0273e66adfbce4b98b09c15fd2473f8b214ed797462333d7 Size : 20.992 Kilobytes.
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4344B8AF97AF3A423D9EE52899963CDE_6BF99D49F7848CB4DF1BBF4D7AE05358	Type : data MD5 : 649b0351f163aff39b16ec14a01e6333 SHA-1 : c58aaf58210149d2a6a9ec01752958fc54511c48 SHA-256 : baed1542002db71e7fc191ec2ef92fde9e26936721184c327bf751d5c2347c3d SHA-512 : 2f6ea63734c46e5c2ff77c48df367f12fd282ab48775583a4960add2c06a18fba91148319f28ef61d93d5f924fb6e69940f78cff656e4f196ecf50e9bdd43d83 Size : 0.471 Kilobytes.
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3FA0F92EA40DC353FF9E95B9F7D06EAF_02A7BB8D663AB0A2D3E0CE44422ED38B	Type : data MD5 : 34e51a091f2d18de0c9a1b1412f2b166 SHA-1 : 765a37a38fa4d85379db0e320d3e79dcb2b72c29 SHA-256 : 6ee73f56176ede6023f305e6a6fe99cc5022b4ec472828daf97eca301b976f26 SHA-512 : e3e33c93081735b60e8c6428136ddc49f2fd65c2b62dc76517fb93b4c6cb81985b1ffbcd14c0e88ad7af4eeee4a4ca1dc8fffe262ad553c214c44e1a1a181819 Size : 0.446 Kilobytes.
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894	Type : data MD5 : 3aaae1fde39aafa2494465860f228a67 SHA-1 : 2348fb1d0c6da3ca6801a0f809e51d9a4589df68 SHA-256 : 24b64af7649f3ad4681befcf49932785098553d9b9ed8ccc82150b84ffed452a SHA-512 : f100a6265a8ee60f9440ee89c21531a88eee6947e028d20c827b589ab47bc08c6379ede889a027c081111eaef50b560d4c03a6719d1806ee0474e71ee7f8712b Size : 0.432 Kilobytes.
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506	Type : Microsoft Cabinet archive data, 54153 bytes, 1 file MD5 : 767760b1b3b838b2de0599d0e76d1c76 SHA-1 : c56b126f887495918e8abcf813957780f0b9466a SHA-256 : c0f37380971fb93ecb0cfa3c2bd6d91cc77f254f0a6ca41edeff47fda0e409cc SHA-512 : bacdd86b37e70fe36274c6ae9076f0ac89e82245356fe575a69ef15fd50de1d40c89ef454bdd69c4b2a841f0488e082dfa6d7edb477566c13d578c286e04fee6 Size : 54.153 Kilobytes.
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C	Type : data MD5 : 0d4156cba92557fbc94e896514c0137e SHA-1 : 0eac50c4c130b057064282142305f92b5e983912 SHA-256 : 144f10e6127476f51f8bb04b30fe97a740554959b95473557cdea460d3cbd357 SHA-512 : d8839b4dd3431ced4a7f6b553cad0d54fc64400ed91e30f600d1f515abf78f57f4fb56aeff2136de8d5cc64f9fb5da4ce3740248687e3921d0a1958df7e109b6 Size : 0.438 Kilobytes.
C:\Users\user\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018080720180808\index.dat	Type : Internet Explorer cache file version Ver 5.2 MD5 : 90e5d874fdb4e4b184137b9a27edcdbb SHA-1 : 7844c5caf5be10d6099b96611525310fb3a61d75 SHA-256 : ae008a4ceb02affe65f487d4ca8fc8bdf956a0c6422379a058f1dc6ada8883ae SHA-512 : 2abac58d6e34ab05fa765f9dd51d183383bacca6aa4d9cffdc553ccb44320001df05ccf318c5eadc5ae5216afdb8d9b33a000cf477a245a84450b96d39fb743d Size : 32.768 Kilobytes.
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62	Type : data MD5 : 51bc42361c20e7e9939970ea2d27050d SHA-1 : 7a3779d340c8b0c01165ff8c2e4fdf0bc3a26023 SHA-256 : 07e89dfd3faac0f1754f4805d95090a154d429e451e63eec32b924861cd0c389 SHA-512 : 314400a26eff48547e9d443c19f9c5fed45bc1926226f98c6102c1d1ea5cf36bcea604cc104c8d1253c1ebfd8df21a4f18e21fba67e5216f5cd024dce491828e Size : 1.744 Kilobytes.
