General Info

File name

10.rar

Full analysis
https://app.any.run/tasks/dd1cc3dd-4abe-47e5-af43-b4aeac206060
Verdict
Malicious activity
Analysis date
4/15/2019, 10:12:46
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

autoit

trojan

loader

rat

njrat

bladabindi

Indicators:

MIME:
application/x-rar
File info:
RAR archive data, v5
MD5

ee5913019f84f46ed0c51b6f9a54daeb

SHA1

962bf52cbdc623e58a183b072d7587e608b74f99

SHA256

8c2884d079a373e60b03c666e117e9f45192af864f54d019d268c99c34c9df28

SSDEEP

98304:dGVjRLWShF9fKS34MXmExsjH+hbfIhmQbFme1yq77aKk5:dGVUMoMXByOIhbD1yq77a3

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Loads dropped or rewritten executable
  • SearchProtocolHost.exe (PID: 2044)
Writes to a start menu file
  • puy.exe (PID: 2480)
  • NetFlix GC Checker by xRisky.exe (PID: 296)
  • pu.exe (PID: 916)
  • puty.exe (PID: 2128)
  • putty.exe (PID: 344)
Application was dropped or rewritten from another process
  • NetFlix GC Checker by xRisky.exe (PID: 2520)
  • pu.exe (PID: 916)
  • puy.exe (PID: 2480)
  • puty.exe (PID: 2128)
  • putty.exe (PID: 344)
  • NetFlix GC Checker by xRisky.exe (PID: 296)
NJRAT was detected
  • RegAsm.exe (PID: 3636)
Changes settings of System certificates
  • RegAsm.exe (PID: 2668)
Downloads executable files from the Internet
  • NetFlix GC Checker by xRisky.exe (PID: 296)
Uses SVCHOST.EXE for hidden code execution
  • svchost.exe (PID: 988)
  • putty.exe (PID: 344)
  • svchost.exe (PID: 3132)
Uses NETSH.EXE for network configuration
  • RegAsm.exe (PID: 3636)
Executable content was dropped or overwritten
  • puy.exe (PID: 2480)
  • puty.exe (PID: 2128)
  • putty.exe (PID: 344)
  • NetFlix GC Checker by xRisky.exe (PID: 296)
  • WinRAR.exe (PID: 3640)
Creates files in the user directory
  • NetFlix GC Checker by xRisky.exe (PID: 296)
  • puy.exe (PID: 2480)
  • puty.exe (PID: 2128)
  • putty.exe (PID: 344)
  • svchost.exe (PID: 3132)
  • rundll32.exe (PID: 1024)
Adds / modifies Windows certificates
  • RegAsm.exe (PID: 2668)
Reads Internet Cache Settings
  • rundll32.exe (PID: 3328)
  • rundll32.exe (PID: 644)
  • rundll32.exe (PID: 1540)
  • rundll32.exe (PID: 2904)
  • rundll32.exe (PID: 1024)
Application launched itself
  • svchost.exe (PID: 988)
  • svchost.exe (PID: 3132)
Uses RUNDLL32.EXE to load library
  • NetFlix GC Checker by xRisky.exe (PID: 296)

No info indicators.

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.rar
|   RAR compressed archive (v5.0) (61.5%)
.rar
|   RAR compressed archive (gen) (38.4%)

Screenshots

Processes

Total processes
56
Monitored processes
21
Malicious processes
8
Suspicious processes
2

Behavior graph

+
start download and start download and start download and start download and start drop and start winrar.exe netflix gc checker by xrisky.exe rundll32.exe no specs putty.exe rundll32.exe no specs puty.exe rundll32.exe no specs svchost.exe no specs puy.exe svchost.exe rundll32.exe no specs regasm.exe pu.exe svchost.exe no specs rundll32.exe no specs regasm.exe regsvcs.exe no specs searchprotocolhost.exe no specs netflix gc checker by xrisky.exe no specs #NJRAT regasm.exe netsh.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2044
CMD
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
Path
C:\Windows\System32\SearchProtocolHost.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft Windows Search Protocol Host
Version
7.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\tquery.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msshooks.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\msidle.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\mssph.dll
c:\windows\system32\mapi32.dll
c:\windows\system32\authz.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shell32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\propsys.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\windows\system32\notepad.exe
c:\windows\system32\version.dll
c:\users\admin\desktop\netflix gift card checker by xrisky\pu.exe
c:\users\admin\desktop\netflix gift card checker by xrisky\puy.exe
c:\users\admin\desktop\netflix gift card checker by xrisky\puty.exe
c:\users\admin\desktop\netflix gift card checker by xrisky\putty.exe
c:\users\admin\desktop\netflix gift card checker by xrisky\netflix gc checker by xrisky.exe
c:\users\admin\desktop\netflix gift card checker by xrisky\metrosuite 2.0.dll
c:\users\admin\desktop\netflix gift card checker by xrisky\leaf.xnet.dll
c:\windows\system32\wshext.dll
c:\windows\system32\netutils.dll

