General Info

File name

_Cracked_Streambot_2.rar

Full analysis
https://app.any.run/tasks/5c4937ea-a0b8-49c4-aa57-52c658c93b79
Verdict
Malicious activity
Analysis date
5/15/2019, 20:29:35
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

rat

imminent

njrat

bladabindi

Indicators:

MIME:
application/x-rar
File info:
RAR archive data, v5
MD5

c98aae43ec84fadc9eac5ebc0cd7a1b2

SHA1

fcd63318b9146484a521d9afc0afc0ae17f13d18

SHA256

141fb3ab10523e8624e5736218f9a6b7a8cd1ffb3862444f491d5792fa6d3142

SSDEEP

196608:R9itwJNPwD7qM2KFJUycFd+o+zOwAd+jDoWRJO4Zvj57UIG+uMNZkyzf29F0Hl:uiJNYy4C/Fd+ond47nOc9UIG+DZ/29Fg

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
120 seconds
Additional time used
60 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Loads the Task Scheduler COM API
  • schtasks.exe (PID: 776)
  • schtasks.exe (PID: 3396)
  • schtasks.exe (PID: 488)
  • schtasks.exe (PID: 3164)
  • schtasks.exe (PID: 2256)
  • schtasks.exe (PID: 2468)
  • schtasks.exe (PID: 3496)
  • schtasks.exe (PID: 2844)
  • schtasks.exe (PID: 944)
  • schtasks.exe (PID: 868)
  • schtasks.exe (PID: 2540)
Application was dropped or rewritten from another process
  • Protectedcy.exe (PID: 2432)
  • skecatbucrom.exe (PID: 1640)
  • skecatbucrom.exe (PID: 3412)
  • skecatbucrom.exe (PID: 1748)
  • skecatbucrom.exe (PID: 2556)
  • skecatbucrom.exe (PID: 3724)
  • skecatbucrom.exe (PID: 2224)
  • skecatbucrom.exe (PID: 2616)
  • avfpdwwevrto.exe (PID: 772)
  • vgdsikgkkebi.exe (PID: 1104)
  • kgedvkmaodrl.exe (PID: 2784)
  • Protectedcy.exe (PID: 736)
  • SystemProcess.exe (PID: 3452)
  • orrqrpcsgwbz.exe (PID: 2412)
  • Streambot 2.exe (PID: 3660)
  • Streambot 2.exe (PID: 3856)
  • Protectedcy.exe (PID: 3892)
  • 2222.exe (PID: 3652)
  • Protectedwo.exe (PID: 2192)
  • Protectedwo.exe (PID: 572)
  • ZVKQHTPNL.exe (PID: 3304)
  • Protectedcy.exe (PID: 1212)
  • Protectedwo.exe (PID: 1012)
  • Protectedwo.exe (PID: 3472)
  • Protectedwo.exe (PID: 2956)
  • 2222.sfx.exe (PID: 3136)
  • Protectedwo.exe (PID: 3568)
  • Protectedwo.exe (PID: 3872)
  • Protectedin.exe (PID: 1696)
  • Protectedcy.exe (PID: 3732)
  • 22.exe (PID: 2344)
  • Protectednj.exe (PID: 3352)
  • streambot2.exe (PID: 3384)
  • SDVGJHKHC.exe (PID: 1492)
Uses Task Scheduler to run other applications
  • Protectedcy.exe (PID: 736)
  • skecatbucrom.exe (PID: 2616)
  • Protectedin.exe (PID: 1696)
  • Streambot 2.exe (PID: 3660)
  • Protectednj.exe (PID: 3352)
  • Protectedcy.exe (PID: 3732)
  • 22.exe (PID: 2344)
  • 2222.exe (PID: 3652)
  • Protectedwo.exe (PID: 572)
NJRAT was detected
  • RegAsm.exe (PID: 1332)
Detected Imminent RAT
  • RegSvcs.exe (PID: 1012)
Changes the autorun value in the registry
  • 2222.exe (PID: 3652)
  • 22.exe (PID: 2344)
Loads dropped or rewritten executable
  • SearchProtocolHost.exe (PID: 2920)
Known privilege escalation attack
  • Streambot 2.exe (PID: 3856)
Application launched itself
  • Protectedcy.exe (PID: 736)
  • skecatbucrom.exe (PID: 2616)
  • Protectedcy.exe (PID: 3892)
  • Protectedcy.exe (PID: 1212)
  • Protectedcy.exe (PID: 3732)
  • Protectedwo.exe (PID: 572)
Creates files in the user directory
  • RegSvcs.exe (PID: 1012)
  • Protectedcy.exe (PID: 3892)
  • Protectednj.exe (PID: 3352)
  • Protectedcy.exe (PID: 3732)
Uses NETSH.EXE for network configuration
  • RegAsm.exe (PID: 1332)
Executable content was dropped or overwritten
  • Protectednj.exe (PID: 3352)
  • Protectedcy.exe (PID: 3732)
  • Protectedin.exe (PID: 1696)
  • 2222.exe (PID: 3652)
  • 22.exe (PID: 2344)
  • 2222.sfx.exe (PID: 3136)
  • WinRAR.exe (PID: 3348)
  • Protectedwo.exe (PID: 572)
  • Streambot 2.exe (PID: 3660)
Modifies the open verb of a shell class
  • Streambot 2.exe (PID: 3856)

No info indicators.

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.rar
|   RAR compressed archive (v5.0) (61.5%)
.rar
|   RAR compressed archive (gen) (38.4%)

Screenshots

Processes

Total processes
120
Monitored processes
67
Malicious processes
14
Suspicious processes
3

Behavior graph

+
start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start winrar.exe streambot 2.exe no specs eventvwr.exe no specs eventvwr.exe streambot 2.exe streambot2.exe no specs protectedcy.exe protectedin.exe protectednj.exe protectedwo.exe 22.exe 2222.sfx.exe protectedwo.exe no specs protectedwo.exe no specs protectedwo.exe no specs protectedwo.exe no specs protectedwo.exe no specs protectedwo.exe no specs schtasks.exe no specs 2222.exe schtasks.exe no specs schtasks.exe no specs sdvgjhkhc.exe schtasks.exe no specs schtasks.exe no specs zvkqhtpnl.exe searchprotocolhost.exe no specs protectedcy.exe no specs #IMMINENT regsvcs.exe schtasks.exe no specs #NJRAT regasm.exe regasm.exe no specs schtasks.exe no specs schtasks.exe no specs schtasks.exe no specs protectedcy.exe protectedcy.exe no specs regasm.exe no specs regasm.exe no specs netsh.exe no specs vgdsikgkkebi.exe no specs orrqrpcsgwbz.exe no specs kgedvkmaodrl.exe no specs avfpdwwevrto.exe no specs systemprocess.exe no specs skecatbucrom.exe no specs taskmgr.exe no specs regasm.exe no specs regasm.exe no specs skecatbucrom.exe no specs skecatbucrom.exe no specs skecatbucrom.exe no specs skecatbucrom.exe no specs skecatbucrom.exe no specs skecatbucrom.exe no specs schtasks.exe no specs regasm.exe no specs regasm.exe no specs wmiapsrv.exe no specs protectedcy.exe no specs schtasks.exe no specs regasm.exe no specs regasm.exe no specs regasm.exe no specs regasm.exe no specs regasm.exe no specs regasm.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2920
CMD
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
Path
C:\Windows\System32\SearchProtocolHost.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Microsoft Windows Search Protocol Host
Version
7.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\tquery.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msshooks.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\msidle.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\mssph.dll
c:\windows\system32\mapi32.dll
c:\windows\system32\authz.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shell32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\propsys.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\profapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\windows\system32\version.dll
c:\users\admin\desktop\[cracked]streambot 2\v\mime\core.dll
c:\users\admin\desktop\[cracked]streambot 2\v\socket\core.dll
c:\users\admin\desktop\[cracked]streambot 2\v\zlib1.dll
c:\windows\system32\notepad.exe
c:\users\admin\desktop\[cracked]streambot 2\v\streambot2.toolwindow.dll
c:\users\admin\desktop\[cracked]streambot 2\v\streambot2.threaddispatcher.dll
c:\users\admin\desktop\[cracked]streambot 2\v\streambot2.processchecker.dll
c:\users\admin\desktop\[cracked]streambot 2\v\streambot2.listiconex.dll
c:\users\admin\desktop\[cracked]streambot 2\v\streambot2.listicon.dll
c:\users\admin\desktop\[cracked]streambot 2\v\streambot2.authentication.dll
c:\users\admin\desktop\[cracked]streambot 2\v\streambot 2.exe
c:\users\admin\desktop\[cracked]streambot 2\v\ssleay32.dll
c:\users\admin\desktop\[cracked]streambot 2\v\luacurl.dll
c:\users\admin\desktop\[cracked]streambot 2\v\lua51.dll
c:\users\admin\desktop\[cracked]streambot 2\v\lua5.1.dll
c:\users\admin\desktop\[cracked]streambot 2\v\lua-subprocess.dll
c:\users\admin\desktop\[cracked]streambot 2\v\libssh2.dll
c:\users\admin\desktop\[cracked]streambot 2\v\librtmp.dll
c:\users\admin\desktop\[cracked]streambot 2\v\libidn-11.dll
c:\users\admin\desktop\[cracked]streambot 2\v\libeay32.dll
c:\users\admin\desktop\[cracked]streambot 2\v\libcurl.dll
c:\users\admin\desktop\[cracked]streambot 2\v\lanes.dll
c:\users\admin\desktop\[cracked]streambot 2\v\curl.exe

PID
3348
CMD
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\_Cracked_Streambot_2.rar"
Path
C:\Program Files\WinRAR\WinRAR.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Alexander Roshal
Description
WinRAR archiver
Version
5.60.0
Modules
Image
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\uxtheme.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\riched20.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\winmm.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\wmasf.dll
c:\windows\system32\ehstorapi.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll

PID
3856
CMD
"C:\Users\admin\Desktop\[Cracked]Streambot 2\V\Streambot 2.exe"
Path
C:\Users\admin\Desktop\[Cracked]Streambot 2\V\Streambot 2.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\desktop\[cracked]streambot 2\v\streambot 2.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\version.dll
c:\windows\system32\winmm.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\mpr.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\sechost.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\psapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\propsys.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\eventvwr.exe
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll

PID
3652
CMD
"C:\Windows\System32\eventvwr.exe"
Path
C:\Windows\System32\eventvwr.exe
Indicators
No indicators
Parent process
Streambot 2.exe
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
Microsoft Corporation
Description
Event Viewer Snapin Launcher
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\eventvwr.exe
c:\systemroot\system32\ntdll.dll

