Analysis Overview
Threat Level: Known bad
The file https://www.mediafire.com/folder/vkqbd2erubvi9/JV-Sender was found to be: Known bad.
Malicious Activity Summary
njRAT/Bladabindi
Modifies Windows Firewall
Command and Scripting Interpreter: PowerShell
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Hide Artifacts: Hidden Window
Adds Run key to start application
Browser Information Discovery
Event Triggered Execution: Netsh Helper DLL
Detects Pyinstaller
Enumerates physical storage devices
Enumerates system info in registry
Opens file in notepad (likely ransom note)
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Kills process with taskkill
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-31 12:42
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-31 12:42
Reported
2024-08-31 12:47
Platform
win10v2004-20240802-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
njRAT/Bladabindi
Command and Scripting Interpreter: PowerShell
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\netsh.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\JV-Sender\JV-Sender\script.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\version.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\JV-Sender\JV-Sender\script.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\JV-Sender\JV-Sender\script.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Corporation Security = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\svchost.exe" | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Corporation Security = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\svchost.exe" | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Corporation Security = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\svchost.exe" | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Corporation Security = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\svchost.exe" | C:\Users\Admin\AppData\Local\Temp\Setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Explorer = "\"C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\explorer.exe\" ." | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\explorer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Explorer = "\"C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\explorer.exe\" ." | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\explorer.exe | N/A |
Hide Artifacts: Hidden Window
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\cmd.exe | N/A |
| N/A | N/A | C:\Windows\System32\cmd.exe | N/A |
| N/A | N/A | C:\Windows\System32\cmd.exe | N/A |
| N/A | N/A | C:\Windows\System32\cmd.exe | N/A |
| N/A | N/A | C:\Windows\System32\cmd.exe | N/A |
| N/A | N/A | C:\Windows\System32\cmd.exe | N/A |
| N/A | N/A | C:\Windows\System32\cmd.exe | N/A |
| N/A | N/A | C:\Windows\System32\cmd.exe | N/A |
Browser Information Discovery
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\SYSTEM32\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\SYSTEM32\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\SYSTEM32\netsh.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/folder/vkqbd2erubvi9/JV-Sender
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa198346f8,0x7ffa19834708,0x7ffa19834718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,12765556321459505791,13706584102162669881,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,12765556321459505791,13706584102162669881,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,12765556321459505791,13706584102162669881,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12765556321459505791,13706584102162669881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12765556321459505791,13706584102162669881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,12765556321459505791,13706584102162669881,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5732 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,12765556321459505791,13706584102162669881,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5732 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12765556321459505791,13706584102162669881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12765556321459505791,13706584102162669881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12765556321459505791,13706584102162669881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12765556321459505791,13706584102162669881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12765556321459505791,13706584102162669881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12765556321459505791,13706584102162669881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12765556321459505791,13706584102162669881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12765556321459505791,13706584102162669881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12765556321459505791,13706584102162669881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12765556321459505791,13706584102162669881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12765556321459505791,13706584102162669881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,12765556321459505791,13706584102162669881,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7304 