Analysis Overview
Threat Level: Known bad
The file https://misprogramaspc.com/itoolab-watsgo/ was found to be: Known bad.
Malicious Activity Summary
Stealc
Vidar
Detect Vidar Stealer
Downloads MZ/PE file
Reads data files stored by FTP clients
Executes dropped EXE
Checks computer location settings
Loads dropped DLL
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
Accesses cryptocurrency files/wallets, possible credential harvesting
Suspicious use of SetThreadContext
Program crash
Enumerates physical storage devices
Enumerates system info in registry
Suspicious use of WriteProcessMemory
Modifies system certificate store
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Modifies data under HKEY_USERS
Checks processor information in registry
Modifies registry class
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-14 11:37
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 11:37
Reported
2024-06-14 11:40
Platform
win10v2004-20240611-es
Max time kernel
141s
Max time network
141s
Command Line
Signatures
Detect Vidar Stealer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Stealc
Vidar
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\coml.au3 | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\#!_#0Pen_9898_P@$SW0rd_!!$\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\#!_#0Pen_9898_P@$SW0rd_!!$\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\#!_#0Pen_9898_P@$SW0rd_!!$\x86\VSLauncher_[0MB]_[1].exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\#!_#0Pen_9898_P@$SW0rd_!!$\x86\NvStereoUtilityOGL_[1MB]_[1].exe | N/A |
| N/A | N/A | C:\ProgramData\IIJJDGHJKK.exe | N/A |
| N/A | N/A | C:\ProgramData\AKKEHIECFC.exe | N/A |
Loads dropped DLL
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | zsdsoftzfile.shop | N/A | N/A |
| N/A | zsdsoftzfile.shop | N/A | N/A |
| N/A | zsdsoftzfile.shop | N/A | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2776 set thread context of 5076 | N/A | C:\Users\Admin\Downloads\#!_#0Pen_9898_P@$SW0rd_!!$\Setup.exe | C:\Windows\SysWOW64\netsh.exe |
| PID 1200 set thread context of 924 | N/A | C:\Users\Admin\Downloads\#!_#0Pen_9898_P@$SW0rd_!!$\Setup.exe | C:\Windows\SysWOW64\netsh.exe |
| PID 5856 set thread context of 6012 | N/A | C:\ProgramData\IIJJDGHJKK.exe | C:\Windows\SysWOW64\ftp.exe |
| PID 5968 set thread context of 4708 | N/A | C:\ProgramData\AKKEHIECFC.exe | C:\Windows\SysWOW64\ftp.exe |
Enumerates physical storage devices
Program crash
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\coml.au3 | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133628386788489241" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Users\Admin\AppData\Local\Temp\coml.au3 | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 | C:\Users\Admin\AppData\Local\Temp\coml.au3 | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\#!_#0Pen_9898_P@$SW0rd_!!$\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\#!_#0Pen_9898_P@$SW0rd_!!$\Setup.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\ProgramData\IIJJDGHJKK.exe | N/A |
| N/A | N/A | C:\ProgramData\AKKEHIECFC.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://misprogramaspc.com/itoolab-watsgo/
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbe343ab58,0x7ffbe343ab68,0x7ffbe343ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1888,i,11628990159567104462,7801178617886942664,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1888,i,11628990159567104462,7801178617886942664,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2240 --field-trial-handle=1888,i,11628990159567104462,7801178617886942664,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1888,i,11628990159567104462,7801178617886942664,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=1888,i,11628990159567104462,7801178617886942664,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4460 --field-trial-handle=1888,i,11628990159567104462,7801178617886942664,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4456 --field-trial-handle=1888,i,11628990159567104462,7801178617886942664,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4572 --field-trial-handle=1888,i,11628990159567104462,7801178617886942664,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5216 --field-trial-handle=1888,i,11628990159567104462,7801178617886942664,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5384 --field-trial-handle=1888,i,11628990159567104462,7801178617886942664,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5880 --field-trial-handle=1888,i,11628990159567104462,7801178617886942664,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5568 --field-trial-handle=1888,i,11628990159567104462,7801178617886942664,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5900 --field-trial-handle=1888,i,11628990159567104462,7801178617886942664,131072 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4bc 0x2cc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 --field-trial-handle=1888,i,11628990159567104462,7801178617886942664,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\#!_#0Pen_9898_P@$SW0rd_!!$\" -an -ai#7zMap18338:168:7zEvent12731
C:\Users\Admin\Downloads\#!_#0Pen_9898_P@$SW0rd_!!$\Setup.exe
"C:\Users\Admin\Downloads\#!_#0Pen_9898_P@$SW0rd_!!$\Setup.exe"
C:\Windows\SysWOW64\netsh.exe
C:\Windows\SysWOW64\netsh.exe
C:\Users\Admin\Downloads\#!_#0Pen_9898_P@$SW0rd_!!$\Setup.exe
"C:\Users\Admin\Downloads\#!_#0Pen_9898_P@$SW0rd_!!$\Setup.exe"
C:\Windows\SysWOW64\netsh.exe
C:\Windows\SysWOW64\netsh.exe
C:\Windows\system32\pcwrun.exe
C:\Windows\system32\pcwrun.exe "C:\Users\Admin\Downloads\#!_#0Pen_9898_P@$SW0rd_!!$\Setup.exe" ContextMenu
C:\Windows\System32\msdt.exe
C:\Windows\System32\msdt.exe -path C:\Windows\diagnostics\index\PCWDiagnostic.xml -af C:\Users\Admin\AppData\Local\Temp\PCW39A9.xml /skip TRUE
C:\Windows\System32\sdiagnhost.exe
C:\Windows\System32\sdiagnhost.exe -Embedding
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\vutxliwj\vutxliwj.cmdline"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3D71.tmp" "c:\Users\Admin\AppData\Local\Temp\vutxliwj\CSCDA0F103FAB684A13B401EF24E96D89C.TMP"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\34mh1v2h\34mh1v2h.cmdline"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES3DDF.tmp" "c:\Users\Admin\AppData\Local\Temp\34mh1v2h\CSC46348FF6E37E4FFDA3999A36C47D8163.TMP"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\sch52fil\sch52fil.cmdline"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4205.tmp" "c:\Users\Admin\AppData\Local\Temp\sch52fil\CSC452BCBC345E946C28442E824BADD7D17.TMP"
C:\Users\Admin\AppData\Local\Temp\coml.au3
C:\Users\Admin\AppData\Local\Temp\coml.au3
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\pcwutl.dll,LaunchApplication "C:\Users\Admin\Downloads\#!_#0Pen_9898_P@!!$\Setup.exe"
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\pcwutl.dll,LaunchApplication "C:\Users\Admin\Downloads\#!_#0Pen_9898_P@!!$\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\coml.au3
C:\Users\Admin\AppData\Local\Temp\coml.au3
C:\Users\Admin\Downloads\#!_#0Pen_9898_P@$SW0rd_!!$\x86\VSLauncher_[0MB]_[1].exe
"C:\Users\Admin\Downloads\#!_#0Pen_9898_P@$SW0rd_!!$\x86\VSLauncher_[0MB]_[1].exe"
C:\Users\Admin\Downloads\#!_#0Pen_9898_P@$SW0rd_!!$\x86\NvStereoUtilityOGL_[1MB]_[1].exe
"C:\Users\Admin\Downloads\#!_#0Pen_9898_P@$SW0rd_!!$\x86\NvStereoUtilityOGL_[1MB]_[1].exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4976 -ip 4976
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 544
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 4976 -ip 4976
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 580
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\#!_#0Pen_9898_P@$SW0rd_!!$\updater\manager\ks_tyres.ini