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3BB9C1BA2D19E090AE305B2683903A0_608E9093E4033CB74CFDFDB1E83A5BC5	Type : data MD5 : b4b4d360140edfe55e6b4a6543188232 SHA-1 : 7c806e13c328172d4e3a2ae94eba59b00bc251a4 SHA-256 : 4f0cbe1122da69edd00559b565241146714b7a547f1fb4410c82fb6e565e26e0 SHA-512 : 3fa668cae19794aed41d9034097deb3a382e60b7e0bd647af39fea1e24088ae116cfa47c8d6cddb2840385947b07b377f0f1eff93554ca40b13de27c76a271a2 Size : 1.618 Kilobytes.
C:\Users\user\AppData\Local\Temp\nsfA752.tmp\UserInfo.dll	Type : PE32 executable (DLL) (GUI) Intel 80386, for MS Windows MD5 : 7579ade7ae1747a31960a228ce02e666 SHA-1 : 8ec8571a296737e819dcf86353a43fcf8ec63351 SHA-256 : 564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5 SHA-512 : a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b Size : 4.096 Kilobytes.
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3FA0F92EA40DC353FF9E95B9F7D06EAF_02A7BB8D663AB0A2D3E0CE44422ED38B	Type : data MD5 : 961d918dea1c184f7964c5f4daa6520f SHA-1 : dd2de222d5139f105b1e2a7a20bd55197fe71ae5 SHA-256 : 35c0d40b16f955e7280f87c2a6e5c2651fc33d9f66dfab6e1f525859d6e42691 SHA-512 : 792000debd0e177af7af2490858b70caced3844346f2a620438c78bb241c7cb1ba735be4632165a1d5de815d9750bab37557ad37d5c390d314fbc5db656b3cc6 Size : 0.471 Kilobytes.
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6A2279C2CA42EBEE26F14589F0736E50	Type : data MD5 : b2c9ba50e62d18f4e2785722add68e38 SHA-1 : b0df4cef3333850d9fcaa97b71a62cc7bfa01dd1 SHA-256 : 3120410e55500e919b71457931b5026270d3b27a642db82b9ed3a5204f2ccf02 SHA-512 : 9f0cd897c91b8b7e3f17a9ec46f645fcc0da1d19543a0804050f80a21bd6f7c13edd74aa0d5c9e421470249c71cd67761ebb81c8a264c0b1569dc3edc999ee51 Size : 0.2 Kilobytes.
C:\Users\user\AppData\Local\Temp\nsfA752.tmp\System.dll	Type : PE32 executable (DLL) (GUI) Intel 80386, for MS Windows MD5 : c17103ae9072a06da581dec998343fc1 SHA-1 : b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d SHA-256 : dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f SHA-512 : d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f Size : 11.264 Kilobytes.
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506	Type : data MD5 : 00e8a9ec3aec582447613c9410169411 SHA-1 : 3ca7722bd586c2b6d4a03266d98ac3b07ab3e4de SHA-256 : 025960248dd97da6b955ff6539765ded191adafdb58a7428bea85ce497f55f24 SHA-512 : e7230eb0ade2829c1149af2b865201118b5537ed5ab1ca4a0a85fb8cdc6d1adb86f852e331d69d4e65ce7b9f9018446e9a9eb3590baa623571b1d285a2840d29 Size : 0.328 Kilobytes.
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_7DC3E633EDFAEFC3AA3C99552548EC2F	Type : data MD5 : fcfb11d4615983dc117c5e24b945d9c7 SHA-1 : 16214f2e5a173aa4950d184aa27407a35f949a72 SHA-256 : b8b59308999a1884493d661f573587af4893c9eadc94645a6a03c3eb758337a6 SHA-512 : bc0e4e2a33d579b1b26fdb985a743b80ac465ee8ccebf63dea95f9bbbfed1df00fa986eb785fb2a1e36011243426206ee276a20797ecb9fc4bd44ff36e125690 Size : 0.5 Kilobytes.
