Malware Analysis Report

2024-10-19 09:24

Sample ID 230819-yn4caade6v
Target wpp.vbs
SHA256 5ad4d5fb75a277e31b05e1a6f19c5fc3c007b5c2be03109d876ca457173a135a
Tags
wshrat persistence trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5ad4d5fb75a277e31b05e1a6f19c5fc3c007b5c2be03109d876ca457173a135a

Threat Level: Known bad

The file wpp.vbs was found to be: Known bad.

Malicious Activity Summary

wshrat persistence trojan

WSHRAT

Downloads MZ/PE file

Blocklisted process makes network request

Executes dropped EXE

Drops startup file

Adds Run key to start application

Drops file in Program Files directory

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

NTFS ADS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-08-19 19:56

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-08-19 19:56

Reported

2023-08-19 19:59

Platform

win7-20230712-en

Max time kernel

150s

Max time network

155s

Command Line

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\wpp.vbs"

Signatures

WSHRAT

trojan wshrat

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wpp.vbs C:\Windows\System32\WScript.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wpp.vbs C:\Windows\System32\WScript.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Windows\CurrentVersion\Run\wpp = "wscript.exe //B \"C:\\Users\\Admin\\AppData\\Local\\Temp\\wpp.vbs\"" C:\Windows\System32\WScript.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wpp = "wscript.exe //B \"C:\\Users\\Admin\\AppData\\Local\\Temp\\wpp.vbs\"" C:\Windows\System32\WScript.exe N/A

Enumerates physical storage devices

Processes

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\wpp.vbs"

Network

Country Destination Domain Proto
US 8.8.8.8:53 chongmei33.publicvm.com udp
SG 103.47.144.118:7045 chongmei33.publicvm.com tcp
SG 103.47.144.118:7045 chongmei33.publicvm.com tcp
SG 103.47.144.118:7045 chongmei33.publicvm.com tcp
SG 103.47.144.118:7045 chongmei33.publicvm.com tcp
SG 103.47.144.118:7045 chongmei33.publicvm.com tcp
SG 103.47.144.118:7045 chongmei33.publicvm.com tcp
SG 103.47.144.118:7045 chongmei33.publicvm.com tcp
SG 103.47.144.118:7045 chongmei33.publicvm.com tcp
SG 103.47.144.118:7045 chongmei33.publicvm.com tcp
SG 103.47.144.118:7045 chongmei33.publicvm.com tcp
SG 103.47.144.118:7045 chongmei33.publicvm.com tcp
SG 103.47.144.118:7045 chongmei33.publicvm.com tcp
SG 103.47.144.118:7045 chongmei33.publicvm.com tcp
SG 103.47.144.118:7045 chongmei33.publicvm.com tcp
SG 103.47.144.118:7045 chongmei33.publicvm.com tcp
SG 103.47.144.118:7045 chongmei33.publicvm.com tcp
SG 103.47.144.118:7045 chongmei33.publicvm.com tcp
SG 103.47.144.118:7045 chongmei33.publicvm.com tcp
SG 103.47.144.118:7045 chongmei33.publicvm.com tcp
SG 103.47.144.118:7045 chongmei33.publicvm.com tcp
SG 103.47.144.118:7045 chongmei33.publicvm.com tcp
SG 103.47.144.118:7045 chongmei33.publicvm.com tcp
SG 103.47.144.118:7045 chongmei33.publicvm.com tcp
SG 103.47.144.118:7045 chongmei33.publicvm.com tcp
SG 103.47.144.118:7045 chongmei33.publicvm.com tcp

Files

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wpp.vbs

MD5 d87d4c42c10f332a96aa10ffb455f49d
SHA1 c6167ce4e59f14ce826a50e8d32847101e5e9dc8
SHA256 5ad4d5fb75a277e31b05e1a6f19c5fc3c007b5c2be03109d876ca457173a135a
SHA512 d01c7072b7f9e85dbc8f160f0afc17116a5ec5039a1f07a9201d517d8029acc8f31b446ccd66f832eb5ea58c3e88db88b2e442c7965e0318af32852512c3aa8a

Analysis: behavioral2

Detonation Overview

Submitted

2023-08-19 19:56

Reported

2023-08-19 19:59

Platform

win10v2004-20230703-en

Max time kernel

150s

Max time network

153s

Command Line

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\wpp.vbs"

Signatures

WSHRAT

trojan wshrat

Downloads MZ/PE file

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wpp.vbs C:\Windows\System32\WScript.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wpp.vbs C:\Windows\System32\WScript.exe N/A
File opened for modification \??\c:\users\admin\appdata\roaming\microsoft\windows\start menu\programs\startup\wpp.vbs C:\Windows\system32\taskmgr.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wpp = "wscript.exe //B \"C:\\Users\\Admin\\AppData\\Local\\Temp\\wpp.vbs\"" C:\Windows\System32\WScript.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wpp = "wscript.exe //B \"C:\\Users\\Admin\\AppData\\Local\\Temp\\wpp.vbs\"" C:\Windows\System32\WScript.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wpp = "wscript.exe //B \"C:\\Users\\Admin\\AppData\\Local\\Temp\\wpp.vbs\"" C:\Windows\System32\WScript.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wpp = "wscript.exe //B \"C:\\Users\\Admin\\AppData\\Local\\Temp\\wpp.vbs\"" C:\Windows\System32\WScript.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wpp = "wscript.exe //B \"C:\\Users\\Admin\\AppData\\Local\\Temp\\wpp.vbs\"" C:\Windows\System32\WScript.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wpp = "wscript.exe //B \"C:\\Users\\Admin\\AppData\\Local\\Temp\\wpp.vbs\"" C:\Windows\System32\WScript.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wpp = "wscript.exe //B \"C:\\Users\\Admin\\AppData\\Local\\Temp\\wpp.vbs\"" C:\Windows\System32\WScript.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wpp = "wscript.exe //B \"C:\\Users\\Admin\\AppData\\Local\\Temp\\wpp.vbs\"" C:\Windows\System32\WScript.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wpp = "wscript.exe //B \"C:\\Users\\Admin\\AppData\\Local\\Temp\\wpp.vbs\"" C:\Windows\System32\WScript.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wpp = "wscript.exe //B \"C:\\Users\\Admin\\AppData\\Local\\Temp\\wpp.vbs\"" C:\Windows\System32\WScript.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wpp = "wscript.exe //B \"C:\\Users\\Admin\\AppData\\Local\\Temp\\wpp.vbs\"" C:\Windows\System32\WScript.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wpp = "wscript.exe //B \"C:\\Users\\Admin\\AppData\\Local\\Temp\\wpp.vbs\"" C:\Windows\System32\WScript.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wpp = "wscript.exe //B \"C:\\Users\\Admin\\AppData\\Local\\Temp\\wpp.vbs\"" C:\Windows\System32\WScript.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wpp = "wscript.exe //B \"C:\\Users\\Admin\\AppData\\Local\\Temp\\wpp.vbs\"" C:\Windows\System32\WScript.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wpp = "wscript.exe //B \"C:\\Users\\Admin\\AppData\\Local\\Temp\\wpp.vbs\"" C:\Windows\System32\WScript.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wpp = "wscript.exe //B \"C:\\Users\\Admin\\AppData\\Local\\Temp\\wpp.vbs\"" C:\Windows\System32\WScript.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wpp = "wscript.exe //B \"C:\\Users\\Admin\\AppData\\Local\\Temp\\wpp.vbs\"" C:\Windows\System32\WScript.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wpp = "wscript.exe //B \"C:\\Users\\Admin\\AppData\\Local\\Temp\\wpp.vbs\"" C:\Windows\System32\WScript.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wpp = "wscript.exe //B \"C:\\Users\\Admin\\AppData\\Local\\Temp\\wpp.vbs\"" C:\Windows\System32\WScript.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wpp = "wscript.exe //B \"C:\\Users\\Admin\\AppData\\Local\\Temp\\wpp.vbs\"" C:\Windows\System32\WScript.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wpp = "wscript.exe //B \"C:\\Users\\Admin\\AppData\\Local\\Temp\\wpp.vbs\"" C:\Windows\System32\WScript.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wpp = "wscript.exe //B \"C:\\Users\\Admin\\AppData\\Local\\Temp\\wpp.vbs\"" C:\Windows\System32\WScript.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wpp = "wscript.exe //B \"C:\\Users\\Admin\\AppData\\Local\\Temp\\wpp.vbs\"" C:\Windows\System32\WScript.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wpp = "wscript.exe //B \"C:\\Users\\Admin\\AppData\\Local\\Temp\\wpp.vbs\"" C:\Windows\System32\WScript.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wpp = "wscript.exe //B \"C:\\Users\\Admin\\AppData\\Local\\Temp\\wpp.vbs\"" C:\Windows\System32\WScript.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wpp = "wscript.exe //B \"C:\\Users\\Admin\\AppData\\Local\\Temp\\wpp.vbs\"" C:\Windows\System32\WScript.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\HitmanPro\HitmanPro.exe C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
File created C:\Program Files\HitmanPro\hmpsched.exe C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A
File created C:\Program Files\HitmanPro\HitmanPro.exe C:\Users\Admin\Downloads\HitmanPro_x64.exe N/A

