Analysis Overview
SHA256
c9f637e83786be4c4d3065c8402002c5c9a90d84849bba712310f5df5889b91e
Threat Level: Likely malicious
The file EcoH Client.rar was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Loads dropped DLL
Checks installed software on the system
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in Program Files directory
Detects Pyinstaller
Enumerates physical storage devices
Unsigned PE
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious behavior: GetForegroundWindowSpam
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
NTFS ADS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-18 15:00
Signatures
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral17
Detonation Overview
Submitted
2024-06-18 15:00
Reported
2024-06-18 15:03
Platform
win11-20240419-en
Max time kernel
144s
Max time network
153s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\EcoH Client\libfreetype.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
memory/4084-0-0x00007FFE6C2E0000-0x00007FFE6C38E000-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-18 15:00
Reported
2024-06-18 15:04
Platform
win11-20240508-en
Max time kernel
86s
Max time network
104s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\EcoH Client\SDL2.dll",#1
Network
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-06-18 15:00
Reported
2024-06-18 15:03
Platform
win11-20240508-en
Max time kernel
143s
Max time network
152s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\EcoH Client\config_retrieve.exe
"C:\Users\Admin\AppData\Local\Temp\EcoH Client\config_retrieve.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
memory/2252-1-0x00007FFCD03F0000-0x00007FFCD03FE000-memory.dmp
memory/2252-4-0x0000000062E80000-0x0000000062EA6000-memory.dmp
memory/2252-3-0x00007FFCCD3F0000-0x00007FFCCD47A000-memory.dmp
memory/2252-0-0x00007FF6AD150000-0x00007FF6AD245000-memory.dmp
memory/2252-2-0x0000000064940000-0x0000000064955000-memory.dmp
Analysis: behavioral11
Detonation Overview
Submitted
2024-06-18 15:00
Reported
2024-06-18 15:03
Platform
win11-20240611-en
Max time kernel
144s
Max time network
151s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\EcoH Client\dbghelp.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-06-18 15:00
Reported
2024-06-18 15:03
Platform
win11-20240611-en
Max time kernel
89s
Max time network
99s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\EcoH Client\exchndl.dll",#1
Network
| Country | Destination | Domain | Proto |
| IE | 52.111.236.23:443 | tcp |
Files
Analysis: behavioral29
Detonation Overview
Submitted
2024-06-18 15:00
Reported
2024-06-18 15:03
Platform
win11-20240611-en
Max time kernel
149s
Max time network
154s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\EcoH Client\steam_api.dll",#1
Network
Files
memory/908-0-0x00007FFD7A370000-0x00007FFD7A37E000-memory.dmp
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-18 15:00
Reported
2024-06-18 15:03
Platform
win11-20240611-en
Max time kernel
148s
Max time network
153s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\EcoH Client\avcodec-60.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
Files
memory/4340-2-0x0000000064940000-0x0000000064955000-memory.dmp
memory/4340-1-0x00007FFCC3E50000-0x00007FFCC4054000-memory.dmp
memory/4340-0-0x00007FFCC4060000-0x00007FFCC4423000-memory.dmp
Analysis: behavioral18
Detonation Overview
Submitted
2024-06-18 15:00
Reported
2024-06-18 15:03
Platform
win11-20240611-en
Max time kernel
72s
Max time network
124s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\EcoH Client\libogg.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 20.42.65.94:443 | tcp | |
| SE | 192.229.221.95:80 | tcp |
Files
memory/1672-0-0x00007FFF35330000-0x00007FFF35342000-memory.dmp
Analysis: behavioral22
Detonation Overview
Submitted
2024-06-18 15:00
Reported
2024-06-18 15:03
Platform
win11-20240611-en
Max time kernel
87s
Max time network
93s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\EcoH Client\libssp-0.dll",#1
Network
Files
memory/2928-0-0x00007FFDF2A50000-0x00007FFDF2A5E000-memory.dmp
Analysis: behavioral12
Detonation Overview
Submitted
2024-06-18 15:00
Reported
2024-06-18 15:03
Platform
win11-20240611-en
Max time kernel
90s
Max time network
100s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\EcoH Client\demo_extract_chat.exe
"C:\Users\Admin\AppData\Local\Temp\EcoH Client\demo_extract_chat.exe"
Network
| Country | Destination | Domain | Proto |
| NL | 52.111.243.29:443 | tcp |
Files
memory/4692-0-0x00007FF67AD30000-0x00007FF67AE25000-memory.dmp
memory/4692-2-0x00007FFF45880000-0x00007FFF4590A000-memory.dmp
memory/4692-4-0x0000000062E80000-0x0000000062EA6000-memory.dmp
memory/4692-3-0x0000000064940000-0x0000000064955000-memory.dmp
memory/4692-1-0x00007FFF5AEC0000-0x00007FFF5AECE000-memory.dmp
Analysis: behavioral13
Detonation Overview
Submitted
2024-06-18 15:00
Reported
2024-06-18 15:04
Platform
win11-20240508-en
Max time kernel
148s
Max time network
155s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\EcoH Client\dilate.exe
"C:\Users\Admin\AppData\Local\Temp\EcoH Client\dilate.exe"
Network
Files
memory/5112-4-0x0000000062E80000-0x0000000062EA6000-memory.dmp
memory/5112-5-0x00007FFFC9C10000-0x00007FFFC9C1E000-memory.dmp
memory/5112-3-0x0000000064940000-0x0000000064955000-memory.dmp
memory/5112-2-0x00007FFFC0A50000-0x00007FFFC0A9D000-memory.dmp
memory/5112-1-0x00007FFFC0120000-0x00007FFFC01AA000-memory.dmp
memory/5112-0-0x00007FF7FD4D0000-0x00007FF7FD5C8000-memory.dmp
Analysis: behavioral25
Detonation Overview
Submitted
2024-06-18 15:00
Reported
2024-06-18 15:03
Platform
win11-20240508-en
Max time kernel
130s
Max time network
142s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\EcoH Client\map_diff.exe
"C:\Users\Admin\AppData\Local\Temp\EcoH Client\map_diff.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
memory/3840-1-0x00007FF659E10000-0x00007FF659F05000-memory.dmp
memory/3840-5-0x00007FFC688C0000-0x00007FFC688CE000-memory.dmp
memory/3840-4-0x0000000062E80000-0x0000000062EA6000-memory.dmp
memory/3840-3-0x0000000064940000-0x0000000064955000-memory.dmp
memory/3840-2-0x00007FFC66340000-0x00007FFC663CA000-memory.dmp
Analysis: behavioral28
Detonation Overview
Submitted
2024-06-18 15:00
Reported
2024-06-18 15:04
Platform
win11-20240611-en
Max time kernel
88s
Max time network
96s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\EcoH Client\sqlite3.dll",#1
Network
Files
memory/1968-0-0x00007FFD9A480000-0x00007FFD9A5E4000-memory.dmp
Analysis: behavioral21
Detonation Overview
Submitted
2024-06-18 15:00
Reported
2024-06-18 15:04
Platform
win11-20240508-en
Max time kernel
87s
Max time network
94s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\EcoH Client\libpng16-16.dll",#1
Network
Files
Analysis: behavioral26
Detonation Overview
Submitted
2024-06-18 15:00
Reported
2024-06-18 15:03
Platform
win11-20240611-en
Max time kernel
149s
Max time network
154s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\EcoH Client\map_extract.exe
"C:\Users\Admin\AppData\Local\Temp\EcoH Client\map_extract.exe"
Network
| Country | Destination | Domain | Proto |
| US | 52.111.227.11:443 | tcp |
Files
memory/4880-5-0x00007FFD748A0000-0x00007FFD748AE000-memory.dmp
memory/4880-4-0x0000000064940000-0x0000000064955000-memory.dmp
memory/4880-1-0x00007FFD6F880000-0x00007FFD6F8CD000-memory.dmp
memory/4880-3-0x0000000062E80000-0x0000000062EA6000-memory.dmp
memory/4880-2-0x00007FFD6EEA0000-0x00007FFD6EF2A000-memory.dmp
memory/4880-0-0x00007FF7D5930000-0x00007FF7D5A28000-memory.dmp