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12765556321459505791,13706584102162669881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12765556321459505791,13706584102162669881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12765556321459505791,13706584102162669881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12765556321459505791,13706584102162669881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,12765556321459505791,13706584102162669881,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12765556321459505791,13706584102162669881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12765556321459505791,13706584102162669881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12765556321459505791,13706584102162669881,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12765556321459505791,13706584102162669881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12765556321459505791,13706584102162669881,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Password.txt
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,12765556321459505791,13706584102162669881,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\JV-Sender\" -ad -an -ai#7zMap9092:80:7zEvent8788
C:\Users\Admin\Downloads\JV-Sender\JV-Sender\script.exe
"C:\Users\Admin\Downloads\JV-Sender\JV-Sender\script.exe"
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\Downloads\JV-Sender\JV-Sender\script .exe
"C:\Users\Admin\Downloads\JV-Sender\JV-Sender\script .exe"
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe"
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe"
C:\Users\Admin\Downloads\JV-Sender\JV-Sender\script .exe
"C:\Users\Admin\Downloads\JV-Sender\JV-Sender\script .exe"
C:\Users\Admin\Downloads\JV-Sender\JV-Sender\script.exe
"C:\Users\Admin\Downloads\JV-Sender\JV-Sender\script.exe"
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\Downloads\JV-Sender\JV-Sender\script .exe
"C:\Users\Admin\Downloads\JV-Sender\JV-Sender\script .exe"
C:\Users\Admin\Downloads\JV-Sender\JV-Sender\script .exe
"C:\Users\Admin\Downloads\JV-Sender\JV-Sender\script .exe"
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\JV-Sender\JV-Sender\configuration\subjects.txt
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\JV-Sender\JV-Sender\configuration\mailist.txt
\??\c:\windows\system32\cmstp.exe
"c:\windows\system32\cmstp.exe" /au C:\Users\Admin\AppData\Local\Temp\gqvcwh5k.inf
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\version.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\version.exe
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c PowerShell.exe -windowstyle hidden Add-Mppreference -ExclusionPath C:\Users\Admin\AppData\Roaming\Microsoft\Windows\explorer.exe
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c PowerShell.exe -windowstyle hidden Add-Mppreference -ExclusionPath C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cortana.exe
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c PowerShell.exe -windowstyle hidden Add-Mppreference -ExclusionPath C:\Users\Admin\AppData\Roaming\Microsoft\Windows\OneDrive.exe
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c PowerShell.exe -windowstyle hidden Add-Mppreference -ExclusionPath C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c PowerShell.exe -windowstyle hidden Add-Mppreference -ExclusionPath C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SystemSettings.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PowerShell.exe -windowstyle hidden Add-Mppreference -ExclusionPath C:\Users\Admin\AppData\Roaming\Microsoft\Windows\explorer.exe
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c PowerShell.exe -windowstyle hidden Add-Mppreference -ExclusionPath C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Taskmgr.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PowerShell.exe -windowstyle hidden Add-Mppreference -ExclusionPath C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cortana.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PowerShell.exe -windowstyle hidden Add-Mppreference -ExclusionPath C:\Users\Admin\AppData\Roaming\Microsoft\Windows\OneDrive.exe
