Malware Analysis Report

2024-09-23 02:07

Sample ID 240618-pv8e5stelf
Target https://www.upload.ee/files/16684929/BrutoForce_Seed-main.zip.html
Tags
asyncrat stormkitty default persistence privilege_escalation ransomware rat spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://www.upload.ee/files/16684929/BrutoForce_Seed-main.zip.html was found to be: Known bad.

Malicious Activity Summary

asyncrat stormkitty default persistence privilege_escalation ransomware rat spyware stealer

StormKitty

StormKitty payload

AsyncRat

Async RAT payload

Checks computer location settings

Reads user/profile data of web browsers

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Adds Run key to start application

Drops desktop.ini file(s)

Looks up external IP address via web service

Looks up geolocation information via web service

Sets desktop wallpaper using registry

Event Triggered Execution: Netsh Helper DLL

Enumerates physical storage devices

Suspicious use of FindShellTrayWindow

Checks SCSI registry key(s)

Suspicious use of WriteProcessMemory

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Checks processor information in registry

Modifies registry class

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-18 12:40

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-18 12:40

Reported

2024-06-18 12:42

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.upload.ee/files/16684929/BrutoForce_Seed-main.zip.html

Signatures

AsyncRat

rat asyncrat

StormKitty

stealer stormkitty

StormKitty payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Async RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\FIXER.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1092 = "C:\\Users\\Admin\\AppData\\Local\\rundll32.exe" C:\Users\Admin\AppData\Local\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1092 = "C:\\Users\\Admin\\AppData\\Local\\rundll32.exe" C:\Users\Admin\AppData\Local\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1092 = "C:\\Users\\Admin\\AppData\\Local\\rundll32.exe" C:\Users\Admin\AppData\Local\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1092 = "C:\\Users\\Admin\\AppData\\Local\\rundll32.exe" C:\Users\Admin\AppData\Local\rundll32.exe N/A

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Local\c1ef39315d8b11f4242f44984887bd84\Admin@GYLQWJCN_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\desktop.ini C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\c1ef39315d8b11f4242f44984887bd84\Admin@GYLQWJCN_en-US\Grabber\DRIVE-C\Users\Admin\Desktop\desktop.ini C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe N/A
File created C:\Users\Admin\AppData\Local\c1ef39315d8b11f4242f44984887bd84\Admin@GYLQWJCN_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\Saved Pictures\desktop.ini C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe N/A
File created C:\Users\Admin\AppData\Local\c1ef39315d8b11f4242f44984887bd84\Admin@GYLQWJCN_en-US\Grabber\DRIVE-C\Users\Admin\Downloads\desktop.ini C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe N/A
File created C:\Users\Admin\AppData\Local\c1ef39315d8b11f4242f44984887bd84\Admin@GYLQWJCN_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\Camera Roll\desktop.ini C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe N/A
File created C:\Users\Admin\AppData\Local\c1ef39315d8b11f4242f44984887bd84\Admin@GYLQWJCN_en-US\Grabber\DRIVE-C\Users\Admin\Pictures\desktop.ini C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe N/A
File created C:\Users\Admin\AppData\Local\c1ef39315d8b11f4242f44984887bd84\Admin@GYLQWJCN_en-US\Grabber\DRIVE-C\Users\Admin\Desktop\desktop.ini C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe N/A
File created C:\Users\Admin\AppData\Local\c1ef39315d8b11f4242f44984887bd84\Admin@GYLQWJCN_en-US\Grabber\DRIVE-C\Users\Admin\Documents\desktop.ini C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\c1ef39315d8b11f4242f44984887bd84\Admin@GYLQWJCN_en-US\Grabber\DRIVE-C\Users\Admin\Documents\desktop.ini C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A pastebin.com N/A N/A
N/A pastebin.com N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A icanhazip.com N/A N/A

Looks up geolocation information via web service

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\785BgHVlo.jpg" C:\Users\Admin\AppData\Local\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\onIxq8zU1.jpg" C:\Users\Admin\AppData\Local\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\PA4UnU9DX.jpg" C:\Users\Admin\AppData\Local\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\hh0RaOVAN.jpg" C:\Users\Admin\AppData\Local\rundll32.exe N/A