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-18 15:00
Reported
2024-06-18 15:03
Platform
win11-20240508-en
Max time kernel
111s
Max time network
124s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\EcoH Client\avformat-60.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 52.111.227.14:443 | tcp |
Files
memory/756-0-0x00007FFBB1520000-0x00007FFBB159B000-memory.dmp
memory/756-1-0x00007FFBAE160000-0x00007FFBAE364000-memory.dmp
memory/756-2-0x00007FFBADD90000-0x00007FFBAE153000-memory.dmp
memory/756-3-0x0000000064940000-0x0000000064955000-memory.dmp
Analysis: behavioral10
Detonation Overview
Submitted
2024-06-18 15:00
Reported
2024-06-18 15:04
Platform
win11-20240508-en
Max time kernel
86s
Max time network
99s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\EcoH Client\dbgcore.dll",#1
Network
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-06-18 15:00
Reported
2024-06-18 15:04
Platform
win11-20240611-en
Max time kernel
87s
Max time network
94s
Command Line
Signatures
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000_Classes\Local Settings | C:\Windows\system32\rundll32.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\EcoH Client\discord_game_sdk.dll",#1
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral20
Detonation Overview
Submitted
2024-06-18 15:00
Reported
2024-06-18 15:03
Platform
win11-20240508-en
Max time kernel
142s
Max time network
153s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\EcoH Client\libopusfile.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
memory/4736-2-0x00007FFFA83C0000-0x00007FFFA8452000-memory.dmp
memory/4736-1-0x00007FFFABFF0000-0x00007FFFAC002000-memory.dmp
memory/4736-0-0x00007FFFAE600000-0x00007FFFAE615000-memory.dmp
Analysis: behavioral7
Detonation Overview
Submitted
2024-06-18 15:00
Reported
2024-06-18 15:04
Platform
win11-20240508-en
Max time kernel
143s
Max time network
160s
Command Line
Signatures
Processes
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\EcoH Client\config_directory.bat"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral19
Detonation Overview
Submitted
2024-06-18 15:00
Reported
2024-06-18 15:03
Platform
win11-20240611-en
Max time kernel
144s
Max time network
151s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\EcoH Client\libopus.dll",#1
Network
Files
Analysis: behavioral27
Detonation Overview
Submitted
2024-06-18 15:00
Reported
2024-06-18 15:04
Platform
win11-20240508-en
Max time kernel
88s
Max time network
105s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\EcoH Client\mgwhelp.dll",#1
Network
| Country | Destination | Domain | Proto |
| IE | 52.111.236.22:443 | tcp | |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
memory/776-0-0x00007FF80F170000-0x00007FF80F232000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-18 15:00
Reported
2024-06-18 15:04
Platform
win11-20240508-en
Max time kernel
140s
Max time network
100s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\EcoH Client\DDNet-Server.exe
"C:\Users\Admin\AppData\Local\Temp\EcoH Client\DDNet-Server.exe"
Network
Files
memory/4672-3-0x00007FFCC9D90000-0x00007FFCC9E1A000-memory.dmp
memory/4672-9-0x00007FFCC6390000-0x00007FFCC6452000-memory.dmp
memory/4672-8-0x00007FFCC9B00000-0x00007FFCC9B3F000-memory.dmp
memory/4672-7-0x0000000062E80000-0x0000000062EA6000-memory.dmp
memory/4672-6-0x00007FFCD03B0000-0x00007FFCD03BE000-memory.dmp
memory/4672-5-0x0000000064940000-0x0000000064955000-memory.dmp
memory/4672-4-0x00007FFCC6C60000-0x00007FFCC6DC4000-memory.dmp
memory/4672-2-0x00007FF748380000-0x00007FF748698000-memory.dmp
memory/4672-10-0x00007FF748380000-0x00007FF748698000-memory.dmp
memory/4672-18-0x00007FF748380000-0x00007FF748698000-memory.dmp
memory/4672-26-0x00007FF748380000-0x00007FF748698000-memory.dmp
memory/4672-34-0x00007FF748380000-0x00007FF748698000-memory.dmp
memory/4672-42-0x00007FF748380000-0x00007FF748698000-memory.dmp
memory/4672-50-0x00007FF748380000-0x00007FF748698000-memory.dmp
memory/4672-58-0x00007FF748380000-0x00007FF748698000-memory.dmp
Analysis: behavioral16
Detonation Overview
Submitted
2024-06-18 15:00
Reported
2024-06-18 15:05
Platform
win11-20240611-en
Max time kernel
274s
Max time network
279s
Command Line
Signatures
Downloads MZ/PE file
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7z.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\EcoH Client\Eco-H Revival.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\EcoH Client\Eco-H Revival.exe | N/A |
Loads dropped DLL
Checks installed software on the system
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\EcoH Client\Eco-H Revival.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\7-Zip\Lang\az.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fr.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7z.exe | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Uninstall.exe | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\uz-cyrl.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ext.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sr-spl.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\co.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sk.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\lt.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sw.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fi.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\lij.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7zCon.sfx | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\hi.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\uk.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\History.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\th.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\readme.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\it.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\nb.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7-zip32.dll | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\th.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ms.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\gl.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ms.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\io.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ku-ckb.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7zG.exe | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ps.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\History.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ne.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\pt-br.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ko.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\readme.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ar.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ba.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ca.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\tg.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7zCon.sfx | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\yo.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\is.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7z.sfx | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\pt.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ro.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\uz.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\hu.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\kk.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ru.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ru.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\bn.