PID
1716
CMD
"C:\Windows\System32\eventvwr.exe"
Path
C:\Windows\System32\eventvwr.exe
Indicators
Parent process
Streambot 2.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Event Viewer Snapin Launcher
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\eventvwr.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\propsys.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\sspicli.dll
c:\users\admin\desktop\[cracked]streambot 2\v\streambot 2.exe
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll

PID
3660
CMD
"C:\Users\admin\Desktop\[Cracked]Streambot 2\V\Streambot 2.exe"
Path
C:\Users\admin\Desktop\[Cracked]Streambot 2\V\Streambot 2.exe
Indicators
Parent process
eventvwr.exe
User
admin
Integrity Level
HIGH
Version:
Company
Description
Version
Modules
Image
c:\users\admin\desktop\[cracked]streambot 2\v\streambot 2.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\version.dll
c:\windows\system32\winmm.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\mpr.dll
c:\windows\system32\wininet.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\psapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\propsys.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\sspicli.dll
c:\users\admin\appdata\local\temp\streambot2.exe
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\users\admin\appdata\local\temp\protectedcy.exe
c:\users\admin\appdata\local\temp\protectedin.exe
c:\users\admin\appdata\local\temp\protectednj.exe
c:\users\admin\appdata\local\temp\protectedwo.exe
c:\users\admin\appdata\local\temp\22.exe
c:\users\admin\appdata\local\temp\2222.sfx.exe
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\microsoft.net\framework\v2.0.50727\regasm.exe
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll

PID
3384
CMD
"C:\Users\admin\AppData\Local\Temp\streambot2.exe"
Path
C:\Users\admin\AppData\Local\Temp\streambot2.exe
Indicators
No indicators
Parent process
Streambot 2.exe
User
admin
Integrity Level
HIGH
Exit code
3221225781
Version:
Company
Shadiku Izayoi, Emma Skye <neosyndicate.net>
Description
streambot²
Version
2.5.0.0
Modules
Image
c:\users\admin\appdata\local\temp\streambot2.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll

PID
3732
CMD
"C:\Users\admin\AppData\Local\Temp\Protectedcy.exe"
Path
C:\Users\admin\AppData\Local\Temp\Protectedcy.exe
Indicators
Parent process
Streambot 2.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\protectedcy.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\version.dll
c:\windows\system32\winmm.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\user32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\mpr.dll
c:\windows\system32\wininet.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\psapi.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\propsys.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll

PID
1696
CMD
"C:\Users\admin\AppData\Local\Temp\Protectedin.exe"
Path
C:\Users\admin\AppData\Local\Temp\Protectedin.exe
Indicators
Parent process
Streambot 2.exe
User
admin
Integrity Level
HIGH
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\protectedin.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\version.dll
c:\windows\system32\winmm.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\mpr.dll
c:\windows\system32\wininet.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\psapi.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\apphelp.dll
c:\windows\microsoft.net\framework\v4.0.30319\regsvcs.exe
c:\windows\system32\propsys.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll

PID
3352
CMD
"C:\Users\admin\AppData\Local\Temp\Protectednj.exe"
Path
C:\Users\admin\AppData\Local\Temp\Protectednj.exe
Indicators
Parent process
Streambot 2.exe
User
admin
Integrity Level
HIGH
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\protectednj.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\version.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\apphelp.dll
c:\windows\microsoft.net\framework\v2.0.50727\regasm.exe
c:\windows\system32\propsys.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll

PID
572
CMD
"C:\Users\admin\AppData\Local\Temp\Protectedwo.exe"
Path
C:\Users\admin\AppData\Local\Temp\Protectedwo.exe
Indicators
Parent process
Streambot 2.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\protectedwo.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\version.dll
c:\windows\system32\winmm.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\mpr.dll
c:\windows\system32\wininet.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\psapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\propsys.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll

PID
2344
CMD
"C:\Users\admin\AppData\Local\Temp\22.exe"
Path
C:\Users\admin\AppData\Local\Temp\22.exe
Indicators
Parent process
Streambot 2.exe
User
admin
Integrity Level
HIGH
Version:
Company
Description
Version
0.0.0.0
Modules
Image
c:\users\admin\appdata\local\temp\22.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\225759bb87c854c0fff27b1d84858c21\mscorlib.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\sspicli.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\52cca48930e580e3189eac47158c20be\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\55560c2014611e9119f99923c9ebdeef\system.core.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\microsoft.v9921e851#\7ca6a7b9413844e82108a9d62f88a2d9\microsoft.visualbasic.ni.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\temp\bvpwslusihig\sdvgjhkhc.exe

PID
3136
CMD
"C:\Users\admin\AppData\Local\Temp\2222.sfx.exe"
Path
C:\Users\admin\AppData\Local\Temp\2222.sfx.exe
Indicators
Parent process
Streambot 2.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\2222.sfx.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\riched20.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\oleaut32.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\users\admin\appdata\local\temp\2222.exe
c:\windows\system32\sfc.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\mpr.dll

PID
3872
CMD
"C:\Users\admin\AppData\Local\Temp\Protectedwo.exe"
Path
C:\Users\admin\AppData\Local\Temp\Protectedwo.exe
Indicators
No indicators
Parent process
Protectedwo.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\protectedwo.exe
c:\systemroot\system32\ntdll.dll

PID
2192
CMD
"C:\Users\admin\AppData\Local\Temp\Protectedwo.exe"
Path
C:\Users\admin\AppData\Local\Temp\Protectedwo.exe
Indicators
No indicators
Parent process
Protectedwo.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\protectedwo.exe
c:\systemroot\system32\ntdll.dll

PID
3568
CMD
"C:\Users\admin\AppData\Local\Temp\Protectedwo.exe"
Path
C:\Users\admin\AppData\Local\Temp\Protectedwo.exe
Indicators
No indicators
Parent process
Protectedwo.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\protectedwo.exe
c:\systemroot\system32\ntdll.dll

PID
2956
CMD
"C:\Users\admin\AppData\Local\Temp\Protectedwo.exe"
Path
C:\Users\admin\AppData\Local\Temp\Protectedwo.exe
Indicators
No indicators
Parent process
Protectedwo.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\protectedwo.exe
c:\systemroot\system32\ntdll.dll

PID
3472
CMD
"C:\Users\admin\AppData\Local\Temp\Protectedwo.exe"
Path
C:\Users\admin\AppData\Local\Temp\Protectedwo.exe
Indicators
No indicators
Parent process
Protectedwo.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\protectedwo.exe
c:\systemroot\system32\ntdll.dll

PID
1012
CMD
"C:\Users\admin\AppData\Local\Temp\Protectedwo.exe"
Path
C:\Users\admin\AppData\Local\Temp\Protectedwo.exe
Indicators
No indicators
Parent process
Protectedwo.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\protectedwo.exe
c:\systemroot\system32\ntdll.dll

PID
2540
CMD
"C:\Windows\System32\schtasks.exe" /create /tn 66717363737462656F6C797A /tr "C:\Users\admin\AppData\Local\Temp\awafvqrobbjo\skecatbucrom.exe" /sc minute /mo 1 /F
Path
C:\Windows\System32\schtasks.exe
Indicators
No indicators
Parent process
Protectedwo.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Manages scheduled tasks
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\schtasks.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ktmw32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\taskschd.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\xmllite.dll

PID
3652
CMD
"C:\Users\admin\AppData\Local\Temp\2222.exe"
Path
C:\Users\admin\AppData\Local\Temp\2222.exe
Indicators
Parent process
2222.sfx.exe
User
admin
Integrity Level
HIGH
Version:
Company
Description
Version
0.0.0.0
Modules
Image
c:\windows\system32\eventvwr.exe
c:\users\admin\appdata\local\temp\2222.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\225759bb87c854c0fff27b1d84858c21\mscorlib.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\sspicli.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\52cca48930e580e3189eac47158c20be\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\55560c2014611e9119f99923c9ebdeef\system.core.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\microsoft.v9921e851#\7ca6a7b9413844e82108a9d62f88a2d9\microsoft.visualbasic.ni.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\temp\vnbzoayjfdra\zvkqhtpnl.exe

PID
2844
CMD
schtasks.exe /create /tn BVPWSLUSIHIG /tr C:\Users\admin\AppData\Local\ULXWDINBGTPAPGP\SystemProcess.exe /sc minute /mo 1
Path
C:\Windows\system32\schtasks.exe
Indicators
No indicators
Parent process
22.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Manages scheduled tasks
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\schtasks.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ktmw32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\taskschd.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\xmllite.dll

PID
3496
CMD
schtasks.exe /create /tn BVPWSLUSIHIG /tr C:\Users\admin\AppData\Local\ULXWDINBGTPAPGP\SystemProcess.exe /sc onidle /i 1
Path
C:\Windows\system32\schtasks.exe
Indicators
No indicators
Parent process
22.exe
User
admin
Integrity Level
HIGH
Version:
Company
Microsoft Corporation
Description
Manages scheduled tasks
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\schtasks.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ktmw32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\taskschd.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\xmllite.dll

PID
1492
CMD
C:\Users\admin\AppData\Local\Temp\BVPWSLUSIHIG\SDVGJHKHC.exe -o pooleu.xmrminingpool.net:2222 -u 4BrL51JCc9NGQ71kWhnYoDRffsDZy7m1HUU7MRU4nUMXAHNFBEJhkTZV9HdaL4gfuNBxLPc3BeMkLGaPbF5vWtANQtz7XNvpsygAzF9g1Y -p 2222 -a cryptonight --max-cpu-usage 58
Path
C:\Users\admin\AppData\Local\Temp\BVPWSLUSIHIG\SDVGJHKHC.exe
Indicators
Parent process
22.exe
User
admin
Integrity Level
HIGH
Version:
Company
Description
UpdaterWindows
Version
Modules
Image
c:\users\admin\appdata\local\temp\bvpwslusihig\sdvgjhkhc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll

PID
944
CMD
schtasks.exe /create /tn VNBZOAYJFDRA /tr C:\Users\admin\AppData\Local\GKULWJXZKHORQKT\SystemProcess.exe /sc minute /mo 1
Path
C:\Windows\system32\schtasks.exe
Indicators
No indicators
Parent process
2222.exe
User
admin
Integrity Level
HIGH
Version:
Company
Microsoft Corporation
Description
Manages scheduled tasks
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\schtasks.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ktmw32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\taskschd.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\xmllite.dll

PID
868
CMD
schtasks.exe /create /tn VNBZOAYJFDRA /tr C:\Users\admin\AppData\Local\GKULWJXZKHORQKT\SystemProcess.exe /sc onidle /i 1
Path
C:\Windows\system32\schtasks.exe
Indicators
No indicators
Parent process
2222.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Manages scheduled tasks
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\schtasks.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ktmw32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\taskschd.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\xmllite.dll