Enumerates physical storage devices

Event Triggered Execution: Netsh Helper DLL

persistence privilege_escalation
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0 C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings C:\Windows\system32\taskmgr.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1181767204-2009306918-3718769404-1000\{FD58053D-678D-412B-B6B8-2EECCD8B3949} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe N/A
N/A N/A C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe N/A
N/A N/A C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe N/A
N/A N/A C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe N/A
N/A N/A C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe N/A
N/A N/A C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe N/A
N/A N/A C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe N/A
N/A N/A C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe N/A
N/A N/A C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe N/A
N/A N/A C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe N/A
N/A N/A C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe N/A
N/A N/A C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe N/A
N/A N/A C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe N/A
N/A N/A C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe N/A
N/A N/A C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe N/A
N/A N/A C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe N/A
N/A N/A C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe N/A
N/A N/A C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe N/A
N/A N/A C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe N/A
N/A N/A C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe N/A
N/A N/A C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe N/A
N/A N/A C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe N/A
N/A N/A C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe N/A
N/A N/A C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rundll32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rundll32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rundll32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rundll32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rundll32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rundll32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rundll32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rundll32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rundll32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rundll32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rundll32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rundll32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rundll32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rundll32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rundll32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rundll32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rundll32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rundll32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rundll32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rundll32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rundll32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rundll32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rundll32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rundll32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rundll32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rundll32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rundll32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rundll32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rundll32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rundll32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rundll32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rundll32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rundll32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rundll32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rundll32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rundll32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rundll32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rundll32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rundll32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\rundll32.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\FIXER.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\rundll32.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\rundll32.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\rundll32.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\rundll32.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5112 wrote to memory of 5000 N/A C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe C:\Windows\SysWOW64\cmd.exe
PID 5112 wrote to memory of 5000 N/A C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe C:\Windows\SysWOW64\cmd.exe
PID 5112 wrote to memory of 5000 N/A C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe C:\Windows\SysWOW64\cmd.exe
PID 5000 wrote to memory of 640 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\chcp.com
PID 5000 wrote to memory of 640 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\chcp.com
PID 5000 wrote to memory of 640 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\chcp.com
PID 5000 wrote to memory of 5088 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 5000 wrote to memory of 5088 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 5000 wrote to memory of 5088 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 5000 wrote to memory of 5212 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\findstr.exe
PID 5000 wrote to memory of 5212 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\findstr.exe
PID 5000 wrote to memory of 5212 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\findstr.exe
PID 5504 wrote to memory of 468 N/A C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\FIXER.exe C:\Users\Admin\AppData\Local\rundll32.exe
PID 5504 wrote to memory of 468 N/A C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\FIXER.exe C:\Users\Admin\AppData\Local\rundll32.exe
PID 5112 wrote to memory of 4836 N/A C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe C:\Windows\SysWOW64\cmd.exe
PID 5112 wrote to memory of 4836 N/A C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe C:\Windows\SysWOW64\cmd.exe
PID 5112 wrote to memory of 4836 N/A C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe C:\Windows\SysWOW64\cmd.exe
PID 4836 wrote to memory of 5764 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\chcp.com
PID 4836 wrote to memory of 5764 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\chcp.com
PID 4836 wrote to memory of 5764 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\chcp.com
PID 4836 wrote to memory of 696 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 4836 wrote to memory of 696 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 4836 wrote to memory of 696 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 5724 wrote to memory of 5248 N/A C:\Windows\system32\OpenWith.exe C:\Windows\system32\NOTEPAD.EXE
PID 5724 wrote to memory of 5248 N/A C:\Windows\system32\OpenWith.exe C:\Windows\system32\NOTEPAD.EXE

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.upload.ee/files/16684929/BrutoForce_Seed-main.zip.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4104,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=4552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4088,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5272,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5460,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5472 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5304,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5616 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=4116,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5952 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=5996,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=6092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6224,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=6276 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --field-trial-handle=6428,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=6444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --field-trial-handle=6276,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=6656 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --field-trial-handle=5936,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --field-trial-handle=6360,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --field-trial-handle=6968,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=6356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --field-trial-handle=5292,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --field-trial-handle=5428,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=7164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --field-trial-handle=5400,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=7308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=7440,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=7468 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=7352,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=7584 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --field-trial-handle=7184,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=7224 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --field-trial-handle=7668,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7216,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=7276 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=8612,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=8596 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\BrutoForce_Seed-main\" -spe -an -ai#7zMap31165:102:7zEvent2565

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5716,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=7724 /prefetch:8

C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe

"C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7420,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=7260 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=8524,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=6576 /prefetch:8

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All

C:\Windows\SysWOW64\chcp.com

chcp 65001

C:\Windows\SysWOW64\netsh.exe

netsh wlan show profile

C:\Windows\SysWOW64\findstr.exe

findstr All

C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\FIXER.exe

"C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\FIXER.exe"

C:\Users\Admin\AppData\Local\rundll32.exe

"C:\Users\Admin\AppData\Local\rundll32.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid

C:\Windows\SysWOW64\chcp.com

chcp 65001

C:\Windows\SysWOW64\netsh.exe

netsh wlan show networks mode=bssid

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\Extreme.Net.dll.YIM0X

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /7

C:\Users\Admin\AppData\Local\rundll32.exe

"C:\Users\Admin\AppData\Local\rundll32.exe"