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3195054982-4292022746-1467505928-1000_Classes\Local Settings C:\Windows\system32\taskmgr.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3195054982-4292022746-1467505928-1000\{AE2A7770-DB0D-4C25-B45F-EBC2682B52FF} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 786446.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: 33 N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4592 wrote to memory of 4896 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\wscript.exe
PID 4592 wrote to memory of 4896 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\wscript.exe
PID 1032 wrote to memory of 2488 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\wscript.exe
PID 1032 wrote to memory of 2488 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\wscript.exe
PID 1988 wrote to memory of 3244 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\wscript.exe
PID 1988 wrote to memory of 3244 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\wscript.exe
PID 1856 wrote to memory of 4792 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\wscript.exe
PID 1856 wrote to memory of 4792 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\wscript.exe
PID 1776 wrote to memory of 544 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\wscript.exe
PID 1776 wrote to memory of 544 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\wscript.exe
PID 4368 wrote to memory of 4548 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\wscript.exe
PID 4368 wrote to memory of 4548 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\wscript.exe
PID 5068 wrote to memory of 3024 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\wscript.exe
PID 5068 wrote to memory of 3024 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\wscript.exe
PID 2872 wrote to memory of 5060 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\wscript.exe
PID 2872 wrote to memory of 5060 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\wscript.exe
PID 4392 wrote to memory of 2840 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\wscript.exe
PID 4392 wrote to memory of 2840 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\wscript.exe
PID 4156 wrote to memory of 3384 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\wscript.exe
PID 4156 wrote to memory of 3384 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\wscript.exe
PID 3776 wrote to memory of 4348 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\wscript.exe
PID 3776 wrote to memory of 4348 N/A C:\Windows\System32\WScript.exe C:\Windows\System32\wscript.exe
PID 4204 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 2784 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4204 wrote to memory of 4712 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\wpp.vbs"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\System32\Notepad.exe

"C:\Windows\System32\Notepad.exe" C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wpp.vbs

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wpp.vbs"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wpp.vbs"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wpp.vbs"

C:\Windows\System32\wscript.exe

"C:\Windows\System32\wscript.exe" //B "C:\Users\Admin\AppData\Local\Temp\wpp.vbs"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wpp.vbs"

C:\Windows\System32\wscript.exe

"C:\Windows\System32\wscript.exe" //B "C:\Users\Admin\AppData\Local\Temp\wpp.vbs"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wpp.vbs"

C:\Windows\System32\wscript.exe

"C:\Windows\System32\wscript.exe" //B "C:\Users\Admin\AppData\Local\Temp\wpp.vbs"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wpp.vbs"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wpp.vbs"

C:\Windows\System32\wscript.exe

"C:\Windows\System32\wscript.exe" //B "C:\Users\Admin\AppData\Local\Temp\wpp.vbs"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wpp.vbs"

C:\Windows\System32\wscript.exe

"C:\Windows\System32\wscript.exe" //B "C:\Users\Admin\AppData\Local\Temp\wpp.vbs"

C:\Windows\System32\wscript.exe

"C:\Windows\System32\wscript.exe" //B "C:\Users\Admin\AppData\Local\Temp\wpp.vbs"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wpp.vbs"

C:\Windows\System32\wscript.exe

"C:\Windows\System32\wscript.exe" //B "C:\Users\Admin\AppData\Local\Temp\wpp.vbs"

C:\Windows\System32\wscript.exe

"C:\Windows\System32\wscript.exe" //B "C:\Users\Admin\AppData\Local\Temp\wpp.vbs"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wpp.vbs"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wpp.vbs"

C:\Windows\System32\wscript.exe

"C:\Windows\System32\wscript.exe" //B "C:\Users\Admin\AppData\Local\Temp\wpp.vbs"

C:\Windows\System32\wscript.exe

"C:\Windows\System32\wscript.exe" //B "C:\Users\Admin\AppData\Local\Temp\wpp.vbs"

C:\Windows\System32\wscript.exe

"C:\Windows\System32\wscript.exe" //B "C:\Users\Admin\AppData\Local\Temp\wpp.vbs"

C:\Windows\System32\kwrgi5.exe

"C:\Windows\System32\kwrgi5.exe"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wpp.vbs"

C:\Windows\System32\wscript.exe

"C:\Windows\System32\wscript.exe" //B "C:\Users\Admin\AppData\Local\Temp\wpp.vbs"

C:\Windows\sysmon.exe

"C:\Windows\sysmon.exe"

C:\Windows\sysmon.exe

"C:\Windows\sysmon.exe"

C:\Windows\sysmon.exe

"C:\Windows\sysmon.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8b95146f8,0x7ff8b9514708,0x7ff8b9514718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,14030962151749652260,6376156173682794415,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,14030962151749652260,6376156173682794415,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,14030962151749652260,6376156173682794415,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14030962151749652260,6376156173682794415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14030962151749652260,6376156173682794415,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14030962151749652260,6376156173682794415,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14030962151749652260,6376156173682794415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,14030962151749652260,6376156173682794415,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,14030962151749652260,6376156173682794415,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14030962151749652260,6376156173682794415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14030962151749652260,6376156173682794415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14030962151749652260,6376156173682794415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14030962151749652260,6376156173682794415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14030962151749652260,6376156173682794415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2012,14030962151749652260,6376156173682794415,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3672 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2012,14030962151749652260,6376156173682794415,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6036 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14030962151749652260,6376156173682794415,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14030962151749652260,6376156173682794415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14030962151749652260,6376156173682794415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14030962151749652260,6376156173682794415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4bc 0x3cc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14030962151749652260,6376156173682794415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14030962151749652260,6376156173682794415,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14030962151749652260,6376156173682794415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6672 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14030962151749652260,6376156173682794415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14030962151749652260,6376156173682794415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14030962151749652260,6376156173682794415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14030962151749652260,6376156173682794415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14030962151749652260,6376156173682794415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7608 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14030962151749652260,6376156173682794415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7528 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14030962151749652260,6376156173682794415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7696 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14030962151749652260,6376156173682794415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14030962151749652260,6376156173682794415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7728 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14030962151749652260,6376156173682794415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8732 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,14030962151749652260,6376156173682794415,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2012,14030962151749652260,6376156173682794415,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3864 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2012,14030962151749652260,6376156173682794415,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5952 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2012,14030962151749652260,6376156173682794415,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3952 /prefetch:8

C:\Users\Admin\Downloads\HitmanPro_x64.exe

"C:\Users\Admin\Downloads\HitmanPro_x64.exe"

C:\Users\Admin\AppData\Local\Temp\HitmanPro_x64.exe

"C:\Users\Admin\AppData\Local\Temp\HitmanPro_x64.exe" /update:"C:\Users\Admin\Downloads\HitmanPro_x64.exe"