C:\ProgramData\IIJJDGHJKK.exe
"C:\ProgramData\IIJJDGHJKK.exe"
C:\ProgramData\AKKEHIECFC.exe
"C:\ProgramData\AKKEHIECFC.exe"
C:\Windows\SysWOW64\ftp.exe
C:\Windows\SysWOW64\ftp.exe
C:\Windows\SysWOW64\ftp.exe
C:\Windows\SysWOW64\ftp.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=1888,i,11628990159567104462,7801178617886942664,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | misprogramaspc.com | udp |
| US | 172.67.205.82:443 | misprogramaspc.com | tcp |
| US | 8.8.8.8:53 | 82.205.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | kit.fontawesome.com | udp |
| US | 172.67.205.82:443 | misprogramaspc.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 151.101.129.229:443 | cdn.jsdelivr.net | tcp |
| US | 172.64.147.188:443 | kit.fontawesome.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | ka-f.fontawesome.com | udp |
| US | 151.101.129.229:443 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | fm.bemoonsenates.com | udp |
| US | 104.21.26.223:443 | ka-f.fontawesome.com | tcp |
| US | 104.21.26.223:443 | ka-f.fontawesome.com | tcp |
| US | 104.21.26.223:443 | ka-f.fontawesome.com | tcp |
| US | 104.21.26.223:443 | ka-f.fontawesome.com | tcp |
| NL | 23.109.170.153:443 | fm.bemoonsenates.com | tcp |
| NL | 23.109.170.153:443 | fm.bemoonsenates.com | tcp |
| US | 8.8.8.8:53 | misprogramaspc.disqus.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 199.232.192.134:443 | misprogramaspc.disqus.com | tcp |
| US | 199.232.192.134:443 | misprogramaspc.disqus.com | tcp |
| GB | 216.58.212.194:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 229.129.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.147.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.25.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.26.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.170.109.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.192.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 172.217.169.42:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | disqus.com | udp |
| US | 8.8.8.8:53 | c.disquscdn.com | udp |
| US | 104.21.26.223:443 | ka-f.fontawesome.com | udp |
| US | 151.101.64.134:443 | disqus.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | s.w.org | udp |
| GB | 18.165.160.128:443 | c.disquscdn.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 192.0.77.48:443 | s.w.org | tcp |
| US | 8.8.8.8:53 | tempest.services.disqus.com | udp |
| US | 8.8.8.8:53 | referrer.disqus.com | udp |
| US | 199.232.192.64:443 | tempest.services.disqus.com | tcp |
| US | 199.232.192.134:443 | referrer.disqus.com | tcp |
| GB | 18.165.160.128:443 | c.disquscdn.com | tcp |
| US | 8.8.8.8:53 | cdn.tsyndicate.com | udp |
| SG | 45.133.44.70:443 | cdn.tsyndicate.com | tcp |
| US | 8.8.8.8:53 | 194.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.64.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.160.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.77.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.192.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tsyndicate.com | udp |
| DE | 136.243.83.47:443 | tsyndicate.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| US | 151.101.64.134:443 | disqus.com | tcp |
| DE | 136.243.83.47:443 | tsyndicate.com | tcp |
| GB | 172.217.169.42:443 | content-autofill.googleapis.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | cdn.viglink.com | udp |
| GB | 3.162.20.52:443 | cdn.viglink.com | tcp |
| GB | 3.162.20.52:443 | cdn.viglink.com | tcp |
| US | 8.8.8.8:53 | zsdsoftzfile.shop | udp |
| US | 104.21.78.196:443 | zsdsoftzfile.shop | tcp |
| US | 104.21.78.196:443 | zsdsoftzfile.shop | tcp |
| US | 104.21.78.196:443 | zsdsoftzfile.shop | udp |
