Analysis Overview
Threat Level: Known bad
The file https://www.upload.ee/files/16684929/BrutoForce_Seed-main.zip.html was found to be: Known bad.
Malicious Activity Summary
StormKitty
StormKitty payload
AsyncRat
Async RAT payload
Checks computer location settings
Reads user/profile data of web browsers
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
Adds Run key to start application
Drops desktop.ini file(s)
Looks up external IP address via web service
Looks up geolocation information via web service
Sets desktop wallpaper using registry
Event Triggered Execution: Netsh Helper DLL
Enumerates physical storage devices
Suspicious use of FindShellTrayWindow
Checks SCSI registry key(s)
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Checks processor information in registry
Modifies registry class
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-18 12:40
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-18 12:40
Reported
2024-06-18 12:42
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
AsyncRat
StormKitty
StormKitty payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Async RAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\FIXER.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\FIXER.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\rundll32.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\rundll32.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\rundll32.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\rundll32.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1092 = "C:\\Users\\Admin\\AppData\\Local\\rundll32.exe" | C:\Users\Admin\AppData\Local\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1092 = "C:\\Users\\Admin\\AppData\\Local\\rundll32.exe" | C:\Users\Admin\AppData\Local\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1092 = "C:\\Users\\Admin\\AppData\\Local\\rundll32.exe" | C:\Users\Admin\AppData\Local\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1092 = "C:\\Users\\Admin\\AppData\\Local\\rundll32.exe" | C:\Users\Admin\AppData\Local\rundll32.exe | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Local\c1ef39315d8b11f4242f44984887bd84\Admin@GYLQWJCN_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\desktop.ini | C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\c1ef39315d8b11f4242f44984887bd84\Admin@GYLQWJCN_en-US\Grabber\DRIVE-C\Users\Admin\Desktop\desktop.ini | C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\c1ef39315d8b11f4242f44984887bd84\Admin@GYLQWJCN_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\Saved Pictures\desktop.ini | C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\c1ef39315d8b11f4242f44984887bd84\Admin@GYLQWJCN_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\desktop.ini | C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\c1ef39315d8b11f4242f44984887bd84\Admin@GYLQWJCN_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\Camera Roll\desktop.ini | C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\c1ef39315d8b11f4242f44984887bd84\Admin@GYLQWJCN_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\desktop.ini | C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\c1ef39315d8b11f4242f44984887bd84\Admin@GYLQWJCN_en-US\Grabber\DRIVE-C\Users\Admin\Desktop\desktop.ini | C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\c1ef39315d8b11f4242f44984887bd84\Admin@GYLQWJCN_en-US\Grabber\DRIVE-C\Users\Admin\Documents\desktop.ini | C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\c1ef39315d8b11f4242f44984887bd84\Admin@GYLQWJCN_en-US\Grabber\DRIVE-C\Users\Admin\Documents\desktop.ini | C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | icanhazip.com | N/A | N/A |
Looks up geolocation information via web service