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c PowerShell.exe -windowstyle hidden Add-Mppreference -ExclusionPath C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\msedge.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PowerShell.exe -windowstyle hidden Add-Mppreference -ExclusionPath C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c PowerShell.exe -windowstyle hidden Add-Mppreference -ExclusionPath C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\SystemSettingsBroker.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PowerShell.exe -windowstyle hidden Add-Mppreference -ExclusionPath C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SystemSettings.exe
C:\Windows\system32\taskkill.exe
taskkill /IM cmstp.exe /F
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PowerShell.exe -windowstyle hidden Add-Mppreference -ExclusionPath C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Taskmgr.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PowerShell.exe -windowstyle hidden Add-Mppreference -ExclusionPath C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\msedge.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PowerShell.exe -windowstyle hidden Add-Mppreference -ExclusionPath C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\SystemSettingsBroker.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\explorer.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\explorer.exe"
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe"
C:\Windows\SYSTEM32\netsh.exe
netsh firewall add allowedprogram "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\explorer.exe" "explorer.exe" ENABLE
C:\Users\Admin\Downloads\JV-Sender\JV-Sender\script.exe
"C:\Users\Admin\Downloads\JV-Sender\JV-Sender\script.exe"
C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
C:\Users\Admin\Downloads\JV-Sender\JV-Sender\script .exe
"C:\Users\Admin\Downloads\JV-Sender\JV-Sender\script .exe"
C:\Users\Admin\Downloads\JV-Sender\JV-Sender\script .exe
"C:\Users\Admin\Downloads\JV-Sender\JV-Sender\script .exe"
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 104.17.151.117:443 | www.mediafire.com | tcp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.10:443 | ajax.googleapis.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 117.151.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| GB | 18.154.84.84:443 | cdn.amplitude.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| DE | 185.60.217.28:443 | connect.facebook.net | tcp |
| GB | 172.217.169.14:443 | translate.google.com | tcp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.84.154.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.217.60.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 52.36.149.0:443 | api.amplitude.com | tcp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| GB | 172.217.16.234:443 | translate.googleapis.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | 0.149.36.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 173.194.76.155:443 | stats.g.doubleclick.net | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.76.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.221.240.157.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| GB | 172.217.16.234:443 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 104.21.42.32:443 | the.gatekeeperconsent.com | tcp |
| US | 104.22.74.216:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | www.ezojs.com | udp |
| US | 104.22.74.216:443 | btloader.com | tcp |
| GB | 172.217.169.14:443 | translate.google.com | udp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.21.63.106:443 | www.ezojs.com | tcp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | tcp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | cdn.otnolatrnup.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| US | 104.16.52.110:443 | cdn.otnolatrnup.com | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | 32.42.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.74.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.63.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.199.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.79.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | go.ezodn.com | udp |
| US | 8.8.8.8:53 | www.mediafiredls.com | udp |
| US | 172.67.142.121:443 | go.ezodn.com | tcp |
| US | 172.67.142.121:443 | go.ezodn.com | tcp |
| US | 172.67.142.121:443 | go.ezodn.com | tcp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 104.26.3.173:443 | www.mediafiredls.com | tcp |
| US | 172.67.142.121:443 | go.ezodn.com | tcp |
| US | 172.67.142.121:443 | go.ezodn.com | tcp |
| US | 172.67.142.121:443 | go.ezodn.com | tcp |
| US | 8.8.8.8:53 | g.ezodn.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| GB | 216.58.212.194:443 | securepubads.g.doubleclick.net | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 8.8.8.8:53 | bshr.ezodn.com | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 172.67.142.121:443 | bshr.ezodn.com | tcp |