C:\Users\Admin\Downloads\HitmanPro_x64.exe

"C:\Users\Admin\Downloads\HitmanPro_x64.exe" /updated:"C:\Users\Admin\AppData\Local\Temp\HitmanPro_x64.exe"

C:\Program Files\HitmanPro\hmpsched.exe

"C:\Program Files\HitmanPro\hmpsched.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 240.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 chongmei33.publicvm.com udp
SG 103.47.144.118:7045 chongmei33.publicvm.com tcp
US 8.8.8.8:53 118.144.47.103.in-addr.arpa udp
SG 103.47.144.118:7045 chongmei33.publicvm.com tcp
SG 103.47.144.118:7045 chongmei33.publicvm.com tcp
SG 103.47.144.118:7045 chongmei33.publicvm.com tcp
SG 103.47.144.118:7045 chongmei33.publicvm.com tcp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
SG 103.47.144.118:7045 chongmei33.publicvm.com tcp
SG 103.47.144.118:7045 chongmei33.publicvm.com tcp
SG 103.47.144.118:7045 chongmei33.publicvm.com tcp
SG 103.47.144.118:7045 chongmei33.publicvm.com tcp
SG 103.47.144.118:7045 chongmei33.publicvm.com tcp
SG 103.47.144.118:7045 chongmei33.publicvm.com tcp
SG 103.47.144.118:7045 chongmei33.publicvm.com tcp
SG 103.47.144.118:7045 chongmei33.publicvm.com tcp
SG 103.47.144.118:7045 chongmei33.publicvm.com tcp
US 8.8.8.8:53 0.77.109.52.in-addr.arpa udp
SG 103.47.144.118:7045 chongmei33.publicvm.com tcp
SG 103.47.144.118:7045 chongmei33.publicvm.com tcp
NL 104.110.240.113:443 www.bing.com tcp
US 8.8.8.8:53 113.240.110.104.in-addr.arpa udp
SG 103.47.144.118:7045 chongmei33.publicvm.com tcp
N/A 224.0.0.251:5353 udp
SG 103.47.144.118:7045 chongmei33.publicvm.com tcp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
NL 104.110.240.131:443 r.bing.com tcp
NL 104.110.240.131:443 r.bing.com tcp
NL 104.110.240.91:443 r.bing.com tcp
NL 104.110.240.91:443 r.bing.com tcp
US 8.8.8.8:53 131.240.110.104.in-addr.arpa udp
US 8.8.8.8:53 91.240.110.104.in-addr.arpa udp
US 8.8.8.8:53 www.bleepingcomputer.com udp
US 104.20.59.209:443 www.bleepingcomputer.com tcp
US 104.20.59.209:443 www.bleepingcomputer.com tcp
US 8.8.8.8:53 209.59.20.104.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 20.190.159.75:443 login.microsoftonline.com tcp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 www.bleepstatic.com udp
US 8.8.8.8:53 a.pub.network udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 104.26.12.6:443 www.bleepstatic.com tcp
US 104.26.12.6:443 www.bleepstatic.com tcp
US 104.26.12.6:443 www.bleepstatic.com tcp
US 104.26.12.6:443 www.bleepstatic.com tcp
US 104.26.12.6:443 www.bleepstatic.com tcp
US 104.26.12.6:443 www.bleepstatic.com tcp
US 104.18.21.206:443 a.pub.network tcp
US 8.8.8.8:53 s9.addthis.com udp
US 8.8.8.8:53 ecdn.analysis.fi udp
US 8.8.8.8:53 ecdn.firstimpression.io udp
US 18.65.39.51:443 ecdn.firstimpression.io tcp
NL 104.85.4.121:443 s9.addthis.com tcp
NL 52.222.139.48:443 ecdn.analysis.fi tcp
US 8.8.8.8:53 bleepingcomputer.disqus.com udp
US 199.232.192.134:443 bleepingcomputer.disqus.com tcp
US 8.8.8.8:53 functionalfeather.com udp
US 34.110.189.112:443 functionalfeather.com tcp
US 8.8.8.8:53 d.pub.network udp
US 34.160.152.31:443 d.pub.network tcp
US 8.8.8.8:53 c.disquscdn.com udp
US 8.8.8.8:53 disqus.com udp
US 151.101.0.134:443 disqus.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 104.26.12.6:443 www.bleepstatic.com tcp
US 18.65.39.90:443 c.disquscdn.com tcp
US 8.8.8.8:53 6.12.26.104.in-addr.arpa udp
US 8.8.8.8:53 206.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 8.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 196.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 51.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 121.4.85.104.in-addr.arpa udp
US 8.8.8.8:53 48.139.222.52.in-addr.arpa udp
US 8.8.8.8:53 134.192.232.199.in-addr.arpa udp
US 8.8.8.8:53 17.211.227.13.in-addr.arpa udp
US 8.8.8.8:53 112.189.110.34.in-addr.arpa udp
US 8.8.8.8:53 31.152.160.34.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 widgets.outbrain.com udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 2.18.121.70:80 apps.identrust.com tcp
GB 96.16.109.182:443 widgets.outbrain.com tcp
NL 108.156.60.52:443 sb.scorecardresearch.com tcp
US 8.8.8.8:53 tempest.services.disqus.com udp
US 199.232.192.64:443 tempest.services.disqus.com tcp
US 8.8.8.8:53 referrer.disqus.com udp
US 199.232.192.134:443 referrer.disqus.com tcp
US 18.65.39.90:443 c.disquscdn.com tcp
US 8.8.8.8:53 optimise.net udp
US 34.111.152.239:443 optimise.net tcp
US 8.8.8.8:53 static.adsafeprotected.com udp
DE 172.217.23.194:443 securepubads.g.doubleclick.net tcp
US 8.8.8.8:53 cdn.confiant-integrations.net udp
US 8.8.8.8:53 freestar-io.videoplayerhub.com udp
US 8.8.8.8:53 cdn.hadronid.net udp
US 8.8.8.8:53 cdn.firstimpression.io udp
US 18.65.39.115:443 static.adsafeprotected.com tcp
US 18.65.39.115:443 static.adsafeprotected.com tcp
US 34.111.152.239:443 optimise.net udp
US 104.18.43.90:443 cdn.confiant-integrations.net tcp
US 104.26.9.50:443 freestar-io.videoplayerhub.com tcp
US 104.22.53.173:443 cdn.hadronid.net tcp
US 18.65.39.42:443 cdn.firstimpression.io tcp
US 8.8.8.8:53 cdn.taboola.com udp
US 151.101.1.44:443 cdn.taboola.com tcp
US 8.8.8.8:53 btloader.com udp
US 104.26.6.139:443 btloader.com tcp
US 8.8.8.8:53 tag.escalated.io udp
US 8.8.8.8:53 id.hadron.ad.gt udp
DE 172.217.23.194:443 securepubads.g.doubleclick.net udp
US 3.131.10.225:443 tag.escalated.io tcp
US 104.22.5.69:443 id.hadron.ad.gt tcp
US 34.110.189.112:443 functionalfeather.com udp
US 8.8.8.8:53 90.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 206.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 134.0.101.151.in-addr.arpa udp
US 8.8.8.8:53 198.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 70.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 182.109.16.96.in-addr.arpa udp
US 8.8.8.8:53 52.60.156.108.in-addr.arpa udp
US 8.8.8.8:53 64.192.232.199.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 239.152.111.34.in-addr.arpa udp
US 8.8.8.8:53 194.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 115.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 90.43.18.104.in-addr.arpa udp