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\mr.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\pt.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ba.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\co.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7z.dll | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\sr-spc.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\ky.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\uz-cyrl.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\fur.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\kab.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\lv.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\7zFM.exe | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| File opened for modification | C:\Program Files\7-Zip\Lang\kaa.txt | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133631965235420232" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll" | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000} | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000} | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll" | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll" | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll" | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\Downloads\7z2406-x64.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\7z2406-x64.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\EcoH Client.rar:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\EcoH Client\libcurl.dll",#1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd824bab58,0x7ffd824bab68,0x7ffd824bab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1540 --field-trial-handle=1772,i,10386791432043856115,3971410618579251118,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1772,i,10386791432043856115,3971410618579251118,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2192 --field-trial-handle=1772,i,10386791432043856115,3971410618579251118,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1772,i,10386791432043856115,3971410618579251118,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3220 --field-trial-handle=1772,i,10386791432043856115,3971410618579251118,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4256 --field-trial-handle=1772,i,10386791432043856115,3971410618579251118,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4424 --field-trial-handle=1772,i,10386791432043856115,3971410618579251118,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4568 --field-trial-handle=1772,i,10386791432043856115,3971410618579251118,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4528 --field-trial-handle=1772,i,10386791432043856115,3971410618579251118,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4776 --field-trial-handle=1772,i,10386791432043856115,3971410618579251118,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4796 --field-trial-handle=1772,i,10386791432043856115,3971410618579251118,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2228 --field-trial-handle=1772,i,10386791432043856115,3971410618579251118,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3424 --field-trial-handle=1772,i,10386791432043856115,3971410618579251118,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2408 --field-trial-handle=1772,i,10386791432043856115,3971410618579251118,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4988 --field-trial-handle=1772,i,10386791432043856115,3971410618579251118,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5124 --field-trial-handle=1772,i,10386791432043856115,3971410618579251118,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5280 --field-trial-handle=1772,i,10386791432043856115,3971410618579251118,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4516 --field-trial-handle=1772,i,10386791432043856115,3971410618579251118,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 --field-trial-handle=1772,i,10386791432043856115,3971410618579251118,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4996 --field-trial-handle=1772,i,10386791432043856115,3971410618579251118,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5592 --field-trial-handle=1772,i,10386791432043856115,3971410618579251118,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4848 --field-trial-handle=1772,i,10386791432043856115,3971410618579251118,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5740 --field-trial-handle=1772,i,10386791432043856115,3971410618579251118,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5836 --field-trial-handle=1772,i,10386791432043856115,3971410618579251118,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5928 --field-trial-handle=1772,i,10386791432043856115,3971410618579251118,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5976 --field-trial-handle=1772,i,10386791432043856115,3971410618579251118,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6052 --field-trial-handle=1772,i,10386791432043856115,3971410618579251118,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6084 --field-trial-handle=1772,i,10386791432043856115,3971410618579251118,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4472 --field-trial-handle=1772,i,10386791432043856115,3971410618579251118,131072 /prefetch:8
C:\Users\Admin\Downloads\7z2406-x64.exe
"C:\Users\Admin\Downloads\7z2406-x64.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5912 --field-trial-handle=1772,i,10386791432043856115,3971410618579251118,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5832 --field-trial-handle=1772,i,10386791432043856115,3971410618579251118,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5520 --field-trial-handle=1772,i,10386791432043856115,3971410618579251118,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5836 --field-trial-handle=1772,i,10386791432043856115,3971410618579251118,131072 /prefetch:2
C:\Users\Admin\Downloads\7z2406-x64.exe
"C:\Users\Admin\Downloads\7z2406-x64.exe"
C:\Users\Admin\Downloads\7z2406-x64.exe
"C:\Users\Admin\Downloads\7z2406-x64.exe"
C:\Program Files\7-Zip\7z.exe
"C:\Program Files\7-Zip\7z.exe"
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe"
C:\Users\Admin\Desktop\EcoH Client\Eco-H Revival.exe
"C:\Users\Admin\Desktop\EcoH Client\Eco-H Revival.exe"
C:\Users\Admin\Desktop\EcoH Client\Eco-H Revival.exe
"C:\Users\Admin\Desktop\EcoH Client\Eco-H Revival.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| GB | 142.250.187.206:443 | clients2.google.com | udp |
| GB | 142.250.187.206:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 50.7.236.50:443 | pixeldrain.com | tcp |
| NL | 50.7.236.50:443 | pixeldrain.com | tcp |
| DE | 78.47.86.208:443 | stats.pixeldrain.com | tcp |
| NL | 50.7.236.50:443 | pixeldrain.com | tcp |
| DE | 78.47.86.208:443 | stats.pixeldrain.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| GB | 2.18.66.170:443 | tcp | |
| US | 104.208.16.88:443 | browser.pipe.aria.microsoft.com | tcp |
| BE | 88.221.83.200:443 | r.bing.com | tcp |
| BE | 88.221.83.200:443 | r.bing.com | tcp |
| BE | 88.221.83.200:443 | r.bing.com | tcp |
| BE | 88.221.83.200:443 | r.bing.com | tcp |
| BE | 88.221.83.200:443 | r.bing.com | tcp |
| BE | 88.221.83.200:443 | r.bing.com | tcp |
| BE | 88.221.83.200:443 | r.bing.com | tcp |
| BE | 88.221.83.200:443 | r.bing.com | tcp |
| BE | 88.221.83.200:443 | r.bing.com | tcp |
| BE | 88.221.83.200:443 | r.bing.com | tcp |
| BE | 88.221.83.200:443 | r.bing.com | tcp |
| BE | 88.221.83.200:443 | r.bing.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| GB | 142.250.187.238:443 | consent.google.com | tcp |