| GB | 18.245.143.118:443 | tags.crwdcntrl.net | tcp |
| IE | 54.229.219.223:443 | ad.crwdcntrl.net | tcp |
| IE | 54.171.4.236:443 | ad.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.212.194:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 110.52.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.2.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.187.37.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.142.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.3.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.143.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.219.229.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.4.171.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | id.a-mx.com | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | api.rlcdn.com | udp |
| US | 8.8.8.8:53 | id.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| US | 8.8.8.8:53 | cdn.prod.uidapi.com | udp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | tcp |
| US | 3.33.220.150:443 | match.adsrvr.org | tcp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 172.67.38.106:443 | cdn.id5-sync.com | tcp |
| US | 104.22.4.69:443 | id.hadron.ad.gt | tcp |
| GB | 18.245.255.11:443 | cdn.prod.uidapi.com | tcp |
| US | 104.18.35.167:443 | cdn-ima.33across.com | tcp |
| US | 8.8.8.8:53 | 229.193.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.38.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.220.33.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.4.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.35.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.255.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | fastlane.rubiconproject.com | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| GB | 108.138.217.48:443 | hb.yellowblue.io | tcp |
| IE | 54.194.230.142:443 | ap.lijit.com | tcp |
| DE | 51.89.9.254:443 | onetag-sys.com | tcp |
| NL | 185.64.189.112:443 | hbopenbid.pubmatic.com | tcp |
| NL | 147.75.81.235:443 | prebid.a-mo.net | tcp |
| DE | 18.157.230.4:443 | tlx.3lift.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 69.173.156.139:443 | fastlane.rubiconproject.com | tcp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| DE | 51.89.9.254:443 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | d9eb767690df6f70ff9697bf70884547.safeframe.googlesyndication.com | udp |
| GB | 142.250.179.225:443 | d9eb767690df6f70ff9697bf70884547.safeframe.googlesyndication.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| GB | 142.250.200.2:443 | ep1.adtrafficquality.google | tcp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| US | 34.120.133.55:443 | api.rlcdn.com | tcp |
| DE | 79.127.216.47:443 | id.a-mx.com | tcp |
| DE | 141.95.33.120:443 | id5-sync.com | tcp |
| DE | 141.95.33.120:443 | id5-sync.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| DE | 3.71.149.231:443 | ups.analytics.yahoo.com | tcp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.217.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.81.75.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.189.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.230.194.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.9.89.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.230.157.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.146.102.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.70.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.133.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.216.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.33.95.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.149.71.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download937.mediafire.com | udp |
| US | 205.196.121.132:443 | download937.mediafire.com | tcp |
| US | 205.196.121.132:443 | download937.mediafire.com | tcp |
| US | 8.8.8.8:53 | c3.a-mo.net | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| GB | 142.250.180.1:443 | ep2.adtrafficquality.google | tcp |
| DE | 79.127.216.47:443 | c3.a-mo.net | tcp |
| US | 34.120.107.143:443 | oajs.openx.net | tcp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| DE | 162.19.138.119:443 | lb.eu-1-id5-sync.com | tcp |
| US | 34.120.107.143:443 | oajs.openx.net | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | udp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 119.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.107.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.121.196.205.in-addr.arpa | udp |
| US | 34.120.107.143:443 | oajs.openx.net | udp |
| US | 104.16.52.110:80 | otnolatrnup.com | tcp |
| US | 104.16.52.110:80 | otnolatrnup.com | tcp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| US | 35.244.159.8:443 | google-bidout-d.openx.net | tcp |