US 8.8.8.8:53 50.9.26.104.in-addr.arpa udp
US 8.8.8.8:53 173.53.22.104.in-addr.arpa udp
US 8.8.8.8:53 42.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 44.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 139.6.26.104.in-addr.arpa udp
US 8.8.8.8:53 69.5.22.104.in-addr.arpa udp
SG 103.47.144.118:7045 chongmei33.publicvm.com tcp
US 8.8.8.8:53 api.btloader.com udp
US 130.211.23.194:443 api.btloader.com tcp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 api.floors.dev udp
US 104.26.3.70:443 ad-delivery.net tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 34.160.128.112:443 api.floors.dev tcp
US 34.160.128.112:443 api.floors.dev udp
US 8.8.8.8:53 a.disquscdn.com udp
US 130.211.23.194:443 api.btloader.com udp
US 199.232.194.49:443 a.disquscdn.com tcp
US 3.131.10.225:443 tag.escalated.io tcp
US 8.8.8.8:53 services.bingapis.com udp
US 8.8.8.8:53 225.10.131.3.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 70.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 112.128.160.34.in-addr.arpa udp
US 8.8.8.8:53 49.194.232.199.in-addr.arpa udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 api.intentiq.com udp
US 8.8.8.8:53 sync.intentiq.com udp
NL 108.156.60.123:443 api.intentiq.com tcp
NL 65.9.86.36:443 sync.intentiq.com tcp
US 8.8.8.8:53 c.pub.network udp
US 34.160.152.31:443 c.pub.network tcp
US 8.8.8.8:53 imasdk.googleapis.com udp
NL 142.250.179.170:443 imasdk.googleapis.com tcp
US 8.8.8.8:53 player.vimeo.com udp
US 34.160.152.31:443 c.pub.network udp
US 162.159.138.60:443 player.vimeo.com tcp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 123.60.156.108.in-addr.arpa udp
US 8.8.8.8:53 36.86.9.65.in-addr.arpa udp
US 8.8.8.8:53 170.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 162.179.250.142.in-addr.arpa udp
NL 142.250.179.170:443 imasdk.googleapis.com udp
US 8.8.8.8:53 s0.2mdn.net udp
NL 142.250.179.134:443 s0.2mdn.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 vod-progressive.akamaized.net udp
US 2.18.121.72:443 vod-progressive.akamaized.net tcp
US 8.8.8.8:53 60.138.159.162.in-addr.arpa udp
US 8.8.8.8:53 134.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 2.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 72.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 partner.googleadservices.com udp
US 8.8.8.8:53 csi.gstatic.com udp
AE 142.250.181.67:443 csi.gstatic.com tcp
US 8.8.8.8:53 secure.quantserve.com udp
US 8.8.8.8:53 www.googletagservices.com udp
US 8.8.8.8:53 bid.g.doubleclick.net udp
US 192.184.69.239:443 secure.quantserve.com tcp
NL 142.251.36.1:443 tpc.googlesyndication.com tcp
NL 142.251.36.1:443 tpc.googlesyndication.com tcp
NL 142.251.39.98:443 www.googletagservices.com tcp
NL 142.250.27.156:443 bid.g.doubleclick.net tcp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 s.ntv.io udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
US 8.8.8.8:53 oa.openxcdn.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 s2s.t13.io udp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 8.8.8.8:53 c2shb.pubgw.yahoo.com udp
US 8.8.8.8:53 rtb.openx.net udp
US 52.223.40.198:443 match.adsrvr.org tcp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 colossusssp.com udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 bidder.criteo.com udp
US 8.8.8.8:53 c2shb.ssp.yahoo.com udp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
US 34.102.146.192:443 oa.openxcdn.net tcp
US 104.22.53.86:443 cdn.id5-sync.com tcp
FR 178.250.7.2:443 static.criteo.net tcp
US 34.202.147.104:443 tlx.3lift.com tcp
US 52.4.33.45:443 c2shb.ssp.yahoo.com tcp
US 52.4.33.45:443 c2shb.ssp.yahoo.com tcp
US 34.235.214.237:443 btlr.sharethrough.com tcp
US 34.235.214.237:443 btlr.sharethrough.com tcp
FR 178.250.7.10:443 bidder.criteo.com tcp
US 172.240.254.172:443 colossusssp.com tcp
NL 216.52.2.16:443 ap.lijit.com tcp
NL 185.64.189.112:443 hbopenbid.pubmatic.com tcp
US 35.227.252.103:443 rtb.openx.net tcp
US 34.107.148.139:443 prebid.media.net tcp
NL 52.222.139.7:443 tags.crwdcntrl.net tcp
US 34.107.140.113:443 s2s.t13.io tcp
US 34.107.140.113:443 s2s.t13.io tcp
GB 96.16.109.155:443 s.ntv.io tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 34.236.83.94:443 c2shb.ssp.yahoo.com tcp
US 34.236.83.94:443 c2shb.ssp.yahoo.com tcp
US 8.8.8.8:53 dnacdn.net udp
US 74.119.119.139:443 dnacdn.net tcp
US 8.8.8.8:53 x.bidswitch.net udp
US 74.119.119.139:443 dnacdn.net tcp
US 8.8.8.8:53 gcdn.2mdn.net udp
DE 3.65.51.143:443 x.bidswitch.net tcp
US 8.8.8.8:53 ed71ad6231b748bb30c7f54a16d40ee0.safeframe.googlesyndication.com udp
US 34.107.140.113:443 s2s.t13.io udp
NL 142.250.179.161:443 ed71ad6231b748bb30c7f54a16d40ee0.safeframe.googlesyndication.com tcp
NL 142.251.39.98:443 www.googletagservices.com udp
US 35.227.252.103:443 rtb.openx.net udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 34.160.152.31:443 c.pub.network udp
US 34.111.152.239:443 optimise.net udp
US 8.8.8.8:53 67.181.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 98.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 156.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 198.40.223.52.in-addr.arpa udp
US 8.8.8.8:53 87.70.96.34.in-addr.arpa udp
US 8.8.8.8:53 192.146.102.34.in-addr.arpa udp
US 8.8.8.8:53 86.53.22.104.in-addr.arpa udp
US 8.8.8.8:53 112.189.64.185.in-addr.arpa udp
US 8.8.8.8:53 103.252.227.35.in-addr.arpa udp
US 8.8.8.8:53 139.148.107.34.in-addr.arpa udp
US 8.8.8.8:53 16.2.52.216.in-addr.arpa udp
US 8.8.8.8:53 113.140.107.34.in-addr.arpa udp
US 8.8.8.8:53 2.7.250.178.in-addr.arpa udp
US 8.8.8.8:53 10.7.250.178.in-addr.arpa udp
US 8.8.8.8:53 239.69.184.192.in-addr.arpa udp
US 8.8.8.8:53 7.139.222.52.in-addr.arpa udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 155.109.16.96.in-addr.arpa udp
US 8.8.8.8:53 172.254.240.172.in-addr.arpa udp
US 8.8.8.8:53 45.33.4.52.in-addr.arpa udp
US 8.8.8.8:53 104.147.202.34.in-addr.arpa udp
US 8.8.8.8:53 237.214.235.34.in-addr.arpa udp
US 8.8.8.8:53 94.83.236.34.in-addr.arpa udp