| DE | 49.12.202.237:443 | www.7-zip.org | tcp |
| DE | 49.12.202.237:443 | www.7-zip.org | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.109.133:443 | objects.githubusercontent.com | tcp |
| US | 4.150.240.254:443 | arm-ring.msedge.net | tcp |
| US | 8.8.8.8:53 | t-ring-fdv2.msedge.net | udp |
| US | 13.107.237.254:443 | t-ring-fdv2.msedge.net | tcp |
| US | 8.8.8.8:53 | 254.4.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.240.150.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.237.107.13.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| GB | 142.250.200.3:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | transfer.sh | udp |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
Files
memory/3464-2-0x0000000062E80000-0x0000000062EA6000-memory.dmp
memory/3464-1-0x0000000064940000-0x0000000064955000-memory.dmp
memory/3464-0-0x00007FFD82BA0000-0x00007FFD82C2A000-memory.dmp
\??\pipe\crashpad_2524_PXJNEZLJTXQNWVOC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c31c2fe50f49820efb625e08b553b2a2 |
| SHA1 | 26cfed5c16539ad98b267ead9271f05d65faf93a |
| SHA256 | c71a678f588ad119962c253df538d1d24fc93b47fc7c02d43be63700a3dd253d |
| SHA512 | 0577ebaa398da7ee601a250e44bbc9202de4680fbf778bffd15b303e588d7e1e9405a310a4ecb11212ffb556c79709b7e18ddb744c20e3ef963318f66dbe6c52 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 60670389268d02d98ac28745d2cb164a |
| SHA1 | 53b426b16348f6ce951b6c54dda828240a264dc9 |
| SHA256 | 46d1af755cc9234347ca5761e3adbee185d95c2996e27448f8da654767c164d3 |
| SHA512 | 04fdf38bec3bf95772eedfa994d4ef1d78878c7c0b6f0184fb001ee8b3ebf66245189c8f3f45b208b9eaa9bc32179a9d32c1f7ed8de737186bc3f5dd31d98f01 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5a2f670bac48f31e7b8e2a2a16018e25 |
| SHA1 | cf83aae1cb684fe57826514734d8a71cf671619c |
| SHA256 | 9dc8e629e2af35c9cd434766094a0c0e3fd75b974ca99e1813aa8885121335ae |
| SHA512 | 05ba685e26fcf2b29cac55f7b2eded5f84cd55eac0aa210779ad79c89abbfe56efc66e8ea0afdef7b178a97fb418cff53a32081aa42aac2176787a8d97136323 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | f967e8016f7a1a51630414751c8d8273 |
| SHA1 | 12016c1418cf1adf3e97693b6201d711d1f35eef |
| SHA256 | 74e6f703345e0979c45055008840875c0157c276dc90898f0cd897d647017b92 |
| SHA512 | 600370ba6a0f45bb7f2842dca1333e673d2b592548aaa4638ddc08a93fa32f2432873b26c4211a6a3fe07122eecfa16ce0afebcb4eb485cd106f12007a57e385 |
C:\Users\Admin\Downloads\EcoH Client.rar:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a3423eea70585444fcf4d8587d4f9028 |
| SHA1 | d705145f4368862e2c3d15e195fc4ceb39ba9399 |
| SHA256 | 11edaa042cc1790160b24d143234b0b428c892ebd7606e0fc682e626f0e54caf |
| SHA512 | e76ce28cd6c3e3693960a0ac57d579617c84fb668706d2af7dbd12f214850fd4b8d112da17ab7af773242cc914fd83bd00d0d0d02c48a22388d9c3a6748158db |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 50357fcd590818a542bc556e67fb78f2 |
| SHA1 | 1826963d6cf12003f9073e9337d4831e92d09bdc |
| SHA256 | 22da45ac08d33a9039673c2d580ee437ff8232cea0f7b3407890f0bc25ad747c |
| SHA512 | 3b7144991a3da9afcebc15d77bc8aca0796b2390ff6a1bfcb46784fbe8a3c06ec76217a990fec27c1729fbb7f09ce6294b8f15bc1e3031baa4dfaa20a4b36b99 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 677c6418699ad8f2348eeaa4d0b4ab3a |
| SHA1 | 92a706fef9d48280cb83437a6e00213ca8fa9352 |
| SHA256 | 80b391ee6dee785d9c459feea457b592c381678a4c892b290b840f65e976035a |
| SHA512 | a47c92075a173b03bc79b1f508d43a8e049f8e6ca07616cef2bb8db96859a057619f2ba4fe2ce8697d90f2e6472baa008df226c9ac1ffde65f7fb46f7360cc93 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58d954.TMP
| MD5 | 29af30aad5215c5122ae4c95486382a2 |
| SHA1 | 335e9b02da556f53b2c7fac22a5867c67cceaf64 |
| SHA256 | c2bdd5204d1f9131e8291e1a68b1aceb104b959bf17cae33bd5100fd3035f2f0 |
| SHA512 | 7f630669b85ac6522e435f9a5a716451eb37c57966193ea87d0adb47223ae34e147aa0d987e55af9862d85e935b05e81aa1d0b2a807fa46f96ccf291e4c9d83f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4f14a461daa497feefa76c753eb06370 |
| SHA1 | eec1c89431f251dc5eb405ca2792afa431c9ba65 |
| SHA256 | 3d1e0a0a59a3eda4098c3955fc06873e76347850f8f5b3a25bc14ac5626959cf |
| SHA512 | 3f3b2c8e718039f0278e7a44c9dab089141e5fd3b5868278b3e9759d51d32572f168da8d7842f192d555d90c4dc9164a838fd52e4ef15d4f5fafc83f2484c185 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a936803d2ea43519f44a6d17228a5f9d |
| SHA1 | 8e6ddf5f8c2bd57868f651bda263b62eedaa6ad4 |
| SHA256 | 1c71a1838862b36c036a7d5f842b4525ed170954f0a4ee7e2b60f4ebf297a95f |
| SHA512 | c3b45b6bf6fd887b11d3dee808dc786c747ff776b6ae391303fdc8ace178c743103ecc44ab8e3e7ddeef87242ed97149dd918733e47924f2dcad284bc9fc42e8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | e4e08de1dffbdd8c3e77c290c628abfc |
| SHA1 | 56c13bf0c935ee5396ee9dc792c019f583ecfc0b |
| SHA256 | 7d718d46063bf8c01e410db2fe5987a88aafb9191c090091992c77864bbc2c9b |
| SHA512 | 85e0ab5457e0255f0ac0d2ce9d6a57423de089f3f685481f0ce3e79c4452d932962d3c689d96a289df77e82bc7dcadf2c51e70643620e270ad39bd5412be7729 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 49dbc85bcfe62712b84625ab8625e67a |
| SHA1 | 5adfa39dde7d19d48e5a13eb2bc24c0aadb6d451 |
| SHA256 | 389787b84e31bc9b741e84cbae535032927f850339164fc66689f47d74dd1bfc |
| SHA512 | 396d1efa3340cdd96070fa313d61e3767e9607b6f2c8083620c828d4d3e5f53a881fd204df2d04f5527faf203b2fb22994e53be14f12c3cb5e7793f16186e876 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 51dc14e4951e02d4f4bb3d9775969556 |
| SHA1 | f8b8aa6c76d9967eda0c56fde6eb103839d4e8f2 |
| SHA256 | 46821892afe89da55c189ffcb22315db6152f768bd5ade2c5f9627f144983a34 |
| SHA512 | 85a64c3f081cd6448937cd8cebadd74b3acc1382be7e0b1909bf2d762fd1f96122520b6ad8f0edf6ff813c31df4f81c77fff32e632a19b7949930d954de77dd4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a3f9d4d746725308fcd9811f11909e6b |
| SHA1 | 5c45b87f144368c8ac45f323e332d5018f7a18fe |
| SHA256 | 0791e13c2ee33706b26530d5f9b0d502d8fd76961fe4ea6ad147e826ffb0c359 |
| SHA512 | bf594a3895986a587485c08e0c090d90c7900102579478d919fb63a7790e7b86c66fe98c41514bc0e159dad8e895d371881690a75399c8c67b9d88c92bca534e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1621a79ae4e1997de73c6ec7a4ba9ec7 |
| SHA1 | 00178153046d6d076aab91ec912182c1b43fb29f |
| SHA256 | d81a830b5732a67d2af71f929e22b556d66b6c34aef75f5a45882c3dc29cebc8 |
| SHA512 | 860e66740449bbd7f0362e87bdb9a82508d7c0a6d6946927fad7a20397fb10aca008b7a666b946c712e07dfd0e6c85fcbff3506aabf0f03338bdd1988d1a74d9 |
C:\Users\Admin\Downloads\Unconfirmed 376862.crdownload
| MD5 | d8af785ca5752bae36e8af5a2f912d81 |
| SHA1 | 54da15671ad8a765f3213912cba8ebd8dac1f254 |
| SHA256 | 6220bbe6c26d87fc343e0ffa4e20ccfafeca7dab2742e41963c40b56fb884807 |
| SHA512 | b635b449f49aac29234f677e662be35f72a059401ea0786d956485d07134f9dd10ed284338503f08ff7aad16833cf034eb955ca34e1faf35a8177ccad1f20c75 |
C:\Users\Admin\Downloads\7z2406-x64.exe:Zone.Identifier
| MD5 | 6a98c115becde12a2fd55b62da2a91e9 |
| SHA1 | 93d4f922e009a8518744f47977299407f8470204 |
| SHA256 | 9cafaf53c8abd05ad8f5fe2e517dbb910945f659c2e11811d6bc346167819c90 |
| SHA512 | 24045a19d6f100c112244b6b1602209803050ed611f798ed32ad44ebfbb8e4e18ae3622e178f119d0347d663ad14d938fc2433771d8f152e156aa299e340eac9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6aad651ae76796e5bc048586f36d63d9 |
| SHA1 | 3410a3eadf164003c814c286ea73eb7e36a1ee4f |
| SHA256 | f38bcf54e7a165aa423426ac3e57a753caa93ef41c9987c726423ea94203f45a |
| SHA512 | 5e25a579c60bacdc515bcf685e552c509538662b74d8c6fd6ca3c45eb68127fe7d3294e8c681e884e8f84f8f69b5f664d85f6596c95ad30f9a96d08925816d8e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e1fc8378a6279aa3c989e48c9e6be601 |