C:\Users\Admin\AppData\Local\rundll32.exe

"C:\Users\Admin\AppData\Local\rundll32.exe"

C:\Users\Admin\AppData\Local\rundll32.exe

"C:\Users\Admin\AppData\Local\rundll32.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 www.upload.ee udp
US 8.8.8.8:53 www.upload.ee udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 8.8.8.8:53 www.upload.ee udp
FR 51.91.30.159:443 www.upload.ee tcp
FR 51.91.30.159:443 www.upload.ee tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 s7.addthis.com udp
US 8.8.8.8:53 du0pud0sdlmzf.cloudfront.net udp
US 8.8.8.8:53 du0pud0sdlmzf.cloudfront.net udp
BE 104.68.81.91:443 s7.addthis.com tcp
GB 3.162.19.97:443 du0pud0sdlmzf.cloudfront.net tcp
BE 104.68.81.91:443 s7.addthis.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
SE 23.34.233.128:443 www.microsoft.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
SE 184.31.15.40:443 bzib.nelreports.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 172.217.169.34:443 googleads.g.doubleclick.net udp
NL 23.62.61.169:443 www.bing.com tcp
US 8.8.8.8:53 lcolumnstoodthe.info udp
US 8.8.8.8:53 lcolumnstoodthe.info udp
US 8.8.8.8:53 yrincelewasgiw.info udp
US 8.8.8.8:53 yrincelewasgiw.info udp
US 8.8.8.8:53 ghabovethec.info udp
US 8.8.8.8:53 ghabovethec.info udp
US 8.8.8.8:53 talsindustrateb.info udp
US 8.8.8.8:53 talsindustrateb.info udp
US 8.8.8.8:53 talsindustrateb.info udp
US 8.8.8.8:53 www.upload.ee udp
US 8.8.8.8:53 getrunkhomuto.info udp
US 8.8.8.8:53 getrunkhomuto.info udp
US 8.8.8.8:53 getrunkhomuto.info udp
US 8.8.8.8:53 www.upload.ee udp
GB 18.239.236.118:443 lcolumnstoodthe.info tcp
US 104.21.2.17:443 yrincelewasgiw.info udp
FR 18.155.129.123:443 ghabovethec.info tcp
GB 13.224.132.102:443 talsindustrateb.info tcp
US 8.8.8.8:53 talsindustrateb.info udp
US 8.8.8.8:53 www.upload.ee udp
US 8.8.8.8:53 pogothere.xyz udp
US 8.8.8.8:53 pogothere.xyz udp
US 8.8.8.8:53 getrunkhomuto.info udp
US 8.8.8.8:53 getrunkhomuto.info udp
US 3.164.163.123:443 getrunkhomuto.info tcp
GB 13.224.132.102:443 talsindustrateb.info tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 188.114.96.2:443 pogothere.xyz udp
GB 143.204.176.76:443 getrunkhomuto.info tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 216.239.34.36:443 region1.google-analytics.com tcp
BE 64.233.166.155:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 www.upload.ee udp
US 8.8.8.8:53 www.upload.ee udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 56.104.245.94.in-addr.arpa udp
US 8.8.8.8:53 159.30.91.51.in-addr.arpa udp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
US 8.8.8.8:53 158.6.107.13.in-addr.arpa udp
US 8.8.8.8:53 97.19.162.3.in-addr.arpa udp
US 8.8.8.8:53 91.81.68.104.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 128.233.34.23.in-addr.arpa udp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 241.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 40.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 34.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 169.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 118.236.239.18.in-addr.arpa udp
US 8.8.8.8:53 123.129.155.18.in-addr.arpa udp
US 8.8.8.8:53 102.132.224.13.in-addr.arpa udp
US 8.8.8.8:53 2.96.114.188.in-addr.arpa udp
US 8.8.8.8:53 123.163.164.3.in-addr.arpa udp
US 8.8.8.8:53 76.176.204.143.in-addr.arpa udp
US 8.8.8.8:53 17.2.21.104.in-addr.arpa udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 du0pud0sdlmzf.cloudfront.net udp
US 8.8.8.8:53 du0pud0sdlmzf.cloudfront.net udp
GB 3.162.19.153:443 du0pud0sdlmzf.cloudfront.net tcp
GB 3.162.19.153:443 du0pud0sdlmzf.cloudfront.net tcp
GB 3.162.19.153:443 du0pud0sdlmzf.cloudfront.net tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 155.166.233.64.in-addr.arpa udp
US 8.8.8.8:53 228.69.165.172.in-addr.arpa udp
US 8.8.8.8:53 153.19.162.3.in-addr.arpa udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 www.upload.ee udp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 lcolumnstoodthe.info udp
US 8.8.8.8:53 lcolumnstoodthe.info udp
US 8.8.8.8:53 lcolumnstoodthe.info udp
US 8.8.8.8:53 www.upload.ee udp
GB 18.239.236.109:443 lcolumnstoodthe.info tcp
GB 18.239.236.109:443 lcolumnstoodthe.info tcp
US 8.8.8.8:53 dukirliaon.com udp
US 8.8.8.8:53 dukirliaon.com udp
US 8.8.8.8:53 dukirliaon.com udp
NL 139.45.197.239:443 dukirliaon.com tcp
US 8.8.8.8:53 yonmewon.com udp