| US | 8.8.8.8:53 | 70.44.133.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.20.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.78.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | links.services.disqus.com | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 199.232.192.64:443 | links.services.disqus.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | getintopcc.pro | udp |
| US | 188.114.96.2:443 | getintopcc.pro | tcp |
| US | 188.114.96.2:443 | getintopcc.pro | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | udp |
| US | 151.101.129.229:443 | cdn.jsdelivr.net | udp |
| US | 188.114.96.2:443 | getintopcc.pro | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 151.101.194.137:443 | code.jquery.com | tcp |
| US | 151.101.194.137:443 | code.jquery.com | tcp |
| US | 8.8.8.8:53 | 2.96.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.194.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mega.nz | udp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| NL | 66.203.127.13:443 | eu.static.mega.co.nz | tcp |
| NL | 66.203.127.13:443 | eu.static.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 5.144.216.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.127.203.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.api.mega.co.nz | udp |
| LU | 66.203.125.14:443 | g.api.mega.co.nz | tcp |
| LU | 66.203.125.14:443 | g.api.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 14.125.203.66.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| NL | 66.203.127.13:443 | eu.static.mega.co.nz | tcp |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | gfs214n187.userstorage.mega.co.nz | udp |
| ES | 185.206.27.97:443 | gfs214n187.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.97:443 | gfs214n187.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.97:443 | gfs214n187.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.97:443 | gfs214n187.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.97:443 | gfs214n187.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.97:443 | gfs214n187.userstorage.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 97.27.206.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.136.73.23.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | e2c68.gcp.gvt2.com | udp |
| ZA | 34.35.20.64:443 | e2c68.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| ZA | 34.35.20.64:443 | e2c68.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 64.20.35.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | feeldog.xyz | udp |
| US | 172.67.133.78:443 | feeldog.xyz | tcp |
| US | 8.8.8.8:53 | 78.133.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | t.me | udp |
| NL | 149.154.167.99:443 | t.me | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| US | 8.8.8.8:53 | 99.167.154.149.in-addr.arpa | udp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| US | 8.8.8.8:53 | 58.251.201.195.in-addr.arpa | udp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| US | 8.8.8.8:53 | businessdownloads.ltd | udp |
| US | 104.21.16.123:443 | businessdownloads.ltd | tcp |
| US | 8.8.8.8:53 | 123.16.21.104.in-addr.arpa | udp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| US | 8.8.8.8:53 | i.imgur.com | udp |
| US | 199.232.192.193:443 | i.imgur.com | tcp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| GB | 172.217.169.3:443 | beacons.gvt2.com | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| US | 8.8.8.8:53 | 193.192.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| GB | 172.217.169.3:443 | beacons.gvt2.com | udp |
Files
\??\pipe\crashpad_3296_TKTAIYTXJJHSIUFE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\Paths\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | fc97b073a8329d41aad1bee923678391 |
| SHA1 | 3794b9555baed96972049178c10922a5b617771d |
| SHA256 | 9003f5066b2ffb37201a1ff951648f95844ce2435c1f7a5e7f2d70e3354dd6f0 |