PID
3304
CMD
C:\Users\admin\AppData\Local\Temp\VNBZOAYJFDRA\ZVKQHTPNL.exe -o pooleu.xmrminingpool.net:2222 -u 4BrL51JCc9NGQ71kWhnYoDRffsDZy7m1HUU7MRU4nUMXAHNFBEJhkTZV9HdaL4gfuNBxLPc3BeMkLGaPbF5vWtANQtz7XNvpsygAzF9g1Y -p 2222 -a cryptonight --max-cpu-usage 58
Path
C:\Users\admin\AppData\Local\Temp\VNBZOAYJFDRA\ZVKQHTPNL.exe
Indicators
Parent process
2222.exe
User
admin
Integrity Level
HIGH
Version:
Company
Description
UpdaterWindows
Version
Modules
Image
c:\users\admin\appdata\local\temp\vnbzoayjfdra\zvkqhtpnl.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ole32.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll

PID
1212
CMD
"C:\Users\admin\AppData\Local\Temp\Protectedcy.exe"
Path
C:\Users\admin\AppData\Local\Temp\Protectedcy.exe
Indicators
No indicators
Parent process
Protectedcy.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\protectedcy.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\pstorec.dll
c:\windows\system32\atl.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll

PID
1012
CMD
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
Path
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Indicators
Parent process
Protectedin.exe
User
admin
Integrity Level
HIGH
Version:
Company
Microsoft Corporation
Description
Microsoft .NET Services Installation Utility
Version
4.6.1055.0 built by: NETFXREL2
Modules
Image
c:\users\admin\appdata\local\temp\protectedwo.exe
c:\windows\microsoft.net\framework\v4.0.30319\regsvcs.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\225759bb87c854c0fff27b1d84858c21\mscorlib.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\oleaut32.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\52cca48930e580e3189eac47158c20be\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\55560c2014611e9119f99923c9ebdeef\system.core.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\microsoft.v9921e851#\7ca6a7b9413844e82108a9d62f88a2d9\microsoft.visualbasic.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.drawing\646b4b01cb29986f8e076aa65c9e9753\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.windows.forms\5aac750b35b27770dccb1a43f83cced7\system.windows.forms.ni.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.management\4dfa27fdd6a4cce26f99585e1c744f9b\system.management.ni.dll
c:\windows\system32\psapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.configuration\46957030830964165644b52b0696c5d9\system.configuration.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xml\d86b080a37c60a872c82b912a2a63dac\system.xml.ni.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\wbem\wbemdisp.dll
c:\windows\system32\sxs.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\custommarshalers\fa881a9dd9820b29ec20e9d90c6a0d99\custommarshalers.ni.dll
c:\windows\microsoft.net\assembly\gac_32\custommarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\custommarshalers.dll
c:\windows\system32\shell32.dll
c:\windows\system32\propsys.dll
c:\windows\system32\devenum.dll
c:\windows\system32\winmm.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\avicap32.dll
c:\windows\system32\msvfw32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\profapi.dll
c:\windows\microsoft.net\framework\v4.0.30319\diasymreader.dll

PID
2468
CMD
"C:\Windows\System32\schtasks.exe" /create /tn 707A766E636B73687A646668 /tr "C:\Users\admin\AppData\Roaming\kdqyicnifumh\avfpdwwevrto.exe" /sc minute /mo 1 /F
Path
C:\Windows\System32\schtasks.exe
Indicators
No indicators
Parent process
Protectedcy.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Manages scheduled tasks
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\schtasks.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ktmw32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\taskschd.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\xmllite.dll

PID
1332
CMD
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe"
Path
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
Indicators
Parent process
Protectednj.exe
User
admin
Integrity Level
HIGH
Version:
Company
Microsoft Corporation
Description
Microsoft .NET Assembly Registration Utility
Version
2.0.50727.5420 (Win7SP1.050727-5400)
Modules
Image
c:\windows\microsoft.net\framework\v2.0.50727\regasm.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\9e0a3b9b9f457233a335d7fba8f95419\system.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.visualbas#\08d608378aa405adc844f3cf36974b8c\microsoft.visualbasic.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.drawing\dbfe8642a8ed7b2b103ad28e0c96418a\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.windows.forms\3afcd5168c7a6cb02eab99d7fd71e102\system.windows.forms.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.configuration\bc09ad2d49d8535371845cd7532f9271\system.configuration.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.xml\461d3b6b3f43e6fbe6c897d5936e17e4\system.xml.ni.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll

PID
908
CMD
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe"
Path
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
Indicators
No indicators
Parent process
Streambot 2.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft .NET Assembly Registration Utility
Version
2.0.50727.5420 (Win7SP1.050727-5400)
Modules
Image
c:\windows\microsoft.net\framework\v2.0.50727\regasm.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\9e0a3b9b9f457233a335d7fba8f95419\system.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.visualbas#\08d608378aa405adc844f3cf36974b8c\microsoft.visualbasic.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.drawing\dbfe8642a8ed7b2b103ad28e0c96418a\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.windows.forms\3afcd5168c7a6cb02eab99d7fd71e102\system.windows.forms.ni.dll
c:\windows\system32\rpcrtremote.dll

PID
2256
CMD
"C:\Windows\System32\schtasks.exe" /create /tn 7A676479796B667078736F64 /tr "C:\Users\admin\AppData\Local\Temp\iipmhaeaccpc\orrqrpcsgwbz.exe" /sc minute /mo 1 /F
Path
C:\Windows\System32\schtasks.exe
Indicators
No indicators
Parent process
Protectedin.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Manages scheduled tasks
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\schtasks.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\lpk.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ktmw32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\imm32.dll
c:\windows\system32\version.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\taskschd.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\xmllite.dll

PID
3164
CMD
"C:\Windows\System32\schtasks.exe" /create /tn 726B7679736274626F677176 /tr "C:\Users\admin\AppData\Roaming\gkfkhedawfxh\vgdsikgkkebi.exe" /sc minute /mo 1 /F
Path
C:\Windows\System32\schtasks.exe
Indicators
No indicators
Parent process
Protectednj.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Manages scheduled tasks
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\schtasks.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ktmw32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\taskschd.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\xmllite.dll

PID
488
CMD
"C:\Windows\System32\schtasks.exe" /create /tn 64726F72657674646B76657A /tr "C:\Users\admin\vifvmlpqaqjf\kgedvkmaodrl.exe" /sc minute /mo 1 /F
Path
C:\Windows\System32\schtasks.exe
Indicators
No indicators
Parent process
Streambot 2.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Manages scheduled tasks
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\schtasks.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ktmw32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\taskschd.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\xmllite.dll

PID
3892
CMD
"C:\Users\admin\AppData\Local\Temp\Protectedcy.exe"
Path
C:\Users\admin\AppData\Local\Temp\Protectedcy.exe
Indicators
Parent process
Protectedcy.exe
User
admin
Integrity Level
HIGH
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\protectedcy.exe
c:\windows\system32\kernel32.dll
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\version.dll
c:\windows\system32\winmm.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\mpr.dll
c:\windows\system32\wininet.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\psapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\avicap32.dll
c:\windows\system32\msvfw32.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\propsys.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll

PID
736
CMD
"C:\Users\admin\AppData\Local\Temp\Protectedcy.exe"
Path
C:\Users\admin\AppData\Local\Temp\Protectedcy.exe
Indicators
No indicators
Parent process
Protectedcy.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\protectedcy.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\version.dll
c:\windows\system32\winmm.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\mpr.dll
c:\windows\system32\wininet.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\sechost.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\psapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\propsys.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll

PID
2724
CMD
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe"
Path
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
Indicators
No indicators
Parent process
Streambot 2.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft .NET Assembly Registration Utility
Version
2.0.50727.5420 (Win7SP1.050727-5400)
Modules
Image
c:\windows\microsoft.net\framework\v2.0.50727\regasm.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\9e0a3b9b9f457233a335d7fba8f95419\system.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.visualbas#\08d608378aa405adc844f3cf36974b8c\microsoft.visualbasic.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.drawing\dbfe8642a8ed7b2b103ad28e0c96418a\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.windows.forms\3afcd5168c7a6cb02eab99d7fd71e102\system.windows.forms.ni.dll
c:\windows\system32\rpcrtremote.dll

PID
3796
CMD
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe"
Path
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
Indicators
No indicators
Parent process
Protectednj.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft .NET Assembly Registration Utility
Version
2.0.50727.5420 (Win7SP1.050727-5400)
Modules
Image
c:\windows\microsoft.net\framework\v2.0.50727\regasm.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\9e0a3b9b9f457233a335d7fba8f95419\system.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.visualbas#\08d608378aa405adc844f3cf36974b8c\microsoft.visualbasic.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.drawing\dbfe8642a8ed7b2b103ad28e0c96418a\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.windows.forms\3afcd5168c7a6cb02eab99d7fd71e102\system.windows.forms.ni.dll
c:\windows\system32\rpcrtremote.dll

PID
2312
CMD
netsh firewall add allowedprogram "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe" "RegAsm.exe" ENABLE
Path
C:\Windows\system32\netsh.exe
Indicators
No indicators
Parent process
RegAsm.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Network Command Shell
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\netsh.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\rasmontr.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mfc42u.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\nshwfp.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\slc.dll
c:\windows\system32\dhcpcmonitor.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpqec.dll
c:\windows\system32\qutil.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\wshelper.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\nshhttp.dll
c:\windows\system32\httpapi.dll
c:\windows\system32\fwcfg.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\version.dll
c:\windows\system32\authfwcfg.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winipsec.dll
c:\windows\system32\ifmon.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\nci.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netiohlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\whhelper.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\hnetmon.dll
c:\windows\system32\netshell.dll
c:\windows\system32\shell32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rpcnsh.dll
c:\windows\system32\dot3cfg.dll
c:\windows\system32\dot3api.dll
c:\windows\system32\atl.dll
c:\windows\system32\eappcfg.dll
c:\windows\system32\onex.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\napmontr.dll
c:\windows\system32\certcli.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nshipsec.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\polstore.dll
c:\windows\system32\nettrace.dll
c:\windows\system32\ndfapi.dll
c:\windows\system32\wdi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\tdh.dll
c:\windows\system32\wcnnetsh.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\p2pnetsh.dll
c:\windows\system32\p2p.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\wlancfg.dll
c:\windows\system32\wlanhlp.dll
c:\windows\system32\wwancfg.dll
c:\windows\system32\wwapi.dll
c:\windows\system32\peerdistsh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\qagent.dll
c:\windows\system32\napipsec.dll
c:\windows\system32\tsgqec.dll
c:\windows\system32\eapqec.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\bcryptprimitives.dll