US 8.8.8.8:53 143.51.65.3.in-addr.arpa udp
US 8.8.8.8:53 139.119.119.74.in-addr.arpa udp
US 8.8.8.8:53 161.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 r3---sn-4g5edns7.c.2mdn.net udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 3.228.223.152:443 bcp.crwdcntrl.net tcp
DE 173.194.188.8:443 r3---sn-4g5edns7.c.2mdn.net tcp
US 8.8.8.8:53 rules.quantcount.com udp
US 8.8.8.8:53 jadserve.postrelease.com udp
IE 54.77.168.202:443 jadserve.postrelease.com tcp
US 18.65.39.9:443 rules.quantcount.com tcp
US 8.8.8.8:53 ag.gbc.criteo.com udp
US 8.8.8.8:53 gem.gbc.criteo.com udp
US 8.8.8.8:53 ads.yieldmo.com udp
US 185.235.85.41:443 gem.gbc.criteo.com tcp
US 185.235.85.169:443 ag.gbc.criteo.com tcp
US 34.200.98.115:443 ads.yieldmo.com tcp
US 8.8.8.8:53 pixel.quantserve.com udp
NL 142.251.36.1:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 cdn.ampproject.org udp
US 8.8.8.8:53 pixel.rubiconproject.com udp
NL 142.250.179.161:443 cdn.ampproject.org tcp
NL 142.250.179.161:443 cdn.ampproject.org tcp
NL 142.250.179.161:443 cdn.ampproject.org tcp
NL 142.250.179.161:443 cdn.ampproject.org tcp
NL 142.250.179.161:443 cdn.ampproject.org tcp
US 8.8.8.8:53 ade.googlesyndication.com udp
US 8.8.8.8:53 a2.adform.net udp
US 8.8.8.8:53 googleads4.g.doubleclick.net udp
NL 213.19.162.80:443 pixel.rubiconproject.com tcp
DK 185.167.164.37:443 a2.adform.net tcp
NL 142.251.36.34:443 ade.googlesyndication.com tcp
NL 142.251.36.34:443 ade.googlesyndication.com tcp
NL 142.251.36.34:443 ade.googlesyndication.com tcp
NL 142.250.179.130:443 googleads4.g.doubleclick.net tcp
NL 142.251.36.34:443 ade.googlesyndication.com tcp
NL 142.250.179.130:443 googleads4.g.doubleclick.net tcp
US 8.8.8.8:53 8.188.194.173.in-addr.arpa udp
US 8.8.8.8:53 152.223.228.3.in-addr.arpa udp
US 8.8.8.8:53 9.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 202.168.77.54.in-addr.arpa udp
US 8.8.8.8:53 41.85.235.185.in-addr.arpa udp
US 8.8.8.8:53 169.85.235.185.in-addr.arpa udp
US 8.8.8.8:53 115.98.200.34.in-addr.arpa udp
US 8.8.8.8:53 cm.adform.net udp
DK 37.157.5.84:443 cm.adform.net tcp
NL 142.251.36.1:443 tpc.googlesyndication.com udp
SG 103.47.144.118:7045 chongmei33.publicvm.com tcp
US 8.8.8.8:53 80.162.19.213.in-addr.arpa udp
US 8.8.8.8:53 37.164.167.185.in-addr.arpa udp
US 8.8.8.8:53 34.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 130.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 84.5.157.37.in-addr.arpa udp
US 8.8.8.8:53 u.openx.net udp
US 204.79.197.200:443 www2.bing.com tcp
US 34.98.64.218:443 u.openx.net tcp
US 34.98.64.218:443 u.openx.net udp
US 8.8.8.8:53 eus.rubiconproject.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 eb2.3lift.com udp
US 8.8.8.8:53 freestar-d.openx.net udp
US 8.8.8.8:53 contextual.media.net udp
US 8.8.8.8:53 sync.colossusssp.com udp
US 76.223.111.18:443 eb2.3lift.com tcp
NL 104.85.0.23:443 contextual.media.net tcp
US 209.192.253.52:443 sync.colossusssp.com tcp
GB 96.16.109.9:443 ads.pubmatic.com tcp
NL 104.85.2.117:443 eus.rubiconproject.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 218.64.98.34.in-addr.arpa udp
US 8.8.8.8:53 18.111.223.76.in-addr.arpa udp
US 8.8.8.8:53 image6.pubmatic.com udp
US 104.36.113.112:443 image6.pubmatic.com tcp
US 8.8.8.8:53 openrtb.cootlogix.com udp
US 8.8.8.8:53 bh.contextweb.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 ids.ad.gt udp
US 8.8.8.8:53 sync.cootlogix.com udp
US 8.8.8.8:53 id.rlcdn.com udp
US 8.8.8.8:53 pixel.tapad.com udp
US 8.8.8.8:53 match.prod.bidr.io udp
DE 37.252.171.149:443 ib.adnxs.com tcp
US 104.36.113.112:443 image6.pubmatic.com tcp
US 52.3.219.49:443 match.prod.bidr.io tcp
US 34.111.113.62:443 pixel.tapad.com tcp
US 35.190.60.146:443 id.rlcdn.com tcp
US 198.148.27.131:443 bh.contextweb.com tcp
US 104.22.4.69:443 ids.ad.gt tcp
US 137.184.133.243:443 openrtb.cootlogix.com tcp
US 204.48.28.254:443 sync.cootlogix.com tcp
US 8.8.8.8:53 download.bleepingcomputer.com udp
US 104.20.185.56:443 download.bleepingcomputer.com tcp
US 34.111.113.62:443 pixel.tapad.com udp
AE 142.250.181.67:443 csi.gstatic.com udp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
US 8.8.8.8:53 23.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 117.2.85.104.in-addr.arpa udp
US 8.8.8.8:53 9.109.16.96.in-addr.arpa udp
US 8.8.8.8:53 52.253.192.209.in-addr.arpa udp
US 8.8.8.8:53 149.171.252.37.in-addr.arpa udp
US 8.8.8.8:53 112.113.36.104.in-addr.arpa udp
US 8.8.8.8:53 62.113.111.34.in-addr.arpa udp
US 8.8.8.8:53 146.60.190.35.in-addr.arpa udp
US 8.8.8.8:53 69.4.22.104.in-addr.arpa udp
US 8.8.8.8:53 56.185.20.104.in-addr.arpa udp
US 8.8.8.8:53 131.27.148.198.in-addr.arpa udp
US 8.8.8.8:53 243.133.184.137.in-addr.arpa udp
US 8.8.8.8:53 254.28.48.204.in-addr.arpa udp
US 8.8.8.8:53 49.219.3.52.in-addr.arpa udp
FR 185.86.138.155:443 ssbsync-global.smartadserver.com tcp
US 8.8.8.8:53 rr3---sn-4g5edndz.googlevideo.com udp
DE 74.125.162.232:443 rr3---sn-4g5edndz.googlevideo.com tcp
US 8.8.8.8:53 simage4.pubmatic.com udp
NL 198.47.127.20:443 simage4.pubmatic.com tcp
US 8.8.8.8:53 155.138.86.185.in-addr.arpa udp
US 8.8.8.8:53 232.162.125.74.in-addr.arpa udp
US 8.8.8.8:53 20.127.47.198.in-addr.arpa udp
US 209.192.253.52:443 sync.colossusssp.com tcp
US 209.192.253.52:443 sync.colossusssp.com tcp
US 35.190.60.146:443 id.rlcdn.com udp
SG 103.47.144.118:7045 chongmei33.publicvm.com tcp
NL 142.251.36.34:443 ade.googlesyndication.com udp
SG 103.47.144.118:7045 chongmei33.publicvm.com tcp
SG 103.47.144.118:7045 chongmei33.publicvm.com tcp
US 8.8.8.8:53 files.surfright.nl udp
US 8.8.8.8:53 cloud.hitmanpro.com udp
NL 185.105.204.28:80 files.surfright.nl tcp
NL 52.174.35.5:80 cloud.hitmanpro.com tcp
US 8.8.8.8:53 28.204.105.185.in-addr.arpa udp
US 8.8.8.8:53 5.35.174.52.in-addr.arpa udp
SG 103.47.144.118:7045 chongmei33.publicvm.com tcp
US 8.8.8.8:53 211.143.182.52.in-addr.arpa udp
SG 103.47.144.118:7045 chongmei33.publicvm.com tcp
US 8.8.8.8:53 scan.hitmanpro.com udp
NL 52.174.35.5:80 scan.hitmanpro.com tcp