US 8.8.8.8:53 yonmewon.com udp
US 8.8.8.8:53 my.rtmark.net udp
US 8.8.8.8:53 my.rtmark.net udp
NL 139.45.197.236:443 yonmewon.com tcp
NL 139.45.195.8:443 my.rtmark.net tcp
US 8.8.8.8:53 109.236.239.18.in-addr.arpa udp
US 8.8.8.8:53 239.197.45.139.in-addr.arpa udp
US 8.8.8.8:53 236.197.45.139.in-addr.arpa udp
US 8.8.8.8:53 8.195.45.139.in-addr.arpa udp
US 8.8.8.8:53 dukirliaon.com udp
US 8.8.8.8:53 dukirliaon.com udp
US 8.8.8.8:53 s.click.aliexpress.com udp
US 8.8.8.8:53 s.click.aliexpress.com udp
US 8.8.8.8:53 s.click.aliexpress.com udp
BE 104.68.85.7:443 s.click.aliexpress.com tcp
US 8.8.8.8:53 campaign.aliexpress.com udp
US 8.8.8.8:53 campaign.aliexpress.com udp
US 8.8.8.8:53 campaign.aliexpress.com udp
US 8.8.8.8:53 7.85.68.104.in-addr.arpa udp
US 8.8.8.8:53 assets.alicdn.com udp
US 8.8.8.8:53 assets.alicdn.com udp
US 8.8.8.8:53 ae01.alicdn.com udp
US 8.8.8.8:53 ae01.alicdn.com udp
US 8.8.8.8:53 www.aliexpress.com udp
US 8.8.8.8:53 www.aliexpress.com udp
US 8.8.8.8:53 fcmatch.youtube.com udp
US 8.8.8.8:53 fcmatch.youtube.com udp
BE 104.68.85.7:443 www.aliexpress.com tcp
BE 104.68.85.7:443 www.aliexpress.com tcp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 fcmatch.google.com udp
US 8.8.8.8:53 fcmatch.google.com udp
US 8.8.8.8:53 hd.mmstat.com udp
US 8.8.8.8:53 hd.mmstat.com udp
US 8.8.8.8:53 gj.mmstat.com udp
US 8.8.8.8:53 gj.mmstat.com udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 best.aliexpress.com udp
US 8.8.8.8:53 best.aliexpress.com udp
US 8.8.8.8:53 best.aliexpress.com udp
US 8.8.8.8:53 campaign.aliexpress.com udp
US 8.8.8.8:53 dmtracking2.alibaba.com udp
US 8.8.8.8:53 dmtracking2.alibaba.com udp
BE 104.68.85.7:443 campaign.aliexpress.com tcp
US 8.8.8.8:53 hd.mmstat.com udp
US 8.8.8.8:53 fourier.taobao.com udp
US 8.8.8.8:53 fourier.taobao.com udp
US 8.8.8.8:53 dmtracking2.alibaba.com udp
BE 23.55.96.49:443 ae01.alicdn.com tcp
BE 23.55.96.49:443 ae01.alicdn.com tcp
US 8.8.8.8:53 acs.aliexpress.ru udp
US 8.8.8.8:53 acs.aliexpress.ru udp
US 8.8.8.8:53 pcookie.aliexpress.com udp
US 8.8.8.8:53 pcookie.aliexpress.com udp
US 8.8.8.8:53 time-ae.akamaized.net udp
US 8.8.8.8:53 time-ae.akamaized.net udp
BE 23.14.90.90:443 time-ae.akamaized.net tcp
US 8.8.8.8:53 ae.mmstat.com udp
US 8.8.8.8:53 ae.mmstat.com udp
SG 47.246.110.45:443 ae.mmstat.com tcp
US 8.8.8.8:53 acs.aliexpress.com udp
US 8.8.8.8:53 acs.aliexpress.com udp
US 8.8.8.8:53 is.alicdn.com udp
US 8.8.8.8:53 is.alicdn.com udp
US 8.8.8.8:53 is.alicdn.com udp
US 8.8.8.8:53 best.aliexpress.com udp
US 8.8.8.8:53 ae04.alicdn.com udp
US 8.8.8.8:53 ae04.alicdn.com udp
BE 104.68.85.7:443 best.aliexpress.com tcp
NL 23.62.61.194:443 ae04.alicdn.com tcp
US 8.8.8.8:53 g.alicdn.com udp
US 8.8.8.8:53 g.alicdn.com udp
US 8.8.8.8:53 login.aliexpress.ru udp
US 8.8.8.8:53 login.aliexpress.ru udp
US 8.8.8.8:53 login.aliexpress.us udp
US 8.8.8.8:53 login.aliexpress.us udp
GB 79.133.176.243:443 g.alicdn.com tcp
US 8.8.8.8:53 bottom.campaign.aliexpress.com udp
US 8.8.8.8:53 bottom.campaign.aliexpress.com udp
DE 47.246.146.202:443 acs.aliexpress.com tcp
FR 51.91.30.159:443 www.upload.ee tcp
US 163.181.154.233:443 bottom.campaign.aliexpress.com tcp
US 8.8.8.8:53 getrunkhomuto.info udp
US 8.8.8.8:53 getrunkhomuto.info udp
US 8.8.8.8:53 getrunkhomuto.info udp
US 8.8.8.8:53 www.upload.ee udp
GB 143.204.176.11:443 getrunkhomuto.info tcp
GB 143.204.176.11:443 getrunkhomuto.info tcp
US 8.8.8.8:53 49.96.55.23.in-addr.arpa udp
US 8.8.8.8:53 90.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 45.110.246.47.in-addr.arpa udp
US 8.8.8.8:53 243.176.133.79.in-addr.arpa udp
US 8.8.8.8:53 202.146.246.47.in-addr.arpa udp
US 8.8.8.8:53 233.154.181.163.in-addr.arpa udp
RU 47.246.133.22:443 login.aliexpress.ru tcp
US 8.8.8.8:53 dukirliaon.com udp
US 8.8.8.8:53 aeis.alicdn.com udp
US 8.8.8.8:53 aeis.alicdn.com udp
CN 123.183.232.34:443 fourier.taobao.com tcp
US 8.8.8.8:53 sr7pv7n5x.com udp
US 8.8.8.8:53 sr7pv7n5x.com udp
US 8.8.8.8:53 s.click.aliexpress.com udp
US 8.8.8.8:53 dukirliaon.com udp
US 8.8.8.8:53 telem-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 telem-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 s.click.aliexpress.com udp
US 8.8.8.8:53 s.click.aliexpress.com udp
NL 212.117.190.201:443 sr7pv7n5x.com tcp
GB 172.165.61.93:443 telem-edge.smartscreen.microsoft.com tcp
CN 123.183.232.34:443 fourier.taobao.com tcp