| SHA512 | 4e5f77426bc6a5c89779b3652a1b1c81c1e83920bddce661257a8d447d73af9161dce6f7284938b345b2bf12c1696e9f707d03b87f87aeb87d6b206c65353103 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 964f95bccba75685a0c9039f3a331102 |
| SHA1 | 961a81aabdda5d87739ba36a5b74cf87faa0c47a |
| SHA256 | 9fdbf87c21bf37821d7ba801222331f8db9ac16e0f3239c11660a8a08de931f0 |
| SHA512 | c14d8c01ce8aaa7b0591321da6a679c4273ab1ec1ee30ea30b9a58038f1b69144a7dd4a54baa5f6f64c5fdec5984a1b93548de59aee09dada56a0d064f9cfc79 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | dcc2f47e2e77480ab83afd746b4f26f1 |
| SHA1 | d681a2916fefdde64ef793ac05484bdd9983dfe0 |
| SHA256 | 51ada1472c5886438a403f26f43794dfc7ee898b05a76467a8a9f1a332d34584 |
| SHA512 | dd1b7f222371b1fd0694c7ae20fa620af6215d455c83c97997e262840405369e3d3561879eab0732d0728d9d505aca4ddde01ffff386b9c68da6d68e81c52425 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004f
| MD5 | 950eca48e414acbe2c3b5d046dcb8521 |
| SHA1 | 1731f264e979f18cdf08c405c7b7d32789a6fb59 |
| SHA256 | c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2 |
| SHA512 | 27e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9 |
C:\Users\Admin\Downloads\#!_#0Pen_9898_P@$SW0rd_!!$.zip
| MD5 | 6d3d74896c20fe2618bf87d3c33125e0 |
| SHA1 | 8d544bb1cdbf362e9ae4b1b8fc121fd79af2aeca |
| SHA256 | a6bcedb0b5b01fb2efb29a0f1848064f5e9a400613faee2edeffeb90fc32a696 |
| SHA512 | 2436b591e14a7dbe493b0fd8994f2433a94b51962da21b4f8292bd57dd80f1f05fbe7b4ef946abfc16a5109e6740784dc5720713c161ec4b2c26035b13e81b65 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 90c2711b90f040b35e2af3cbcd190183 |
| SHA1 | 373d95c5d5cbb4f7c90eb1de5a0a007f74d67b3b |
| SHA256 | 680f83ac8d3f199beb9010e1b566a7fe1b82325272c371bd5edef2c9b26b04e2 |
| SHA512 | 85e71fb837d67f7bedae789d3285a39e24f95607905bb48e490801b23db93e1a12056e91b9c7781e50c1b45bba63b8465ab3f8f2192e5a1bdbcbf1db5cf44b65 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | cb7fd627ce53ff5e6b4cf9519031d366 |
| SHA1 | 551151a131c22e27d1cc423f09d8cf1316a6d203 |
| SHA256 | 27ac300a7c15788c7bd1fc9a4b7766ec5e5dc89387d5906faea3f5bb22475300 |
| SHA512 | 46d4758fb72bf91a3fb22d4b6a6a0d5a0d0f67a0f20f3ec37f05085044beffaaca5f37dd6e570f4f49d0eaf3da575adb005b0e9f110ec15a23aaa090ac814a20 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 5d1568aaf1ccef898b39b7c9d9aaada2 |
| SHA1 | 6923602a4e95b27abafe848e7f68fd72c39e5a64 |
| SHA256 | a9ee0898e4adc4fcf6eec176dc701a0878b39ba5c5df058dc2baa206a0519991 |
| SHA512 | 8e4a2eea01e7973e0ce08ffcc56a480fadadfdcbe1ef9308055491c7d64831d6e17bfd15ee97e88ef68a9d776d77f4494c6197337dcbd19e9d0595ee3c78b114 |
C:\Users\Admin\Downloads\#!_#0Pen_9898_P@$SW0rd_!!$\Setup.exe
| MD5 | ad2735f096925010a53450cb4178c89e |
| SHA1 | c6d65163c6315a642664f4eaec0fae9528549bfe |
| SHA256 | 4e775b5fafb4e6d89a4694f8694d2b8b540534bd4a52ff42f70095f1c929160e |
| SHA512 | 1868b22a7c5cba89545b06f010c09c5418b3d86039099d681eee9567c47208fdba3b89c6251cf03c964c58c805280d45ba9c3533125f6bd3e0bc067477e03ab9 |
C:\Users\Admin\Downloads\#!_#0Pen_9898_P@$SW0rd_!!$\Qt5Core.dll
| MD5 | 1ccc90e7aac237b45a75292bc9145cb9 |
| SHA1 | 738c89f4cc688efc84e24994f4dc077cc77342fe |
| SHA256 | 2e33fe29145a2f13dcb56635eb292f6c25c116e1e14fa081eb728ee04071ae25 |
| SHA512 | 89ab2b82c1d93a22c63eb3f09344bdd66a8b7decfd106f223c8f17ac7953fdf2d89b35d9cd1452239f3df131c03f2bc059471aa261b57ccca1174ee6d26662fc |
C:\Users\Admin\Downloads\#!_#0Pen_9898_P@$SW0rd_!!$\msvcp140.dll
| MD5 | 1ba6d1cf0508775096f9e121a24e5863 |
| SHA1 | df552810d779476610da3c8b956cc921ed6c91ae |
| SHA256 | 74892d9b4028c05debaf0b9b5d9dc6d22f7956fa7d7eee00c681318c26792823 |
| SHA512 | 9887d9f5838aa1555ea87968e014edfe2f7747f138f1b551d1f609bc1d5d8214a5fdab0d76fcac98864c1da5eb81405ca373b2a30cb12203c011d89ea6d069af |
C:\Users\Admin\Downloads\#!_#0Pen_9898_P@$SW0rd_!!$\VCRUNTIME140.dll
| MD5 | 49c96cecda5c6c660a107d378fdfc3d4 |
| SHA1 | 00149b7a66723e3f0310f139489fe172f818ca8e |