| US | 8.8.8.8:53 | woreppercomming.com | udp |
| GB | 18.165.227.106:443 | woreppercomming.com | tcp |
| US | 8.8.8.8:53 | www.chancial.com | udp |
| US | 104.21.79.34:443 | www.chancial.com | tcp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.227.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.79.21.104.in-addr.arpa | udp |
| FR | 185.235.86.118:443 | gem.gbc.criteo.com | tcp |
| NL | 185.235.87.30:443 | ag.gbc.criteo.com | tcp |
| US | 8.8.8.8:53 | www.opera.com | udp |
| DE | 18.185.187.50:443 | www.opera.com | tcp |
| US | 8.8.8.8:53 | 118.86.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.87.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.187.185.18.in-addr.arpa | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download2293.mediafire.com | udp |
| US | 199.91.155.34:443 | download2293.mediafire.com | tcp |
| US | 199.91.155.34:443 | download2293.mediafire.com | tcp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| FR | 185.255.84.150:443 | hb-api.omnitagjs.com | tcp |
| US | 8.8.8.8:53 | 34.155.91.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | track.wargaming-aff.com | udp |
| US | 8.8.8.8:53 | 75229caa111691d684a74f5f68335b65.safeframe.googlesyndication.com | udp |
| NL | 35.204.130.99:443 | track.wargaming-aff.com | tcp |
| NL | 35.204.130.99:443 | track.wargaming-aff.com | tcp |
| US | 8.8.8.8:53 | track.wg-aff.com | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| NL | 35.204.130.99:443 | track.wg-aff.com | tcp |
| GB | 172.217.16.234:443 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 37.56.20.217.in-addr.arpa | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | proxy-cheap.blogspot.com | udp |
| GB | 142.250.200.33:443 | proxy-cheap.blogspot.com | tcp |
| GB | 142.250.200.33:443 | proxy-cheap.blogspot.com | tcp |
| US | 8.8.8.8:53 | amazonhost.thedreamsop.com | udp |
| US | 107.180.41.239:80 | amazonhost.thedreamsop.com | tcp |
| US | 107.180.41.239:80 | amazonhost.thedreamsop.com | tcp |
| US | 8.8.8.8:53 | 33.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.41.180.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fun-ruby-4625.lightning.force.com | udp |
| SE | 51.20.147.42:443 | fun-ruby-4625.lightning.force.com | tcp |
| SE | 51.20.147.42:443 | fun-ruby-4625.lightning.force.com | tcp |
| US | 8.8.8.8:53 | 42.147.20.51.in-addr.arpa | udp |
| SE | 51.20.147.42:443 | fun-ruby-4625.lightning.force.com | tcp |
| GB | 142.250.200.33:443 | proxy-cheap.blogspot.com | tcp |
| US | 107.180.41.239:80 | amazonhost.thedreamsop.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| SE | 51.20.147.42:443 | fun-ruby-4625.lightning.force.com | tcp |
| US | 8.8.8.8:53 | acpanel.hackcrack.io | udp |
| US | 147.124.205.158:16164 | acpanel.hackcrack.io | tcp |
| SE | 51.20.147.42:443 | fun-ruby-4625.lightning.force.com | tcp |
| GB | 142.250.200.33:443 | proxy-cheap.blogspot.com | tcp |
| US | 107.180.41.239:80 | amazonhost.thedreamsop.com | tcp |
| SE | 51.20.147.42:443 | fun-ruby-4625.lightning.force.com | tcp |
| SE | 51.20.147.42:443 | fun-ruby-4625.lightning.force.com | tcp |
| SE | 51.20.147.42:443 | fun-ruby-4625.lightning.force.com | tcp |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 27304926d60324abe74d7a4b571c35ea |
| SHA1 | 78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1 |
| SHA256 | 7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de |
| SHA512 | f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd |
\??\pipe\LOCAL\crashpad_1624_VQGZVLNUXSKDPQCP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9e3fc58a8fb86c93d19e1500b873ef6f |
| SHA1 | c6aae5f4e26f5570db5e14bba8d5061867a33b56 |
| SHA256 | 828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4 |
| SHA512 | e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 693c2b7494bdd13eb7a148cf84912dc1 |
| SHA1 | 9868670c4c552feb40aa7e92969581727c4de4cc |
| SHA256 | 02c3dc532c0e6929f0bf867417ac8b9c6880fecce3a3c1a5585ba26091f0a1ef |
| SHA512 | 8b842741c4581ea6d13b07f7cfdd666c1f3e82b29a58f43c14f836baf2d555c195257c3ea2a7c62c1c94de4355f57a9df2ded10617ffb899d8476fafd661b9f8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b247775ad6e39486afb589b5817d3ac2 |
| SHA1 | 43ba219602dd1c02eb1d06dc63412f2aceaa7eca |
| SHA256 | 3917fe56c0354481c7e79f5b547390250c8135ddada234708e28b979ebda003d |
| SHA512 | 3471475af70f0e064cc84291589804e9ca542fdc55d301c6b1d90d43be6c418d58ca07a37bc9005121f3d279a1bb38edb50b42bf985b4c2dfbb5bd1051356d00 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b94fb61389cb374ce10987375257c0b5 |
| SHA1 | d8ecc18192174d4f60fb64c66d10a95686998d48 |
| SHA256 | 2569aff58a077653c09af529b8b46764deb7bfc376a91ef85c61a1335f548d58 |