| SHA1 | a5800b6f8c138f218d6edd032b712a3164c2d8eb |
| SHA256 | 7b6f6192ac6932c4a008e27c484714c39ebf58125c45923a1d46be1a26b1c0df |
| SHA512 | c7736390a842c466f383c1ff9f2319bf2b9f4ac55650af8a038d771738e5a734acf2355a81605aca225264f82a3e2c5d142210b3c39591a69f89ee638686d974 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1011c2254eb18e6dc39846f65ce4d889 |
| SHA1 | aef2d73573913a023a760184ca00c4d61d81196c |
| SHA256 | 51793564d3d5d9701293612a5a7496bb6a085631ca3963f817eda841d9c1a6eb |
| SHA512 | 7096a56f965729b7936a8593613c07e286479c1e0aa9b1beda23c86cdb8155ec7d3ed34e234e943911c177494f37964104e426f5accfbd9951f8ab3a2f827c6b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 67c437863f3a1a64c978713dfb43dda5 |
| SHA1 | d3f7a1c780c4952b6dd178118abb15bcda48450a |
| SHA256 | c8acbba3ba1934d406e741fcc24ae60894879245b171f1abf653b79ac0742f54 |
| SHA512 | ff90e97440898f001d74f5b5a8f4f3e34c3780c5905035aa160eeb285901a386a02688f709f14386bf41310cebbcff457ac4d9526e886bcf93f71266ff6ba72d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
| MD5 | caaa5222d179a24ca5540080c7018b99 |
| SHA1 | 1f415a7a73a12a4c16f25709504f4e4e4beae9dd |
| SHA256 | b729255f2e984a20fa0f0eb07e08368cf468fd17ff27a7d1dbb4042ec261d8cf |
| SHA512 | 71b4f878aa154ba4a8523c2e36faa8dbe3cfafa082b18796d8b69539dee9506253b9e55fc9b71cc2c9027d22ae08587b0e2ddadbc8d3395dbb73584d1ca1ebcc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 02d5e234d3a93eef6e7fc86a30343f7f |
| SHA1 | 0144051bcfe265c686471837067ab11b40752d9b |
| SHA256 | 65c430e95436cbbd8d006d10becb823ccb1d600230d1911f3a05cf1ee599c8c5 |
| SHA512 | 3f6475d9b03204bc9845754cc030d1cb46a898f202d2e72f018ea1feb0d43d6d46d49b14752d8862924b9bfde9ca0dba11d32f26d9920965352cc65bbb252404 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 3bb453bde58b75b8e63b5eb0ef3c933d |
| SHA1 | d0ba84fdc2b5af4f75e610837d3e6dd5324829eb |
| SHA256 | d7ea828fa2edcfbfe4b49138c0b68503282cfe2178adc693b68ceb89e2748fc6 |
| SHA512 | 6aba9766bb41fb13bf3a29eb73ad77b3234c9b9aae95a05a8547ac4fa2148588a3bab0b509c4b94a0678d0bfb456bfe213c0e3dca3abcad9480f1e1e09ea20d3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 610b2add83ccdf35eb1b4b8d7c9e6d54 |
| SHA1 | f9126253fa63105132c2b53a05a26e71ccb9a93b |
| SHA256 | 1be8e6547656012ee1b3dcaaa1559e7090038f6ff7683086ec6bd697c915e87b |
| SHA512 | 8141201bef6d851c75134f374f11cfe71d5118ea9f6b7ef8ea45d8cb93b8240c0ce6c9fb008715ea1060753936f58cbc3299ecca4ecb09de123f15a33557fc52 |
C:\Program Files\7-Zip\7-zip.chm
| MD5 | 3073686bd3abcdbf2148be7624388e8a |
| SHA1 | 8da958c7671b7e3b8aa8052e6608860e8e3349a6 |
| SHA256 | 1a3a2bfcd5b14d0b014ecdf961b44f975b4bfe1f2284bd4fbef7da0befba5da8 |
| SHA512 | 34f18ac283d38b2082da7ec44b10bde90338d408394d22af53c4b0aea2631d887f6455566633b665543643753231e5a06a505dc59ab8be0fe99022dd360e6502 |
C:\Program Files\7-Zip\descript.ion
| MD5 | eb7e322bdc62614e49ded60e0fb23845 |
| SHA1 | 1bb477811ecdb01457790c46217b61cb53153b75 |
| SHA256 | 1da513f5a4e8018b9ae143884eb3eaf72454b606fd51f2401b7cfd9be4dbbf4f |
| SHA512 | 8160b581a3f237d87e664d93310f5e85a42df793b3e22390093f9fb9a0a39950be6df2a713b55259fce5d5411d0499886a8039288d9481b4095fabadddbebb60 |
C:\Program Files\7-Zip\Lang\an.txt
| MD5 | f16218139e027338a16c3199091d0600 |
| SHA1 | da48140a4c033eea217e97118f595394195a15d5 |
| SHA256 | 3ab9f7aacd38c4cde814f86bc37eec2b9df8d0dddb95fc1d09a5f5bcb11f0eeb |
| SHA512 | b2e99d70d1a7a2a1bfa2ffb61f3ca2d1b18591c4707e4c6c5efb9becdd205d646b3baa0e8cbd28ce297d7830d3dfb8f737266c66e53a83bdbe58b117f8e3ae14 |
C:\Program Files\7-Zip\Lang\af.txt
| MD5 | df216fae5b13d3c3afe87e405fd34b97 |
| SHA1 | 787ccb4e18fc2f12a6528adbb7d428397fc4678a |
| SHA256 | 9cf684ea88ea5a479f510750e4089aee60bbb2452aa85285312bafcc02c10a34 |
| SHA512 | a6eee3d60b88f9676200b40ca9c44cc4e64cf555d9b8788d4fde05e05b8ca5da1d2c7a72114a18358829858d10f2beff094afd3bc12b370460800040537cff68 |
C:\Program Files\7-Zip\History.txt
| MD5 | 6b604af1dc25151fdcac458b6fe81a12 |
| SHA1 | 59dea20ca7210206664e4ac21daae7397f267564 |
| SHA256 | 0d8d0b046fa8798d4ebc3d14fd7f8bfb88fa130d0e58826f4c15d0b981acc553 |
| SHA512 | 530319be3442eb276389ff66769820b4ed1a9c4ff0796430c6425206630245f5b19ecc9af09c7ae811bded22d401025fed898b3e37ac9dae5b1905516fc92fdb |
C:\Program Files\7-Zip\Lang\ast.txt
| MD5 | 1cf6411ff9154a34afb512901ba3ee02 |
| SHA1 | 958f7ff322475f16ca44728349934bc2f7309423 |
| SHA256 | f5f2174daf36e65790c7f0e9a4496b12e14816dad2ee5b1d48a52307076be35f |
| SHA512 | b554c1ab165a6344982533cceed316d7f73b5b94ce483b5dc6fb1f492c6b1914773027d31c35d60ab9408669520ea0785dc0d934d3b2eb4d78570ff7ccbfcf9c |
C:\Program Files\7-Zip\Lang\fa.txt
| MD5 | 741e0235c771e803c1b2a0b0549eac9d |
| SHA1 | 7839ae307e2690721ad11143e076c77d3b699a3c |
| SHA256 | 657f2aceb60d557f907603568b0096f9d94143ff5a624262bbfeb019d45d06d7 |
| SHA512 | f8662732464fa6a20f35edcce066048a6ba6811f5e56e9ca3d9aa0d198fc9517642b4f659a46d8cb8c87e890adc055433fa71380fb50189bc103d7fbb87e0be5 |
C:\Program Files\7-Zip\Lang\ext.txt
| MD5 | 459b9c72a423304ffbc7901f81588337 |
| SHA1 | 0ba0a0d9668c53f0184c99e9580b90ff308d79be |
| SHA256 | 8075fd31b4ebb54603f69abb59d383dcef2f5b66a9f63bb9554027fd2949671c |
| SHA512 | 033ced457609563e0f98c66493f665b557ddd26fab9a603e9de97978d9f28465c5ac09e96f5f8e0ecd502d73df29305a7e2b8a0ad4ee50777a75d6ab8d996d7f |
C:\Program Files\7-Zip\Lang\eu.txt
| MD5 | c90cd9f1e3d05b80aba527eb765cbf13 |
| SHA1 | 66d1e1b250e2288f1e81322edc3a272fc4d0fffc |
| SHA256 | a1c9d46b0639878951538f531bba69aeddd61e6ad5229e3bf9c458196851c7d8 |
| SHA512 | 439375d01799da3500dfa48c54eb46f7b971a299dfebff31492f39887d53ed83df284ef196eb8bc07d99d0ec92be08a1bf1a7dbf0ce9823c85449cc6f948f24c |
C:\Program Files\7-Zip\Lang\et.txt
| MD5 | d6a50c4139d0973776fc294ee775c2ac |
| SHA1 | 1881d68ae10d7eb53291b80bd527a856304078a0 |
| SHA256 | 6b2718882bb47e905f1fdd7b75ece5cc233904203c1407c6f0dcdc5e08e276da |
| SHA512 | 0fd14b4fd9b613d04ef8747dcd6a47f6f7777ac35c847387c0ea4b217f198aa8ac54ea1698419d4122b808f852e9110d1780edcb61a4057c1e2774aa5382e727 |
C:\Program Files\7-Zip\Lang\es.txt
| MD5 | ed230f9f52ef20a79c4bed8a9fefdf21 |
| SHA1 | ec0153260b58438ad17faf1a506b22ad0fec1bdc |
| SHA256 | 7199b362f43e9dca2049c0eeb8b1bb443488ca87e12d7dda0f717b2adbdb7f95 |
| SHA512 | 32f0e954235420a535291cf58b823baacf4a84723231a8636c093061a8c64fcd0952c414fc5bc7080fd8e93f050505d308e834fea44b8ab84802d8449f076bc9 |
C:\Program Files\7-Zip\Lang\eo.txt
| MD5 | 29caad3b73f6557f0306f4f6c6338235 |
| SHA1 | d4b3147f23c75de84287ad501e7403e0fce69921 |
| SHA256 | a6ef5a5a1e28d406fd78079d9cacf819b047a296adc7083d34f2bfb3d071e5af |
| SHA512 | 77618995d9cf90603c5d4ad60262832d8ad64c91a5e6944efd447a5cc082a381666d986bb294d7982c8721b0113f867b86490ca11bb3d46980132c9e4df1bd92 |
C:\Program Files\7-Zip\Lang\en.ttt
| MD5 | bf2e140e9d30d6c51d372638ba7f4bd9 |
| SHA1 | a4358379a21a050252d738f6987df587c0bd373d |
| SHA256 | c218145bb039e1fd042fb1f5425b634a4bdc1f40b13801e33ed36cfdbda063ed |
| SHA512 | b524388f7476c9a43e841746764ff59bdb1f8a1b4299353156081a854ee4435b94b34b1a87c299ec23f8909e0652222595b3177ee0392e3b8c0ff0a818db7f9a |
C:\Program Files\7-Zip\Lang\el.txt
| MD5 | 5894a446df1321fbdda52a11ff402295 |
| SHA1 | a08bf21d20f8ec0fc305c87c71e2c94b98a075a4 |
| SHA256 | 2dd2130f94d31262b12680c080c96b38ad55c1007f9e610ec8473d4bb13d2908 |
| SHA512 | 0a2c3d24e7e9add3ca583c09a63ba130d0088ed36947b9f7b02bb48be4d30ef8dc6b8d788535a941f74a7992566b969adf3bd729665e61bfe22b67075766f8de |
C:\Program Files\7-Zip\Lang\de.txt
| MD5 | 1e30a705da680aaeceaec26dcf2981de |
| SHA1 | 965c8ed225fb3a914f63164e0df2d5a24255c3d0 |