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4344B8AF97AF3A423D9EE52899963CDE_6BF99D49F7848CB4DF1BBF4D7AE05358	Type : data MD5 : f81ec50a62ceaa0c6931b16b93dd6b1c SHA-1 : 7c998a5b44412058eb7ae79ca51307ca77094d51 SHA-256 : 6708be129ede23466e240a3b48ffca81a91a37403a4b42c86b536a8169889541 SHA-512 : be3c23267272c7600f59ea0820aae5eae41d5d13563a44b93a8f3ae6770a65d90edb5341dc601f172035f27bbc53eaf52a25f5d93b85f72766c3fa351469d6f4 Size : 0.438 Kilobytes.
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B3BB9C1BA2D19E090AE305B2683903A0_608E9093E4033CB74CFDFDB1E83A5BC5	Type : data MD5 : 9c21b7e3af584d327ceabba283faa1d3 SHA-1 : 54208532103c81e149097cb62543628491cebc23 SHA-256 : e06c21e97565ca325380e44ab9147e687fcff0f3c444188fe44b0e442312a0a1 SHA-512 : 5172c1248a8fbd23cb061b49becf6425853672a0ac5bff205e2fdf2f113c247948d9b38b2d092474b13d600ee2ff919f1df4f3b7bc7c9d13b3dbba50a8142096 Size : 0.42 Kilobytes.
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62	Type : data MD5 : e9ac65e179cef11ab5eb582eeb2a51ac SHA-1 : 86a955c72bd23fffa97a6f3738ee49f637353133 SHA-256 : 2451b2596d5a3b1e78afdd3dcd048bd8c1520aff58ba24f7d76d087fa2073ccc SHA-512 : 051caf15b81e6d5e730e787938097b632718fb294e96e459973ba3fc44065fe24a84b91d56c713edd946ad49dd902fa45797600c1934ac9f348b44b29b87289c Size : 0.458 Kilobytes.
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894	Type : data MD5 : 209b9bf6f389767b8e5ac07d7bf8b45f SHA-1 : fd17cca7b8cd8cf2290e8752b867838ef2ce07ff SHA-256 : e273bd2f24107fea88ba514117131d0baa9e0b672d11d11e869a0aed3c196845 SHA-512 : 9333367a8bea608077b149243d458375295ec0619f8abea16c0a79654fbc2af433320c1f3e28bd17074b64f65ad577521bd882388a2cfd7d9859518f188410ba Size : 1.548 Kilobytes.
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_9487BC0D4381A7CDEB9A8CC43F66D27C	Type : data MD5 : cef93d7bbae0314746028989c24988ad SHA-1 : 613172cc1edb0924bd9a538e92ddcf906325a149 SHA-256 : 6f59dae3c46cd9d3ad9cbd4e768295813550cb63e328a84109803593970b5f1e SHA-512 : 6e87076b4cd5fb70b869119f030653db82dba75a3909bd268a003152455add97f58e13b08d3eccd60de3cc4f1b54823af48abd7f5ef3ec0c0223e819ba2ae14b Size : 0.471 Kilobytes.
C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT	Type : data MD5 : 696bad2ef23da7f0ccaaa7f76ab9fdf0 SHA-1 : 0efe907b47e8331cf56a95c0c06d324257ece202 SHA-256 : bd27979561fac15e4043fc980ad62f24f00738cba1f22b8e45cf1d50d88d1828 SHA-512 : fb1a4afdbf5f9e3d7e55eb806f660057927d6c35740c69ed2790fd7149b86b8637a39cf0315fcb182622a87d06362876c5621441911bff3d11c24d7fa19bbe7c Size : 84.528 Kilobytes.
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8828F39C7C0CE9A14B25C7EB321181BA_BD8B98368542C3BBAE3413A0EF3BB623	Type : data MD5 : 3ca1bdd33df367134cc91857e7af68ce SHA-1 : 41254ea87c5825d63c499b7ed4e4196cab80b4c9 SHA-256 : 8e61e38ca9addef2141a035bcbdd8754d166e6705253cd31678b6c02e1cc9fcb SHA-512 : 3476d03232238cf52fa8e192fc7befa82be55bdbe0f70dd9a88fd3e1fdd507efebf33a2b0bb4fa94bb8c7afa9f2003faaf944e877c97b8fd292ac5476d3909c7 Size : 0.396 Kilobytes.