| SHA512 | 981328b2818913c3709e540bb58a31182c54bb770d56ec4a4e1813d4e58660d25f53dfde0865b6d57cd6f1da37104f4ee3b6d5c7b3a76f4533aac1babbefd17e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d50f58830a7a264862d864b111274cc4 |
| SHA1 | c518b9698ab7f135bc23273760bd83d251a5c5ad |
| SHA256 | 50b7b273dc12e733d91e87853455c623683d8edf8f1def7ede5fb1eb1aca3777 |
| SHA512 | 7e833b8c21974e85302eb378efa80668b877db52c287b6cece8569e90464b10c059da6d2e9e264a86e4c5bbbc05bd76caac261a8f83667d60fb323319c126e40 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57de4a.TMP
| MD5 | 3130a7de8ffc645264df86e86eadcfca |
| SHA1 | 635cfc63b3a20b2c09eafcb087226a0d747a6ab1 |
| SHA256 | ae8ef8bba6d6e3c86c564ab500adc4fd8b0f53f3536c6ffb4907d1191ca5b4ea |
| SHA512 | 20f66b52ad72625edd13d801795552e0504ed7859dc4eed34ccf48d97ed62fbff14c062dfc45d7552d11b4e57542c59daa7732ce9cabc50c0fb40fb6550d96b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b7592b5873a8f0a08b74d95c55a00d20 |
| SHA1 | 5305d8f55cc45e9b4d0540c9d3a84a9c7bf54605 |
| SHA256 | ab26244196c4f32f5a654b05c0d3161ed5692962cb978b28e5e0c0c7041a0e0d |
| SHA512 | 71f319f03fdb2548947abd7be1745ebd54ed738bdc4de115269d520af8b7083d7751b935b8e873cb28d8d49838dd8a21cfb7dfc0c0a714e625dca00eb53432bc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | 2b6e5d0202f05b0f9b7c7deb4452e765 |
| SHA1 | 9135b7cac88626de29377964b793948ae87f15ca |
| SHA256 | 6579c4d11ea103c8bae30a9a89d07062e10abf1a25bbd3ed90e8d542ddc86085 |
| SHA512 | 5dedab0ce442797ca28216bd1624410aa958d7a696e781ab27b423ae8ac47cef419c87ae87bd78e473343bbc9bb130e81ead7bb6ee980b1a650505d850048e51 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | af2f5c6481eb9644332e165008e62820 |
| SHA1 | fa7812602e77b173ba7f4fd9143968de7e892d8d |
| SHA256 | 959171b7b425a543ba0784b9cdefd97952856a1355d7e7c9f614856bb8872769 |
| SHA512 | 445983106e3e9141219475cdf0eefeee10c44cc05d1fd209dc6fe3de95920635409c9d828e67fffe1fc33e4241a02437de0fc24b75b11f257952dcc84d50049c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
| MD5 | 660c3b546f2a131de50b69b91f26c636 |
| SHA1 | 70f80e7f10e1dd9180efe191ce92d28296ec9035 |
| SHA256 | fd91362b7111a0dcc85ef6bd9bc776881c7428f8631d5a32725711dce678bff9 |
| SHA512 | 6be1e881fbb4a112440883aecb232c1afc28d0f247276ef3285b17b925ea0a5d3bac8eac6db906fc6ac64a4192dd740f5743ba62ba36d8204ff3e8669b123db2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | 18a483acdd0418059c52bb5c4e0ec70b |
| SHA1 | 84e25015ada96f352f81115a4ad2cb349a8cbab9 |
| SHA256 | 60704eaf7d3b646c5c23cd9b8e96f88fb4ebe495776a743b36be27891f52ecf0 |
| SHA512 | c0124b862df08ab4725435234941b5ed9c3566df40f0bbcffc3367ff3158225b9c9984e752a9c54ea4e37e72835b47dd9c4e02ebf971f34beeee95680b69675c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
| MD5 | 4e396692209612a361b397a71d1182d5 |
| SHA1 | 7e3510cecc0fc3589fb9e2588f32dbd6d9edd077 |
| SHA256 | 08abed86af4e5f9fa8f16bf9012ccd5184e65e30ec659dd2639788cd34b6ee77 |
| SHA512 | 2a1d6a1fee315864a3b547c794d137ca46db7e02fb6dc81ac3c3f10c8c012963b54cc307880dd662dee65c2e90fcef439ec67c9ec4330a1450c36050f20fcf2e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6b657fb3da8037d30f1d720bb6d2e549 |
| SHA1 | 1a2623d57bc568c54a440300adf195d4a260576c |
| SHA256 | e00a867f59997a134e6ba67c0c2765168036fde64413f977cabd5a2edad5e4c5 |
| SHA512 | 8ef76122847cc6273f7a2ea303bf5a6ed91206710a6df0c131e947ce942b1bab14980ee887e0eb281b3c0559899499e43b9568bf1d526b000ef7fe75958f51bb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1664299dbd688ff6bc2c410493ee73df |
| SHA1 | eff9180658606c27e47a74b8b6a3ab9eec128296 |
| SHA256 | 62e33c3e8ca0c973570f100c034590bff7b0e0bbbb82138a82e8b44042ea96c3 |
| SHA512 | cca01354baa2d935d08800f35ec45da75021df374d0577e467ed431925ce26b371439e0844fed6b11e67697c0beb7f3262ce0087e299bd6c502231903757e309 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f99156deaa43bd1e3c4956ebaca43e0f |
| SHA1 | 236762bcb221c7dc0fbebe7d4f34a26646267798 |
| SHA256 | 0cc5d70620770e4327a56c120694880d49273f40544fa3d9f4d8b5430f1e8156 |
| SHA512 | 511c2816a0db18efcddafb3042588e8180b00c184a7ba2907aea98411bbd21f6ac9e003fd0910863a1aebd81ccd6d71e9a6710151d5bdb741585ef16092d6576 |
C:\Users\Admin\Downloads\Password.txt
| MD5 | 6249cddf35e31793f57589e0bac8d728 |
| SHA1 | bb9f5f9c3be32b44b47279d1a0270c5a6b9a22ad |
| SHA256 | b2c665656fa5a9baa8128db8654644529ea5acaddff9e8559c9b5f9cdae35590 |
| SHA512 | 8c1f35b5bd24ce2534b86cd7b134d8904a67f044d43c833f172ddadaa33f8b2aa101058123465eaa59570dff31f1225e74e2be949fbf4883a06ddb332e4a83e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | fcaee0519f33dfbb827ddebe9fecfe1c |
| SHA1 | c436b7b8b6d1e1f98d2c8d4145d52935b7b3ff2a |
| SHA256 | 4631ab1491db0eb415861d2ac809323db9dcd0170fe832155bb97d5de065867f |