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\785BgHVlo.jpg" | C:\Users\Admin\AppData\Local\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\onIxq8zU1.jpg" | C:\Users\Admin\AppData\Local\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\PA4UnU9DX.jpg" | C:\Users\Admin\AppData\Local\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hh0RaOVAN.jpg" | C:\Users\Admin\AppData\Local\rundll32.exe | N/A |
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0 | C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings | C:\Windows\system32\taskmgr.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1181767204-2009306918-3718769404-1000\{FD58053D-678D-412B-B6B8-2EECCD8B3949} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.upload.ee/files/16684929/BrutoForce_Seed-main.zip.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4104,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=4552 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4088,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=756 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5272,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5460,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5472 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5304,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5616 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=4116,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=5996,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=6092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6224,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=6276 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --field-trial-handle=6428,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=6444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --field-trial-handle=6276,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=6656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --field-trial-handle=5936,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --field-trial-handle=6360,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --field-trial-handle=6968,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=6356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --field-trial-handle=5292,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --field-trial-handle=5428,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=7164 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --field-trial-handle=5400,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=7308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=7440,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=7468 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=7352,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=7584 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --field-trial-handle=7184,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=7224 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --field-trial-handle=7668,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7216,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=7276 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=8612,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=8596 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\BrutoForce_Seed-main\" -spe -an -ai#7zMap31165:102:7zEvent2565
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5716,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=7724 /prefetch:8
C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe
"C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7420,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=7260 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8524,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=6576 /prefetch:8
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
C:\Windows\SysWOW64\chcp.com
chcp 65001
C:\Windows\SysWOW64\netsh.exe
netsh wlan show profile
C:\Windows\SysWOW64\findstr.exe
findstr All
C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\FIXER.exe