PID
3640
CMD
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\10.rar"
Path
C:\Program Files\WinRAR\WinRAR.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Alexander Roshal
Description
WinRAR archiver
Version
5.60.0
Modules
Image
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\uxtheme.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\riched20.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\winmm.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\wmasf.dll
c:\windows\system32\ehstorapi.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll

PID
296
CMD
"C:\Users\admin\Desktop\Netflix Gift Card Checker by xRisky\NetFlix GC Checker by xRisky.exe"
Path
C:\Users\admin\Desktop\Netflix Gift Card Checker by xRisky\NetFlix GC Checker by xRisky.exe
Indicators
Parent process
––
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\desktop\netflix gift card checker by xrisky\netflix gc checker by xrisky.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\version.dll
c:\windows\system32\winmm.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\mpr.dll
c:\windows\system32\wininet.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\psapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\iconcodecservice.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rundll32.exe
c:\windows\system32\normaliz.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\propsys.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\users\admin\desktop\netflix gift card checker by xrisky\putty.exe
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\users\admin\desktop\netflix gift card checker by xrisky\puty.exe
c:\users\admin\desktop\netflix gift card checker by xrisky\puy.exe
c:\users\admin\desktop\netflix gift card checker by xrisky\pu.exe
c:\windows\system32\ndfapi.dll
c:\windows\system32\wdi.dll
c:\windows\system32\duser.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\shdocvw.dll
c:\users\admin\appdata\roaming\netflix gc checker by xrisky.exe
c:\windows\microsoft.net\framework\v2.0.50727\regasm.exe

PID
1024
CMD
"C:\Windows\system32\rundll32.exe" "C:\Windows\system32\WININET.dll",DispatchAPICall 1
Path
C:\Windows\system32\rundll32.exe
Indicators
No indicators
Parent process
NetFlix GC Checker by xRisky.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows host process (Rundll32)
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\rundll32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\wininet.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll

PID
344
CMD
"C:\Users\admin\Desktop\Netflix Gift Card Checker by xRisky\putty.exe"
Path
C:\Users\admin\Desktop\Netflix Gift Card Checker by xRisky\putty.exe
Indicators
Parent process
NetFlix GC Checker by xRisky.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\desktop\netflix gift card checker by xrisky\putty.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\version.dll
c:\windows\system32\winmm.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\mpr.dll
c:\windows\system32\wininet.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\psapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\iconcodecservice.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\apphelp.dll

PID
2904
CMD
"C:\Windows\system32\rundll32.exe" "C:\Windows\system32\WININET.dll",DispatchAPICall 1
Path
C:\Windows\system32\rundll32.exe
Indicators
No indicators
Parent process
NetFlix GC Checker by xRisky.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows host process (Rundll32)
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\rundll32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\wininet.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll

PID
2128
CMD
"C:\Users\admin\Desktop\Netflix Gift Card Checker by xRisky\puty.exe"
Path
C:\Users\admin\Desktop\Netflix Gift Card Checker by xRisky\puty.exe
Indicators
Parent process
NetFlix GC Checker by xRisky.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\desktop\netflix gift card checker by xrisky\puty.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\version.dll
c:\windows\system32\winmm.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\mpr.dll
c:\windows\system32\wininet.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\psapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\iconcodecservice.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\apphelp.dll
c:\windows\microsoft.net\framework\v2.0.50727\regasm.exe

PID
1540
CMD
"C:\Windows\system32\rundll32.exe" "C:\Windows\system32\WININET.dll",DispatchAPICall 1
Path
C:\Windows\system32\rundll32.exe
Indicators
No indicators
Parent process
NetFlix GC Checker by xRisky.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows host process (Rundll32)
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\rundll32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\wininet.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll

PID
988
CMD
"C:\Windows\System32\svchost.exe"
Path
C:\Windows\System32\svchost.exe
Indicators
No indicators
Parent process
putty.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Host Process for Windows Services
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\svchost.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\pstorec.dll
c:\windows\system32\atl.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll

PID
2480
CMD
"C:\Users\admin\Desktop\Netflix Gift Card Checker by xRisky\puy.exe"
Path
C:\Users\admin\Desktop\Netflix Gift Card Checker by xRisky\puy.exe
Indicators
Parent process
NetFlix GC Checker by xRisky.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\desktop\netflix gift card checker by xrisky\puy.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\version.dll
c:\windows\system32\winmm.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\mpr.dll
c:\windows\system32\wininet.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\psapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\iconcodecservice.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\apphelp.dll
c:\windows\microsoft.net\framework\v2.0.50727\regasm.exe
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll

PID
3132
CMD
"C:\Windows\System32\svchost.exe"
Path
C:\Windows\System32\svchost.exe
Indicators
Parent process
svchost.exe
User
admin
Integrity Level
HIGH
Version:
Company
Microsoft Corporation
Description
Host Process for Windows Services
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\svchost.exe
c:\windows\system32\kernel32.dll
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\avicap32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\winmm.dll
c:\windows\system32\version.dll
c:\windows\system32\msvfw32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\ole32.dll
c:\windows\system32\mpr.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\profapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\rasadhlp.dll

PID
644
CMD
"C:\Windows\system32\rundll32.exe" "C:\Windows\system32\WININET.dll",DispatchAPICall 1
Path
C:\Windows\system32\rundll32.exe
Indicators
No indicators
Parent process
NetFlix GC Checker by xRisky.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows host process (Rundll32)
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\rundll32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\wininet.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll

PID
2668
CMD
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe"
Path
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
Indicators
Parent process
puty.exe
User
admin
Integrity Level
HIGH
Version:
Company
Microsoft Corporation
Description
Microsoft .NET Assembly Registration Utility
Version
2.0.50727.5420 (Win7SP1.050727-5400)
Modules
Image
c:\windows\microsoft.net\framework\v2.0.50727\regasm.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\9e0a3b9b9f457233a335d7fba8f95419\system.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.visualbas#\08d608378aa405adc844f3cf36974b8c\microsoft.visualbasic.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.management\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\system.management.ni.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.drawing\dbfe8642a8ed7b2b103ad28e0c96418a\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.windows.forms\3afcd5168c7a6cb02eab99d7fd71e102\system.windows.forms.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.configuration\bc09ad2d49d8535371845cd7532f9271\system.configuration.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.xml\461d3b6b3f43e6fbe6c897d5936e17e4\system.xml.ni.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\security.dll
c:\windows\system32\secur32.dll
c:\windows\system32\credssp.dll
c:\windows\system32\schannel.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll

PID
916
CMD
"C:\Users\admin\Desktop\Netflix Gift Card Checker by xRisky\pu.exe"
Path
C:\Users\admin\Desktop\Netflix Gift Card Checker by xRisky\pu.exe
Indicators
Parent process
NetFlix GC Checker by xRisky.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\desktop\netflix gift card checker by xrisky\pu.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\version.dll
c:\windows\system32\winmm.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\mpr.dll
c:\windows\system32\wininet.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\psapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\iconcodecservice.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\apphelp.dll
c:\windows\microsoft.net\framework\v4.0.30319\regsvcs.exe

PID
2576
CMD
"C:\Windows\System32\svchost.exe"
Path
C:\Windows\System32\svchost.exe
Indicators
No indicators
Parent process
svchost.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Host Process for Windows Services
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\svchost.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

PID
3328
CMD
"C:\Windows\system32\rundll32.exe" "C:\Windows\system32\WININET.dll",DispatchAPICall 1
Path
C:\Windows\system32\rundll32.exe
Indicators
No indicators
Parent process
NetFlix GC Checker by xRisky.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows host process (Rundll32)
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\rundll32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\wininet.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll

PID
1136
CMD
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe"
Path
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
Indicators
Parent process
puy.exe
User
admin
Integrity Level
HIGH
Version:
Company
Microsoft Corporation
Description
Microsoft .NET Assembly Registration Utility
Version
2.0.50727.5420 (Win7SP1.050727-5400)
Modules
Image
c:\windows\microsoft.net\framework\v2.0.50727\regasm.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wininet.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\9e0a3b9b9f457233a335d7fba8f95419\system.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.drawing\dbfe8642a8ed7b2b103ad28e0c96418a\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.windows.forms\3afcd5168c7a6cb02eab99d7fd71e102\system.windows.forms.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.visualbas#\08d608378aa405adc844f3cf36974b8c\microsoft.visualbasic.ni.dll
c:\windows\system32\psapi.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.configuration\bc09ad2d49d8535371845cd7532f9271\system.configuration.ni.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.xml\461d3b6b3f43e6fbe6c897d5936e17e4\system.xml.ni.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll

PID
1248
CMD
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
Path
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Indicators
No indicators
Parent process
pu.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft .NET Services Installation Utility
Version
4.6.1055.0 built by: NETFXREL2
Modules
Image
c:\windows\microsoft.net\framework\v4.0.30319\regsvcs.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\lpk.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\version.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\225759bb87c854c0fff27b1d84858c21\mscorlib.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\cryptbase.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\system32\oleaut32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\52cca48930e580e3189eac47158c20be\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\55560c2014611e9119f99923c9ebdeef\system.core.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\microsoft.v9921e851#\7ca6a7b9413844e82108a9d62f88a2d9\microsoft.visualbasic.ni.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.management\4dfa27fdd6a4cce26f99585e1c744f9b\system.management.ni.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\microsoft.net\framework\v4.0.30319\wminet_utils.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\bcrypt.dll

PID
2520
CMD
"C:\Users\admin\AppData\Roaming\NetFlix GC Checker by xRisky.exe"
Path
C:\Users\admin\AppData\Roaming\NetFlix GC Checker by xRisky.exe
Indicators
No indicators
Parent process
NetFlix GC Checker by xRisky.exe
User
admin
Integrity Level
HIGH
Version:
Company
NetFlix GC Checker by xRisky
Description
NetFlix GC Checker by xRisky
Version
1.0.0.0
Modules
Image
c:\users\admin\appdata\roaming\netflix gc checker by xrisky.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\version.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\225759bb87c854c0fff27b1d84858c21\mscorlib.ni.dll
c:\windows\system32\sxs.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\52cca48930e580e3189eac47158c20be\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\55560c2014611e9119f99923c9ebdeef\system.core.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\microsoft.v9921e851#\7ca6a7b9413844e82108a9d62f88a2d9\microsoft.visualbasic.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.drawing\646b4b01cb29986f8e076aa65c9e9753\system.drawing.ni.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.windows.forms\5aac750b35b27770dccb1a43f83cced7\system.windows.forms.ni.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\system32\shell32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\accessibility\44a4ab91e8e11c7cb95343e2d9ffe621\accessibility.ni.dll
c:\windows\microsoft.net\framework\v4.0.30319\diasymreader.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\uxtheme.dll

PID
3636
CMD
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe"
Path
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
Indicators
Parent process
NetFlix GC Checker by xRisky.exe
User
admin
Integrity Level
HIGH
Version:
Company
Microsoft Corporation
Description
Microsoft .NET Assembly Registration Utility
Version
2.0.50727.5420 (Win7SP1.050727-5400)
Modules
Image
c:\windows\microsoft.net\framework\v2.0.50727\regasm.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\9e0a3b9b9f457233a335d7fba8f95419\system.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\microsoft.visualbas#\08d608378aa405adc844f3cf36974b8c\microsoft.visualbasic.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.drawing\dbfe8642a8ed7b2b103ad28e0c96418a\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.windows.forms\3afcd5168c7a6cb02eab99d7fd71e102\system.windows.forms.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.configuration\bc09ad2d49d8535371845cd7532f9271\system.configuration.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.xml\461d3b6b3f43e6fbe6c897d5936e17e4\system.xml.ni.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll

PID
3900
CMD
netsh firewall add allowedprogram "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe" "RegAsm.exe" ENABLE
Path
C:\Windows\system32\netsh.exe
Indicators
No indicators
Parent process
RegAsm.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Network Command Shell
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\netsh.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\rasmontr.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mfc42u.dll
c:\windows\system32\odbc32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\odbcint.dll
c:\windows\system32\nshwfp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\slc.dll
c:\windows\system32\dhcpcmonitor.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpqec.dll
c:\windows\system32\qutil.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\wshelper.dll
c:\windows\system32\ws2help.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\nshhttp.dll
c:\windows\system32\httpapi.dll
c:\windows\system32\fwcfg.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\version.dll
c:\windows\system32\authfwcfg.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winipsec.dll
c:\windows\system32\ifmon.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\nci.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netiohlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\whhelper.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\hnetmon.dll
c:\windows\system32\netshell.dll
c:\windows\system32\shell32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rpcnsh.dll
c:\windows\system32\dot3cfg.dll
c:\windows\system32\dot3api.dll
c:\windows\system32\atl.dll
c:\windows\system32\eappcfg.dll
c:\windows\system32\onex.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\napmontr.dll
c:\windows\system32\certcli.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\nshipsec.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\polstore.dll
c:\windows\system32\nettrace.dll
c:\windows\system32\ndfapi.dll
c:\windows\system32\wdi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\tdh.dll
c:\windows\system32\wcnnetsh.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\p2pnetsh.dll
c:\windows\system32\p2p.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\wlancfg.dll
c:\windows\system32\wlanhlp.dll
c:\windows\system32\wwancfg.dll
c:\windows\system32\wwapi.dll
c:\windows\system32\peerdistsh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\qagent.dll
c:\windows\system32\napipsec.dll
c:\windows\system32\tsgqec.dll
c:\windows\system32\eapqec.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\bcryptprimitives.dll