| SHA512 | 5a9a45b58b4a44ecbcd759c604afb093f86278fcd861678172123fe1b9c4fd70946a3d2a9106648ed8016555115bf6cb0f7822d48c75a5644c5ef87d69723b08 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f129c839a5d2c16b141a6eff825acb58 |
| SHA1 | 53c83dba7edfba6424083b038140656bf7323435 |
| SHA256 | e47b89fb4c54757c06a828cdd8c235fa6b32eec9829e01c071d34dc547ad1941 |
| SHA512 | 665cb47055be542123f18a683ed4f710c79324127604b700a6a56243fcc885994d01d25e006f43425f82b3cd2ead0879d303a81790c5b358c43b7cbfab449cbd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7b52186b67c79b06ef87833d2334c924 |
| SHA1 | ba38eae2c4e6a8a3c95e7d9e041ebe69a2c1434c |
| SHA256 | 126a663b7fd37faa9393720b731a82244a0121d28834344bc0c5a5478f85e33e |
| SHA512 | 7dd43ec8f0c63911a8dbb0a890796688feef6918980f7030d8c22a8ca0fc41256a3c09915e16bfdaa22512df34660c1360c7d574640cbfc3994a3f4aec0fd308 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 2bc3182c67043bbcf0651fab72b15ef2 |
| SHA1 | d94d4639be12bc811832d3a51cb6b555480dd709 |
| SHA256 | 25a028dff0e7bfbdf1e02425f7d830a91659b6c72d2fc98fef2eef29ebae1c44 |
| SHA512 | d4bc4e67522c8db8ff11303f5480de39838dd3e632b68ee72bf29ce88b5f1d7c856843b5f1ee58231014203c6e3bb2cc8200213f6e2431d9495158baf4aa28f3 |
C:\Users\Admin\Downloads\JV-Sender.zip
| MD5 | 4f87503277e991c0522fb27ac5b916e7 |
| SHA1 | ff6b2210c587f080f331d87c2facba4cc0eba0dc |
| SHA256 | 1763202138dd09f8000f1086a42dfaf1e207c4dafeecb91a5088617d310861ac |
| SHA512 | 99af29c6ce5e0df8e9f0c67c2d36e58787a50cc7c2fc3d3a0f4cba69971d4f0be0207db6f23b42bb08f6bcb51a9be0bee1fdd497687c94c45b1821e3f86c158e |
C:\Users\Admin\Downloads\JV-Sender\JV-Sender\script.exe
| MD5 | 8c1e54ac324ce689c7edcc0cac372fac |
| SHA1 | 8fced71e5fd2eea8a5b1f5d69937b35ef8d2adc9 |
| SHA256 | 23a69c78e651b8c02340b57447bf706ad381d95b02e87deb3f895ca525ab539e |
| SHA512 | 7354ec6f1cddedbc158b81cd096dd850c847dde2d979e1367d47ea1a276ba8a05fe4712e6f888ff587baa27937d6232e04df91f9742ad6d85480af7dd0137831 |
memory/5808-697-0x000000001C3C0000-0x000000001C466000-memory.dmp
memory/5808-698-0x000000001CEB0000-0x000000001D37E000-memory.dmp
memory/5808-699-0x000000001D380000-0x000000001D41C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Setup.exe
| MD5 | 8e4f8329f0837d6a3801dd96973a05fe |
| SHA1 | 7309226e370a33000c08653504f2ac5786944b2b |
| SHA256 | 0d8f6fc81065fc6f20ea5b9de9a85fbfffe2deb1f2055f1b304b5b0f3e99407d |
| SHA512 | 9df93293a5fec2a2fca0838f43b24af8347f229884fab4338f7804ef0050b0aba02235ae2368ffef7dd42640420b42f69eaf974f5107bdab0bf0a8c9b39671cc |
C:\Users\Admin\Downloads\JV-Sender\JV-Sender\script .exe
| MD5 | f805eb1200e7c6c1f19f4a0d40eae320 |
| SHA1 | b33b927d6082fc4bce9fbe1c4c4de6b64e8ee67b |
| SHA256 | 7768ddf6ef020dfdecbdfb87e91ad844e5fe1d1000ce4e1bb90fd55f26da6c4c |
| SHA512 | 4d0d1250595fe59b20b48c1bcfe1a55f3fbc5cc283c7ff76609bbfb33f8990e31fa47c55d418dc323cc8bbc404ef8632e04900f46afca8d211d40a446e959c35 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe
| MD5 | e5d01a5a8cc5c5ca9a5329459814c91a |
| SHA1 | 00ec50ab1cdab87816ec0f3e77fa8ad00ea9c067 |
| SHA256 | 612bbbf476228032ebab743100c98dae7f01a1dc854298cd8ece588351acb3c6 |
| SHA512 | 2d0d0d964e9100b0586043b16f91532e0f81347ef3697dee7ab0cd90469e6c118ac58e630d9a7fe0a84f5c275440813aeede0e0c44cacf316f59cb760081ab07 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.zip
| MD5 | 287c4ef4138442be3996d52619f9e7d3 |
| SHA1 | 2a64f031df9e950aec105ac2eaf6cf0932bda940 |
| SHA256 | 686f17451faf52211e0b477c8b4dee8666eebc7332e5b429fa7f478aeece5b00 |
| SHA512 | a980b88c60bc4f5d8a6a233a24faf20aa4de697475492945208ddbe628f55a6f4a88ca945f6d1fdf147bd62e02cb103537b56083413e82763f74fcb9696cb6d3 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\Setup.exe.log
| MD5 | 8e1e19a5abcce21f8a12921d6a2eeeee |
| SHA1 | b5704368dfd8fc7aeafb15c23b69895e809fe20e |
| SHA256 | 22cf24d10cc11a9bb23268f18afbc8f3481c27e1feb4cb42ba5c8775e12720e3 |
| SHA512 | 48365f858592d677ef5d0e2948f672234898e47a153eec32592a2e079353702a64e41e1aa59250f05bd690690b9edfb8455dfac90c6695fb7c0b6907a057fe78 |
C:\Users\Admin\AppData\Local\Temp\_MEI25442\python312.dll
| MD5 | d521654d889666a0bc753320f071ef60 |
| SHA1 | 5fd9b90c5d0527e53c199f94bad540c1e0985db6 |
| SHA256 | 21700f0bad5769a1b61ea408dc0a140ffd0a356a774c6eb0cc70e574b929d2e2 |
| SHA512 | 7a726835423a36de80fb29ef65dfe7150bd1567cac6f3569e24d9fe091496c807556d0150456429a3d1a6fd2ed0b8ae3128ea3b8674c97f42ce7c897719d2cd3 |
C:\Users\Admin\AppData\Local\Temp\_MEI25442\base_library.zip
| MD5 | 68f96a1f0b49d240b392ebb7ea147939 |
| SHA1 | 5d8aa0cccc0f744f17e546ef7120308016cb5438 |
| SHA256 | 29556cc179d145e9f64d287f0455991bd62a8dc4304e20429f83a1a40959fd09 |
| SHA512 | b326d5feb4f9b3d76254240dc3b0d16cb60c0a47d75ab7a1742fe7bb0bdfafff00a9d24a4c84559f1b2b04d23fd4f53d3b8d654532cb7c57c60bb83041331d35 |
C:\Users\Admin\AppData\Local\Temp\_MEI25442\VCRUNTIME140.dll
| MD5 | be8dbe2dc77ebe7f88f910c61aec691a |