PID
1104
CMD
C:\Users\admin\AppData\Roaming\gkfkhedawfxh\vgdsikgkkebi.exe
Path
C:\Users\admin\AppData\Roaming\gkfkhedawfxh\vgdsikgkkebi.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\roaming\gkfkhedawfxh\vgdsikgkkebi.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\usp10.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\version.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll

PID
2412
CMD
C:\Users\admin\AppData\Local\Temp\iipmhaeaccpc\orrqrpcsgwbz.exe
Path
C:\Users\admin\AppData\Local\Temp\iipmhaeaccpc\orrqrpcsgwbz.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\iipmhaeaccpc\orrqrpcsgwbz.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\version.dll
c:\windows\system32\winmm.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\mpr.dll
c:\windows\system32\wininet.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\psapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll

PID
2784
CMD
C:\Users\admin\vifvmlpqaqjf\kgedvkmaodrl.exe
Path
C:\Users\admin\vifvmlpqaqjf\kgedvkmaodrl.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\vifvmlpqaqjf\kgedvkmaodrl.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\version.dll
c:\windows\system32\winmm.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\mpr.dll
c:\windows\system32\wininet.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\psapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll

PID
772
CMD
C:\Users\admin\AppData\Roaming\kdqyicnifumh\avfpdwwevrto.exe
Path
C:\Users\admin\AppData\Roaming\kdqyicnifumh\avfpdwwevrto.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\roaming\kdqyicnifumh\avfpdwwevrto.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\version.dll
c:\windows\system32\winmm.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\mpr.dll
c:\windows\system32\wininet.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\psapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll

PID
3452
CMD
C:\Users\admin\AppData\Local\ULXWDINBGTPAPGP\SystemProcess.exe
Path
C:\Users\admin\AppData\Local\ULXWDINBGTPAPGP\SystemProcess.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Version
0.0.0.0
Modules
Image
c:\users\admin\appdata\local\ulxwdinbgtpapgp\systemprocess.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\225759bb87c854c0fff27b1d84858c21\mscorlib.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\oleaut32.dll

PID
2616
CMD
C:\Users\admin\AppData\Local\Temp\awafvqrobbjo\skecatbucrom.exe
Path
C:\Users\admin\AppData\Local\Temp\awafvqrobbjo\skecatbucrom.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\awafvqrobbjo\skecatbucrom.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\version.dll
c:\windows\system32\winmm.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\mpr.dll
c:\windows\system32\wininet.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\psapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\propsys.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll

PID
3276
CMD
"C:\Windows\System32\taskmgr.exe"
Path
C:\Windows\System32\taskmgr.exe
Indicators
No indicators
Parent process
RegSvcs.exe
User
admin
Integrity Level
HIGH
Version:
Company
Microsoft Corporation
Description
Windows Task Manager
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\taskmgr.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\pcwum.dll
c:\windows\system32\shell32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\vdmdbg.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\slc.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\version.dll
c:\windows\system32\utildll.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\browcli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\smss.exe
c:\windows\system32\ntoskrnl.exe
c:\windows\system32\propsys.dll
c:\windows\system32\wininit.exe
c:\windows\explorer.exe
c:\windows\system32\svchost.exe
c:\program files\qemu-ga\qemu-ga.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\dwm.exe
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\taskeng.exe
c:\windows\system32\ctfmon.exe
c:\users\admin\desktop\[cracked]streambot 2\v\streambot 2.exe
c:\users\admin\appdata\local\temp\2222.exe
c:\windows\system32\conhost.exe
c:\users\admin\appdata\local\temp\protectedcy.exe
c:\windows\microsoft.net\framework\v2.0.50727\regasm.exe
c:\windows\system32\csrss.exe
c:\users\admin\appdata\local\temp\protectednj.exe
c:\windows\system32\services.exe
c:\windows\system32\winlogon.exe
c:\program files\winrar\winrar.exe
c:\users\admin\appdata\local\temp\protectedin.exe
c:\windows\system32\schtasks.exe
c:\windows\microsoft.net\framework\v4.0.30319\regsvcs.exe
c:\windows\system32\windanr.exe
c:\windows\system32\wbem\wmiprvse.exe
c:\users\admin\appdata\local\temp\bvpwslusihig\sdvgjhkhc.exe
c:\users\admin\appdata\local\temp\vnbzoayjfdra\zvkqhtpnl.exe
c:\windows\system32\searchfilterhost.exe
c:\windows\system32\netsh.exe
c:\windows\system32\audiodg.exe
c:\users\admin\appdata\local\temp\22.exe
c:\users\admin\appdata\local\temp\awafvqrobbjo\skecatbucrom.exe
c:\windows\system32\lsass.exe
c:\windows\system32\spoolsv.exe
c:\windows\system32\lsm.exe
c:\windows\system32\wbem\wmiapsrv.exe

PID
2856
CMD
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe"
Path
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
Indicators
No indicators
Parent process
Protectednj.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft .NET Assembly Registration Utility
Version
2.0.50727.5420 (Win7SP1.050727-5400)
Modules
Image
c:\windows\microsoft.net\framework\v2.0.50727\regasm.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\9e0a3b9b9f457233a335d7fba8f95419\system.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.visualbas#\08d608378aa405adc844f3cf36974b8c\microsoft.visualbasic.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.drawing\dbfe8642a8ed7b2b103ad28e0c96418a\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.windows.forms\3afcd5168c7a6cb02eab99d7fd71e102\system.windows.forms.ni.dll
c:\windows\system32\rpcrtremote.dll

PID
2060
CMD
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe"
Path
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
Indicators
No indicators
Parent process
Streambot 2.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft .NET Assembly Registration Utility
Version
2.0.50727.5420 (Win7SP1.050727-5400)
Modules
Image
c:\windows\microsoft.net\framework\v2.0.50727\regasm.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\user32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\9e0a3b9b9f457233a335d7fba8f95419\system.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.visualbas#\08d608378aa405adc844f3cf36974b8c\microsoft.visualbasic.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.drawing\dbfe8642a8ed7b2b103ad28e0c96418a\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.windows.forms\3afcd5168c7a6cb02eab99d7fd71e102\system.windows.forms.ni.dll
c:\windows\system32\rpcrtremote.dll

PID
2556
CMD
"C:\Users\admin\AppData\Local\Temp\awafvqrobbjo\skecatbucrom.exe"
Path
C:\Users\admin\AppData\Local\Temp\awafvqrobbjo\skecatbucrom.exe
Indicators
No indicators
Parent process
skecatbucrom.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\awafvqrobbjo\skecatbucrom.exe
c:\systemroot\system32\ntdll.dll

PID
1748
CMD
"C:\Users\admin\AppData\Local\Temp\awafvqrobbjo\skecatbucrom.exe"
Path
C:\Users\admin\AppData\Local\Temp\awafvqrobbjo\skecatbucrom.exe
Indicators
No indicators
Parent process
skecatbucrom.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\awafvqrobbjo\skecatbucrom.exe
c:\systemroot\system32\ntdll.dll

PID
2224
CMD
"C:\Users\admin\AppData\Local\Temp\awafvqrobbjo\skecatbucrom.exe"
Path
C:\Users\admin\AppData\Local\Temp\awafvqrobbjo\skecatbucrom.exe
Indicators
No indicators
Parent process
skecatbucrom.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\awafvqrobbjo\skecatbucrom.exe
c:\systemroot\system32\ntdll.dll

PID
3724
CMD
"C:\Users\admin\AppData\Local\Temp\awafvqrobbjo\skecatbucrom.exe"
Path
C:\Users\admin\AppData\Local\Temp\awafvqrobbjo\skecatbucrom.exe
Indicators
No indicators
Parent process
skecatbucrom.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\awafvqrobbjo\skecatbucrom.exe
c:\systemroot\system32\ntdll.dll

PID
1640
CMD
"C:\Users\admin\AppData\Local\Temp\awafvqrobbjo\skecatbucrom.exe"
Path
C:\Users\admin\AppData\Local\Temp\awafvqrobbjo\skecatbucrom.exe
Indicators
No indicators
Parent process
skecatbucrom.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\awafvqrobbjo\skecatbucrom.exe
c:\systemroot\system32\ntdll.dll

PID
3412
CMD
"C:\Users\admin\AppData\Local\Temp\awafvqrobbjo\skecatbucrom.exe"
Path
C:\Users\admin\AppData\Local\Temp\awafvqrobbjo\skecatbucrom.exe
Indicators
No indicators
Parent process
skecatbucrom.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\awafvqrobbjo\skecatbucrom.exe
c:\systemroot\system32\ntdll.dll

PID
3396
CMD
"C:\Windows\System32\schtasks.exe" /create /tn 66717363737462656F6C797A /tr "C:\Users\admin\AppData\Local\Temp\awafvqrobbjo\skecatbucrom.exe" /sc minute /mo 1 /F
Path
C:\Windows\System32\schtasks.exe
Indicators
No indicators
Parent process
skecatbucrom.exe
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Manages scheduled tasks
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\schtasks.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ktmw32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\taskschd.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\xmllite.dll

PID
3988
CMD
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe"
Path
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
Indicators
No indicators
Parent process
Streambot 2.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft .NET Assembly Registration Utility
Version
2.0.50727.5420 (Win7SP1.050727-5400)
Modules
Image
c:\windows\microsoft.net\framework\v2.0.50727\regasm.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\9e0a3b9b9f457233a335d7fba8f95419\system.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.visualbas#\08d608378aa405adc844f3cf36974b8c\microsoft.visualbasic.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.drawing\dbfe8642a8ed7b2b103ad28e0c96418a\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.windows.forms\3afcd5168c7a6cb02eab99d7fd71e102\system.windows.forms.ni.dll
c:\windows\system32\rpcrtremote.dll

PID
1856
CMD
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe"
Path
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
Indicators
No indicators
Parent process
Protectednj.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft .NET Assembly Registration Utility
Version
2.0.50727.5420 (Win7SP1.050727-5400)
Modules
Image
c:\windows\microsoft.net\framework\v2.0.50727\regasm.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\9e0a3b9b9f457233a335d7fba8f95419\system.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.visualbas#\08d608378aa405adc844f3cf36974b8c\microsoft.visualbasic.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.drawing\dbfe8642a8ed7b2b103ad28e0c96418a\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.windows.forms\3afcd5168c7a6cb02eab99d7fd71e102\system.windows.forms.ni.dll
c:\windows\system32\rpcrtremote.dll

PID
3428
CMD
C:\Windows\system32\wbem\WmiApSrv.exe
Path
C:\Windows\system32\wbem\WmiApSrv.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
WMI Performance Reverse Adapter
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\wbem\wmiapsrv.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\loadperf.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\psapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\wbem\wmiprov.dll

