Analysis Overview
Threat Level: Known bad
The file https://gofile.io/d/HX7SsO was found to be: Known bad.
Malicious Activity Summary
AsyncRat
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Async RAT payload
Executes dropped EXE
.NET Reactor proctector
Checks BIOS information in registry
Reads user/profile data of web browsers
Themida packer
Loads dropped DLL
Checks computer location settings
Checks whether UAC is enabled
Legitimate hosting services abused for malware hosting/C2
Suspicious use of NtSetInformationThreadHideFromDebugger
Enumerates physical storage devices
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-18 13:33
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-18 13:33
Reported
2024-06-18 13:36
Platform
win10v2004-20240508-en
Max time kernel
142s
Max time network
148s
Command Line
Signatures
AsyncRat
Async RAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\Downloads\HackUs Mail Access Checker\HackUs Mail Access Checker\Hackus.exe | N/A |
.NET Reactor proctector
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Downloads\HackUs Mail Access Checker\HackUs Mail Access Checker\Hackus.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Downloads\HackUs Mail Access Checker\HackUs Mail Access Checker\Hackus.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\HackUs Mail Access Checker\HackUs Mail Access Checker\Hackus.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\HackUs Mail Access Checker\HackUs Mail Access Checker\Hackus.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\HackUs Mail Access Checker\HackUs Mail Access Checker\Hackus .exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\HackUs Mail Access Checker\HackUs Mail Access Checker\Hackus .exe | N/A |
Reads user/profile data of web browsers
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\Downloads\HackUs Mail Access Checker\HackUs Mail Access Checker\Hackus.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\HackUs Mail Access Checker\HackUs Mail Access Checker\Hackus.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\HackUs Mail Access Checker\HackUs Mail Access Checker\Hackus .exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\HackUs Mail Access Checker\HackUs Mail Access Checker\Hackus .exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 832 wrote to memory of 4436 | N/A | C:\Users\Admin\Downloads\HackUs Mail Access Checker\HackUs Mail Access Checker\Hackus.exe | C:\Users\Admin\AppData\Roaming\svchost.exe |
| PID 832 wrote to memory of 4436 | N/A | C:\Users\Admin\Downloads\HackUs Mail Access Checker\HackUs Mail Access Checker\Hackus.exe | C:\Users\Admin\AppData\Roaming\svchost.exe |
| PID 832 wrote to memory of 4436 | N/A | C:\Users\Admin\Downloads\HackUs Mail Access Checker\HackUs Mail Access Checker\Hackus.exe | C:\Users\Admin\AppData\Roaming\svchost.exe |
| PID 832 wrote to memory of 3880 | N/A | C:\Users\Admin\Downloads\HackUs Mail Access Checker\HackUs Mail Access Checker\Hackus.exe | C:\Users\Admin\Downloads\HackUs Mail Access Checker\HackUs Mail Access Checker\Hackus .exe |
| PID 832 wrote to memory of 3880 | N/A | C:\Users\Admin\Downloads\HackUs Mail Access Checker\HackUs Mail Access Checker\Hackus.exe | C:\Users\Admin\Downloads\HackUs Mail Access Checker\HackUs Mail Access Checker\Hackus .exe |
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gofile.io/d/HX7SsO
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4456,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=4668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4920,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=4140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=4396,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=5300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5328,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=5488 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5372,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=5524 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5884,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=5860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6068,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=4780 