GB 79.133.176.243:443 g.alicdn.com tcp
GB 79.133.176.243:443 g.alicdn.com tcp
BE 104.68.85.7:443 s.click.aliexpress.com tcp
US 8.8.8.8:53 campaign.aliexpress.com udp
US 8.8.8.8:53 dmtracking2.alibaba.com udp
US 8.8.8.8:53 dmtracking2.alibaba.com udp
US 8.8.8.8:53 best.aliexpress.com udp
US 8.8.8.8:53 campaign.aliexpress.com udp
US 8.8.8.8:53 11.176.204.143.in-addr.arpa udp
US 8.8.8.8:53 22.133.246.47.in-addr.arpa udp
US 8.8.8.8:53 201.190.117.212.in-addr.arpa udp
US 8.8.8.8:53 93.61.165.172.in-addr.arpa udp
US 8.8.8.8:53 is.alicdn.com udp
US 8.8.8.8:53 best.aliexpress.com udp
CN 123.183.232.34:443 fourier.taobao.com tcp
US 8.8.8.8:53 fourier.aliexpress.com udp
US 8.8.8.8:53 fourier.aliexpress.com udp
FR 51.91.30.159:443 www.upload.ee tcp
DE 47.246.146.63:443 fourier.aliexpress.com tcp
DE 47.246.146.63:443 fourier.aliexpress.com tcp
NL 23.62.61.169:443 www.bing.com udp
US 8.8.8.8:53 login.aliexpress.com udp
US 8.8.8.8:53 login.aliexpress.com udp
US 8.8.8.8:53 epss.alibaba-inc.com udp
US 8.8.8.8:53 epss.alibaba-inc.com udp
US 8.8.8.8:53 63.146.246.47.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 wp.aliexpress.com udp
US 8.8.8.8:53 wp.aliexpress.com udp
US 8.8.8.8:53 wp.aliexpress.com udp
US 8.8.8.8:53 best.aliexpress.com udp
SG 47.246.174.95:443 epss.alibaba-inc.com tcp
US 8.8.8.8:53 wp.aliexpress.com udp
US 8.8.8.8:53 best.aliexpress.com udp
US 8.8.8.8:53 www.upload.ee udp
US 8.8.8.8:53 www.upload.ee udp
SG 47.246.174.95:443 epss.alibaba-inc.com tcp
US 8.8.8.8:53 dl-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 dl-edge.smartscreen.microsoft.com udp
GB 13.87.96.169:443 dl-edge.smartscreen.microsoft.com tcp
DE 47.246.146.12:443 wp.aliexpress.com tcp
DE 47.246.146.12:443 wp.aliexpress.com tcp
US 8.8.8.8:53 95.174.246.47.in-addr.arpa udp
US 8.8.8.8:53 wp.aliexpress.com udp
US 8.8.8.8:53 app-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 app-edge.smartscreen.microsoft.com udp
CN 123.183.232.34:443 fourier.taobao.com tcp
GB 51.11.108.188:443 app-edge.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 app-edge.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 app-edge.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 app-edge.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 app-edge.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 app-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 img.alicdn.com udp
US 8.8.8.8:53 img.alicdn.com udp
CN 123.183.232.34:443 fourier.taobao.com tcp
GB 79.133.176.234:443 img.alicdn.com tcp
US 8.8.8.8:53 de-wum.aliexpress.com udp
US 8.8.8.8:53 de-wum.aliexpress.com udp
US 8.8.8.8:53 us.ynuf.aliapp.org udp
US 8.8.8.8:53 us.ynuf.aliapp.org udp
US 8.8.8.8:53 12.146.246.47.in-addr.arpa udp
US 8.8.8.8:53 188.108.11.51.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 234.176.133.79.in-addr.arpa udp
DE 47.246.146.190:443 us.ynuf.aliapp.org tcp
US 8.8.8.8:53 190.146.246.47.in-addr.arpa udp
US 8.8.8.8:53 5jon72.tdum.alibaba.com udp
US 8.8.8.8:53 5jon72.tdum.alibaba.com udp
US 8.8.8.8:53 cepn6u.tdum.alibaba.com udp
US 8.8.8.8:53 cepn6u.tdum.alibaba.com udp
DE 47.254.177.101:443 cepn6u.tdum.alibaba.com tcp
US 8.8.8.8:53 ynuf.aliapp.org udp
US 8.8.8.8:53 ynuf.aliapp.org udp
CN 124.239.14.252:443 ynuf.aliapp.org tcp
CN 124.239.14.252:443 ynuf.aliapp.org tcp
US 8.8.8.8:53 101.177.254.47.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
CN 124.239.14.252:443 ynuf.aliapp.org tcp
CN 124.239.14.253:443 ynuf.aliapp.org tcp
CN 124.239.14.253:443 ynuf.aliapp.org tcp
CN 124.239.14.253:443 ynuf.aliapp.org tcp
US 8.8.8.8:53 195.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 icanhazip.com udp
US 104.16.184.241:80 icanhazip.com tcp
US 8.8.8.8:53 api.mylnikov.org udp
US 172.67.196.114:443 api.mylnikov.org tcp
US 8.8.8.8:53 api.telegram.org udp
NL 149.154.167.220:443 api.telegram.org tcp
NL 149.154.167.220:443 api.telegram.org tcp
US 8.8.8.8:53 pastebin.com udp
US 172.67.19.24:443 pastebin.com tcp
US 8.8.8.8:53 241.184.16.104.in-addr.arpa udp
US 8.8.8.8:53 114.196.67.172.in-addr.arpa udp
US 8.8.8.8:53 220.167.154.149.in-addr.arpa udp
NL 149.154.167.220:443 api.telegram.org tcp
N/A 127.0.0.1:8808 tcp
US 8.8.8.8:53 24.19.67.172.in-addr.arpa udp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:7707 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:7707 tcp
N/A 127.0.0.1:6606 tcp