| SHA256 | 69320f278d90efaaeb67e2a1b55e5b0543883125834c812c8d9c39676e0494fc |
| SHA512 | e09e072f3095379b0c921d41d6e64f4f1cd78400594a2317cfb5e5dca03dedb5a8239ed89905c9e967d1acb376b0585a35addf6648422c7ddb472ce38b1ba60d |
C:\Users\Admin\Downloads\#!_#0Pen_9898_P@$SW0rd_!!$\vcruntime140_1.dll
| MD5 | cf0a1c4776ffe23ada5e570fc36e39fe |
| SHA1 | 2050fadecc11550ad9bde0b542bcf87e19d37f1a |
| SHA256 | 6fd366a691ed68430bcd0a3de3d8d19a0cb2102952bfc140bbef4354ed082c47 |
| SHA512 | d95cd98d22ca048d0fc5bca551c9db13d6fa705f6af120bbbb621cf2b30284bfdc7320d0a819bb26dab1e0a46253cc311a370bed4ef72ecb60c69791ed720168 |
C:\Users\Admin\Downloads\#!_#0Pen_9898_P@$SW0rd_!!$\amphipod.tiff
| MD5 | 7046dec9149c56b47272dcb80f6c93a4 |
| SHA1 | d4afde058b8c769d8d2348b2cba5cec3c03d2f9d |
| SHA256 | 36136cd5d386697746e5fd80e1cc218ca560e2695cc820fca3cbb07529a3d5ef |
| SHA512 | e0bcd5f1ec2273fb7e40fce2af989f498ad60044a6f41cde08fac500e48b4388702f3d10b17e9f76196d3c66e34d1196fd26175062be678c1b44f2fdcddfc812 |
C:\Users\Admin\Downloads\#!_#0Pen_9898_P@$SW0rd_!!$\hogg.pptx
| MD5 | 4a1bb50a70821601f854cb93681f57a1 |
| SHA1 | be7d7dabd24c40066f301499dae299cb90afd8c1 |
| SHA256 | 4db21e4665018a3e6cd03ec1b65f42a1c6c8f8046b3f451a1e025a2013e8203f |
| SHA512 | c8157213c3232cefc4e2d075091b1b848b67b2a802244e368223a89e22ee90e8b46f0e5f6c09ecb251ada5c4fe9325d1009fc81f31baa1e1367923a879fd4f7a |
memory/2776-444-0x00007FFBCE700000-0x00007FFBCE872000-memory.dmp
C:\Users\Admin\Downloads\#!_#0Pen_9898_P@$SW0rd_!!$\msvcp140_1.dll
| MD5 | 69d96e09a54fbc5cf92a0e084ab33856 |
| SHA1 | b4629d51b5c4d8d78ccb3370b40a850f735b8949 |
| SHA256 | a3a1199de32bbbc8318ec33e2e1ce556247d012851e4b367fe853a51e74ce4ee |
| SHA512 | 2087827137c473cdbec87789361ed34fad88c9fe80ef86b54e72aea891d91af50b17b7a603f9ae2060b3089ce9966fad6d7fbe22dee980c07ed491a75503f2cf |
C:\Users\Admin\Downloads\#!_#0Pen_9898_P@$SW0rd_!!$\Qt5Network.dll
| MD5 | c24c89879410889df656e3a961c59bcc |
| SHA1 | 25a9e4e545e86b0a5fe14ee0147746667892fabd |
| SHA256 | 739bedcfc8eb860927eb2057474be5b39518aaaa6703f9f85307a432fa1f236e |
| SHA512 | 0542c431049e4fd40619579062d206396bef2f6dadadbf9294619c918b9e6c96634dcd404b78c6045974295126ec35dd842c6ec8f42279d9598b57a751cd0034 |
C:\Users\Admin\Downloads\#!_#0Pen_9898_P@$SW0rd_!!$\libssl-1_1-x64.dll
| MD5 | 4ad03043a32e9a1ef64115fc1ace5787 |
| SHA1 | 352e0e3a628c8626cff7eed348221e889f6a25c4 |
| SHA256 | a0e43cbc4a2d8d39f225abd91980001b7b2b5001e8b2b8292537ae39b17b85d1 |
| SHA512 | edfae3660a5f19a9deda0375efba7261d211a74f1d8b6bf1a8440fed4619c4b747aca8301d221fd91230e7af1dab73123707cc6eda90e53eb8b6b80872689ba6 |
C:\Users\Admin\Downloads\#!_#0Pen_9898_P@$SW0rd_!!$\libcrypto-1_1-x64.dll
| MD5 | 28dea3e780552eb5c53b3b9b1f556628 |
| SHA1 | 55dccd5b30ce0363e8ebdfeb1cca38d1289748b8 |
| SHA256 | 52415829d85c06df8724a3d3d00c98f12beabf5d6f3cbad919ec8000841a86e8 |
| SHA512 | 19dfe5f71901e43ea34d257f693ae1a36433dbdbcd7c9440d9b0f9eea24de65c4a8fe332f7b88144e1a719a6ba791c2048b4dd3e5b1ed0fdd4c813603ad35112 |
C:\Users\Admin\Downloads\#!_#0Pen_9898_P@$SW0rd_!!$\steam_api64.dll
| MD5 | 6b4ab6e60364c55f18a56a39021b74a6 |
| SHA1 | 39cac2889d8ca497ee0d8434fc9f6966f18fa336 |
| SHA256 | 1db3fd414039d3e5815a5721925dd2e0a3a9f2549603c6cab7c49b84966a1af3 |
| SHA512 | c08de8c6e331d13dfe868ab340e41552fc49123a9f782a5a63b95795d5d979e68b5a6ab171153978679c0791dc3e3809c883471a05864041ce60b240ccdd4c21 |
memory/2776-465-0x00007FFBCE700000-0x00007FFBCE872000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\aa231920
| MD5 | be81024fcfe39bf5dd62f535bfbb578b |
| SHA1 | 9b6ee7933855d1ef9c773d3cb98108401faedd70 |
| SHA256 | a3d7c2effa2c16dd0c97ca7f0773c973b5cd16bcd86c5dc4f4cea2adb3ebf660 |
| SHA512 | 64aa3cd63b564f56188a712d1b4dcc1c2a4dc2dafc41b92414c3c8daa0e1fe87eb1718bccc6527885ec05515d7e197634a20ea304af8fdbee3a163f593c288ba |
memory/1200-478-0x00007FFBCEB60000-0x00007FFBCECD2000-memory.dmp