| SHA256 | 895f76bfa4b1165e4c5a11bdab70a774e7d05d4bbdaec0230f29dcc85d5d3563 |
| SHA512 | ff96e6578a1ee38db309e72a33f5de7960edcc260ca1f5d899a822c78595cc761fedbdcdd10050378c02d8a36718d76c18c6796498e2574501011f9d988da701 |
C:\Program Files\7-Zip\Lang\da.txt
| MD5 | c397e8ac4b966e1476adbce006bb49e4 |
| SHA1 | 3e473e3bc11bd828a1e60225273d47c8121f3f2c |
| SHA256 | 5ccd481367f7d8c544de6177187aff53f1143ae451ae755ce9ed9b52c5f5d478 |
| SHA512 | cbbece415d16b9984c82bd8fa4c03dbd1fec58ed04e9ef0a860b74d451d03d1c7e07b23b3e652374a3b9128a7987414074c2a281087f24a77873cc45ec5aadd2 |
C:\Program Files\7-Zip\Lang\cy.txt
| MD5 | 6bdf25354b531370754506223b146600 |
| SHA1 | c2487c59eeeaa5c0bdb19d826fb1e926d691358e |
| SHA256 | 470eaf5e67f5ead5b8c3ecc1b5b21b29d16c73591eb0047b681660346e25b3fb |
| SHA512 | c357b07c176175cc36a85c42d91b0cada79dbfb584bdf57f22a6cb11898f88aecf4392037d5cea3e1bc02df7493bb27b9509226f810f1875105bbc33c6ae3f20 |
C:\Program Files\7-Zip\Lang\cs.txt
| MD5 | dbdcfc996677513ea17c583511a5323b |
| SHA1 | d655664bc98389ed916bed719203f286bab79d3c |
| SHA256 | a6e329f37aca346ef64f2c08cc36568d5383d5b325c0caf758857ed3ff3953f2 |
| SHA512 | df495a8e8d50d7ec24abb55ce66b7e9b8118af63db3eb2153a321792d809f7559e41de3a9c16800347623ab10292aac2e1761b716cb5080e99a5c8726f7cc113 |
C:\Program Files\7-Zip\Lang\co.txt
| MD5 | de64842f09051e3af6792930a0456b16 |
| SHA1 | 498b92a35f2a14101183ebe8a22c381610794465 |
| SHA256 | dcfb95b47a4435eb7504b804da47302d8a62bbe450dadf1a34baea51c7f60c77 |
| SHA512 | 5dabeed739a753fd20807400dfc84f7bf1eb544704660a74afcf4e0205b7c71f1ddcf9f79ac2f7b63579735a38e224685b0125c49568cbde2d9d6add4c7d0ed8 |
C:\Program Files\7-Zip\Lang\ca.txt
| MD5 | 264fb4b86bcfb77de221e063beebd832 |
| SHA1 | a2eb0a43ea4002c2d8b5817a207eb24296336a20 |
| SHA256 | 07b5c0ac13d62882bf59db528168b6f0ffdf921d5442fae46319e84c90be3203 |
| SHA512 | 8d1a73e902c50fd390b9372483ebd2ec58d588bacf0a3b8c8b9474657c67705b6a284bb16bba4326d314c7a3cc11caf320da38d5acb42e685ed2f8a8b6f411f4 |
C:\Program Files\7-Zip\Lang\br.txt
| MD5 | 07504a4edab058c2f67c8bcb95c605dd |
| SHA1 | 3e2ae05865fb474f10b396bfefd453c074f822fa |
| SHA256 | 432bdb3eaa9953b084ee14eee8fe0abbc1b384cbdd984ccf35f0415d45aabba8 |
| SHA512 | b3f54d695c2a12e97c93af4df09ce1800b49e40302bec7071a151f13866edfdfafc56f70de07686650a46a8664608d8d3ea38c2939f2f1630ce0bf968d669ccc |
C:\Program Files\7-Zip\Lang\bn.txt
| MD5 | 771c8b73a374cb30df4df682d9c40edf |
| SHA1 | 46aa892c3553bddc159a2c470bd317d1f7b8af2a |
| SHA256 | 3f55b2ec5033c39c159593c6f5ece667b92f32938b38fcaf58b4b2a98176c1fc |
| SHA512 | 8dcc9cc13322c4504ee49111e1f674809892900709290e58a4e219053b1f78747780e1266e1f4128c0c526c8c37b1a5d1a452eefba2890e3a5190eebe30657ba |
C:\Program Files\7-Zip\Lang\bg.txt
| MD5 | 2d0c8197d84a083ef904f8f5608afe46 |
| SHA1 | 5ae918d2bb3e9337538ef204342c5a1d690c7b02 |
| SHA256 | 62c6f410d011a109abecb79caa24d8aeb98b0046d329d611a4d07e66460eef3f |
| SHA512 | 3243d24bc9fdb59e1964e4be353c10b6e9d4229ef903a5ace9c0cb6e1689403173b11db022ca2244c1ef0f568be95f21915083a8c5b016f07752026d332878a4 |
C:\Program Files\7-Zip\Lang\be.txt
| MD5 | b1dd654e9d8c8c1b001f7b3a15d7b5d3 |
| SHA1 | 5a933ae8204163c90c00d97ba0c589f4d9f3f532 |
| SHA256 | 32071222af04465a3d98bb30e253579aa4beceaeb6b21ac7c15b25f46620bf30 |
| SHA512 | 0137900aeb21f53e4af4027ea15eed7696ed0156577fe6194c2b2097f5fb9d201e7e9d52a51a26ae9a426f8137692154d80676f8705f335fed9ae7e0e1d0a10e |
C:\Program Files\7-Zip\Lang\ba.txt
| MD5 | 387ff78cf5f524fc44640f3025746145 |
| SHA1 | 8480e549d00003de262b54bc342af66049c43d3b |
| SHA256 | 8a85c3fcb5f81157490971ee4f5e6b9e4f80be69a802ebed04e6724ce859713f |
| SHA512 | 7851633ee62c00fa2c68f6f59220a836307e6dde37eae5e5dca3ca254d167e305fe1eb342f93112032dadafe9e9608c97036ac489761f7bdc776a98337152344 |
C:\Program Files\7-Zip\Lang\az.txt
| MD5 | 3c297fbe9b1ed5582beabfc112b55523 |
| SHA1 | c605c20acf399a90ac9937935b4dbdb64fad9c9f |
| SHA256 | 055ec86aed86abbdbd52d8e99fec6e868d073a6df92c60225add16676994c314 |
| SHA512 | 417984a749471770157c44737ee76bfd3655ef855956be797433dadc2a71e12359454cc817b5c31c6af811067d658429a8706e15625bf4ca9f0db7586f0ae183 |
C:\Program Files\7-Zip\Lang\ar.txt
| MD5 | 5747381dc970306051432b18fb2236f2 |
| SHA1 | 20c65850073308e498b63e5937af68b2e21c66f3 |
| SHA256 | 85a26c7b59d6d9932f71518ccd03eceeba42043cb1707719b72bfc348c1c1d72 |
| SHA512 | 3306e15b2c9bb2751b626f6f726de0bcafdc41487ba11fabfcef0a6a798572b29f2ee95384ff347b3b83b310444aaeec23e12bb3ddd7567222a0dd275b0180ff |
C:\Program Files\7-Zip\7zFM.exe
| MD5 | 5764deed342ca47eb4b97ae94eedc524 |
| SHA1 | e9cbefd32e5ddd0d914e98cfb0df2592bebc5987 |
| SHA256 | c5c7ad094ad71d8784c8b0990bf37a55ffc7c7ab77866286d77b7b6721943e4f |
| SHA512 | 6809130394a683c56a0245906d709b2289a631f630055d5e6161b001e216d58045d314b0148512d8c01f0c2bf5f9f16e93fa7d61ab3d24beab4f9c3d4db13c18 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5f913802b16f5e3aa928e6487db99af2 |
| SHA1 | 01fd3cfc002661ddead95097903bd94ccc3c0485 |
| SHA256 | fb87ab6504f6eb035f40e86a4f3d9b38c99c3b8e48087b13f3506c35a0a5d549 |
| SHA512 | 28cb74193ef30e2eac9720b5efc1e6034a2499406942f7897a5642768e33724cebb92e7664464cfcb54778272b3217d60ff8ea5d3f29f25df5a810061c47c89c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | a450b346c7f81262db2468e8bdc6b567 |
| SHA1 | 7eb04ce0661b660caf60eec843290cfa487e9ea2 |
| SHA256 | aa0bce708614713210cbe6e28bdbd44a7cf44ab94f286839134bd72b85ffc1fb |
| SHA512 | 39fadc7504a920dc0de4c3a9a3ab93ee3349305a909978b38d5a40a65f81568a565c28f3b96530462e3950f3acb49b986f930762107aab16d163a9ccb48e6964 |
C:\Users\Admin\AppData\Local\Temp\7zE8476FEAA\EcoH Client\data\shader\vulkan\spritemulti.frag.spv
| MD5 | c40ce2c551aac2dd72a74b67dd7644fe |
| SHA1 | 2bcea92975d2bb4d5853a2bc20fcd0c9dd9ffa60 |
| SHA256 | 2f91be33933bdbd054b251ffe7b4c0843b73b443ce0505d9d6f1ac94760b2ea1 |
| SHA512 | e59d461dc9d11516b892e58cc7faf35a5d30190aab43d5cc330b419f6803005d2dd086c7eb0903f39aeac09f10282f62a64ba14a49d621677c578b76d66048b6 |
memory/1256-2502-0x0000018C64580000-0x0000018C64581000-memory.dmp
memory/1256-2501-0x0000018C64570000-0x0000018C64571000-memory.dmp
memory/1256-2506-0x0000018C64580000-0x0000018C64581000-memory.dmp
memory/1256-2514-0x0000018C64580000-0x0000018C64581000-memory.dmp
memory/1256-2536-0x0000018C64580000-0x0000018C64581000-memory.dmp
memory/1256-2538-0x0000018C64580000-0x0000018C64581000-memory.dmp
memory/1256-2534-0x0000018C64580000-0x0000018C64581000-memory.dmp
memory/1256-2532-0x0000018C64580000-0x0000018C64581000-memory.dmp
memory/1256-2530-0x0000018C64580000-0x0000018C64581000-memory.dmp
memory/1256-2528-0x0000018C64580000-0x0000018C64581000-memory.dmp
memory/1256-2526-0x0000018C64580000-0x0000018C64581000-memory.dmp
memory/1256-2524-0x0000018C64580000-0x0000018C64581000-memory.dmp
memory/1256-2522-0x0000018C64580000-0x0000018C64581000-memory.dmp
memory/1256-2520-0x0000018C64580000-0x0000018C64581000-memory.dmp
memory/1256-2518-0x0000018C64580000-0x0000018C64581000-memory.dmp
memory/1256-2516-0x0000018C64580000-0x0000018C64581000-memory.dmp
memory/1256-2512-0x0000018C64580000-0x0000018C64581000-memory.dmp
memory/1256-2510-0x0000018C64580000-0x0000018C64581000-memory.dmp
memory/1256-2508-0x0000018C64580000-0x0000018C64581000-memory.dmp
memory/1256-2504-0x0000018C64580000-0x0000018C64581000-memory.dmp
memory/1256-2540-0x0000018C64580000-0x0000018C64581000-memory.dmp
memory/1256-2542-0x0000018C64580000-0x0000018C64581000-memory.dmp
memory/1256-2544-0x0000018C64580000-0x0000018C64581000-memory.dmp
memory/1256-2546-0x0000018C64580000-0x0000018C64581000-memory.dmp
memory/1256-2548-0x0000018C64580000-0x0000018C64581000-memory.dmp