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=5492,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=6060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --field-trial-handle=6352,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=6348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --field-trial-handle=6384,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=6392 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --field-trial-handle=6332,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=6584 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6008,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=6996 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=7036,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=7048 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\HackUs Mail Access Checker\" -spe -an -ai#7zMap9571:114:7zEvent17915
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=6736,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=6304 /prefetch:8
C:\Users\Admin\Downloads\HackUs Mail Access Checker\HackUs Mail Access Checker\Hackus.exe
"C:\Users\Admin\Downloads\HackUs Mail Access Checker\HackUs Mail Access Checker\Hackus.exe"
C:\Users\Admin\AppData\Roaming\svchost.exe
"C:\Users\Admin\AppData\Roaming\svchost.exe"
C:\Users\Admin\Downloads\HackUs Mail Access Checker\HackUs Mail Access Checker\Hackus .exe
"C:\Users\Admin\Downloads\HackUs Mail Access Checker\HackUs Mail Access Checker\Hackus .exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | gofile.io | udp |
| US | 8.8.8.8:53 | gofile.io | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| FR | 151.80.29.83:443 | gofile.io | tcp |
| US | 8.8.8.8:53 | gofile.io | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| SE | 184.31.15.40:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 2.21.189.233:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | api.gofile.io | udp |
| US | 8.8.8.8:53 | api.gofile.io | udp |
| FR | 51.38.43.18:443 | api.gofile.io | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | s.gofile.io | udp |
| US | 8.8.8.8:53 | s.gofile.io | udp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| US | 8.8.8.8:53 | 83.29.80.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.6.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.43.38.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 210.242.75.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.69.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.253.107.13.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.253.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.253.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | store4.gofile.io | udp |
| US | 8.8.8.8:53 | store4.gofile.io | udp |
| US | 8.8.8.8:53 | store4.gofile.io | udp |
| US | 8.8.8.8:53 | gofile.io | udp |
| FR | 31.14.70.245:443 | store4.gofile.io | tcp |
| FR | 31.14.70.245:443 | store4.gofile.io | tcp |
| US | 8.8.8.8:53 | dl-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | dl-edge.smartscreen.microsoft.com | udp |
| GB | 51.11.108.188:443 | dl-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.70.14.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.108.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pastebin.com | udp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 8.8.8.8:53 | peakypinkers.ddns.net | udp |
| MA | 105.155.181.211:67 | peakypinkers.ddns.net | tcp |
| US | 8.8.8.8:53 | 24.19.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.181.155.105.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| FR | 151.80.29.83:443 | gofile.io | tcp |
Files
C:\Users\Admin\Downloads\HackUs Mail Access Checker\HackUs Mail Access Checker\Hackus.exe
| MD5 | 1998fe239ab28012be9514a004852d99 |
| SHA1 | 11fdc989f6bf8ec3ba72280dd6882f787258f7aa |
| SHA256 | 83547c253dfb4a352d2fdfab37f1f5c88cbd1ec6905f9885322e1df4d15b1de6 |
| SHA512 | 90f28f6535febc44e118a22111ce9902dfb32af53f9100c15349df42a48c3aee0850d025f254ce60a7c866e02ceb897f7e1ee6a67cd9b69995b2e052c43293bd |
memory/832-126-0x0000000000840000-0x0000000001314000-memory.dmp
memory/832-127-0x0000000075A30000-0x0000000075A31000-memory.dmp
memory/832-130-0x0000000075A10000-0x0000000075B00000-memory.dmp
memory/832-129-0x0000000075A10000-0x0000000075B00000-memory.dmp
memory/832-128-0x0000000075A10000-0x0000000075B00000-memory.dmp
memory/832-133-0x0000000075A10000-0x0000000075B00000-memory.dmp
memory/832-134-0x0000000075A10000-0x0000000075B00000-memory.dmp
memory/832-132-0x0000000075A10000-0x0000000075B00000-memory.dmp