"C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\FIXER.exe"
C:\Users\Admin\AppData\Local\rundll32.exe
"C:\Users\Admin\AppData\Local\rundll32.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
C:\Windows\SysWOW64\chcp.com
chcp 65001
C:\Windows\SysWOW64\netsh.exe
netsh wlan show networks mode=bssid
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\Extreme.Net.dll.YIM0X
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
C:\Users\Admin\AppData\Local\rundll32.exe
"C:\Users\Admin\AppData\Local\rundll32.exe"
C:\Users\Admin\AppData\Local\rundll32.exe
"C:\Users\Admin\AppData\Local\rundll32.exe"
C:\Users\Admin\AppData\Local\rundll32.exe
"C:\Users\Admin\AppData\Local\rundll32.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | www.upload.ee | udp |
| US | 8.8.8.8:53 | www.upload.ee | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.upload.ee | udp |
| FR | 51.91.30.159:443 | www.upload.ee | tcp |
| FR | 51.91.30.159:443 | www.upload.ee | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| US | 8.8.8.8:53 | s7.addthis.com | udp |
| US | 8.8.8.8:53 | du0pud0sdlmzf.cloudfront.net | udp |
| US | 8.8.8.8:53 | du0pud0sdlmzf.cloudfront.net | udp |
| BE | 104.68.81.91:443 | s7.addthis.com | tcp |
| GB | 3.162.19.97:443 | du0pud0sdlmzf.cloudfront.net | tcp |
| BE | 104.68.81.91:443 | s7.addthis.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| SE | 23.34.233.128:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| SE | 184.31.15.40:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 172.217.169.34:443 | googleads.g.doubleclick.net | udp |
| NL | 23.62.61.169:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | lcolumnstoodthe.info | udp |
| US | 8.8.8.8:53 | lcolumnstoodthe.info | udp |
| US | 8.8.8.8:53 | yrincelewasgiw.info | udp |
| US | 8.8.8.8:53 | yrincelewasgiw.info | udp |
| US | 8.8.8.8:53 | ghabovethec.info | udp |
| US | 8.8.8.8:53 | ghabovethec.info | udp |
| US | 8.8.8.8:53 | talsindustrateb.info | udp |
| US | 8.8.8.8:53 | talsindustrateb.info | udp |
| US | 8.8.8.8:53 | talsindustrateb.info | udp |
| US | 8.8.8.8:53 | www.upload.ee | udp |
| US | 8.8.8.8:53 | getrunkhomuto.info | udp |
| US | 8.8.8.8:53 | getrunkhomuto.info | udp |
| US | 8.8.8.8:53 | getrunkhomuto.info | udp |
| US | 8.8.8.8:53 | www.upload.ee | udp |
| GB | 18.239.236.118:443 | lcolumnstoodthe.info | tcp |
| US | 104.21.2.17:443 | yrincelewasgiw.info | udp |
| FR | 18.155.129.123:443 | ghabovethec.info | tcp |
| GB | 13.224.132.102:443 | talsindustrateb.info | tcp |
| US | 8.8.8.8:53 | talsindustrateb.info | udp |
| US | 8.8.8.8:53 | www.upload.ee | udp |
| US | 8.8.8.8:53 | pogothere.xyz | udp |
| US | 8.8.8.8:53 | pogothere.xyz | udp |
| US | 8.8.8.8:53 | getrunkhomuto.info | udp |
| US | 8.8.8.8:53 | getrunkhomuto.info | udp |
| US | 3.164.163.123:443 | getrunkhomuto.info | tcp |
| GB | 13.224.132.102:443 | talsindustrateb.info | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 188.114.96.2:443 | pogothere.xyz | udp |
| GB | 143.204.176.76:443 | getrunkhomuto.info | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| NL | 142.250.27.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| BE | 64.233.166.155:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | www.upload.ee | udp |
| US | 8.8.8.8:53 | www.upload.ee | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.30.91.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.234.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.6.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.19.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.81.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.233.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.236.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.129.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.132.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.96.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.163.164.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.176.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.2.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | du0pud0sdlmzf.cloudfront.net | udp |