| SHA1 | a19f08bb2b1c1de5bb61daf9f2304531321e0e40 |
| SHA256 | 4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83 |
| SHA512 | 0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655 |
C:\Users\Admin\AppData\Local\Temp\_MEI25442\libffi-8.dll
| MD5 | 0f8e4992ca92baaf54cc0b43aaccce21 |
| SHA1 | c7300975df267b1d6adcbac0ac93fd7b1ab49bd2 |
| SHA256 | eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a |
| SHA512 | 6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978 |
C:\Users\Admin\AppData\Local\Temp\_MEI25442\select.pyd
| MD5 | d0cc9fc9a0650ba00bd206720223493b |
| SHA1 | 295bc204e489572b74cc11801ed8590f808e1618 |
| SHA256 | 411d6f538bdbaf60f1a1798fa8aa7ed3a4e8fcc99c9f9f10d21270d2f3742019 |
| SHA512 | d3ebcb91d1b8aa247d50c2c4b2ba1bf3102317c593cbf6c63883e8bf9d6e50c0a40f149654797abc5b4f17aee282ddd972a8cd9189bfcd5b9cec5ab9c341e20b |
C:\Users\Admin\AppData\Local\Temp\_MEI25442\_cffi_backend.cp312-win_amd64.pyd
| MD5 | 0572b13646141d0b1a5718e35549577c |
| SHA1 | eeb40363c1f456c1c612d3c7e4923210eae4cdf7 |
| SHA256 | d8a76d1e31bbd62a482dea9115fc1a109cb39af4cf6d1323409175f3c93113a7 |
| SHA512 | 67c28432ca8b389acc26e47eb8c4977fddd4af9214819f89df07fecbc8ed750d5f35807a1b195508dd1d77e2a7a9d7265049dcfbfe7665a7fd1ba45da1e4e842 |
C:\Users\Admin\AppData\Local\Temp\_MEI25442\_bz2.pyd
| MD5 | 5bebc32957922fe20e927d5c4637f100 |
| SHA1 | a94ea93ee3c3d154f4f90b5c2fe072cc273376b3 |
| SHA256 | 3ed0e5058d370fb14aa5469d81f96c5685559c054917c7280dd4125f21d25f62 |
| SHA512 | afbe80a73ee9bd63d9ffa4628273019400a75f75454667440f43beb253091584bf9128cbb78ae7b659ce67a5faefdba726edb37987a4fe92f082d009d523d5d6 |
C:\Users\Admin\AppData\Local\Temp\_MEI25442\_brotli.cp312-win_amd64.pyd
| MD5 | 9ad5bb6f92ee2cfd29dde8dd4da99eb7 |
| SHA1 | 30a8309938c501b336fd3947de46c03f1bb19dc8 |
| SHA256 | 788acbfd0edd6ca3ef3e97a9487eeaea86515642c71cb11bbcf25721e6573ec8 |
| SHA512 | a166abcb834d6c9d6b25807adddd25775d81e2951e1bc3e9849d8ae868dedf2e1ee1b6b4b288ddfbd88a63a6fa624e2d6090aa71ded9b90c2d8cbf2d9524fdbf |
C:\Users\Admin\AppData\Local\Temp\_MEI25442\VCRUNTIME140_1.dll
| MD5 | f8dfa78045620cf8a732e67d1b1eb53d |
| SHA1 | ff9a604d8c99405bfdbbf4295825d3fcbc792704 |
| SHA256 | a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5 |
| SHA512 | ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371 |
C:\Users\Admin\AppData\Local\Temp\_MEI25442\unicodedata.pyd
| MD5 | cc8142bedafdfaa50b26c6d07755c7a6 |
| SHA1 | 0fcab5816eaf7b138f22c29c6d5b5f59551b39fe |
| SHA256 | bc2cf23b7b7491edcf03103b78dbaf42afd84a60ea71e764af9a1ddd0fe84268 |
| SHA512 | c3b0c1dbe5bf159ab7706f314a75a856a08ebb889f53fe22ab3ec92b35b5e211edab3934df3da64ebea76f38eb9bfc9504db8d7546a36bc3cabe40c5599a9cbd |
C:\Users\Admin\AppData\Local\Temp\_MEI25442\libssl-3.dll
| MD5 | 19a2aba25456181d5fb572d88ac0e73e |
| SHA1 | 656ca8cdfc9c3a6379536e2027e93408851483db |
| SHA256 | 2e9fbcd8f7fdc13a5179533239811456554f2b3aa2fb10e1b17be0df81c79006 |
| SHA512 | df17dc8a882363a6c5a1b78ba3cf448437d1118ccc4a6275cc7681551b13c1a4e0f94e30ffb94c3530b688b62bff1c03e57c2c185a7df2bf3e5737a06e114337 |
C:\Users\Admin\AppData\Local\Temp\_MEI25442\libcrypto-3.dll
| MD5 | e547cf6d296a88f5b1c352c116df7c0c |
| SHA1 | cafa14e0367f7c13ad140fd556f10f320a039783 |
| SHA256 | 05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de |
| SHA512 | 9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d |
C:\Users\Admin\AppData\Local\Temp\_MEI25442\_ctypes.pyd
| MD5 | fb454c5e74582a805bc5e9f3da8edc7b |
| SHA1 | 782c3fa39393112275120eaf62fc6579c36b5cf8 |
| SHA256 | 74e0e8384f6c2503215f4cf64c92efe7257f1aec44f72d67ad37dc8ba2530bc1 |
| SHA512 | 727ada80098f07849102c76b484e9a61fb0f7da328c0276d82c6ee08213682c89deeb8459139a3fbd7f561bffaca91650a429e1b3a1ff8f341cebdf0bfa9b65d |
C:\Users\Admin\AppData\Local\Temp\_MEI25442\python3.dll
| MD5 | a07661c5fad97379cf6d00332999d22c |
| SHA1 | dca65816a049b3cce5c4354c3819fef54c6299b0 |
| SHA256 | 5146005c36455e7ede4b8ecc0dc6f6fa8ea6b4a99fedbabc1994ae27dfab9d1b |
| SHA512 | 6ddeb9d89ccb4d2ec5d994d85a55e5e2cc7af745056dae030ab8d72ee7830f672003f4675b6040f123fc64c19e9b48cabd0da78101774dafacf74a88fbd74b4d |
memory/5260-858-0x00000000018F0000-0x00000000018F8000-memory.dmp
memory/5260-859-0x0000000001A20000-0x0000000001A2C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_0h4enjw1.ofn.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/3420-862-0x000002B20A880000-0x000002B20A8A2000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\explorer.exe
| MD5 | 794d834f4a9a70041b3cad4d0002030f |
| SHA1 | facc1ed8ade82799866c8414406d80549c190a9b |
| SHA256 | 2ee18c24d8d7d58e740e3b12b8eacb747d2deb2139db95c4c9bb40930b40911b |
| SHA512 | 2b1a9d2a423c4ed1365b960fd706346620af4820312f67a177cf399bbf81d38acaf49830d21d3b7822072a2b1de08c028ca0855414ef7d0a53853d099736f565 |