memory/832-131-0x0000000075A10000-0x0000000075B00000-memory.dmp
memory/832-138-0x0000000000840000-0x0000000001314000-memory.dmp
memory/832-139-0x0000000000840000-0x0000000001314000-memory.dmp
memory/832-140-0x0000000005D60000-0x0000000005DFC000-memory.dmp
C:\Users\Admin\AppData\Roaming\svchost.exe
| MD5 | bef2a9e896a294424b518230bf249dd7 |
| SHA1 | c5cfc5211f818b74aa7672b949874a9d97f8f4fa |
| SHA256 | ee36d61358dc3fbbbb52ccc625671c0215d6866bed336addc8f992920a72dbb2 |
| SHA512 | d35342931d87f4a36fa7052b2d7239c2ae17804892af410f951e5d3841d0ce85e705da602114fabf3acb8be20adc7c48bfc0c11034fec7e305a8e30046983082 |
C:\Users\Admin\Downloads\HackUs Mail Access Checker\HackUs Mail Access Checker\Hackus .exe
| MD5 | b98582a96f3d102a3d45e7ed1111268b |
| SHA1 | b1f4886d90acf2ab70477a043dea8b668a7494bc |
| SHA256 | fb5518b93f5a75c4ddb033a5a1e8189d2e8177c863c8b86c0adbb2de90a928a3 |
| SHA512 | 51530cbd2a90a0687203132ea5e8a40c7dd0ff3275e1183020ebd60707a360f66106eaf1856716f64d24ff06b0fd2ad1e29f12019e7d68bf00dc9cbe3a7afc1b |
memory/4436-152-0x0000000000570000-0x0000000000586000-memory.dmp
memory/832-157-0x0000000000840000-0x0000000001314000-memory.dmp
memory/832-158-0x0000000075A10000-0x0000000075B00000-memory.dmp
memory/3880-159-0x00000260ACC10000-0x00000260ACEB4000-memory.dmp
C:\Users\Admin\Downloads\HackUs Mail Access Checker\HackUs Mail Access Checker\HandyControl.dll
| MD5 | 1ffa7237d695541158de09ef6a3fe74f |
| SHA1 | d46c42d47302bec68b0f42969f7b1bb4a9504d2f |
| SHA256 | 9569eda5c0af677733b29fd3247d48651a5604f21e8aa03ad0fe3508d9609ba0 |
| SHA512 | 176bd9478ec75cbe4f26ecfbc0717bdaa69148c5b38a8b14b9ea8477505ec56b982350c07acebe0aae9235dc313b0b64391737d9442ee397546eb3aceeeeb305 |
memory/3880-161-0x00000260C7660000-0x00000260C781C000-memory.dmp
memory/3880-162-0x00000260AEA20000-0x00000260AEA26000-memory.dmp
memory/4436-163-0x0000000005DB0000-0x0000000006354000-memory.dmp
memory/4436-164-0x00000000058B0000-0x0000000005942000-memory.dmp
memory/4436-165-0x0000000005DA0000-0x0000000005DAA000-memory.dmp
memory/4436-168-0x0000000006970000-0x00000000069D6000-memory.dmp
memory/3880-169-0x00000260C9810000-0x00000260C99D2000-memory.dmp
memory/3880-170-0x00000260C99D0000-0x00000260C9A8A000-memory.dmp
C:\Users\Admin\Downloads\HackUs Mail Access Checker\HackUs Mail Access Checker\MailBee.NET.dll
| MD5 | 6dde77d756621d00016945736760f717 |
| SHA1 | 7094f0dea1b4c4bfd7f840b63b704dfc9bdd079f |
| SHA256 | 81632ee251474cb656dce412181e9f68f426ba20f3a0c4120c868a0cf05cd6d0 |
| SHA512 | e3389201e9d198be6304b79559d9d5d457cb33c74b441afb7ecafe4aaafb3cb0d583cd4ab8a5eb6045cd934d2c2a4007f6d1474beb5584585fcaae0060f4b813 |
memory/3880-172-0x00000260C9C50000-0x00000260C9E06000-memory.dmp
C:\Users\Admin\Downloads\HackUs Mail Access Checker\HackUs Mail Access Checker\.hackus\Settings.cfg
| MD5 | 064d08b598637a6d1b78bd8a7fa3f123 |
| SHA1 | 12fa5221930171ca6cfc96b463ea13959f7a4c24 |
| SHA256 | bb3e83cba399f2b1724c053dd45ee6dc56baf392cd5c98e542e8d652d3bb1702 |
| SHA512 | 57646bff7ab4b4c69e926fa1cebcac144cb14744dab0d19c5213faad7453f8b30110fcad32e922dc4799c6bfda0c1ba2a9d7f44c3ee5212852d74148f4928cb9 |
memory/3880-174-0x00000260C9A90000-0x00000260C9B40000-memory.dmp
C:\Users\Admin\Downloads\HackUs Mail Access Checker\HackUs Mail Access Checker\Newtonsoft.Json.dll
| MD5 | 99f75ea1a4a5a0206d4be30827ca87bc |
| SHA1 | 73e6aba5d4a8be5eb82eca5b5faa2594fbae3bde |
| SHA256 | 99592e8b144529d5e0acc40028758643ae475bcacdeb5288c1a1a3c0502e0453 |
| SHA512 | c3e64c3556f58b171ac6528a448fe44f22946177580cf29b01115783e7cba0037517b40e4a32c948da623cb447038eb713f9cd0617f27f7a5873488b297b4fe3 |
memory/3880-176-0x00000260C75C0000-0x00000260C75E2000-memory.dmp
C:\Users\Admin\Downloads\HackUs Mail Access Checker\HackUs Mail Access Checker\x64\GoSrp.dll
| MD5 | 8f5f6ee061242d609bd05b48479d887a |
| SHA1 | 0005089c13ba90f2d150a6e117bf463a6e28af54 |
| SHA256 | 6b7778f1c17b1a2d48970bdec81f1f1436066c662222ffa8200dee7c3fe610c2 |
| SHA512 | f4eda39b2bf9fe358cabb31e5f839e12704598505c16d6dd26550a5d1fa05775d34bc0ce6f631f4e3db95072630b60968cbe59d146055f87d197c9153dcdb1aa |
memory/3880-179-0x00000260F1280000-0x00000260F1288000-memory.dmp
memory/3880-180-0x00000260F1CF0000-0x00000260F1D28000-memory.dmp
memory/3880-181-0x00000260F1270000-0x00000260F127E000-memory.dmp
memory/3880-182-0x00000260F1E10000-0x00000260F1E18000-memory.dmp
memory/3880-183-0x0000000058AD0000-0x0000000058DC5000-memory.dmp