| US | 8.8.8.8:53 | du0pud0sdlmzf.cloudfront.net | udp |
| GB | 3.162.19.153:443 | du0pud0sdlmzf.cloudfront.net | tcp |
| GB | 3.162.19.153:443 | du0pud0sdlmzf.cloudfront.net | tcp |
| GB | 3.162.19.153:443 | du0pud0sdlmzf.cloudfront.net | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 35.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.166.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.69.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.19.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.upload.ee | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | lcolumnstoodthe.info | udp |
| US | 8.8.8.8:53 | lcolumnstoodthe.info | udp |
| US | 8.8.8.8:53 | lcolumnstoodthe.info | udp |
| US | 8.8.8.8:53 | www.upload.ee | udp |
| GB | 18.239.236.109:443 | lcolumnstoodthe.info | tcp |
| GB | 18.239.236.109:443 | lcolumnstoodthe.info | tcp |
| US | 8.8.8.8:53 | dukirliaon.com | udp |
| US | 8.8.8.8:53 | dukirliaon.com | udp |
| US | 8.8.8.8:53 | dukirliaon.com | udp |
| NL | 139.45.197.239:443 | dukirliaon.com | tcp |
| US | 8.8.8.8:53 | yonmewon.com | udp |
| US | 8.8.8.8:53 | yonmewon.com | udp |
| US | 8.8.8.8:53 | my.rtmark.net | udp |
| US | 8.8.8.8:53 | my.rtmark.net | udp |
| NL | 139.45.197.236:443 | yonmewon.com | tcp |
| NL | 139.45.195.8:443 | my.rtmark.net | tcp |
| US | 8.8.8.8:53 | 109.236.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.197.45.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.197.45.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.195.45.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dukirliaon.com | udp |
| US | 8.8.8.8:53 | dukirliaon.com | udp |
| US | 8.8.8.8:53 | s.click.aliexpress.com | udp |
| US | 8.8.8.8:53 | s.click.aliexpress.com | udp |
| US | 8.8.8.8:53 | s.click.aliexpress.com | udp |
| BE | 104.68.85.7:443 | s.click.aliexpress.com | tcp |
| US | 8.8.8.8:53 | campaign.aliexpress.com | udp |
| US | 8.8.8.8:53 | campaign.aliexpress.com | udp |
| US | 8.8.8.8:53 | campaign.aliexpress.com | udp |
| US | 8.8.8.8:53 | 7.85.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assets.alicdn.com | udp |
| US | 8.8.8.8:53 | assets.alicdn.com | udp |
| US | 8.8.8.8:53 | ae01.alicdn.com | udp |
| US | 8.8.8.8:53 | ae01.alicdn.com | udp |
| US | 8.8.8.8:53 | www.aliexpress.com | udp |
| US | 8.8.8.8:53 | www.aliexpress.com | udp |
| US | 8.8.8.8:53 | fcmatch.youtube.com | udp |
| US | 8.8.8.8:53 | fcmatch.youtube.com | udp |
| BE | 104.68.85.7:443 | www.aliexpress.com | tcp |
| BE | 104.68.85.7:443 | www.aliexpress.com | tcp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | fcmatch.google.com | udp |
| US | 8.8.8.8:53 | fcmatch.google.com | udp |
| US | 8.8.8.8:53 | hd.mmstat.com | udp |
| US | 8.8.8.8:53 | hd.mmstat.com | udp |
| US | 8.8.8.8:53 | gj.mmstat.com | udp |
| US | 8.8.8.8:53 | gj.mmstat.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | best.aliexpress.com | udp |
| US | 8.8.8.8:53 | best.aliexpress.com | udp |
| US | 8.8.8.8:53 | best.aliexpress.com | udp |
| US | 8.8.8.8:53 | campaign.aliexpress.com | udp |
| US | 8.8.8.8:53 | dmtracking2.alibaba.com | udp |
| US | 8.8.8.8:53 | dmtracking2.alibaba.com | udp |
| BE | 104.68.85.7:443 | campaign.aliexpress.com | tcp |
| US | 8.8.8.8:53 | hd.mmstat.com | udp |
| US | 8.8.8.8:53 | fourier.taobao.com | udp |
| US | 8.8.8.8:53 | fourier.taobao.com | udp |
| US | 8.8.8.8:53 | dmtracking2.alibaba.com | udp |
| BE | 23.55.96.49:443 | ae01.alicdn.com | tcp |
| BE | 23.55.96.49:443 | ae01.alicdn.com | tcp |
| US | 8.8.8.8:53 | acs.aliexpress.ru | udp |
| US | 8.8.8.8:53 | acs.aliexpress.ru | udp |