PID
2432
CMD
"C:\Users\admin\AppData\Local\Temp\Protectedcy.exe"
Path
C:\Users\admin\AppData\Local\Temp\Protectedcy.exe
Indicators
No indicators
Parent process
Protectedcy.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\protectedcy.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\pstorec.dll
c:\windows\system32\atl.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
776
CMD
"C:\Windows\System32\schtasks.exe" /create /tn 707A766E636B73687A646668 /tr "C:\Users\admin\AppData\Roaming\kdqyicnifumh\avfpdwwevrto.exe" /sc minute /mo 1 /F
Path
C:\Windows\System32\schtasks.exe
Indicators
No indicators
Parent process
Protectedcy.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Manages scheduled tasks
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\schtasks.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ktmw32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\taskschd.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\xmllite.dll

PID
480
CMD
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe"
Path
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
Indicators
No indicators
Parent process
Streambot 2.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft .NET Assembly Registration Utility
Version
2.0.50727.5420 (Win7SP1.050727-5400)
Modules
Image
c:\windows\microsoft.net\framework\v2.0.50727\regasm.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\9e0a3b9b9f457233a335d7fba8f95419\system.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.visualbas#\08d608378aa405adc844f3cf36974b8c\microsoft.visualbasic.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.drawing\dbfe8642a8ed7b2b103ad28e0c96418a\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.windows.forms\3afcd5168c7a6cb02eab99d7fd71e102\system.windows.forms.ni.dll
c:\windows\system32\rpcrtremote.dll

PID
2872
CMD
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe"
Path
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
Indicators
No indicators
Parent process
Protectednj.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft .NET Assembly Registration Utility
Version
2.0.50727.5420 (Win7SP1.050727-5400)
Modules
Image
c:\windows\microsoft.net\framework\v2.0.50727\regasm.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\9e0a3b9b9f457233a335d7fba8f95419\system.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.visualbas#\08d608378aa405adc844f3cf36974b8c\microsoft.visualbasic.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.drawing\dbfe8642a8ed7b2b103ad28e0c96418a\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.windows.forms\3afcd5168c7a6cb02eab99d7fd71e102\system.windows.forms.ni.dll
c:\windows\system32\rpcrtremote.dll

PID
3944
CMD
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe"
Path
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
Indicators
No indicators
Parent process
Streambot 2.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft .NET Assembly Registration Utility
Version
2.0.50727.5420 (Win7SP1.050727-5400)
Modules
Image
c:\windows\microsoft.net\framework\v2.0.50727\regasm.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\9e0a3b9b9f457233a335d7fba8f95419\system.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.visualbas#\08d608378aa405adc844f3cf36974b8c\microsoft.visualbasic.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.drawing\dbfe8642a8ed7b2b103ad28e0c96418a\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.windows.forms\3afcd5168c7a6cb02eab99d7fd71e102\system.windows.forms.ni.dll
c:\windows\system32\rpcrtremote.dll

PID
2364
CMD
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe"
Path
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
Indicators
No indicators
Parent process
Protectednj.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft .NET Assembly Registration Utility
Version
2.0.50727.5420 (Win7SP1.050727-5400)
Modules
Image
c:\windows\microsoft.net\framework\v2.0.50727\regasm.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\9e0a3b9b9f457233a335d7fba8f95419\system.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.visualbas#\08d608378aa405adc844f3cf36974b8c\microsoft.visualbasic.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.drawing\dbfe8642a8ed7b2b103ad28e0c96418a\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.windows.forms\3afcd5168c7a6cb02eab99d7fd71e102\system.windows.forms.ni.dll
c:\windows\system32\rpcrtremote.dll

PID
2956
CMD
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe"
Path
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
Indicators
No indicators
Parent process
Protectednj.exe
User
admin
Integrity Level
HIGH
Version:
Company
Microsoft Corporation
Description
Microsoft .NET Assembly Registration Utility
Version
2.0.50727.5420 (Win7SP1.050727-5400)
Modules
Image
c:\users\admin\appdata\local\temp\protectedwo.exe
c:\windows\microsoft.net\framework\v2.0.50727\regasm.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\9e0a3b9b9f457233a335d7fba8f95419\system.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.visualbas#\08d608378aa405adc844f3cf36974b8c\microsoft.visualbasic.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.drawing\dbfe8642a8ed7b2b103ad28e0c96418a\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.windows.forms\3afcd5168c7a6cb02eab99d7fd71e102\system.windows.forms.ni.dll

PID
4000
CMD
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe"
Path
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
Indicators
No indicators
Parent process
Streambot 2.exe
User
admin
Integrity Level
HIGH
Version:
Company
Microsoft Corporation
Description
Microsoft .NET Assembly Registration Utility
Version
2.0.50727.5420 (Win7SP1.050727-5400)
Modules
Image
c:\windows\microsoft.net\framework\v2.0.50727\regasm.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\9e0a3b9b9f457233a335d7fba8f95419\system.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.visualbas#\08d608378aa405adc844f3cf36974b8c\microsoft.visualbasic.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.drawing\dbfe8642a8ed7b2b103ad28e0c96418a\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.windows.forms\3afcd5168c7a6cb02eab99d7fd71e102\system.windows.forms.ni.dll

Registry activity

Total events
2761
Read events
2620
Write events
141
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
2920
SearchProtocolHost.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
2920
SearchProtocolHost.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\system32\notepad.exe,-469
Text Document
3348
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtBMP
3348
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtIcon
3348
WinRAR.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
3348
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
0
C:\Users\admin\AppData\Local\Temp\_Cracked_Streambot_2.rar
3348
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
name
120
3348
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
size
80
3348
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
type
120
3348
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
mtime
100
3856
Streambot 2.exe
write
HKEY_CLASSES_ROOT\mscfile\shell\open\command
C:\Users\admin\Desktop\[Cracked]Streambot 2\V\Streambot 2.exe
3856
Streambot 2.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3856
Streambot 2.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
1716
eventvwr.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
1716
eventvwr.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3660
Streambot 2.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3660
Streambot 2.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3732
Protectedcy.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3732
Protectedcy.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
1696
Protectedin.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
1696
Protectedin.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3352
Protectednj.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3352
Protectednj.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
572
Protectedwo.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
572
Protectedwo.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2344
22.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
CQIEKBLWXD
C:\Users\admin\AppData\Local\ULXWDINBGTPAPGP\SystemProcess.exe
3136
2222.sfx.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3136
2222.sfx.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3652
2222.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
DFDKTRCEJC
C:\Users\admin\AppData\Local\GKULWJXZKHORQKT\SystemProcess.exe
1012
RegSvcs.exe
write
HKEY_CURRENT_USER\Software\Clients
PID
1012
1012
RegSvcs.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
1012
RegSvcs.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
1332
RegAsm.exe
write
HKEY_CURRENT_USER
di
!
1332
RegAsm.exe
write
HKEY_CURRENT_USER\Environment
SEE_MASK_NOZONECHECKS
1
1332
RegAsm.exe
write
HKEY_CURRENT_USER\Software\207684760b97fec501cb11819803c6a5
[kl]
908
RegAsm.exe
write
HKEY_CURRENT_USER
di
!
3892
Protectedcy.exe
write
HKEY_CURRENT_USER\Software\putas
FirstExecution
15/05/2019 -- 19:30
3892
Protectedcy.exe
write
HKEY_CURRENT_USER\Software\putas
NewIdentification
putas
3892
Protectedcy.exe
write
HKEY_CURRENT_USER\Software\putas
NewGroup
3892
Protectedcy.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3892
Protectedcy.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
736
Protectedcy.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
736
Protectedcy.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2724
RegAsm.exe
write
HKEY_CURRENT_USER
di
!
3796
RegAsm.exe
write
HKEY_CURRENT_USER
di
!
2312
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
2312
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\dhcpqec.dll,-100
DHCP Quarantine Enforcement Client
2312
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\dhcpqec.dll,-101
Provides DHCP based enforcement for NAP
2312
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\dhcpqec.dll,-103
1.0
2312
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\dhcpqec.dll,-102
Microsoft Corporation
2312
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\napipsec.dll,-1
IPsec Relying Party
2312
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\napipsec.dll,-2
Provides IPsec based enforcement for Network Access Protection
2312
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\napipsec.dll,-4
1.0
2312
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\napipsec.dll,-3
Microsoft Corporation
2312
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\tsgqec.dll,-100
RD Gateway Quarantine Enforcement Client
2312
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\tsgqec.dll,-101
Provides RD Gateway enforcement for NAP
2312
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\tsgqec.dll,-102
1.0
2312
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\tsgqec.dll,-103
Microsoft Corporation
2312
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\eapqec.dll,-100
EAP Quarantine Enforcement Client
2312
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\eapqec.dll,-101
Provides Network Access Protection enforcement for EAP authenticated network connections, such as those used with 802.1X and VPN technologies.
2312
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\eapqec.dll,-102
1.0
2312
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\eapqec.dll,-103
Microsoft Corporation
2616
skecatbucrom.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2616
skecatbucrom.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2856
RegAsm.exe
write
HKEY_CURRENT_USER
di
!
2060
RegAsm.exe
write
HKEY_CURRENT_USER
di
!
3988
RegAsm.exe
write
HKEY_CURRENT_USER
di
!
1856
RegAsm.exe
write
HKEY_CURRENT_USER
di
!
3428
WmiApSrv.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\PROVIDERS\Performance
Performance Refreshed
0
480
RegAsm.exe
write
HKEY_CURRENT_USER
di
!
2872
RegAsm.exe
write
HKEY_CURRENT_USER
di
!
3944
RegAsm.exe
write
HKEY_CURRENT_USER
di
!
2364
RegAsm.exe
write
HKEY_CURRENT_USER
di
!
2956
RegAsm.exe
write
HKEY_CURRENT_USER
di
!
4000
RegAsm.exe
write
HKEY_CURRENT_USER
di
!