Files

C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\BrutoForce Seed_original.exe

MD5 c634e67d58f8700fc8612e49d4a6a84a
SHA1 aba2d1620c6c3b6724029a2b163c0194399bdd6f
SHA256 2ceedb5ba748de9b905b351e468b3ab6c06a67ada80238505f1d0a2f3455796b
SHA512 e859a0e5b69066da9c4927ab068b7c73392362917086137692c5f60b236ba496526d9e98922f217d89944f67e034f707c032fa17487c51408b5a300b80ee8144

memory/5112-22-0x000000007500E000-0x000000007500F000-memory.dmp

memory/5112-23-0x0000000000D00000-0x0000000000D36000-memory.dmp

memory/5112-24-0x0000000075000000-0x00000000757B0000-memory.dmp

memory/5112-25-0x0000000005820000-0x0000000005886000-memory.dmp

C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\README.txt

MD5 a0425dd392fb42c60c35bb47299f0ddd
SHA1 937d265f42a1dec2d04ec985f8b9166808ea7c3c
SHA256 480ada135f8bd07e8358324cb5b6db18d7dd19f0bf637911690bd975b6e39dfd
SHA512 1c8c4764cc74de99cd4a7c62ac9773f1ddf068008695e2224bf2b97e9a7db7529521418720a25b0f270a2cff3af47ac4039984ab270389f2322a71a310ae4a18