| US | 8.8.8.8:53 | pcookie.aliexpress.com | udp |
| US | 8.8.8.8:53 | pcookie.aliexpress.com | udp |
| US | 8.8.8.8:53 | time-ae.akamaized.net | udp |
| US | 8.8.8.8:53 | time-ae.akamaized.net | udp |
| BE | 23.14.90.90:443 | time-ae.akamaized.net | tcp |
| US | 8.8.8.8:53 | ae.mmstat.com | udp |
| US | 8.8.8.8:53 | ae.mmstat.com | udp |
| SG | 47.246.110.45:443 | ae.mmstat.com | tcp |
| US | 8.8.8.8:53 | acs.aliexpress.com | udp |
| US | 8.8.8.8:53 | acs.aliexpress.com | udp |
| US | 8.8.8.8:53 | is.alicdn.com | udp |
| US | 8.8.8.8:53 | is.alicdn.com | udp |
| US | 8.8.8.8:53 | is.alicdn.com | udp |
| US | 8.8.8.8:53 | best.aliexpress.com | udp |
| US | 8.8.8.8:53 | ae04.alicdn.com | udp |
| US | 8.8.8.8:53 | ae04.alicdn.com | udp |
| BE | 104.68.85.7:443 | best.aliexpress.com | tcp |
| NL | 23.62.61.194:443 | ae04.alicdn.com | tcp |
| US | 8.8.8.8:53 | g.alicdn.com | udp |
| US | 8.8.8.8:53 | g.alicdn.com | udp |
| US | 8.8.8.8:53 | login.aliexpress.ru | udp |
| US | 8.8.8.8:53 | login.aliexpress.ru | udp |
| US | 8.8.8.8:53 | login.aliexpress.us | udp |
| US | 8.8.8.8:53 | login.aliexpress.us | udp |
| GB | 79.133.176.243:443 | g.alicdn.com | tcp |
| US | 8.8.8.8:53 | bottom.campaign.aliexpress.com | udp |
| US | 8.8.8.8:53 | bottom.campaign.aliexpress.com | udp |
| DE | 47.246.146.202:443 | acs.aliexpress.com | tcp |
| FR | 51.91.30.159:443 | www.upload.ee | tcp |
| US | 163.181.154.233:443 | bottom.campaign.aliexpress.com | tcp |
| US | 8.8.8.8:53 | getrunkhomuto.info | udp |
| US | 8.8.8.8:53 | getrunkhomuto.info | udp |
| US | 8.8.8.8:53 | getrunkhomuto.info | udp |
| US | 8.8.8.8:53 | www.upload.ee | udp |
| GB | 143.204.176.11:443 | getrunkhomuto.info | tcp |
| GB | 143.204.176.11:443 | getrunkhomuto.info | tcp |
| US | 8.8.8.8:53 | 49.96.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.110.246.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.176.133.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.146.246.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.154.181.163.in-addr.arpa | udp |
| RU | 47.246.133.22:443 | login.aliexpress.ru | tcp |
| US | 8.8.8.8:53 | dukirliaon.com | udp |
| US | 8.8.8.8:53 | aeis.alicdn.com | udp |
| US | 8.8.8.8:53 | aeis.alicdn.com | udp |
| CN | 123.183.232.34:443 | fourier.taobao.com | tcp |
| US | 8.8.8.8:53 | sr7pv7n5x.com | udp |
| US | 8.8.8.8:53 | sr7pv7n5x.com | udp |
| US | 8.8.8.8:53 | s.click.aliexpress.com | udp |
| US | 8.8.8.8:53 | dukirliaon.com | udp |
| US | 8.8.8.8:53 | telem-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | telem-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | s.click.aliexpress.com | udp |
| US | 8.8.8.8:53 | s.click.aliexpress.com | udp |
| NL | 212.117.190.201:443 | sr7pv7n5x.com | tcp |
| GB | 172.165.61.93:443 | telem-edge.smartscreen.microsoft.com | tcp |
| CN | 123.183.232.34:443 | fourier.taobao.com | tcp |
| GB | 79.133.176.243:443 | g.alicdn.com | tcp |
| GB | 79.133.176.243:443 | g.alicdn.com | tcp |
| BE | 104.68.85.7:443 | s.click.aliexpress.com | tcp |
| US | 8.8.8.8:53 | campaign.aliexpress.com | udp |
| US | 8.8.8.8:53 | dmtracking2.alibaba.com | udp |
| US | 8.8.8.8:53 | dmtracking2.alibaba.com | udp |
| US | 8.8.8.8:53 | best.aliexpress.com | udp |
| US | 8.8.8.8:53 | campaign.aliexpress.com | udp |
| US | 8.8.8.8:53 | 11.176.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.133.246.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.190.117.212.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.61.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | is.alicdn.com | udp |
| US | 8.8.8.8:53 | best.aliexpress.com | udp |
| CN | 123.183.232.34:443 | fourier.taobao.com | tcp |
| US | 8.8.8.8:53 | fourier.aliexpress.com | udp |
| US | 8.8.8.8:53 | fourier.aliexpress.com | udp |
| FR | 51.91.30.159:443 | www.upload.ee | tcp |
| DE | 47.246.146.63:443 | fourier.aliexpress.com | tcp |