Files activity

Executable files
27
Suspicious files
8
Text files
387
Unknown types
0

Dropped files

PID
Process
Filename
Type
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\curl.exe
executable
MD5: b22281f1dd04e1d09643e437aaeee065
SHA256: 83d1fdb808bd681100dd946a7cfb2d7ab39ed1553d71261dfea30b727d786f00
2344
22.exe
C:\Users\admin\AppData\Local\ULXWDINBGTPAPGP\SystemProcess.exe
executable
MD5: 08ad476e6f9b60111349e3f81808dbf6
SHA256: 691a2f958856056637097587fa6f28900ea150369feec3551a6b1f1eca65f31c
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\libcurl.dll
executable
MD5: 981f71bc1f50cfbe711bf895f4ed0e1b
SHA256: f62eabefbbc823c2dc13476c94d5ba3a189da5020abab65239ef65e34c46d42e
2344
22.exe
C:\Users\admin\AppData\Local\Temp\BVPWSLUSIHIG\SDVGJHKHC.exe
executable
MD5: 222f649af364623037bda8ee9df02945
SHA256: 0b17861e7deb4cbb840fc8bc5832c08623f2887e00ef0f545973d23c9b5aee30
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\libidn-11.dll
executable
MD5: 56295c7afe3f0542d59d12ca955380db
SHA256: 1869c96af7c8f1130490b626f9b2c335f14a7b014035310d2421200e6cd98a81
3652
2222.exe
C:\Users\admin\AppData\Local\GKULWJXZKHORQKT\SystemProcess.exe
executable
MD5: 7ce6ad3eb5212421bdd99b28aa066244
SHA256: 751c890981e2d60f2e9bacadc69a7005ca0d2324af863844f453a0492be6d468
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\lanes.dll
executable
MD5: 0bb90eb0e10a3ada21ded203845b37fc
SHA256: a9c9467d0853924eda7f35ecad878831a01de377e925bf9a7071568ba0769536
3652
2222.exe
C:\Users\admin\AppData\Local\Temp\VNBZOAYJFDRA\ZVKQHTPNL.exe
executable
MD5: 222f649af364623037bda8ee9df02945
SHA256: 0b17861e7deb4cbb840fc8bc5832c08623f2887e00ef0f545973d23c9b5aee30
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\includes\Plugins\SLIDEREX\SLIDEREX.APO
executable
MD5: 9bd7dfbfe6c8a3bf7fe7012616ca2236
SHA256: 4f0aa49a7735ff7aebc52e52917973c0b69e1de28f384fc4219c6e753015a077
3732
Protectedcy.exe
C:\Users\admin\AppData\Roaming\kdqyicnifumh\avfpdwwevrto.exe
executable
MD5: 7b699eac914716ecb6463971d814e66f
SHA256: 5f8d797b9dfacde616d9f9e02a029c986dfd15c02f8e403133d8faf9242aba7a
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\libeay32.dll
executable
MD5: a9f8f35cc2caf8dba7167b91420a680b
SHA256: c7da870ad431d2bac13b40963ee5e7fec8fbc7ca7bc2b40308374ba5149e3651
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\includes\Plugins\LISTBOXEX\LISTBOXEX.APO
executable
MD5: 529f01618ec46676a763d6a704370033
SHA256: 1b77c4eecc2388a4c56dbfa15d15b8a657b939fbf1949c0b1f9a86de28c81648
3660
Streambot 2.exe
C:\Users\admin\AppData\Local\Temp\streambot2.exe
executable
MD5: bfae901fb1ab96f6666e8f62faa5c3e5
SHA256: 06c1d645216638eac7a236797f1b3bc2c5e9a8e41ca6d82a44a4f4e182b0b25d
1696
Protectedin.exe
C:\Users\admin\AppData\Local\Temp\iipmhaeaccpc\orrqrpcsgwbz.exe
executable
MD5: 3e250d0f4aa95e9a27940c5c4073b4ad
SHA256: c6b8f47738a0583f5f7c9720eabc08dc0901e417161d1fa98a176d6e4273e47f
3660
Streambot 2.exe
C:\Users\admin\AppData\Local\Temp\Protectedcy.exe
executable
MD5: 7b699eac914716ecb6463971d814e66f
SHA256: 5f8d797b9dfacde616d9f9e02a029c986dfd15c02f8e403133d8faf9242aba7a
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\includes\Plugins\IMAGESCROLLER\IMAGESCROLLER.APO
executable
MD5: 5c83fa65aca2df12d5e74e8e23f9c29d
SHA256: e0fba0d736a2cc5dbf6f1d1e955ff0c51e5d11b6fbe8c1ee095f0dd9bbb2788a
3660
Streambot 2.exe
C:\Users\admin\AppData\Local\Temp\Protectedin.exe
executable
MD5: 3e250d0f4aa95e9a27940c5c4073b4ad
SHA256: c6b8f47738a0583f5f7c9720eabc08dc0901e417161d1fa98a176d6e4273e47f
3352
Protectednj.exe
C:\Users\admin\AppData\Roaming\gkfkhedawfxh\vgdsikgkkebi.exe
executable
MD5: 4a33a5a8c995f05a8936576b01efc3cd
SHA256: 4a415169755690c1a9dc9f588c02a3f418e4f423b69edb98d6c3e88d5260d694
3136
2222.sfx.exe
C:\Users\admin\AppData\Local\Temp\2222.exe
executable
MD5: 7ce6ad3eb5212421bdd99b28aa066244
SHA256: 751c890981e2d60f2e9bacadc69a7005ca0d2324af863844f453a0492be6d468
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\includes\Plugins\GRADIENT\GRADIENT.APO
executable
MD5: 50b56942b35887ab015fbad1fa993a6e
SHA256: a21801f72169ed09d7a713dda9ad58db0cb133733a6a74b7194c0dbeb2242c20
3660
Streambot 2.exe
C:\Users\admin\AppData\Local\Temp\Protectedwo.exe
executable
MD5: 365dc3b84c9ebfed0c1416f5fbc963f8
SHA256: 6a54ea42d6486978e76da1b386e7295147b4f159dd2957567b4d00553bebf5d7
3660
Streambot 2.exe
C:\Users\admin\vifvmlpqaqjf\kgedvkmaodrl.exe
executable
MD5: 1df52611884090050bec78751f6bba39
SHA256: 0323c76b038626702914cfe9260f2fa84cd699be58f4ea0013d4d9a55323d607
3660
Streambot 2.exe
C:\Users\admin\AppData\Local\Temp\22.exe
executable
MD5: 08ad476e6f9b60111349e3f81808dbf6
SHA256: 691a2f958856056637097587fa6f28900ea150369feec3551a6b1f1eca65f31c
3660
Streambot 2.exe
C:\Users\admin\AppData\Local\Temp\Protectednj.exe
executable
MD5: 4a33a5a8c995f05a8936576b01efc3cd
SHA256: 4a415169755690c1a9dc9f588c02a3f418e4f423b69edb98d6c3e88d5260d694
3660
Streambot 2.exe
C:\Users\admin\AppData\Local\Temp\2222.sfx.exe
executable
MD5: 6124543f3283067ad82bf048891bc15a
SHA256: 79781af8b46099aefeef6d5c7838917c0c1e86b3ca743687f0d633f75273df8e
572
Protectedwo.exe
C:\Users\admin\AppData\Local\Temp\awafvqrobbjo\skecatbucrom.exe
executable
MD5: 365dc3b84c9ebfed0c1416f5fbc963f8
SHA256: 6a54ea42d6486978e76da1b386e7295147b4f159dd2957567b4d00553bebf5d7
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\includes\Plugins\SHAPE\SHAPE.APO
executable
MD5: 75a9117316fa7cd057afc78c4859df4d
SHA256: 4386c7bee62d530e0549862e9ea97ddd9151c055337775ab090487d9db3ec240
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\StreamBot2.ProcessChecker.dll
––
MD5:  ––
SHA256:  ––
3892
Protectedcy.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 362f05b2d49b743ee00716db99a0cd06
SHA256: f055255eb54e21e5d7302c02dcaeefdef6b40063fa4f99d9b6b56addae7ece15
3892
Protectedcy.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 579ef84cff4bc58d2fa3a1be350079a9
SHA256: 9aec6bc176333c45d61ab6567d3c0974f4fd78c9760ad82fbfcc2fc7c6bfa852
3892
Protectedcy.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: f9da15f2670dfdd472cda676a339831a
SHA256: 5b514063a4a580d01c80a94444515b7979111d2541efa953fc2eae304f363eb0
3892
Protectedcy.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: fe1933d37f4a436cc0e36a410c601948
SHA256: 3dc1842368fed424db57ee52e66bea7e451f0c7768510e7dbbd4313cfebeec3b
3892
Protectedcy.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 12c322dfdaffbd1b308bc388c032249f
SHA256: ebc3992bae8d9f70e037aecf198d5ce14036828017721abd5a6bc09647279dab
3892
Protectedcy.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: c7fe5cc41c7276dc37e0c5eaeb1f1797
SHA256: 0072a5d0fe0645637ef454b3cc565fdc4904313b030532d73c8aa7d2f0a23675
3892
Protectedcy.exe
C:\Users\admin\AppData\Local\Temp\UuU.uUu
text
MD5: 885d8aa4a903f226dee6bf0841d4c633
SHA256: 8564154f76b1e2d09cf01f8870c4b41e7fdd40f31832e0eccc642a1eda213773
3892
Protectedcy.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 885d8aa4a903f226dee6bf0841d4c633
SHA256: 8564154f76b1e2d09cf01f8870c4b41e7fdd40f31832e0eccc642a1eda213773
3892
Protectedcy.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: ecbff68cb57d5b0190839815c2430dff
SHA256: 4bc5b6b72c6fb00352a2d529bfb9bd0d0ceb374d65e037963b265d5439f75941
3892
Protectedcy.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 9c3d150ba4b7572a2d4026b35cbb0c05
SHA256: 0e38124175d08d105466e9a429b7d900a6397bdb0c5def1e42ec6838ea9ba494
3892
Protectedcy.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 66fb6187ef0467429e0ab13176cd10c6
SHA256: 98df272ae155869a26ffd27128d8487b5d5157f2e4c73140ad11a3cdf41c0d85
3892
Protectedcy.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 3d5ec5106b81020f6d599d83ab7c71af
SHA256: efbc09f281c1371dac74c2a9ba8e11ee48d6e5220f7f6f91727b1ec5f7e1e79d
3892
Protectedcy.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 44478c143125a4adafcef688dba60850
SHA256: a48306345cf5bcf7bc05e710c0b33e68b9b987803a54dea6ee0ed0368ca592dd
3892
Protectedcy.exe
C:\Users\admin\AppData\Local\Temp\UuU.uUu
text
MD5: 44478c143125a4adafcef688dba60850
SHA256: a48306345cf5bcf7bc05e710c0b33e68b9b987803a54dea6ee0ed0368ca592dd
3892
Protectedcy.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 132789d4e65cf0b5c5e95042173769a3
SHA256: 4cb9f5f5c0b96b265f3acc7e56538af3c5d659bc7f953799d4de649adf5d6fa1
1012
RegSvcs.exe
C:\Users\admin\AppData\Roaming\Imminent\Logs\15-05-2019
binary
MD5: 587671feeaa85fddcb85eb181e588538
SHA256: fa78ef0487b8b3325b79506e4ac7508982b6ed5bfee09cfa8dc37b8ec0253cb9
3892
Protectedcy.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 75f1b42a562ca4fad0e326dbbd0cdbba
SHA256: c3c2c7ec7ce51e029b683dc19bd6831cd3b536cd8efd6ccf4ea314a065ef646b
3892
Protectedcy.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 18d6cc3e7a1f8080e03526e9ca9c9fe3
SHA256: 2f88b1ca594d49e1885b0d5bf2cac46f348730100e21e68c82e229626967c189
3892
Protectedcy.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 79cc2c9b21668900d7d931e8e5848746
SHA256: 79d8dcc56b81da66a102c6b184809f00ff1d42885e2cb57ac0a841ca4b6bd5c0
3892