memory/1256-2550-0x0000018C64580000-0x0000018C64581000-memory.dmp
memory/1256-2552-0x0000018C64580000-0x0000018C64581000-memory.dmp
memory/1256-2554-0x0000018C64580000-0x0000018C64581000-memory.dmp
memory/1256-2556-0x0000018C64580000-0x0000018C64581000-memory.dmp
memory/1256-2558-0x0000018C64580000-0x0000018C64581000-memory.dmp
memory/1256-2560-0x0000018C64580000-0x0000018C64581000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 7db36caad14d3175b0ff5215ee73f1b1 |
| SHA1 | f6cde00609610ccaea6d9f2de19257f8b15c6bd9 |
| SHA256 | e5479a7a585f4a7bccfb3a068341e06c27dcb1fbf1078a0439df2fce5a0cb7db |
| SHA512 | 2b4eb4e833cc4443c0938d669feb45da57a616f622ca53289057b9e90e73fe9018c2384d8abb7eaee189b9dd0bb0076dd9822f33d9aba992233799f7ed8af76b |
Analysis: behavioral24
Detonation Overview
Submitted
2024-06-18 15:00
Reported
2024-06-18 15:04
Platform
win11-20240508-en
Max time kernel
124s
Max time network
139s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\EcoH Client\map_convert_07.exe
"C:\Users\Admin\AppData\Local\Temp\EcoH Client\map_convert_07.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
memory/2404-2-0x00007FFD44240000-0x00007FFD4428D000-memory.dmp
memory/2404-5-0x0000000062E80000-0x0000000062EA6000-memory.dmp
memory/2404-4-0x00007FFD4AB20000-0x00007FFD4AB2E000-memory.dmp
memory/2404-3-0x0000000064940000-0x0000000064955000-memory.dmp
memory/2404-1-0x00007FFD44410000-0x00007FFD4449A000-memory.dmp
memory/2404-0-0x00007FF75B060000-0x00007FF75B219000-memory.dmp
Analysis: behavioral30
Detonation Overview
Submitted
2024-06-18 15:00
Reported
2024-06-18 15:03
Platform
win11-20240611-en
Max time kernel
88s
Max time network
94s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\EcoH Client\swresample-4.dll",#1
Network
Files
Analysis: behavioral31
Detonation Overview
Submitted
2024-06-18 15:00
Reported
2024-06-18 15:03
Platform
win11-20240419-en
Max time kernel
129s
Max time network
146s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\EcoH Client\swscale-7.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral32
Detonation Overview
Submitted
2024-06-18 15:00
Reported
2024-06-18 15:04
Platform
win11-20240508-en
Max time kernel
143s
Max time network
154s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\EcoH Client\symsrv.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-18 15:00
Reported
2024-06-18 15:03
Platform
win11-20240611-en
Max time kernel
147s
Max time network
153s
Command Line
Signatures
Loads dropped DLL
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\EcoH Client\Eco-H Revival.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3768 wrote to memory of 1500 | N/A | C:\Users\Admin\AppData\Local\Temp\EcoH Client\Eco-H Revival.exe | C:\Users\Admin\AppData\Local\Temp\EcoH Client\Eco-H Revival.exe |
| PID 3768 wrote to memory of 1500 | N/A | C:\Users\Admin\AppData\Local\Temp\EcoH Client\Eco-H Revival.exe | C:\Users\Admin\AppData\Local\Temp\EcoH Client\Eco-H Revival.exe |
| PID 1500 wrote to memory of 832 | N/A | C:\Users\Admin\AppData\Local\Temp\EcoH Client\Eco-H Revival.exe | C:\Windows\system32\cmd.exe |
| PID 1500 wrote to memory of 832 | N/A | C:\Users\Admin\AppData\Local\Temp\EcoH Client\Eco-H Revival.exe | C:\Windows\system32\cmd.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\EcoH Client\Eco-H Revival.exe
"C:\Users\Admin\AppData\Local\Temp\EcoH Client\Eco-H Revival.exe"
C:\Users\Admin\AppData\Local\Temp\EcoH Client\Eco-H Revival.exe
"C:\Users\Admin\AppData\Local\Temp\EcoH Client\Eco-H Revival.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | transfer.sh | udp |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\_MEI37682\python310.dll
| MD5 | c80b5cb43e5fe7948c3562c1fff1254e |
| SHA1 | f73cb1fb9445c96ecd56b984a1822e502e71ab9d |
| SHA256 | 058925e4bbfcb460a3c00ec824b8390583baef0c780a7c7ff01d43d9eec45f20 |
| SHA512 | faa97a9d5d2a0bf78123f19f8657c24921b907268938c26f79e1df6d667f7bee564259a3a11022e8629996406cda9fa00434bb2b1de3e10b9bddc59708dbad81 |
C:\Users\Admin\AppData\Local\Temp\_MEI37682\VCRUNTIME140.dll
| MD5 | f12681a472b9dd04a812e16096514974 |
| SHA1 | 6fd102eb3e0b0e6eef08118d71f28702d1a9067c |
| SHA256 | d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8 |
| SHA512 | 7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2 |
C:\Users\Admin\AppData\Local\Temp\_MEI37682\base_library.zip
| MD5 | 0239a8c77b984b0e64042cff9320e51d |
| SHA1 | 86ce543744a1cf87ea0df46617e11a53fab5a6d3 |
| SHA256 | e3a2a9396e764876d50b94db11447e14fd1c91514ecc289e3c762e48af6362d9 |
| SHA512 | 7010751f3e4c3ab7a4a5f041ab89e488a230b3f55ead8b32550bd20b5c921e0f17ab6b1eba3c8f8ff6806d58af9e3e04c64120c0c4d0048b31b3438802d7f782 |
C:\Users\Admin\AppData\Local\Temp\_MEI37682\_ctypes.pyd
| MD5 | 87596db63925dbfe4d5f0f36394d7ab0 |
| SHA1 | ad1dd48bbc078fe0a2354c28cb33f92a7e64907e |
| SHA256 | 92d7954d9099762d81c1ae2836c11b6ba58c1883fde8eeefe387cc93f2f6afb4 |
| SHA512 | e6d63e6fe1c3bd79f1e39cb09b6f56589f0ee80fd4f4638002fe026752bfa65457982adbef13150fa2f36e68771262d9378971023e07a75d710026ed37e83d7b |
C:\Users\Admin\AppData\Local\Temp\_MEI37682\python3.DLL
| MD5 | 07bd9f1e651ad2409fd0b7d706be6071 |
| SHA1 | dfeb2221527474a681d6d8b16a5c378847c59d33 |
| SHA256 | 5d78cd1365ea9ae4e95872576cfa4055342f1e80b06f3051cf91d564b6cd09f5 |
| SHA512 | def31d2df95cb7999ce1f55479b2ff7a3cb70e9fc4778fc50803f688448305454fbbf82b5a75032f182dff663a6d91d303ef72e3d2ca9f2a1b032956ec1a0e2a |
C:\Users\Admin\AppData\Local\Temp\_MEI37682\libffi-7.dll
| MD5 | eef7981412be8ea459064d3090f4b3aa |
| SHA1 | c60da4830ce27afc234b3c3014c583f7f0a5a925 |
| SHA256 | f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081 |
| SHA512 | dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016 |
C:\Users\Admin\AppData\Local\Temp\_MEI37682\select.pyd
| MD5 | adc412384b7e1254d11e62e451def8e9 |
| SHA1 | 04e6dff4a65234406b9bc9d9f2dcfe8e30481829 |
| SHA256 | 68b80009ab656ffe811d680585fac3d4f9c1b45f29d48c67ea2b3580ec4d86a1 |
| SHA512 | f250f1236882668b2686bd42e1c334c60da7abec3a208ebebdee84a74d7c4c6b1bc79eed7241bc7012e4ef70a6651a32aa00e32a83f402475b479633581e0b07 |
C:\Users\Admin\AppData\Local\Temp\_MEI37682\_pytransform.dll
| MD5 | 35b49ccb0516cb0e1180e95aa657aaa9 |
| SHA1 | f6e4c4a993dbaa276f321d7135f96c8df522eef8 |
| SHA256 | dcc65393ae46df9d5721ad167c227019631325e744226e4285ef9bb295a7cfb1 |
| SHA512 | 921bc6d1c3be4f87b53697fa17ccaa488e31162322aef5fa256c8f79b5566c488d4485bc0fc4102f69b14a59b0711449ee18e52b3c671ccefa7efd6e0848a09a |
memory/1500-120-0x0000021C9D680000-0x0000021C9D681000-memory.dmp
memory/1500-118-0x0000021C9D680000-0x0000021C9D681000-memory.dmp
memory/1500-116-0x0000021C9D680000-0x0000021C9D681000-memory.dmp
memory/1500-114-0x0000021C9D680000-0x0000021C9D681000-memory.dmp
memory/1500-112-0x0000021C9D680000-0x0000021C9D681000-memory.dmp
memory/1500-110-0x0000021C9D680000-0x0000021C9D681000-memory.dmp
memory/1500-108-0x0000021C9D680000-0x0000021C9D681000-memory.dmp
memory/1500-106-0x0000021C9D680000-0x0000021C9D681000-memory.dmp
memory/1500-104-0x0000021C9D680000-0x0000021C9D681000-memory.dmp
memory/1500-102-0x0000021C9D680000-0x0000021C9D681000-memory.dmp
memory/1500-100-0x0000021C9D680000-0x0000021C9D681000-memory.dmp
memory/1500-98-0x0000021C9D680000-0x0000021C9D681000-memory.dmp
memory/1500-96-0x0000021C9D680000-0x0000021C9D681000-memory.dmp
memory/1500-94-0x0000021C9D680000-0x0000021C9D681000-memory.dmp
memory/1500-92-0x0000021C9D680000-0x0000021C9D681000-memory.dmp
memory/1500-90-0x0000021C9D680000-0x0000021C9D681000-memory.dmp
memory/1500-88-0x0000021C9D680000-0x0000021C9D681000-memory.dmp
memory/1500-86-0x0000021C9D680000-0x0000021C9D681000-memory.dmp