| DE | 47.246.146.63:443 | fourier.aliexpress.com | tcp |
| NL | 23.62.61.169:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | login.aliexpress.com | udp |
| US | 8.8.8.8:53 | login.aliexpress.com | udp |
| US | 8.8.8.8:53 | epss.alibaba-inc.com | udp |
| US | 8.8.8.8:53 | epss.alibaba-inc.com | udp |
| US | 8.8.8.8:53 | 63.146.246.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wp.aliexpress.com | udp |
| US | 8.8.8.8:53 | wp.aliexpress.com | udp |
| US | 8.8.8.8:53 | wp.aliexpress.com | udp |
| US | 8.8.8.8:53 | best.aliexpress.com | udp |
| SG | 47.246.174.95:443 | epss.alibaba-inc.com | tcp |
| US | 8.8.8.8:53 | wp.aliexpress.com | udp |
| US | 8.8.8.8:53 | best.aliexpress.com | udp |
| US | 8.8.8.8:53 | www.upload.ee | udp |
| US | 8.8.8.8:53 | www.upload.ee | udp |
| SG | 47.246.174.95:443 | epss.alibaba-inc.com | tcp |
| US | 8.8.8.8:53 | dl-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | dl-edge.smartscreen.microsoft.com | udp |
| GB | 13.87.96.169:443 | dl-edge.smartscreen.microsoft.com | tcp |
| DE | 47.246.146.12:443 | wp.aliexpress.com | tcp |
| DE | 47.246.146.12:443 | wp.aliexpress.com | tcp |
| US | 8.8.8.8:53 | 95.174.246.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wp.aliexpress.com | udp |
| US | 8.8.8.8:53 | app-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | app-edge.smartscreen.microsoft.com | udp |
| CN | 123.183.232.34:443 | fourier.taobao.com | tcp |
| GB | 51.11.108.188:443 | app-edge.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | app-edge.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | app-edge.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | app-edge.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | app-edge.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | app-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | img.alicdn.com | udp |
| US | 8.8.8.8:53 | img.alicdn.com | udp |
| CN | 123.183.232.34:443 | fourier.taobao.com | tcp |
| GB | 79.133.176.234:443 | img.alicdn.com | tcp |
| US | 8.8.8.8:53 | de-wum.aliexpress.com | udp |
| US | 8.8.8.8:53 | de-wum.aliexpress.com | udp |
| US | 8.8.8.8:53 | us.ynuf.aliapp.org | udp |
| US | 8.8.8.8:53 | us.ynuf.aliapp.org | udp |
| US | 8.8.8.8:53 | 12.146.246.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.108.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.176.133.79.in-addr.arpa | udp |
| DE | 47.246.146.190:443 | us.ynuf.aliapp.org | tcp |
| US | 8.8.8.8:53 | 190.146.246.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5jon72.tdum.alibaba.com | udp |
| US | 8.8.8.8:53 | 5jon72.tdum.alibaba.com | udp |
| US | 8.8.8.8:53 | cepn6u.tdum.alibaba.com | udp |
| US | 8.8.8.8:53 | cepn6u.tdum.alibaba.com | udp |
| DE | 47.254.177.101:443 | cepn6u.tdum.alibaba.com | tcp |
| US | 8.8.8.8:53 | ynuf.aliapp.org | udp |
| US | 8.8.8.8:53 | ynuf.aliapp.org | udp |
| CN | 124.239.14.252:443 | ynuf.aliapp.org | tcp |
| CN | 124.239.14.252:443 | ynuf.aliapp.org | tcp |
| US | 8.8.8.8:53 | 101.177.254.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| CN | 124.239.14.252:443 | ynuf.aliapp.org | tcp |
| CN | 124.239.14.253:443 | ynuf.aliapp.org | tcp |
| CN | 124.239.14.253:443 | ynuf.aliapp.org | tcp |
| CN | 124.239.14.253:443 | ynuf.aliapp.org | tcp |
| US | 8.8.8.8:53 | 195.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | icanhazip.com | udp |
| US | 104.16.184.241:80 | icanhazip.com | tcp |
| US | 8.8.8.8:53 | api.mylnikov.org | udp |
| US | 172.67.196.114:443 | api.mylnikov.org | tcp |
| US | 8.8.8.8:53 | api.telegram.org | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 8.8.8.8:53 | pastebin.com | udp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 8.8.8.8:53 | 241.184.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.196.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.167.154.149.in-addr.arpa | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| N/A | 127.0.0.1:8808 | tcp | |