Protectedcy.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 5904148a9ea4a90e90ca499972631e28
SHA256: 71f2c84d8d63863c90f15096e7787e6e0b47e38c9a36644a517bbba6b0262154
3892
Protectedcy.exe
C:\Users\admin\AppData\Local\Temp\UuU.uUu
text
MD5: 5904148a9ea4a90e90ca499972631e28
SHA256: 71f2c84d8d63863c90f15096e7787e6e0b47e38c9a36644a517bbba6b0262154
1012
RegSvcs.exe
C:\Users\admin\AppData\Roaming\Imminent\Monitoring\network.dat
binary
MD5: 4a32f06b5c139dce8f8cf7ff7ea3e754
SHA256: 60ff70d7c8ed8e6c26be90d8091f684459832f437d45f93e5b6bd2073bacb643
1012
RegSvcs.exe
C:\Users\admin\AppData\Roaming\Imminent\Monitoring\system.dat
binary
MD5: 17343ea41586381c4b0a2b6b97cb708d
SHA256: 84c4af528a44ce30c956a914554662e99b381a39041ee2568ec1336427f1a216
1012
RegSvcs.exe
C:\Users\admin\AppData\Roaming\Imminent\Logs\15-05-2019
text
MD5: 33be604f8044d5984e8e3e3b694d710a
SHA256: 3f785f1cc535b0987139623200c7910b2b28f92dfe3309e8e071c091d0ce7313
3892
Protectedcy.exe
C:\Users\admin\AppData\Local\Temp\UuU.uUu
text
MD5: d89335631967fc44b87c37dbeb871e51
SHA256: 4e5da1f5f9dd697174e215c355cb0a669a41926c845e784eecd3c15a670af0d7
3892
Protectedcy.exe
C:\Users\admin\AppData\Local\Temp\UuU.uUu
text
MD5: f7d55e5f26f09dad56e2ada40afaee36
SHA256: 9b4ce455e1d18a91ceb7b1087aac52ef309901b79b58a3111c20c54f934695da
3892
Protectedcy.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: f7d55e5f26f09dad56e2ada40afaee36
SHA256: 9b4ce455e1d18a91ceb7b1087aac52ef309901b79b58a3111c20c54f934695da
3892
Protectedcy.exe
C:\Users\admin\AppData\Roaming\cglogs.dat
text
MD5: bf3dba41023802cf6d3f8c5fd683a0c7
SHA256: 4a8e75390856bf822f492f7f605ca0c21f1905172f6d3ef610162533c140507d
1212
Protectedcy.exe
C:\Users\admin\AppData\Local\Temp\XX--XX--XX.txt
binary
MD5: 1b3b15d27273caf1625c9c634ddb988a
SHA256: 8ac4f28f288cf02a2f48274bf195ebecb5ff1487557cc72ee2f4a9731b7f40ab
3892
Protectedcy.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 02f7ed065f7c9610684651a55fa0a4f2
SHA256: 8a48e48e92fb5bae71b6ac443081a8c4048952b69bd2e68ce6ecf2a08e96771b
3892
Protectedcy.exe
C:\Users\admin\AppData\Local\Temp\UuU.uUu
text
MD5: 431fa93457904c74d2b3c7775b4ef9c4
SHA256: a4d4770331fa4aa5ec11855a5426b034dae7f630dc365ca04719c545cb0ebbff
3892
Protectedcy.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 431fa93457904c74d2b3c7775b4ef9c4
SHA256: a4d4770331fa4aa5ec11855a5426b034dae7f630dc365ca04719c545cb0ebbff
3892
Protectedcy.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 2ba7d3f7b9ff7ff35b1ae53b48c5a560
SHA256: bc8d9d87911f44179aaf54fa4556eb49a98967511bb61d9110e2376eb1bd4077
3892
Protectedcy.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: c1cabf6c5c1dbaa3e4521f1e3ddd7592
SHA256: 633e5440c0006d744c0b7f26b2b39e7bbf1b51922e8c72054f20a2a964f4b054
3892
Protectedcy.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 19a66d5a27390c174ff552d6737ee2ed
SHA256: d24511d2d91bc79686c7c7e0e5f5e18fab8f9b7b6b1c249a432f4240820a72f9
3892
Protectedcy.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 626d4c5d011a113158c067976cee6f28
SHA256: 657afd832db995556b32d708ce664d4e872a3d5bfdb12e05906369065518149c
3892
Protectedcy.exe
C:\Users\admin\AppData\Local\Temp\UuU.uUu
text
MD5: eac8c30d3c63ae6e7852ea97c27057c8
SHA256: 00a43a72ffd3aa456dd59e5b765a0c0468d7d5883d7ad1736e4889320183ddf0
3892
Protectedcy.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: eac8c30d3c63ae6e7852ea97c27057c8
SHA256: 00a43a72ffd3aa456dd59e5b765a0c0468d7d5883d7ad1736e4889320183ddf0
3892
Protectedcy.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 6d50e98381b2deb20c7ca7b98d4bd4f4
SHA256: da84e4440711a8b8dc1af6012ea412a92f5a39e6ca1907b54a6cfff1a1567546
3892
Protectedcy.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 315963e44678fc84c4460954ef6a0e57
SHA256: 48f7edcbb31e466c293df3bfaefc523fc564f21b439d38026928bb9c6b8e229b
3892
Protectedcy.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: fea020b4aa80d50f522370c9c9df0d0f
SHA256: fef6e96758329d4fe54cc602bc44c8606522b4c28c9a05b821745da287694ab5
3892
Protectedcy.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: f6af806420e27db45321cd441a4395d3
SHA256: 22774f8326bd2266702bddcd1ae8ff37a8c8e5fd463dafd0effe080fe6fe0106
3892
Protectedcy.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 2dedbd7a706406cde2e8c4467255c503
SHA256: b366d8310b875ab3aa6e336cbb5b017afe98b2048f25103e914d6d7bc3ce350a
3892
Protectedcy.exe
C:\Users\admin\AppData\Local\Temp\UuU.uUu
text
MD5: 2dedbd7a706406cde2e8c4467255c503
SHA256: b366d8310b875ab3aa6e336cbb5b017afe98b2048f25103e914d6d7bc3ce350a
3892
Protectedcy.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
––
MD5:  ––
SHA256:  ––
3892
Protectedcy.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: cc97795be36faa13099e93ca7e4f6d2f
SHA256: dcd0b5bdbfc6bbf7e897b56e53ef7aeac4d91f8fb253b636d7da1afa0860a070
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\vpn.txt
––
MD5:  ––
SHA256:  ––
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\StreamBot2.ThreadDispatcher.dll
––
MD5:  ––
SHA256:  ––
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\zlib1.dll
––
MD5:  ––
SHA256:  ––
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\StreamBot2.ListIcon.dll
––
MD5:  ––
SHA256:  ––
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\User-Agents.txt
––
MD5:  ––
SHA256:  ––
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\includes\dat01\ap1.dat
text
MD5: 38de427224a5082a04fe82e2bd4ea9ec
SHA256: 12f99f53144294750fe8713d580eda286f4bd95cd9c840db8ab957def8040028
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\StreamBot2.ToolWindow.dll
––
MD5:  ––
SHA256:  ––
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\StreamBot2.ListIconEx.dll
––
MD5:  ––
SHA256:  ––
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\Streambot 2.exe
––
MD5:  ––
SHA256:  ––
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\streambot2.dll
––
MD5:  ––
SHA256:  ––
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\StreamBot2.Authentication.dll
––
MD5:  ––
SHA256:  ––
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\ssleay32.dll
––
MD5:  ––
SHA256:  ––
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\socket\core.dll
––
MD5:  ––
SHA256:  ––
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\socket\tp.lua
––
MD5:  ––
SHA256:  ––
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\socket\ftp.lua
––
MD5:  ––
SHA256:  ––
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\socket.lua
––
MD5:  ––
SHA256:  ––
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\socket\smtp.lua
––
MD5:  ––
SHA256:  ––
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\socket\url.lua
––
MD5:  ––
SHA256:  ––
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\socket\http.lua
––
MD5:  ––
SHA256:  ––
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\lua5.1.dll
––
MD5:  ––
SHA256:  ––
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\mime.lua
––
MD5:  ––
SHA256:  ––
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\ltn12.lua
––
MD5:  ––
SHA256:  ––
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\luacurl.dll
––
MD5:  ––
SHA256:  ––
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\mime\core.dll
––
MD5:  ––
SHA256:  ––
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\lua51.dll
––
MD5:  ––
SHA256:  ––
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\lua-subprocess.dll
––
MD5:  ––
SHA256:  ––
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\librtmp.dll
––
MD5:  ––
SHA256:  ––
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\libssh2.dll
––
MD5:  ––
SHA256:  ––
3892
Protectedcy.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: ef9ddfb78fc2eb59ef57bcae29709d8f
SHA256: ad00d61933acb34881c13db0350bad01c496b1fc3a0ac62814e025167fb008d5
3892
Protectedcy.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 0a956e99a71ba90f6173ff6d34a53863
SHA256: ddfef951b2260a816e618090e9b017571bc36eaa7fb5222c48622910c000ea6e
3892
Protectedcy.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: e6819bfd98047c54e8c630ca0f7f5379
SHA256: 751d54adeb3b0a05f59da6ae679909bf12d6c43157499ccdad49ca95b6cf1df3
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\json.lua
text
MD5: dd49d0ad2aaa86d1f606b9f4934634d0
SHA256: 61701d808a6f75a97bb995c1cc573326d93961dc8e9814feb21b014e64d1856f
3892
Protectedcy.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 1af96641981865ca37071b59cfebae54
SHA256: 67337dc20dd32055a439a67759da1e1955c06be1e4024c856e9cf099ef4fb39a
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\lanes.lua
text
MD5: 5c068fcd1435172b49e538ee5ef9f3cb
SHA256: ff2747cbc10aacaaea59252de34d9a42158ecbf8db75463191eace1dbf362c0d
3892
Protectedcy.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 0026c08376189d907b5ed704d665ecf6
SHA256: 88af9dee731d19b4669082bd445a90ab0de5c8c5631869740a164f656d606916
3892
Protectedcy.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 93ce8ffb023bc98f637e113844545be6
SHA256: 7a1a1432c219c774440d8963a73036617fd03a6f35573485d6f4bf9919d2a881
3892
Protectedcy.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 8ff914c9526d6148adcd6db15ae93ad4