C:\Users\Admin\AppData\Roaming\dfpbg\amphipod.tiff
| MD5 | 8749e4371bf6615c983f5f050cb83b01 |
| SHA1 | aa6e7c48609d798e721d7759c758c34f762c78dc |
| SHA256 | 9f52e8abf83256ca18aca935fa60defce2d87aa016a3447db2b9d69d4c040024 |
| SHA512 | 9878ef6af996a5a0633f5586f7a600752e1f33e55c1f1f3fa97e82e02bd1c3e7587b35d06d4fd1a9aa1efedaa56a1547797a594de0f1a61e9c60480cd72dfea7 |
memory/5076-501-0x00007FFBF14F0000-0x00007FFBF16E5000-memory.dmp
memory/1200-503-0x00007FFBCEB60000-0x00007FFBCECD2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\de6ab2c2
| MD5 | 0c8aa2cbeb61a6f96e3c4ee68ffc3099 |
| SHA1 | 41749fa41d3d3c2ee586635355628d791230b44b |
| SHA256 | 3233efb1cf066941104b19abeb9718468da2c43c7ce28c043e4bd56081f2218a |
| SHA512 | 0edb3efc543d45b3fef08ad48403376da5cc2d0744b0468286f605a122fccb4053ba09632c2f7a1389b4bb631338e0dc78ddda963b4a949b7e759ebae84f256d |
C:\Users\Admin\AppData\Local\Temp\PCW39A9.xml
| MD5 | 3a57bc9830dffa9f7153908e81a29ffe |
| SHA1 | be8f30044ee698f5e356aac852f3994efb8f2b2b |
| SHA256 | caaf1c981e2eb50b6be6ebabfef626c6cd47a0c99c3be336052e232561d54f17 |
| SHA512 | 2b535589aa763de9584f20b6aba2f962aad23eb2d8ddbc9010526be22881b4a2240804e2899fdc6ba54b67da0bc4cfc0182b2fc3546acef26cd91a333485f966 |
C:\Windows\Temp\SDIAG_1d218b13-77d5-4604-b488-63e55694a932\es-ES\DiagPackage.dll.mui
| MD5 | 8f934d7b57fd5b3b53fa1ea7846e022c |
| SHA1 | d8b326037699730ba9edaf22555d8ef6e6e52263 |
| SHA256 | da1a83b1dd466b4173d9e25a7ae9e28f27b8b1f4016efcc86db39cb5a9b561c5 |
| SHA512 | ce3b2e6b877af3790cddfaf6afef469b642708004ecb7fbda1166c11ef4aba8cb51cb1ae23e7dc802a95e4469cf6be56f1f562aa4d5a14d76d4720e2d6259d1f |
C:\Windows\Temp\SDIAG_1d218b13-77d5-4604-b488-63e55694a932\DiagPackage.dll
| MD5 | 79134a74dd0f019af67d9498192f5652 |
| SHA1 | 90235b521e92e600d189d75f7f733c4bda02c027 |
| SHA256 | 9d6e3ed51893661dfe5a98557f5e7e255bbe223e3403a42aa44ea563098c947e |
| SHA512 | 1627d3abe3a54478c131f664f43c8e91dc5d2f2f7ddc049bc30dfa065eee329ed93edd73c9b93cf07bed997f43d58842333b3678e61aceac391fbe171d8461a3 |
memory/5308-639-0x000001BE4F830000-0x000001BE4F8B2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_gmpdr2ql.aqz.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/5308-649-0x000001BE505D0000-0x000001BE506D2000-memory.dmp
memory/5308-650-0x000001BE4F8C0000-0x000001BE4F8E2000-memory.dmp
memory/5308-651-0x000001BE4F810000-0x000001BE4F81A000-memory.dmp
memory/5308-652-0x000001BE4F820000-0x000001BE4F82A000-memory.dmp
C:\Windows\TEMP\SDIAG_1d218b13-77d5-4604-b488-63e55694a932\TS_ProgramCompatibilityWizard.ps1
| MD5 | 925f0b68b4de450cabe825365a43a05b |
| SHA1 | b6c57383a9bd732db7234d1bb34fd75d06e1fb72 |
| SHA256 | 5b1be3f6c280acfe041735c2e7c9a245e806fd7f1bf6029489698b0376e85025 |
| SHA512 | 012aadec4ed60b311f2b5374db3a2e409a0708272e6217049643bf33353ab49e4e144d60260b04e3ae29def8a4e1b8ada853a93972f703ca11b827febe7725af |
C:\Windows\TEMP\SDIAG_1d218b13-77d5-4604-b488-63e55694a932\es-ES\CL_LocalizationData.psd1
| MD5 | 5331e7102faeff864db060bd4d7c0c93 |
| SHA1 | 3fef29f4c4830b88f5709619f660695fd95209fc |
| SHA256 | b9135c8ae6fae495f44ff4fef1e56953d9eccfcb244e193d9db106628b3c03b6 |
| SHA512 | 4852df08e51cd171f9f503e1e7fe5d19c3b5ad64b86265d1120fd1b24399c2ae19edc1e404b7a90df281a10c8a2e27abd4cc6bc63891488c9c3039b7d5e40627 |
memory/5308-662-0x000001BE4F920000-0x000001BE4F928000-memory.dmp
memory/5308-671-0x000001BE504C0000-0x000001BE504C8000-memory.dmp
memory/5308-673-0x000001BE504F0000-0x000001BE50504000-memory.dmp
memory/924-674-0x00007FFBF14F0000-0x00007FFBF16E5000-memory.dmp
memory/5308-682-0x000001BE50540000-0x000001BE50548000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 091dffe103dd9bb92bcbca6d61448d70 |
| SHA1 | 256a86c3e5a666d9c6fbb8693b8290fb80a65994 |
| SHA256 | 40c4761c36a7dcc217e0d1f27ff7757b28a913d0e6cbc54357bb24a0a248e52c |