Files

memory/4572-135-0x000002190CD90000-0x000002190CD91000-memory.dmp

memory/4572-136-0x000002190CD90000-0x000002190CD91000-memory.dmp

memory/4572-137-0x000002190CD90000-0x000002190CD91000-memory.dmp

memory/4572-141-0x000002190CD90000-0x000002190CD91000-memory.dmp

memory/4572-142-0x000002190CD90000-0x000002190CD91000-memory.dmp

memory/4572-143-0x000002190CD90000-0x000002190CD91000-memory.dmp

memory/4572-144-0x000002190CD90000-0x000002190CD91000-memory.dmp

memory/4572-146-0x000002190CD90000-0x000002190CD91000-memory.dmp

memory/4572-145-0x000002190CD90000-0x000002190CD91000-memory.dmp

memory/4572-147-0x000002190CD90000-0x000002190CD91000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wpp.vbs

MD5 d87d4c42c10f332a96aa10ffb455f49d
SHA1 c6167ce4e59f14ce826a50e8d32847101e5e9dc8
SHA256 5ad4d5fb75a277e31b05e1a6f19c5fc3c007b5c2be03109d876ca457173a135a
SHA512 d01c7072b7f9e85dbc8f160f0afc17116a5ec5039a1f07a9201d517d8029acc8f31b446ccd66f832eb5ea58c3e88db88b2e442c7965e0318af32852512c3aa8a

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wpp.vbs

MD5 d87d4c42c10f332a96aa10ffb455f49d
SHA1 c6167ce4e59f14ce826a50e8d32847101e5e9dc8
SHA256 5ad4d5fb75a277e31b05e1a6f19c5fc3c007b5c2be03109d876ca457173a135a
SHA512 d01c7072b7f9e85dbc8f160f0afc17116a5ec5039a1f07a9201d517d8029acc8f31b446ccd66f832eb5ea58c3e88db88b2e442c7965e0318af32852512c3aa8a

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wpp.vbs

MD5 d87d4c42c10f332a96aa10ffb455f49d
SHA1 c6167ce4e59f14ce826a50e8d32847101e5e9dc8
SHA256 5ad4d5fb75a277e31b05e1a6f19c5fc3c007b5c2be03109d876ca457173a135a
SHA512 d01c7072b7f9e85dbc8f160f0afc17116a5ec5039a1f07a9201d517d8029acc8f31b446ccd66f832eb5ea58c3e88db88b2e442c7965e0318af32852512c3aa8a

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wpp.vbs

MD5 d87d4c42c10f332a96aa10ffb455f49d
SHA1 c6167ce4e59f14ce826a50e8d32847101e5e9dc8
SHA256 5ad4d5fb75a277e31b05e1a6f19c5fc3c007b5c2be03109d876ca457173a135a
SHA512 d01c7072b7f9e85dbc8f160f0afc17116a5ec5039a1f07a9201d517d8029acc8f31b446ccd66f832eb5ea58c3e88db88b2e442c7965e0318af32852512c3aa8a

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wpp.vbs

MD5 d87d4c42c10f332a96aa10ffb455f49d
SHA1 c6167ce4e59f14ce826a50e8d32847101e5e9dc8
SHA256 5ad4d5fb75a277e31b05e1a6f19c5fc3c007b5c2be03109d876ca457173a135a
SHA512 d01c7072b7f9e85dbc8f160f0afc17116a5ec5039a1f07a9201d517d8029acc8f31b446ccd66f832eb5ea58c3e88db88b2e442c7965e0318af32852512c3aa8a

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wpp.vbs

MD5 d87d4c42c10f332a96aa10ffb455f49d
SHA1 c6167ce4e59f14ce826a50e8d32847101e5e9dc8
SHA256 5ad4d5fb75a277e31b05e1a6f19c5fc3c007b5c2be03109d876ca457173a135a
SHA512 d01c7072b7f9e85dbc8f160f0afc17116a5ec5039a1f07a9201d517d8029acc8f31b446ccd66f832eb5ea58c3e88db88b2e442c7965e0318af32852512c3aa8a

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wpp.vbs

MD5 d87d4c42c10f332a96aa10ffb455f49d
SHA1 c6167ce4e59f14ce826a50e8d32847101e5e9dc8
SHA256 5ad4d5fb75a277e31b05e1a6f19c5fc3c007b5c2be03109d876ca457173a135a
SHA512 d01c7072b7f9e85dbc8f160f0afc17116a5ec5039a1f07a9201d517d8029acc8f31b446ccd66f832eb5ea58c3e88db88b2e442c7965e0318af32852512c3aa8a

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wpp.vbs

MD5 d87d4c42c10f332a96aa10ffb455f49d
SHA1 c6167ce4e59f14ce826a50e8d32847101e5e9dc8
SHA256 5ad4d5fb75a277e31b05e1a6f19c5fc3c007b5c2be03109d876ca457173a135a
SHA512 d01c7072b7f9e85dbc8f160f0afc17116a5ec5039a1f07a9201d517d8029acc8f31b446ccd66f832eb5ea58c3e88db88b2e442c7965e0318af32852512c3aa8a

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wpp.vbs

MD5 d87d4c42c10f332a96aa10ffb455f49d
SHA1 c6167ce4e59f14ce826a50e8d32847101e5e9dc8
SHA256 5ad4d5fb75a277e31b05e1a6f19c5fc3c007b5c2be03109d876ca457173a135a
SHA512 d01c7072b7f9e85dbc8f160f0afc17116a5ec5039a1f07a9201d517d8029acc8f31b446ccd66f832eb5ea58c3e88db88b2e442c7965e0318af32852512c3aa8a

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wpp.vbs

MD5 d87d4c42c10f332a96aa10ffb455f49d
SHA1 c6167ce4e59f14ce826a50e8d32847101e5e9dc8
SHA256 5ad4d5fb75a277e31b05e1a6f19c5fc3c007b5c2be03109d876ca457173a135a
SHA512 d01c7072b7f9e85dbc8f160f0afc17116a5ec5039a1f07a9201d517d8029acc8f31b446ccd66f832eb5ea58c3e88db88b2e442c7965e0318af32852512c3aa8a

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wpp.vbs

MD5 d87d4c42c10f332a96aa10ffb455f49d
SHA1 c6167ce4e59f14ce826a50e8d32847101e5e9dc8
SHA256 5ad4d5fb75a277e31b05e1a6f19c5fc3c007b5c2be03109d876ca457173a135a
SHA512 d01c7072b7f9e85dbc8f160f0afc17116a5ec5039a1f07a9201d517d8029acc8f31b446ccd66f832eb5ea58c3e88db88b2e442c7965e0318af32852512c3aa8a

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wpp.vbs

MD5 d87d4c42c10f332a96aa10ffb455f49d
SHA1 c6167ce4e59f14ce826a50e8d32847101e5e9dc8
SHA256 5ad4d5fb75a277e31b05e1a6f19c5fc3c007b5c2be03109d876ca457173a135a
SHA512 d01c7072b7f9e85dbc8f160f0afc17116a5ec5039a1f07a9201d517d8029acc8f31b446ccd66f832eb5ea58c3e88db88b2e442c7965e0318af32852512c3aa8a

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wpp.vbs

MD5 d87d4c42c10f332a96aa10ffb455f49d
SHA1 c6167ce4e59f14ce826a50e8d32847101e5e9dc8
SHA256 5ad4d5fb75a277e31b05e1a6f19c5fc3c007b5c2be03109d876ca457173a135a
SHA512 d01c7072b7f9e85dbc8f160f0afc17116a5ec5039a1f07a9201d517d8029acc8f31b446ccd66f832eb5ea58c3e88db88b2e442c7965e0318af32852512c3aa8a

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wpp.vbs

MD5 d87d4c42c10f332a96aa10ffb455f49d
SHA1 c6167ce4e59f14ce826a50e8d32847101e5e9dc8
SHA256 5ad4d5fb75a277e31b05e1a6f19c5fc3c007b5c2be03109d876ca457173a135a
SHA512 d01c7072b7f9e85dbc8f160f0afc17116a5ec5039a1f07a9201d517d8029acc8f31b446ccd66f832eb5ea58c3e88db88b2e442c7965e0318af32852512c3aa8a

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wpp.vbs

MD5 d87d4c42c10f332a96aa10ffb455f49d
SHA1 c6167ce4e59f14ce826a50e8d32847101e5e9dc8
SHA256 5ad4d5fb75a277e31b05e1a6f19c5fc3c007b5c2be03109d876ca457173a135a
SHA512 d01c7072b7f9e85dbc8f160f0afc17116a5ec5039a1f07a9201d517d8029acc8f31b446ccd66f832eb5ea58c3e88db88b2e442c7965e0318af32852512c3aa8a