C:\Users\Admin\AppData\Local\c1ef39315d8b11f4242f44984887bd84\Admin@GYLQWJCN_en-US\Browsers\Edge\History.txt

MD5 acf67cf3e8c34dea448be62f585de0a6
SHA1 a2adfac58d69bc47f9e4e4b4e9a4bd7c163dd009
SHA256 1da6a66c0081b8750baa7eed48c2317786db7f7f8c73c64bd9a39daa8dacb893
SHA512 7686bc3bb88de9c7ffd73ec61782bcfed86fc98ee39bce3150adf92bf8ceac82d368e64d438bb6fa138e3bb17111129af92b73cc8c724e3dfade6bafc9528224

C:\Users\Admin\AppData\Local\c1ef39315d8b11f4242f44984887bd84\Admin@GYLQWJCN_en-US\Browsers\Edge\History.txt

MD5 c554b664d048d6f5bfd10af45445d189
SHA1 5c10cfd22e1c4aed8a616c494d2437482c55b550
SHA256 0e4fb6f4e29096c358033c0bd29ff0fbe038bc987081c8e45255a6f84391a5c7
SHA512 daf4bd6adaf2d34ed9fcf6bcead527dc0cccd2d9f3709feea9384fec0c350b8ed5833835fcfd140cd0a74400ff970c9dfcc1bdb95b4ab8a80df1bc10ce2765cd

C:\Users\Admin\AppData\Local\c1ef39315d8b11f4242f44984887bd84\Admin@GYLQWJCN_en-US\Browsers\Firefox\Bookmarks.txt

MD5 2e9d094dda5cdc3ce6519f75943a4ff4
SHA1 5d989b4ac8b699781681fe75ed9ef98191a5096c
SHA256 c84c98bbf5e0ef9c8d0708b5d60c5bb656b7d6be5135d7f7a8d25557e08cf142
SHA512 d1f7eed00959e902bdb2125b91721460d3ff99f3bdfc1f2a343d4f58e8d4e5e5a06c0c6cdc0379211c94510f7c00d7a8b34fa7d0ca0c3d54cbbe878f1e9812b7

C:\Users\Admin\AppData\Local\c1ef39315d8b11f4242f44984887bd84\Admin@GYLQWJCN_en-US\System\Process.txt

MD5 0886d8bb714dcff34927b760f6a3389a
SHA1 87b426908c038ed13f4c2d4bf6ff5c406bbe06d5
SHA256 e2f4311727697feddb6764267809122f5e0ca54625cb9c144ae92ef905da4f46
SHA512 a8600a60fc936080dcbc54fc57e77e12838d28c44fb6984863388dc4416c0ddbe89bb34676bd58aa3924756f1b2cce421851cc05a87b35ddb4597723f240d409

memory/5112-202-0x0000000075000000-0x00000000757B0000-memory.dmp

memory/5112-204-0x0000000006270000-0x0000000006302000-memory.dmp

memory/5112-205-0x00000000068C0000-0x0000000006E64000-memory.dmp

C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\FIXER.exe

MD5 74e4e1dfb94de3a46f82ad83da3b25cb
SHA1 5d62d2534c9b8df6b880ef77ea01c317223762ec
SHA256 467c0c1ce495385c7c4c450ba2a889108e422738c1695c9e5bd63a94c5266af4
SHA512 46465915f2368c349485c657583b5d076a66daf0ef3cd4a205b45110b8d10ff2507eee62338384ebbcf074ba367a25b13f5a4e72759fff7ecee6005e41aac4e4

memory/5504-209-0x00000000002E0000-0x00000000002F2000-memory.dmp

C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\DotNetZip.dll

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\1092.README.txt

MD5 19572381d47d6674829b57669e6ee898
SHA1 2a5e1d2f04f342fc857abbc15900b4e687e0c488
SHA256 70598c10e6e2ed2c26acdb3a8212310af41b0dbec5e35a03c344b06c86fa549c
SHA512 31c8b55ae5946c8b431ceb564fe418c47af8b119f1e6c2d3653314141051c44ca503611e7813477009fadefa211a6aa1b024490fe1c305ba90a71a05eea67a17