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8828F39C7C0CE9A14B25C7EB321181BA_BD8B98368542C3BBAE3413A0EF3BB623	Type : data MD5 : eec3c77f2b72318bc4d1b010231b47cd SHA-1 : 23449e3de417382dc32263b101dbff47d16f413c SHA-256 : 5f724019362d7a2c363896416c0ddc477fd2cb2fa852bc17eee3b8ccb814b172 SHA-512 : d6d46de3afd6a861dabcfdc0891426fc162c509340b0f63298ab20386f5b29362cbfc61038dfcbcb2de0773bc96b4f6b82765edb449995c8e7c55c80612daf8f Size : 1.754 Kilobytes.
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_93E4B2BA79A897B3100CCB27F2D3BF4F	Type : data MD5 : cfb59c6876796ad6954f416b2143c6f0 SHA-1 : 44ec95593e0e025be8a2efb391f65547d4c3d808 SHA-256 : e41f5b25f4ede5897684fa4927d5ec7e1c09fda05b28f0eb12a870095a29b830 SHA-512 : 16a3b4ff73f614ad300d55e3a3903f296fa6250ce26a8bd9d9125330d094c75ad6c35ee6bf638a8ce176339474716bde2114d2453a29a8df441cec199e6c0a4d Size : 1.426 Kilobytes.
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD	Type : data MD5 : 48aadf58b4af3f7da0ddbfcdc221c812 SHA-1 : e7376f3b4c50f964b4e1fd16a5197baa080e8ff2 SHA-256 : dd571ec73f4aedb266e343bd033b4ecdb629ec3f3247b7a27713244b321dae3e SHA-512 : 88a095bef92a0cbcca55777fcd6b235748ba0dcf9ff608ac8600fcb676de00dc2d19e5bb13e5526960a0d1d50115745bc608a97511ee7bb4b80a1b0eafd0462d Size : 0.408 Kilobytes.
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6A2279C2CA42EBEE26F14589F0736E50	Type : data MD5 : 77ca4289661000b3a8b8e912e7d2138b SHA-1 : deec92073bea4176589f4840121ecf6f2750b1b4 SHA-256 : a7692aa2b5b2664de344b922a091b7ba6f4fa01a4ffc80f279bac31d4a3e468b SHA-512 : f8dc07c60abeab1b60ded14c3d51c25a41f28fa7ec657a06038ecb2afef504450646d3041557fafbd4777263a8ed5a2039a20b37f3a341518bacdd319c7b6d02 Size : 0.434 Kilobytes.
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_7DC3E633EDFAEFC3AA3C99552548EC2F	Type : data MD5 : 0439925669525c6a542a7ed674c96a36 SHA-1 : 6cb9f346c4a89776b113036f5482c0776d0c110e SHA-256 : 8369e6da8d5db40ac2a8624e11fa8fd16d60b9492054025f4bf0e335e1ff3863 SHA-512 : 37f2e54fc9eb3ab2c654f9a1d40fb676105643d5059cee6ebd18516a6e004a41758014969f01daa262552282384a10e1bb731af8387da2f64b2a2da54919df2f Size : 1.52 Kilobytes.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8W72H2L\nr-1071.min[1].js	Type : ASCII text, with very long lines, with no line terminators MD5 : a1a545c95f313a230157b47dca555c25 SHA-1 : 3c6346aea5d04121ca868e984a819c68512b697d SHA-256 : 56097e8b7ceb27db42a5e102af6d11dfdcaee13d8716477a8e242b4957d7a280 SHA-512 : 32e6f74e7c3098dd8360d4f27cb98276b23119f521897a197fc8501507fe8b38c2c0cf3ba7bfa11f1ceee93106563f1eb4c3e68d76b6c7d0dad567ec92a4b7d6 Size : 23.651 Kilobytes.
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416	Type : data MD5 : 5dc9dc09f0a5fd5d4bd2abf239ef349a SHA-1 : 4966105c94d7ba2c4d9751253f96c2df950a5b3f SHA-256 : c0c9cd9ecf0ed9c3d563ae9dd169b230721b0c48ed10f6d9dc62f8f97c6e7e37 SHA-512 : d4164bc5412f44e773c8ec7ddd8061e17afd9cad77f3d84012608bbb19d08c8f1470dd5e0e23ff8d8322b26ab6a7de5a25d4c112a48adcfa778670ce429602a6 Size : 0.23 Kilobytes.