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wpp.vbs

MD5 d87d4c42c10f332a96aa10ffb455f49d
SHA1 c6167ce4e59f14ce826a50e8d32847101e5e9dc8
SHA256 5ad4d5fb75a277e31b05e1a6f19c5fc3c007b5c2be03109d876ca457173a135a
SHA512 d01c7072b7f9e85dbc8f160f0afc17116a5ec5039a1f07a9201d517d8029acc8f31b446ccd66f832eb5ea58c3e88db88b2e442c7965e0318af32852512c3aa8a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 3423d7e71b832850019e032730997f69
SHA1 bbc91ba3960fb8f7f2d5a190e6585010675d9061
SHA256 53770e40359b9738d8898520d7e4a57c28498edddbadf76ec4a599837aa0c649
SHA512 03d5fee4152300d6c5e9f72c059955c944c7e6d207e433e9fdd693639e63ea699a01696d7bbf56d2033fd52ad260c9ae36a2c5c888112d81bf7e04a3f273e65d

\??\pipe\LOCAL\crashpad_4204_DOYAHQOFXVCEDRRG

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cdcc613a525c1b59bb52ac31ae6421b2
SHA1 f27acef2319c24ff0fdec47b41e5fc7064676138
SHA256 1e65f4b95cbbe1e182814d0c50a67d9d94cba51448f45d5d18ae1f9e908bae0c
SHA512 51d9c8a940378d65c883682bcab09f291a8dd83e4c14c9669aa2bb043219d9b206d8ab22da303205274ab2edd257540a0b734ff3f42387c96e4d3890a27d4145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c229b6280fdaf6019d83f567c64c65db
SHA1 ee8b516098fb9366a1a2f0b3dbd815ee5efce299
SHA256 afb9eba1fc472d341c89a2d2ab613cad512292dd30d8ede41f1423493d5166b4
SHA512 3485f3826b2a999142573feaecb8222d6aefb6dc7b601f98571e4dde2905c90a80b67189a2ed409feeb9241d1e8b10d97dcbbb26e4eb59a911137cfab38dff46

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d913bfdb22926170792e5fec879b4056
SHA1 9495db0525d8bbe902a1e6a07f485ad95c155650
SHA256 8dea1574b6fa166795e2e3525ae9533ab8d77070856d9d18a58261cb5c0287a4
SHA512 3f1fe89fb185ba7b4bb839525e3431697b56d60c0ba525f0dad4ee340f3a525ef4a3c149390adf7c28e4293d96b748079c8bf7a5791f5f406569019febe8cf94

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 0e78f9a3ece93ae9434c64ea2bff51dc
SHA1 a0e4c75fe32417fe2df705987df5817326e1b3b9
SHA256 5c8ce4455f2a3e5f36f30e7100f85bdd5e44336a8312278769f89f68b8d60e68
SHA512 9d1686f0b38e3326ad036c8b218b61428204910f586dccf8b62ecbed09190f7664a719a89a6fbc0ecb429aecf5dd0ec06de44be3a1510369e427bde0626fd51d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 72bdb6e9e1f69be3a25d9ad048fd6642
SHA1 6386513ff2bf03946bfce2d4a7dd15959ab49c88
SHA256 d2a16053ec6bdb49c5a47fbe57ed0e7273d6f4b3cf71f87fdac8c6272df1ab56
SHA512 b4f8d7af4e2984d6acc8934f0b02647cd468243c7281d89d7350785d0f6de09b1b2264b401b22761dc7cb8c200b11d6e9ff7f15a87d7b636654977c377be7149

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000052

MD5 15ce40375f3951fa5dfff11a92428cf3
SHA1 f3d8cf9dd58501611ceb57e46103551a231a1b6d
SHA256 78a6356b1d600b8a9517f82bdd78b8c505f80ef6f395fd186e9937a4bea2db14
SHA512 03ef6fb2c8a2a94b5a9dde7bc1cd6417a6bd77aef35124ffc60d6a41d280a0f984bb48cf7741b6d4f485e6b31969765c39018bee19f5c0be9a8033bf1e690d70

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3140fec5911011e67fceede553e4f1ea
SHA1 27087250fae781681ca269e709338305cf68454b
SHA256 ad954407a2fc242d8d465d23d9c59f7b14505ab413a1c67685d5f8390ad0898c
SHA512 9f3a74731d083398cf1bb342356f8d93ca67d4771c59883abe5a9066c47eda2558f17d8240adad21dbd143b5c7a1df38f1dcd879b58e8f8ebe32e749bfe1b915

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59484a.TMP

MD5 504f9cef85968913424664a2e75fa044
SHA1 8329a5cd8a265cddeb6c367d39f619509f8a6cbb
SHA256 fa6ec5e12fb1b3c35b94f090be5a71dd936697721947df60ad20319ce898e1df
SHA512 56ec4f9f308a32dee443a2f0c01a3fa0a2e29363cd7cb077bedb17509f1bb1d2f11b653fb0a11aa012a4451db822d32a7f6eeb0e6cbbc2690ec3bdda9b466bf6

C:\Users\Admin\Downloads\HitmanPro_x64.exe

MD5 15ce40375f3951fa5dfff11a92428cf3
SHA1 f3d8cf9dd58501611ceb57e46103551a231a1b6d
SHA256 78a6356b1d600b8a9517f82bdd78b8c505f80ef6f395fd186e9937a4bea2db14
SHA512 03ef6fb2c8a2a94b5a9dde7bc1cd6417a6bd77aef35124ffc60d6a41d280a0f984bb48cf7741b6d4f485e6b31969765c39018bee19f5c0be9a8033bf1e690d70

C:\Users\Admin\Downloads\HitmanPro_x64.exe

MD5 15ce40375f3951fa5dfff11a92428cf3
SHA1 f3d8cf9dd58501611ceb57e46103551a231a1b6d
SHA256 78a6356b1d600b8a9517f82bdd78b8c505f80ef6f395fd186e9937a4bea2db14
SHA512 03ef6fb2c8a2a94b5a9dde7bc1cd6417a6bd77aef35124ffc60d6a41d280a0f984bb48cf7741b6d4f485e6b31969765c39018bee19f5c0be9a8033bf1e690d70

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c98981e366d6964ef98abf4cf7ca9627
SHA1 7fef78527af8e4d812e5e2715b6a997756a59c8c
SHA256 c3fbf15cea2267bd9bc9dbd0c14476124aa2222d50118f5e3adbb7da1c94c04c
SHA512 233ba1020c7a87c741d8d85be67ac69f15b13af87640e5c7d389623ad4d8846cbae05ee65faf6741a5c331f3e1349670a44b89ab82073a2ba669499c440bd62c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a3640c7d2daa6fd6524e55562d84ea63
SHA1 b88131aaacb758c0000e4d2bafdb3995748365da
SHA256 2ed4fb9486b8dad8616178f766d8a906dcbac02c5194f12e7673eb11e01005e9
SHA512 1e094185e5e6a7e4c0fdd8523a2e40178e56d98e106401f443eaecfaaf5df24069ab30e909e3ee20a150668cd7ac0d2317b785e7e34cc6e122678e17eb8ece30

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b4ebde37556dab2d61cfbad3f7036a51
SHA1 db9a9604692fc47718b94ecb35eea6e48053a331
SHA256 ecd335137c947f1b603eccafb740bc2893f003c444cee409acf4ce1b83a6d634
SHA512 a492a017f103d8524ca1cbc4fae88663fa2f3bb4fd29d59dfc7bbc81559e9a260bd8ce98b8e70aad777892c941420191d7d0f1ad5d054ee2f12449ba7274a405

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b523c1c50a261f18f330011504cc3d9d
SHA1 fda018cb0cc8579e73d14acf780c8310de606201
SHA256 693906f64aab70afb063d2f9e3a2c0a11981abf2942b84bd63f4c1bf4c862e04
SHA512 6e6ab3b6823ff30ce0da84c4146e82e0facdbdb758975c9dff7080bace57fad4b3d2ad8f26f7b6626de3d617394700fe6205870597c010c4d39789daa3915415