| US | 8.8.8.8:53 | 24.19.67.172.in-addr.arpa | udp |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:6606 | tcp | |
| N/A | 127.0.0.1:7707 | tcp | |
| N/A | 127.0.0.1:6606 | tcp |
Files
C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe
| MD5 | c634e67d58f8700fc8612e49d4a6a84a |
| SHA1 | aba2d1620c6c3b6724029a2b163c0194399bdd6f |
| SHA256 | 2ceedb5ba748de9b905b351e468b3ab6c06a67ada80238505f1d0a2f3455796b |
| SHA512 | e859a0e5b69066da9c4927ab068b7c73392362917086137692c5f60b236ba496526d9e98922f217d89944f67e034f707c032fa17487c51408b5a300b80ee8144 |
memory/5112-22-0x000000007500E000-0x000000007500F000-memory.dmp
memory/5112-23-0x0000000000D00000-0x0000000000D36000-memory.dmp
memory/5112-24-0x0000000075000000-0x00000000757B0000-memory.dmp
memory/5112-25-0x0000000005820000-0x0000000005886000-memory.dmp
C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\README.txt
| MD5 | a0425dd392fb42c60c35bb47299f0ddd |
| SHA1 | 937d265f42a1dec2d04ec985f8b9166808ea7c3c |
| SHA256 | 480ada135f8bd07e8358324cb5b6db18d7dd19f0bf637911690bd975b6e39dfd |
| SHA512 | 1c8c4764cc74de99cd4a7c62ac9773f1ddf068008695e2224bf2b97e9a7db7529521418720a25b0f270a2cff3af47ac4039984ab270389f2322a71a310ae4a18 |
C:\Users\Admin\AppData\Local\c1ef39315d8b11f4242f44984887bd84\Admin@GYLQWJCN_en-US\Browsers\Edge\History.txt
| MD5 | acf67cf3e8c34dea448be62f585de0a6 |
| SHA1 | a2adfac58d69bc47f9e4e4b4e9a4bd7c163dd009 |
| SHA256 | 1da6a66c0081b8750baa7eed48c2317786db7f7f8c73c64bd9a39daa8dacb893 |
| SHA512 | 7686bc3bb88de9c7ffd73ec61782bcfed86fc98ee39bce3150adf92bf8ceac82d368e64d438bb6fa138e3bb17111129af92b73cc8c724e3dfade6bafc9528224 |
C:\Users\Admin\AppData\Local\c1ef39315d8b11f4242f44984887bd84\Admin@GYLQWJCN_en-US\Browsers\Edge\History.txt
| MD5 | c554b664d048d6f5bfd10af45445d189 |
| SHA1 | 5c10cfd22e1c4aed8a616c494d2437482c55b550 |
| SHA256 | 0e4fb6f4e29096c358033c0bd29ff0fbe038bc987081c8e45255a6f84391a5c7 |
| SHA512 | daf4bd6adaf2d34ed9fcf6bcead527dc0cccd2d9f3709feea9384fec0c350b8ed5833835fcfd140cd0a74400ff970c9dfcc1bdb95b4ab8a80df1bc10ce2765cd |
C:\Users\Admin\AppData\Local\c1ef39315d8b11f4242f44984887bd84\Admin@GYLQWJCN_en-US\Browsers\Firefox\Bookmarks.txt
| MD5 | 2e9d094dda5cdc3ce6519f75943a4ff4 |
| SHA1 | 5d989b4ac8b699781681fe75ed9ef98191a5096c |
| SHA256 | c84c98bbf5e0ef9c8d0708b5d60c5bb656b7d6be5135d7f7a8d25557e08cf142 |
| SHA512 | d1f7eed00959e902bdb2125b91721460d3ff99f3bdfc1f2a343d4f58e8d4e5e5a06c0c6cdc0379211c94510f7c00d7a8b34fa7d0ca0c3d54cbbe878f1e9812b7 |
C:\Users\Admin\AppData\Local\c1ef39315d8b11f4242f44984887bd84\Admin@GYLQWJCN_en-US\System\Process.txt
| MD5 | 0886d8bb714dcff34927b760f6a3389a |
| SHA1 | 87b426908c038ed13f4c2d4bf6ff5c406bbe06d5 |
| SHA256 | e2f4311727697feddb6764267809122f5e0ca54625cb9c144ae92ef905da4f46 |
| SHA512 | a8600a60fc936080dcbc54fc57e77e12838d28c44fb6984863388dc4416c0ddbe89bb34676bd58aa3924756f1b2cce421851cc05a87b35ddb4597723f240d409 |
memory/5112-202-0x0000000075000000-0x00000000757B0000-memory.dmp
memory/5112-204-0x0000000006270000-0x0000000006302000-memory.dmp
memory/5112-205-0x00000000068C0000-0x0000000006E64000-memory.dmp
C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\FIXER.exe
| MD5 | 74e4e1dfb94de3a46f82ad83da3b25cb |
| SHA1 | 5d62d2534c9b8df6b880ef77ea01c317223762ec |
| SHA256 | 467c0c1ce495385c7c4c450ba2a889108e422738c1695c9e5bd63a94c5266af4 |
| SHA512 | 46465915f2368c349485c657583b5d076a66daf0ef3cd4a205b45110b8d10ff2507eee62338384ebbcf074ba367a25b13f5a4e72759fff7ecee6005e41aac4e4 |
memory/5504-209-0x00000000002E0000-0x00000000002F2000-memory.dmp
C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\DotNetZip.dll
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\1092.README.txt
| MD5 | 19572381d47d6674829b57669e6ee898 |
| SHA1 | 2a5e1d2f04f342fc857abbc15900b4e687e0c488 |