| SHA512 | 25de784cf73afd75dceef21c7455eb3d27eb3dfd34829e47c9575b500ba393a4422fc5426042e7ffdc6563be1e8327b5f61293b71c07ff2a79d66d5d3ad9ec7a |
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\733862231\2024061411.000\PCW.debugreport.xml
| MD5 | 8e43515b2a0804cc35469f688d37c2cb |
| SHA1 | af73f57cc17454d91c33ad3011e8b53772ade234 |
| SHA256 | 44c1b182e631882f558e29c69188ec0ee7d4343dbee114d42c75ec56242193bb |
| SHA512 | 3381558695e2743377cef95d209a1f4a13de1578a3bc33f1af29bc7f6b5a05a325328dd1ed8f517c6bbf75067fcbd9e74333e479a100dcab88fafd2e54d8cef4 |
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\733862231\2024061411.000\results.xsl
| MD5 | 0f391db2d621c2e9ed8ea3119a3faeed |
| SHA1 | ebe43c3a86c4c9437f38ca5274e7df21d371a3d7 |
| SHA256 | 172e4422f0f3c7b2ba936dd5c5015d293943881ab3741ede7681c7cfe68adf80 |
| SHA512 | 0e63edc48f1213f5586f3c972274ef4e7bc07b48e651cfb6e5fb9b62b7d2ce81e6088686a30f9382d852f7864e8bd451670122681a419aab82209b469d7dd36c |
memory/5784-740-0x0000000001430000-0x0000000001B7B000-memory.dmp
memory/5784-742-0x00007FFBF14F0000-0x00007FFBF16E5000-memory.dmp
memory/5784-744-0x0000000001430000-0x0000000001B7B000-memory.dmp
memory/1052-748-0x0000000000C00000-0x000000000134B000-memory.dmp
memory/1052-749-0x00007FFBF14F0000-0x00007FFBF16E5000-memory.dmp
memory/1052-750-0x0000000000C00000-0x000000000134B000-memory.dmp
memory/5784-753-0x0000000001430000-0x0000000001B7B000-memory.dmp
memory/5784-754-0x0000000061E00000-0x0000000061EF3000-memory.dmp
C:\ProgramData\IIJJDGHJKK.exe
| MD5 | 6cfddd5ce9ca4bb209bd5d8c2cd80025 |
| SHA1 | 424da82e9edbb6b39a979ab97d84239a1d67c48b |
| SHA256 | 376e1802b979514ba0e9c73933a8c6a09dd3f1d2a289f420c2202e64503d08a7 |
| SHA512 | d861130d87bfedc38a97019cba17724067f397e6ffe7e1384175db48c0a177a2e7e256c3c933d0f42766e8077f767d6d4dc8758200852e8ec135736daee7c0f8 |
memory/5856-831-0x0000000000A30000-0x0000000000F43000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\4c697799
| MD5 | 8d443e7cb87cacf0f589ce55599e008f |
| SHA1 | c7ff0475a3978271e0a8417ac4a826089c083772 |
| SHA256 | e2aaaa1a0431aab1616e2b612e9b68448107e6ce71333f9c0ec1763023b72b2a |
| SHA512 | c7d0ced6eb9e203d481d1dbdd5965278620c10cdc81c02da9c4f7f99f3f8c61dfe975cf48d4b93ccde9857edb881a77ebe9cd13ae7ef029285d770d767aa74a5 |
memory/5856-837-0x0000000072D70000-0x0000000072EEB000-memory.dmp
C:\ProgramData\AKKEHIECFC.exe
| MD5 | daaff76b0baf0a1f9cec253560c5db20 |
| SHA1 | 0311cf0eeb4beddd2c69c6e97462595313a41e78 |
| SHA256 | 5706c6f5421a6a34fdcb67e9c9e71283c8fc1c33499904519cbdc6a21e6b071c |
| SHA512 | 987ca2d67903c65ee1075c4a5250c85840aea26647b1d95a3e73a26dcad053bd4c31df4ca01d6cc0c196fa7e8e84ab63ed4a537f72fc0b1ee4ba09cdb549ddf3 |
memory/5856-845-0x00007FFBF14F0000-0x00007FFBF16E5000-memory.dmp
memory/5968-847-0x00000000008C0000-0x0000000000B08000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\4eca6613
| MD5 | c62f812e250409fbd3c78141984270f2 |
| SHA1 | 9c7c70bb78aa0de4ccf0c2b5d87b37c8a40bd806 |
| SHA256 | d8617477c800cc10f9b52e90b885117a27266831fb5033647b6b6bd6025380a8 |
| SHA512 | 7573ecac1725f395bbb1661f743d8ee6b029f357d3ef07d0d96ee4ff3548fe06fab105ee72be3e3964d2053de2f44245cca9a061d47c1411949840c84f6e9092 |
memory/5968-853-0x0000000072D70000-0x0000000072EEB000-memory.dmp
memory/5968-854-0x00007FFBF14F0000-0x00007FFBF16E5000-memory.dmp
memory/5784-860-0x0000000001430000-0x0000000001B7B000-memory.dmp
memory/5784-864-0x0000000001430000-0x0000000001B7B000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 24ec10241512deab6f5441b0c896e622 |
| SHA1 | 3eb9657c40b538b966f89f03f77d7f22a577eb4b |
| SHA256 | ad168747d479a5786a34293271c3671180478801f7aa128be8d75001f04d4385 |
| SHA512 | c6fe8ffe20fd13760306486d735940ab94696299be2ea8722909f3ceeed27c9368b2863543aa59605b6b65d84b4061a1458011a7e4ccd314cac559f62e4e9b5c |
memory/5856-874-0x0000000072D70000-0x0000000072EEB000-memory.dmp
memory/5968-876-0x0000000072D70000-0x0000000072EEB000-memory.dmp