C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\Extreme.Net.dll

MD5 983a906761b6686ba8bc821e2b9e4090
SHA1 0b85e20355fba58cc2669a7f6583087da81b5e35
SHA256 21708adb84bc1dbcf29b42ddac0c1db000dbaf5a485ee8f92cf5dcb29c04370f
SHA512 b23b5abf31043af5c98a8e1d1938e624e5d7700d47a1cf72e2ec26efd262d6765aeeea36e36905d99d41b6e8e680e73ed9ae251afacc415d0736076658d0b084

C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\MetroFramework.dll

MD5 cb06ea4fa7f17fe93d0b1a9444e73e1b
SHA1 2d87113eb341b308be3881601757320b7126086b
SHA256 d564e0a249a0dd24d807e9486c6eadbbf08dcc7ae53fc850f24e72600053ae0e
SHA512 8f4281cf70fa612d4f15592426571b2980f32dff8d802f1737a69baab11a30b947efb263221b1d788b435e01de70fb9068089e49f1b7cb57dc19ecded64a2f64

C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\MetroFramework.Design.dll

MD5 ac915b8ae2263acfb67ef2d1124f7e4b
SHA1 7794245f39563073ee0158e8d0a3cf81c761acbf
SHA256 4e6da405b2f48706309ea44fce3ceffec6c647484ad6b90b439fbaecd9438207
SHA512 93dbe4d46a22a69523bd822c82d0cdaf0ed0a3b21fcf89ba986b5982220dd76e87c79fec349693181e84091edfbe4c90ffb6b335d99df31ab71c6e50ee54f416

C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\stub.dll

MD5 facedd7b310db340c9bfd85e94541a1d
SHA1 b2a42e196f09ed3bde58ab9ac0bbcecbf247763e
SHA256 b845c00b45b9d757ecb790b8980b2574feadd470820e9e9204df026866454761
SHA512 22bf5bead512586264b315f4cd9f04f8c4bee00adab7cd9dc7f0995acd67ccbe50b5c7590f01f0e200ca03c8684f43c87918608b141ed2ca49baf03f056faa03

C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\Mono.Cecil.dll

MD5 3b88044dd86905a1c25614c53af35d14
SHA1 a276e35c08d99f34fa86f17b8e8d786d6e438e37
SHA256 0a0582ba32dad97f1c843cb1011bce4d63105a2eac67f12cfe63dbddd43aa160
SHA512 870c1e7d90a11764ad24409fc8939c43b7b9419604034744d68c4909b3b4ca9ae960df740d0abf59eed88d0921735f9d954e84644b579fc906883b4b587df4af

C:\Users\Admin\Downloads\BrutoForce_Seed-main\BrutoForce_Seed\BrutoForce_Seed\MetroFramework.Fonts.dll

MD5 a7071d0aa5497f682d0b99dcc73641cd
SHA1 ad4a72b576cbb4ca06cb18f38908c78dc5b675ac
SHA256 a8299cdc3becddbd69009f01faaa3ea4407b90e5f663c1269b72fb00f2677732
SHA512 008578fc2f82811fb6888635b60faffc82fc9189308d7878c6c13d86e127fde4e95b12ec0fc3e9be25ea46545bed184c285b22b00d788d7bcf22d389063dcbd3

memory/5112-561-0x0000000006490000-0x000000000649A000-memory.dmp

C:\Users\Admin\AppData\Local\2b2cfe0ca78a31982b5fc7b50590de2c\msgid.dat

MD5 cfcd208495d565ef66e7dff9f98764da
SHA1 b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
SHA256 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
SHA512 31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

memory/5112-567-0x0000000007130000-0x0000000007142000-memory.dmp

memory/5112-594-0x000000007500E000-0x000000007500F000-memory.dmp

memory/5112-595-0x0000000075000000-0x00000000757B0000-memory.dmp

memory/5112-596-0x0000000075000000-0x00000000757B0000-memory.dmp

memory/1756-598-0x0000021C03560000-0x0000021C03561000-memory.dmp

memory/1756-600-0x0000021C03560000-0x0000021C03561000-memory.dmp

memory/1756-599-0x0000021C03560000-0x0000021C03561000-memory.dmp

memory/1756-610-0x0000021C03560000-0x0000021C03561000-memory.dmp

memory/1756-609-0x0000021C03560000-0x0000021C03561000-memory.dmp

memory/1756-608-0x0000021C03560000-0x0000021C03561000-memory.dmp

memory/1756-607-0x0000021C03560000-0x0000021C03561000-memory.dmp

memory/1756-606-0x0000021C03560000-0x0000021C03561000-memory.dmp

memory/1756-605-0x0000021C03560000-0x0000021C03561000-memory.dmp

memory/1756-604-0x0000021C03560000-0x0000021C03561000-memory.dmp

memory/5112-611-0x0000000075000000-0x00000000757B0000-memory.dmp