memory/1500-84-0x0000021C9D680000-0x0000021C9D681000-memory.dmp
memory/1500-82-0x0000021C9D680000-0x0000021C9D681000-memory.dmp
memory/1500-80-0x0000021C9D680000-0x0000021C9D681000-memory.dmp
memory/1500-78-0x0000021C9D680000-0x0000021C9D681000-memory.dmp
memory/1500-76-0x0000021C9D680000-0x0000021C9D681000-memory.dmp
memory/1500-74-0x0000021C9D680000-0x0000021C9D681000-memory.dmp
memory/1500-72-0x0000021C9D680000-0x0000021C9D681000-memory.dmp
memory/1500-70-0x0000021C9D680000-0x0000021C9D681000-memory.dmp
memory/1500-68-0x0000021C9D680000-0x0000021C9D681000-memory.dmp
memory/1500-66-0x0000021C9D680000-0x0000021C9D681000-memory.dmp
memory/1500-64-0x0000021C9D680000-0x0000021C9D681000-memory.dmp
memory/1500-62-0x0000021C9D680000-0x0000021C9D681000-memory.dmp
memory/1500-60-0x0000021C9D680000-0x0000021C9D681000-memory.dmp
memory/1500-58-0x0000021C9D680000-0x0000021C9D681000-memory.dmp
memory/1500-57-0x0000021C9D670000-0x0000021C9D671000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI37682\_socket.pyd
| MD5 | e137df498c120d6ac64ea1281bcab600 |
| SHA1 | b515e09868e9023d43991a05c113b2b662183cfe |
| SHA256 | 8046bf64e463d5aa38d13525891156131cf997c2e6cdf47527bc352f00f5c90a |
| SHA512 | cc2772d282b81873aa7c5cba5939d232cceb6be0908b211edb18c25a17cbdb5072f102c0d6b7bc9b6b2f1f787b56ab1bc9be731bb9e98885c17e26a09c2beb90 |
C:\Users\Admin\AppData\Local\Temp\_MEI37682\_lzma.pyd
| MD5 | b5fbc034ad7c70a2ad1eb34d08b36cf8 |
| SHA1 | 4efe3f21be36095673d949cceac928e11522b29c |
| SHA256 | 80a6ebe46f43ffa93bbdbfc83e67d6f44a44055de1439b06e4dd2983cb243df6 |
| SHA512 | e7185da748502b645030c96d3345d75814ba5fd95a997c2d1c923d981c44d5b90db64faf77ddbbdc805769af1bec37daf0ecee0930a248b67a1c2d92b59c250c |
C:\Users\Admin\AppData\Local\Temp\_MEI37682\libssl-1_1.dll
| MD5 | de72697933d7673279fb85fd48d1a4dd |
| SHA1 | 085fd4c6fb6d89ffcc9b2741947b74f0766fc383 |
| SHA256 | ed1c8769f5096afd000fc730a37b11177fcf90890345071ab7fbceac684d571f |
| SHA512 | 0fd4678c65da181d7c27b19056d5ab0e5dd0e9714e9606e524cdad9e46ec4d0b35fe22d594282309f718b30e065f6896674d3edce6b3b0c8eb637a3680715c2c |
C:\Users\Admin\AppData\Local\Temp\_MEI37682\VCRUNTIME140_1.dll
| MD5 | 75e78e4bf561031d39f86143753400ff |
| SHA1 | 324c2a99e39f8992459495182677e91656a05206 |
| SHA256 | 1758085a61527b427c4380f0c976d29a8bee889f2ac480c356a3f166433bf70e |
| SHA512 | ce4daf46bce44a89d21308c63e2de8b757a23be2630360209c4a25eb13f1f66a04fbb0a124761a33bbf34496f2f2a02b8df159b4b62f1b6241e1dbfb0e5d9756 |
C:\Users\Admin\AppData\Local\Temp\_MEI37682\MSVCP140.dll
| MD5 | 1ba6d1cf0508775096f9e121a24e5863 |
| SHA1 | df552810d779476610da3c8b956cc921ed6c91ae |
| SHA256 | 74892d9b4028c05debaf0b9b5d9dc6d22f7956fa7d7eee00c681318c26792823 |
| SHA512 | 9887d9f5838aa1555ea87968e014edfe2f7747f138f1b551d1f609bc1d5d8214a5fdab0d76fcac98864c1da5eb81405ca373b2a30cb12203c011d89ea6d069af |
C:\Users\Admin\AppData\Local\Temp\_MEI37682\_brotli.cp310-win_amd64.pyd
| MD5 | 6d44fd95c62c6415999ebc01af40574b |
| SHA1 | a5aee5e107d883d1490257c9702913c12b49b22a |
| SHA256 | 58bacb135729a70102356c2d110651f1735bf40a602858941e13bdeabfacab4a |
| SHA512 | 59b6c07079f979ad4a27ec394eab3fdd2d2d15d106544246fe38f4eb1c9e12672f11d4a8efb5a2a508690ce2677edfac85eb793e2f6a5f8781b258c421119ff3 |
C:\Users\Admin\AppData\Local\Temp\_MEI37682\libcrypto-1_1.dll
| MD5 | ab01c808bed8164133e5279595437d3d |
| SHA1 | 0f512756a8db22576ec2e20cf0cafec7786fb12b |
| SHA256 | 9c0a0a11629cced6a064932e95a0158ee936739d75a56338702fed97cb0bad55 |
| SHA512 | 4043cda02f6950abdc47413cfd8a0ba5c462f16bcd4f339f9f5a690823f4d0916478cab5cae81a3d5b03a8a196e17a716b06afee3f92dec3102e3bbc674774f2 |
C:\Users\Admin\AppData\Local\Temp\_MEI37682\_ssl.pyd
| MD5 | 35f66ad429cd636bcad858238c596828 |
| SHA1 | ad4534a266f77a9cdce7b97818531ce20364cb65 |
| SHA256 | 58b772b53bfe898513c0eb264ae4fa47ed3d8f256bc8f70202356d20f9ecb6dc |
| SHA512 | 1cca8e6c3a21a8b05cc7518bd62c4e3f57937910f2a310e00f13f60f6a94728ef2004a2f4a3d133755139c3a45b252e6db76987b6b78bc8269a21ad5890356ad |
C:\Users\Admin\AppData\Local\Temp\_MEI37682\_hashlib.pyd
| MD5 | 49ce7a28e1c0eb65a9a583a6ba44fa3b |
| SHA1 | dcfbee380e7d6c88128a807f381a831b6a752f10 |
| SHA256 | 1be5cfd06a782b2ae8e4629d9d035cbc487074e8f63b9773c85e317be29c0430 |
| SHA512 | cf1f96d6d61ecb2997bb541e9eda7082ef4a445d3dd411ce6fd71b0dfe672f4dfaddf36ae0fb7d5f6d1345fbd90c19961a8f35328332cdaa232f322c0bf9a1f9 |
C:\Users\Admin\AppData\Local\Temp\_MEI37682\zstandard\backend_c.cp310-win_amd64.pyd
| MD5 | 4ec296c5608d46afdb37048b920a676b |
| SHA1 | c94c21c9e9621940f59bcec2f6a576a991b42a03 |
| SHA256 | a0f31c62e0c1b25857330afa3d8c23b68d2e2b1d18ffc6d69ffb3db481fae40d |
| SHA512 | 7c49668bc1e9cca2b07533ae7e1dfac27a6c660ddb33553b0300a3946188d32e471bcae1c1cc203388b21265bdcf04fcbfae94c767537dca5f3dc8d17be34e24 |
C:\Users\Admin\AppData\Local\Temp\_MEI37682\_queue.pyd
| MD5 | 23f4becf6a1df36aee468bb0949ac2bc |
| SHA1 | a0e027d79a281981f97343f2d0e7322b9fe9b441 |
| SHA256 | 09c5faf270fd63bde6c45cc53b05160262c7ca47d4c37825ed3e15d479daee66 |
| SHA512 | 3ee5b3b7583be1408c0e1e1c885512445a7e47a69ff874508e8f0a00a66a40a0e828ce33e6f30ddc3ac518d69e4bb96c8b36011fb4ededf9a9630ef98a14893b |
C:\Users\Admin\AppData\Local\Temp\_MEI37682\_bz2.pyd
| MD5 | a4b636201605067b676cc43784ae5570 |
| SHA1 | e9f49d0fc75f25743d04ce23c496eb5f89e72a9a |
| SHA256 | f178e29921c04fb68cc08b1e5d1181e5df8ce1de38a968778e27990f4a69973c |
| SHA512 | 02096bc36c7a9ecfa1712fe738b5ef8b78c6964e0e363136166657c153727b870a6a44c1e1ec9b81289d1aa0af9c85f1a37b95b667103edc2d3916280b6a9488 |
C:\Users\Admin\AppData\Local\Temp\_MEI37682\unicodedata.pyd
| MD5 | 102bbbb1f33ce7c007aac08fe0a1a97e |
| SHA1 | 9a8601bea3e7d4c2fa6394611611cda4fc76e219 |
| SHA256 | 2cf6c5dea30bb0584991b2065c052c22d258b6e15384447dcea193fdcac5f758 |
| SHA512 | a07731f314e73f7a9ea73576a89ccb8a0e55e53f9b5b82f53121b97b1814d905b17a2da9bd2eda9f9354fc3f15e3dea7a613d7c9bc98c36bba653743b24dfc32 |
C:\Users\Admin\AppData\Local\Temp\_MEI37682\certifi\cacert.pem
| MD5 | 3dcd08b803fbb28231e18b5d1eef4258 |
| SHA1 | b81ea40b943cd8a0c341f3a13e5bc05090b5a72a |
| SHA256 | de2fa17c4d8ae68dc204a1b6b58b7a7a12569367cfeb8a3a4e1f377c73e83e9e |
| SHA512 | 9cc7106e921fbcf8c56745b38051a5a56154c600e3c553f2e64d93ec988c88b17f6d49698bdc18e3aa57ae96a79ee2c08c584c7c4c91cc6ea72db3dca6ccc2f5 |
Analysis: behavioral6
Detonation Overview
Submitted
2024-06-18 15:00
Reported
2024-06-18 15:04
Platform
win11-20240419-en
Max time kernel
132s
Max time network
149s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\EcoH Client\avutil-58.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
memory/3144-1-0x0000000064940000-0x0000000064955000-memory.dmp
memory/3144-0-0x00007FFB81EB0000-0x00007FFB820B4000-memory.dmp
Analysis: behavioral9
Detonation Overview
Submitted
2024-06-18 15:00
Reported
2024-06-18 15:04
Platform
win11-20240611-en
Max time kernel
12s
Max time network
117s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\EcoH Client\config_store.exe
"C:\Users\Admin\AppData\Local\Temp\EcoH Client\config_store.exe"
Network
Files
memory/2904-4-0x0000000062E80000-0x0000000062EA6000-memory.dmp
memory/2904-3-0x00007FFD48270000-0x00007FFD482FA000-memory.dmp
memory/2904-1-0x00007FFD4E850000-0x00007FFD4E85E000-memory.dmp
memory/2904-2-0x0000000064940000-0x0000000064955000-memory.dmp
memory/2904-0-0x00007FF7A2420000-0x00007FF7A2515000-memory.dmp
Analysis: behavioral23
Detonation Overview
Submitted
2024-06-18 15:00
Reported
2024-06-18 15:04
Platform
win11-20240611-en
Max time kernel
147s
Max time network
156s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\EcoH Client\libwinpthread-1.dll",#1