SHA256: c17b2aca20e56e07cfc9de039ddc7add39925efa0551a0f1741051022727a0fe
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\includes\Plugins\sb_Windows7.png
image
MD5: 9611ce75df8ebea96db486763cf650f7
SHA256: 84d49dbe7e6b2a8c40b9c347f8cef4ed8743e42e25685e9a7686452ba2c64c3b
3892
Protectedcy.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 8d2e5a9c5ab5977d99895407f1d90851
SHA256: e988f40c1e5e53e8893aa4cc4cd9ddd125e096430d1519a9e12276c1637bac04
3892
Protectedcy.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 26bd9b590b4a61827f3eca332b082c76
SHA256: 5ce51085ff39433485dfad90ca256acf894d99fc0b7eba03baf6df13f74b0709
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\includes\dat01\ap8.dat
image
MD5: 910aec74bd5268386b9e4dc0b4c0da75
SHA256: 98d90af8bc8bbecf2f16d10021b9fa7a6066faf8d26715a58f7ba7361fd2a07c
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\includes\dat01\ap9.dat
image
MD5: ce2c5f0470c41ca827d56d20f0e419a0
SHA256: ed76cf131ecb7fe13f2f93092d17f602d2d411b433a8c4b1e93cbd937ac14b6f
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\includes\Icons\1377888911_118690.ico
image
MD5: 42babc15a9da8369e635a9ecdcd212ea
SHA256: 9ba5fdf93cb2c5e1d4b793d63da4b585bda04882e2a5e370352b708ba5983993
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\includes\dat01\ap5.dat
image
MD5: ea8496f2d435a425991629c93defab82
SHA256: c9d41721f67928ea4ed51ef79d02af3bc0ab3efaa62ce815d3ad3641ca4f7548
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\includes\dat01\ap6.dat
compressed
MD5: 62dec1f69d65afe0aa7afaaa78d18aad
SHA256: a442afd16bcc8fc7d499c402be50fdb2e2b388e2fbb8d1f0bdddcfa674ba6f99
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\includes\dat01\ap7.dat
image
MD5: 705a23612023ddfd73151640294f0924
SHA256: 234664d70a501acffe5d4940851c33badfafba57501334d55d580a4de39c65e5
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\includes\dat01\ap44.dat
image
MD5: 382945a72713957406381a3b9216d457
SHA256: 97eec4fa68edc9aa4dff61b662292acf41f75a9b2a41d4408bb3d81824d18af6
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\includes\dat01\ap42.dat
image
MD5: 8ec0763bc1d06ea61e7ec1f904060cdc
SHA256: 7c5f28cfc605c1aba58fd8987edec1ced2c199341180102054245ec44a51c36f
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\includes\dat01\ap4.dat
image
MD5: 0dcf1223a55dec4bb706e8c2d67890c2
SHA256: f678af1c1f8650c6cee4d0d84cbaa72e1693ddd84977e090a1efaf41440674c3
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\includes\dat01\ap40.dat
image
MD5: c9b528b9541e127967eda62f79118ef0
SHA256: 644faffc659fb1e6778cf5290022fbcde177952c66881848e6380ed91211e878
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\includes\dat01\ap43.dat
image
MD5: 8268944ae414a463c3b7ecfe98577c13
SHA256: 3f9f39b5d2ad830a5741081f39a1ad9dad8ba6fe9680dcd984ce3682be338a8d
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\includes\dat01\ap36.dat
image
MD5: 6b5a0169229b7ae7cfa49101ca39f16d
SHA256: fc0c95bd24b5146b12d355291555579e5330bd5f333af2e337574f10bd0aefe1
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\includes\dat01\ap38.dat
image
MD5: 76b4e202939e9e49677474948734ceb4
SHA256: 769e38e7658a35badefc667502b468001d2e8b57ee43543c16c1ae75a1a5f104
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\includes\dat01\ap39.dat
image
MD5: 14883bc852504db9f07d091e887552d5
SHA256: 24940cb22c7fedb26bc1aa9ced5890698bf9a1d0ba253f430caee12f1efd0bf8
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\includes\dat01\ap37.dat
image
MD5: 97176626eef35c7beb4f05a850325042
SHA256: da281a874974bf0c9518ccd03db9c96e1f69bfbb72ad62bee649c400d97e4899
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\includes\dat01\ap41.dat
image
MD5: 0a44f4c51a8db5bfe2f180baff22fb0d
SHA256: b228813bc8b8052edf01507b96a7b04612c0d53ad2393e6a93e7594aee43a87c
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\includes\dat01\ap30.dat
image
MD5: bb6d3c6dd2b1182ca4877d05f7e67a91
SHA256: 9697f3ae90bfdbcffe8811d9a5cd2e2a98f1d44a06c2cc9d8eb5674fc414f33e
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\includes\dat01\ap3.dat
image
MD5: 026bfcfe87f6e8fd3e3a33e353be421b
SHA256: 8a61fba559c08b82e10ad258cf72fe71de24e56f5edc7a8f20995bca295fc693
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\includes\dat01\ap35.dat
image
MD5: a28a839beeaa96de9aaab2bd4f9ef14a
SHA256: 5ad4475567db2451cc26ce4e7f53c0bd7c07ba5593377ce938eefe47da2c93cc
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\includes\dat01\ap31.dat
image
MD5: 83ceb675d61ca1fdee0f84c2f5fe5daa
SHA256: f36478fffeeb2579529680ebdde8e0607ed0d00b3bc70d91cf11d0fe56145bae
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\includes\dat01\ap29.dat
image
MD5: 9173a4bbfc63c66e7668b802ee3c2297
SHA256: e3c66f073c00b1160327017ce2d318fa1be4b6d6252d6ef4a6c4d2e8f2c76481
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\includes\dat01\ap24.dat
image
MD5: 28389196be905d4d4660c46fb663a3cc
SHA256: 95365c85c587d51be1b69ac572fe6e87c1a093da0e7b98e67bd309ab09483b54
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\includes\dat01\ap34.dat
image
MD5: 1855647e6aaedc1a0069cc6c3cc84ec6
SHA256: d7e77b523b38269cde26ddb8405935fc15106d381e3155d720b99fe890884341
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\includes\dat01\ap28.dat
image
MD5: 42492684e24356a4081134894eabeb9e
SHA256: d04ecfc93ff86c44f6fc39e35945e3d8a7648ba8fcd97a2635920df2e88893b3
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\includes\dat01\ap27.dat
image
MD5: a9bf84458ac8543c6fa09a24a669b88d
SHA256: e795a59234c8935964ebf74c762f7be09adc7b6b74dd47f982b58d7fbae52516
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\includes\dat01\ap32.dat
image
MD5: eac5465bac6b7e5d9242e806a4d1e35c
SHA256: 5aaea3ccd7c86533f972fb3e4d2d05a567c091bf3951700411eefc51526da763
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\includes\dat01\ap33.dat
image
MD5: 3750c701d2ec35a45d289b9b9c1a0667
SHA256: ff9c48d8c2d063932c7aadd5e15ddfdc76b7111bf0715f3a192bba26df2c531c
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\includes\dat01\ap25.dat
image
MD5: 6b95778460f660aa7c08f47d244780a7
SHA256: 280dbbf4671d54b64df74e62245a831d8586215bac281b4cfd6f2254d7bff59e
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\includes\dat01\ap26.dat
image
MD5: b1947165f71cdee1597118af58c7aa5c
SHA256: f7efb0efab796ee54016b4c4bc7e0260e9728a0bd387a1e38067ae63722fa672
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\includes\dat01\ap23.dat
image
MD5: fa9aaf285bad435122001b162b72f0b8
SHA256: a6637fbcdeb5ea08a7297e2b50ca5eaa9039e99ad1b84a780007b3b34022e016
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\includes\dat01\ap15.dat
image
MD5: 9739753453ec79e41c49500dda06d0c9
SHA256: 56407243dfea14f0a42d5cd7e0d7ce3d3d828c83ab3c1a70fc3e09056e99d110
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\includes\dat01\ap18.dat
image
MD5: 9073d4d6cb37ab39caa44cff241182ee
SHA256: 19105802e9202f5070919d1326732be8e8b0d0ef0b9e7dd11aa6bf7dd43042d3
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\includes\dat01\ap21.dat
image
MD5: 83e5eef02e173ac3efd8ca49609ec5e3
SHA256: 87249bfb103a8fde22fe5c6c77cb990e36ae31fbff8a5ff8361f99199b0f79f4
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\includes\dat01\ap17.dat
image
MD5: 60b09cee404fcc00b7cb15ec1fda26db
SHA256: 6a17eaa4fe1b8574588367254ea27b9686c5b8dfb13928028d13415dcf44fdbb
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\includes\dat01\ap16.dat
compressed
MD5: 05285a412184d9b14b68514e5bc7178c
SHA256: 6f3863bfaa7a17cc371579d02dd5c2ce3000c940dfc2c67b8205aa02b231bba5
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\includes\dat01\ap22.dat
compressed
MD5: 45ddef3b2dfa5d79dde211620fcf538c
SHA256: 1159a44808faa6c897bda6d66ae0620b898593a13eaf56318cddbe66a8298583
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\includes\dat01\ap20.dat
image
MD5: 694b28725867a2c893a2535ca310acb8
SHA256: 475fe9452812c91bcd7208687de014419fdc0c77fe29747fd18dda3eadacaea8
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\includes\dat01\ap19.dat
image
MD5: 42bc9a74d40e97e194da9eb07c8304d1
SHA256: fef73f3330feebf6591fcf11e695370d98ced4342f25ee0d6984bc6bd031346d
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\includes\dat01\ap11.dat
compressed
MD5: eeb4b272a3c00ab96e0d854bdf67bb9a
SHA256: bc42ac736f96d0cd124fda4933b83b64c7da3e8dc4c764d87215d2f332b8b280
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\includes\dat01\ap14.dat
image
MD5: 58724ce63dfb037c86ee19358fc20157
SHA256: d4d9be6bfbaaf7b4215d149907182b8d92137628e0369986d07e8e27006817e8
3892
Protectedcy.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 9911752fcbdb6e3be016520c976637ca
SHA256: 34b12192ff0eed94df8752ca84b46ad61b477681fc81f7389391a9b7876427cd
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\includes\dat01\ap10.dat
image
MD5: 15fec6c33a20a6ecb295fa55514781e7
SHA256: e238521a1915a0c488d87fa0068d03135ba2d806268f58e973b858195975b20d
3348
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3348.1376\[Cracked]Streambot 2\V\includes\dat01\ap12.dat
image
MD5: d8d7a1347773a2f1bf652174075c6b