MATCH YARA RULES

Match Rules

STATIC FILE INFO

File Name:	primopdfsetup.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
SHA1:	5732b93642462b9c529ac1888286d778f044f6b1
MD5:	d7a9a897aa8a40bf3017356782de442d
First Seen Date:	2018-08-07 01:02:32.055145 ( 2018-08-07 01:02:32.055145 )
Number of Clients Seen:	2
Last Analysis Date:	2018-08-07 01:02:32.055145 ( 2018-08-07 01:02:32.055145 )
Human Expert Analysis Date:	2019-01-20 14:13:52.569458 ( 2019-01-20 14:13:52.569458 )
Human Expert Analysis Result:	PUA

PE Headers

Property	Value
magic literal enum	3
file type enum	6
debug artifacts	[]
number of sections	5
trid	[]
compilation time stamp	0x4B1AE3CC [Sat Dec 5 22:50:52 2009 UTC]
entry point	0x4030fa (.text)
machine type	Intel 386 or later - 32Bit
file size	760720
ssdeep
sha256	7202325e3163e756f24f4c93c17630358a582e17baa608341b8c7f8605c7cb27
exifinfo	[]
mime type	application/x-dosexec
imphash

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	MD5
.text	0x1000	0x5c4c	0x5e00	6.4401055495	856b32eb77dfd6fb67f21d6543272da5
.rdata	0x7000	0x129c	0x1400	5.04683530791	dc77f8a1e6985a4361c55642680ddb4f
.data	0x9000	0x25c58	0x400	4.80100375272	7922d4ce117d7d5b3ac2cffe4b0b5e4f
.ndata	0x2f000	0x9000	0x0	0.0	d41d8cd98f00b204e9800998ecf8427e
.rsrc	0x38000	0x96a0	0x9800	6.46794824264	9db491049faa17da4c23752a499c4e67

{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 230160, u'sha256': u'3007981afb2289a983ecdccfced0f0e6ea190fc60b5463135a083d9ab597c6f3', u'type': u'PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced', u'size': 12841}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 243008, u'sha256': u'03d6a74140c7c2e39bfab31e909e16749a6f52029b98cde1f115af72ff9eefc9', u'type': u'dBase III DBT, version number 0, next free block index 40', u'size': 9640}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 252648, u'sha256': u'56e50e40ca96c822f551210a66b14cd21d4cbc66c91416494f442e0074884fc3', u'type': u'data', u'size': 4264}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 256912, u'sha256': u'62fbb015b4e82e0992886c0e589c1c9084a65728c71886bc10184f7459da6cfd', u'type': u'data', u'size': 3752}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 260664, u'sha256': u'7f8ced43c2e5c0cdc87db69ed238ee916151251599c454088a450b065452caa4', u'type': u'data', u'size': 2216}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 262880, u'sha256': u'f2ed0d176730d00be8aaa18961885715bcf57bea64816bfc2073dfa482ca87c4', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 1384}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 264264, u'sha256': u'fc46fd34cc3beb5da5feb6d54b2dd32442280c706216c78227c50c78a8508e72', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 1128}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 265392, u'sha256': u'7efc7114648e0832e7b437c0ab9aaeed7cbf79957ede6854f76ba3aa57b9a87b', u'type': u'data', u'size': 744}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_ICON', u'offset': 266136, u'sha256': u'8e6d9e02b8bbf3430dc46c698f9b1bb6e56da174da1580a7fe08b1352f746911', u'type': u'GLS_BINARY_LSB_FIRST', u'size': 296}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_DIALOG', u'offset': 266432, u'sha256': u'fecdb955f8d7f1c219ff8167f90b64f3cb52e53337494577ff73c0ac1dafcd96', u'type': u'data', u'size': 256}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_DIALOG', u'offset': 266688, u'sha256': u'69897c784f1491eb3024b0d52c2897196a2e245974497fda1915db5fefcf8729', u'type': u'data', u'size': 284}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_DIALOG', u'offset': 266976, u'sha256': u'85025c8556952f6a651c2468c8a0d58853b0ba482be9ad5cd3060f216540dfc0', u'type': u'data', u'size': 96}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_GROUP_ICON', u'offset': 267072, u'sha256': u'f4659a766f45a08245e3473d39c8f78bdebbe0f2fab5f9dd44d4d2cfef329b0a', u'type': u'MS Windows icon resource - 9 icons, 32x32, 16 colors', u'size': 132}

{u'lang': u'LANG_ENGLISH', u'name': u'RT_MANIFEST', u'offset': 267208, u'sha256': u'0a8ea44c423c7094712bf091f4a40cf1446ae63345a69b396367f29d7da83df5', u'type': u'XML 1.0 document, ASCII text, with very long lines, with no line terminators', u'size': 727}

File Name: primopdfsetup.exe

File Type: PE32 executable (GUI) Intel 80386, for MS Windows

SHA1: 5732b93642462b9c529ac1888286d778f044f6b1

MD5: d7a9a897aa8a40bf3017356782de442d

CREATED / DROPPED FILES

MATCH YARA RULES

STATIC FILE INFO

ADDITIONAL FILE INFORMATION

PE Headers

PE Sections

PE Resources

CERTIFICATE VALIDATION