| SHA256 | 70598c10e6e2ed2c26acdb3a8212310af41b0dbec5e35a03c344b06c86fa549c |
| SHA512 | 31c8b55ae5946c8b431ceb564fe418c47af8b119f1e6c2d3653314141051c44ca503611e7813477009fadefa211a6aa1b024490fe1c305ba90a71a05eea67a17 |
C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\Extreme.Net.dll
| MD5 | 983a906761b6686ba8bc821e2b9e4090 |
| SHA1 | 0b85e20355fba58cc2669a7f6583087da81b5e35 |
| SHA256 | 21708adb84bc1dbcf29b42ddac0c1db000dbaf5a485ee8f92cf5dcb29c04370f |
| SHA512 | b23b5abf31043af5c98a8e1d1938e624e5d7700d47a1cf72e2ec26efd262d6765aeeea36e36905d99d41b6e8e680e73ed9ae251afacc415d0736076658d0b084 |
C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\MetroFramework.dll
| MD5 | cb06ea4fa7f17fe93d0b1a9444e73e1b |
| SHA1 | 2d87113eb341b308be3881601757320b7126086b |
| SHA256 | d564e0a249a0dd24d807e9486c6eadbbf08dcc7ae53fc850f24e72600053ae0e |
| SHA512 | 8f4281cf70fa612d4f15592426571b2980f32dff8d802f1737a69baab11a30b947efb263221b1d788b435e01de70fb9068089e49f1b7cb57dc19ecded64a2f64 |
C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\MetroFramework.Design.dll
| MD5 | ac915b8ae2263acfb67ef2d1124f7e4b |
| SHA1 | 7794245f39563073ee0158e8d0a3cf81c761acbf |
| SHA256 | 4e6da405b2f48706309ea44fce3ceffec6c647484ad6b90b439fbaecd9438207 |
| SHA512 | 93dbe4d46a22a69523bd822c82d0cdaf0ed0a3b21fcf89ba986b5982220dd76e87c79fec349693181e84091edfbe4c90ffb6b335d99df31ab71c6e50ee54f416 |
C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\stub.dll
| MD5 | facedd7b310db340c9bfd85e94541a1d |
| SHA1 | b2a42e196f09ed3bde58ab9ac0bbcecbf247763e |
| SHA256 | b845c00b45b9d757ecb790b8980b2574feadd470820e9e9204df026866454761 |
| SHA512 | 22bf5bead512586264b315f4cd9f04f8c4bee00adab7cd9dc7f0995acd67ccbe50b5c7590f01f0e200ca03c8684f43c87918608b141ed2ca49baf03f056faa03 |
C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\Mono.Cecil.dll
| MD5 | 3b88044dd86905a1c25614c53af35d14 |
| SHA1 | a276e35c08d99f34fa86f17b8e8d786d6e438e37 |
| SHA256 | 0a0582ba32dad97f1c843cb1011bce4d63105a2eac67f12cfe63dbddd43aa160 |
| SHA512 | 870c1e7d90a11764ad24409fc8939c43b7b9419604034744d68c4909b3b4ca9ae960df740d0abf59eed88d0921735f9d954e84644b579fc906883b4b587df4af |
C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\MetroFramework.Fonts.dll
| MD5 | a7071d0aa5497f682d0b99dcc73641cd |
| SHA1 | ad4a72b576cbb4ca06cb18f38908c78dc5b675ac |
| SHA256 | a8299cdc3becddbd69009f01faaa3ea4407b90e5f663c1269b72fb00f2677732 |
| SHA512 | 008578fc2f82811fb6888635b60faffc82fc9189308d7878c6c13d86e127fde4e95b12ec0fc3e9be25ea46545bed184c285b22b00d788d7bcf22d389063dcbd3 |
memory/5112-561-0x0000000006490000-0x000000000649A000-memory.dmp
C:\Users\Admin\AppData\Local\2b2cfe0ca78a31982b5fc7b50590de2c\msgid.dat
| MD5 | cfcd208495d565ef66e7dff9f98764da |
| SHA1 | b6589fc6ab0dc82cf12099d1c2d40ab994e8410c |
| SHA256 | 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9 |
| SHA512 | 31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99 |
memory/5112-567-0x0000000007130000-0x0000000007142000-memory.dmp
memory/5112-594-0x000000007500E000-0x000000007500F000-memory.dmp
memory/5112-595-0x0000000075000000-0x00000000757B0000-memory.dmp
memory/5112-596-0x0000000075000000-0x00000000757B0000-memory.dmp
memory/1756-598-0x0000021C03560000-0x0000021C03561000-memory.dmp
memory/1756-600-0x0000021C03560000-0x0000021C03561000-memory.dmp
memory/1756-599-0x0000021C03560000-0x0000021C03561000-memory.dmp
memory/1756-610-0x0000021C03560000-0x0000021C03561000-memory.dmp
memory/1756-609-0x0000021C03560000-0x0000021C03561000-memory.dmp
memory/1756-608-0x0000021C03560000-0x0000021C03561000-memory.dmp
memory/1756-607-0x0000021C03560000-0x0000021C03561000-memory.dmp
memory/1756-606-0x0000021C03560000-0x0000021C03561000-memory.dmp
memory/1756-605-0x0000021C03560000-0x0000021C03561000-memory.dmp
memory/1756-604-0x0000021C03560000-0x0000021C03561000-memory.dmp
memory/5112-611-0x0000000075000000-0x00000000757B0000-memory.dmp