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 4a8b68efbbcdb2b9f26f0c7d408e9b01
SHA1 4b0fb9cfc63a93b40c2e88e2d7063018c0ab2ba7
SHA256 791f07f8cfed15b92294bf4ef24e6c092da5569248dfb4160374416e7586d2f3
SHA512 4e70dc13a7aca1c322e075bfbcc092ad019ab84f40ec79e4579f2ea22ab9051a1a7dac623f76aa84acb25b98bd5b4e67672eabcfef1d8c11f640231860de1ce8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 563d3e11e3ff95c3e887f18c58402c41
SHA1 675a2f0292d42a83312c4ab7ba654b2585c4551e
SHA256 6619d4b398b71aabd82b8580bc9ee4193237f42afdb9c2d9fba8b692e4526e88
SHA512 0bdae4f97a7e8496786964601eadc407e6ee76d8e95c6b0e3dee38defa7488394a5a76e10dc250327f92164198e805099a67bc5df5cd991d46a3b182096095f5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5

MD5 420e5405f154452119ca14d66216e7c6
SHA1 83048341ae41a62b938675f8bbfa1cd097ab06cc
SHA256 8e38f25e3a4b92bf7bff27b79d8c63ae7ff602d51b4fdfd2d083ac767aeaf5f8
SHA512 17a7cdd7d893782b393e8fd10824de19cfda276fcc8c1a6db4da30dfb41f78f8cd6e755dddf4bb57a47fb2624c371cbc5cdaa61872718a134a31ff3fb8d812dc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\66AE3BFDF94A732B262342AD2154B86E_50A69C20906A5D39CF9E2D57B0028374

MD5 fbe24e4471d0598ed53c3c83e53dfd34
SHA1 0e9853eb80b7b3943bf41556d938d661e1ea7f68
SHA256 e139b0f7944da22ba78198c73c4907a60c3777a92cb778bbedebadcdc297b0fb
SHA512 c2078b7d70e12af69a467efff7fa637d0758eb545c2e3c39767da0c1c08444774dd97fcd82973571daa2e025801c7781b317eebb27cdd71984a576f07b298691

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66AE3BFDF94A732B262342AD2154B86E_50A69C20906A5D39CF9E2D57B0028374

MD5 8be98929ec460929ebdd904a77e6f48f
SHA1 2c009ae5df6a31bec2cdb4357924e923329e6b3c
SHA256 37ee661af0c3817eecdfe8e5d5d455118bceb6dc09097bdc9f14c0b6f3f45d03
SHA512 41800734c232ca92f94c07e129971ab503adef478a15884825bd5fdc352b13ee47bb0a512f79b1b790b45b3296d9840f5eb98bf09a8e4bceb424b4a33380ed13

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\42B9A473B4DAF01285A36B4D3C7B1662_178C086B699FD6C56B804AF3EF759CB5

MD5 e1d0c4cfeaba64c4b16f9c276f05ad35
SHA1 0e8474f7437e2772124794e617853c90c16bd259
SHA256 2df38eac896cc39f1cc9a9f29db92532fcb72cc7207a04e881baa135ad9740bc
SHA512 ef7b3304b5f60f790893babc931e937c10c998e12da8d66c7e604cb0950cfaa4e9c3be2200f94b0a9fe84e4946cd9953ab6a25f0bd910d062a458e96906062f1

C:\Users\Admin\AppData\Local\Temp\HitmanPro_x64.exe

MD5 15e710b146c623f60cfa3e1b516b640e
SHA1 cc00f20fa520b3c5ea3bade44cd77e642a607150
SHA256 94f068bda39698e454f3cd8905be87d1c761ca55c4a5f7c59f71a55861ed0d9e
SHA512 3c5bcccf2a3442713007bd9fc1a78ec16ba80a96a97b47eb765d1a96a90ee3f792a6778a975644ca9a042142a7beff9cf01d97e1a9a68664f395c04eedeccbfc

C:\Users\Admin\AppData\Local\Temp\HitmanPro_x64.exe

MD5 15e710b146c623f60cfa3e1b516b640e
SHA1 cc00f20fa520b3c5ea3bade44cd77e642a607150
SHA256 94f068bda39698e454f3cd8905be87d1c761ca55c4a5f7c59f71a55861ed0d9e
SHA512 3c5bcccf2a3442713007bd9fc1a78ec16ba80a96a97b47eb765d1a96a90ee3f792a6778a975644ca9a042142a7beff9cf01d97e1a9a68664f395c04eedeccbfc

C:\Users\Admin\AppData\Local\Temp\HitmanPro_x64.exe

MD5 15e710b146c623f60cfa3e1b516b640e
SHA1 cc00f20fa520b3c5ea3bade44cd77e642a607150
SHA256 94f068bda39698e454f3cd8905be87d1c761ca55c4a5f7c59f71a55861ed0d9e
SHA512 3c5bcccf2a3442713007bd9fc1a78ec16ba80a96a97b47eb765d1a96a90ee3f792a6778a975644ca9a042142a7beff9cf01d97e1a9a68664f395c04eedeccbfc

C:\Users\Admin\Downloads\HitmanPro_x64.exe

MD5 15e710b146c623f60cfa3e1b516b640e
SHA1 cc00f20fa520b3c5ea3bade44cd77e642a607150
SHA256 94f068bda39698e454f3cd8905be87d1c761ca55c4a5f7c59f71a55861ed0d9e
SHA512 3c5bcccf2a3442713007bd9fc1a78ec16ba80a96a97b47eb765d1a96a90ee3f792a6778a975644ca9a042142a7beff9cf01d97e1a9a68664f395c04eedeccbfc

C:\Users\Admin\Downloads\HitmanPro_x64.exe

MD5 15e710b146c623f60cfa3e1b516b640e
SHA1 cc00f20fa520b3c5ea3bade44cd77e642a607150
SHA256 94f068bda39698e454f3cd8905be87d1c761ca55c4a5f7c59f71a55861ed0d9e
SHA512 3c5bcccf2a3442713007bd9fc1a78ec16ba80a96a97b47eb765d1a96a90ee3f792a6778a975644ca9a042142a7beff9cf01d97e1a9a68664f395c04eedeccbfc

C:\ProgramData\HitmanPro\Customize.bin

MD5 65d3b30ed19dcc7249778e27c27df44f
SHA1 69510d1075901c23424b2fab290001db7e4b1dde
SHA256 f63d8e9b065ac023d7e5ab551f5e6a68578a01a21c57efe382066796e9ad15de
SHA512 69d127c5329f63c8ccea423cd2cfd80a6990ad77b5661b6734568595f2f3f73f6348f12232859f2b00c36682923e9505dc214d1f97c7589067352c3ae22c7baa

C:\ProgramData\HitmanPro\Splash.bin

MD5 c12f79e4b00a1761a06102ff74a36fa5
SHA1 020fc3af02e45556b6be8aacc0682beaeb748b48
SHA256 e8d8cf8fa82da24e23685d77c68124f5358d8789faa068eaa4e5ecd37b492939
SHA512 456ddba7b6fa3e11bf9f94d21c2d7dbeb1b9bc0f85246124d2b0cc505d3427c06f77180054ef7d72856ff3a0d80238547bb91affcd6810ad4f069d5e88677bc8

C:\Program Files\HitmanPro\hmpsched.exe

MD5 8fff29a372f3fead0475c4fc4ecfbc4a
SHA1 24b8b770b9f3c400333a9622e352f545568f931a
SHA256 8768ec067d72aa5a7dd2a06cf3128022d44366d8b19cd9e12d44b96cc3984eaa
SHA512 4485323d3bf2d7875c3f53ccc3079104491bfb31b1035abda7678fb2c2ea46a4b7718d3d4dbb819cd789634296470d37cfac1e259be20ffcaa2a318e806d3c65

C:\Program Files\HitmanPro\hmpsched.exe

MD5 8fff29a372f3fead0475c4fc4ecfbc4a
SHA1 24b8b770b9f3c400333a9622e352f545568f931a
SHA256 8768ec067d72aa5a7dd2a06cf3128022d44366d8b19cd9e12d44b96cc3984eaa
SHA512 4485323d3bf2d7875c3f53ccc3079104491bfb31b1035abda7678fb2c2ea46a4b7718d3d4dbb819cd789634296470d37cfac1e259be20ffcaa2a318e806d3c65