Registry activity

Total events
1829
Read events
1685
Write events
144
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
3640
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtBMP
3640
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtIcon
3640
WinRAR.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
3640
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
0
C:\Users\admin\AppData\Local\Temp\10.rar
3640
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
name
120
3640
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
size
80
3640
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
type
120
3640
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
mtime
100
296
NetFlix GC Checker by xRisky.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
GlobalUserOffline
0
296
NetFlix GC Checker by xRisky.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\NetFlix GC Checker by xRisky_RASAPI32
EnableFileTracing
0
296
NetFlix GC Checker by xRisky.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\NetFlix GC Checker by xRisky_RASAPI32
EnableConsoleTracing
0
296
NetFlix GC Checker by xRisky.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\NetFlix GC Checker by xRisky_RASAPI32
FileTracingMask
4294901760
296
NetFlix GC Checker by xRisky.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\NetFlix GC Checker by xRisky_RASAPI32
ConsoleTracingMask
4294901760
296
NetFlix GC Checker by xRisky.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\NetFlix GC Checker by xRisky_RASAPI32
MaxFileSize
1048576
296
NetFlix GC Checker by xRisky.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\NetFlix GC Checker by xRisky_RASAPI32
FileDirectory
%windir%\tracing
296
NetFlix GC Checker by xRisky.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\NetFlix GC Checker by xRisky_RASMANCS
EnableFileTracing
0
296
NetFlix GC Checker by xRisky.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\NetFlix GC Checker by xRisky_RASMANCS
EnableConsoleTracing
0
296
NetFlix GC Checker by xRisky.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\NetFlix GC Checker by xRisky_RASMANCS
FileTracingMask
4294901760
296
NetFlix GC Checker by xRisky.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\NetFlix GC Checker by xRisky_RASMANCS
ConsoleTracingMask
4294901760
296
NetFlix GC Checker by xRisky.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\NetFlix GC Checker by xRisky_RASMANCS
MaxFileSize
1048576
296
NetFlix GC Checker by xRisky.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\NetFlix GC Checker by xRisky_RASMANCS
FileDirectory
%windir%\tracing
296
NetFlix GC Checker by xRisky.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
296
NetFlix GC Checker by xRisky.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000071000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
296
NetFlix GC Checker by xRisky.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
296
NetFlix GC Checker by xRisky.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
296
NetFlix GC Checker by xRisky.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000072000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
296
NetFlix GC Checker by xRisky.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000073000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
296
NetFlix GC Checker by xRisky.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000074000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
296
NetFlix GC Checker by xRisky.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000075000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2044
SearchProtocolHost.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
2044
SearchProtocolHost.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\system32\notepad.exe,-469
Text Document
2044
SearchProtocolHost.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\System32\wshext.dll,-4802
VBScript Script File
3132
svchost.exe
write
HKEY_CURRENT_USER\Software\noip
FirstExecution
15/04/2019 -- 09:13
3132
svchost.exe
write
HKEY_CURRENT_USER\Software\noip
NewIdentification
noip
3132
svchost.exe
write
HKEY_CURRENT_USER\Software\noip
NewGroup
3132
svchost.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3132
svchost.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2668
RegAsm.exe
write
HKEY_CURRENT_USER\Software\2E068B6BFBE9
Rans-Status
Not encrypted
2668
RegAsm.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RegAsm_RASAPI32
EnableFileTracing
0
2668
RegAsm.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RegAsm_RASAPI32
EnableConsoleTracing
0
2668
RegAsm.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RegAsm_RASAPI32
FileTracingMask
4294901760
2668
RegAsm.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RegAsm_RASAPI32
ConsoleTracingMask
4294901760
2668
RegAsm.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RegAsm_RASAPI32
MaxFileSize
1048576
2668
RegAsm.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RegAsm_RASAPI32
FileDirectory
%windir%\tracing
2668
RegAsm.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RegAsm_RASMANCS
EnableFileTracing
0
2668
RegAsm.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RegAsm_RASMANCS
EnableConsoleTracing
0
2668
RegAsm.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RegAsm_RASMANCS
FileTracingMask
4294901760
2668
RegAsm.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RegAsm_RASMANCS
ConsoleTracingMask
4294901760
2668
RegAsm.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RegAsm_RASMANCS
MaxFileSize
1048576
2668
RegAsm.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RegAsm_RASMANCS
FileDirectory
%windir%\tracing
2668
RegAsm.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
2668
RegAsm.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
Blob
0F000000010000001400000085FEF11B4F47FE3952F98301C9F98976FEFEE0CE09000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B0601050507030353000000010000002500000030233021060B6086480186F8450107300130123010060A2B0601040182373C0101030200C01400000001000000140000007B5B45CFAFCECB7AFD31921A6AB6F346EB5748501D00000001000000100000005B3B67000EEB80022E42605B6B3B72400B000000010000000E000000740068006100770074006500000003000000010000001400000091C6D6EE3E8AC86384E548C299295C756C817B812000000001000000240400003082042030820308A0030201020210344ED55720D5EDEC49F42FCE37DB2B6D300D06092A864886F70D01010505003081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F74204341301E170D3036313131373030303030305A170D3336303731363233353935395A3081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100ACA0F0FB8059D49CC7A4CF9DA159730910450C0D2C6E68F16C5B4868495937FC0B3319C2777FCC102D95341CE6EB4D09A71CD2B8C9973602B789D4245F06C0CC4494948D02626FEB5ADD118D289A5C8490107A0DBD74662F6A38A0E2D55444EB1D079F07BA6FEEE9FD4E0B29F53E84A001F19CABF81C7E89A4E8A1D871650DA3517BEEBCD222600DB95B9DDFBAFC515B0BAF98B2E92EE904E86287DE2BC8D74EC14C641EDDCF8758BA4A4FCA68071D1C9D4AC6D52F91CC7C71721CC5C067EB32FDC9925C94DA85C09BBF537D2B09F48C9D911F976A52CBDE0936A477D87B875044D53E6E2969FB3949261E09A5807B402DEBE82785C9FE61FD7EE67C971DD59D0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E041604147B5B45CFAFCECB7AFD31921A6AB6F346EB574850300D06092A864886F70D010105050003820101007911C04BB391B6FCF0E967D40D6E45BE55E893D2CE033FEDDA25B01D57CB1E3A76A04CEC5076E864720CA4A9F1B88BD6D68784BB32E54111C077D9B3609DEB1BD5D16E4444A9A601EC55621D77B85C8E48497C9C3B5711ACAD73378E2F785C906847D96060E6FC073D222017C4F716E9C4D872F9C8737CDF162F15A93EFD6A27B6A1EB5ABA981FD5E34D640A9D13C861BAF5391C87BAB8BD7B227FF6FEAC4079E5AC106F3D8F1B79768BC437B3211884E53600EB632099B9E9FE3304BB41C8C102F94463209E81CE42D3D63F2C76D3639C59DD8FA6E10EA02E41F72E9547CFBCFD33F3F60B617E7E912B8147C22730EEA7105D378F5C392BE404F07B8D568C68
2668
RegAsm.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
Blob
190000000100000010000000DC73F9B71E16D51D26527D32B11A6A3D03000000010000001400000091C6D6EE3E8AC86384E548C299295C756C817B810B000000010000000E00000074006800610077007400650000001D00000001000000100000005B3B67000EEB80022E42605B6B3B72401400000001000000140000007B5B45CFAFCECB7AFD31921A6AB6F346EB57485053000000010000002500000030233021060B6086480186F8450107300130123010060A2B0601040182373C0101030200C009000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B060105050703030F000000010000001400000085FEF11B4F47FE3952F98301C9F98976FEFEE0CE2000000001000000240400003082042030820308A0030201020210344ED55720D5EDEC49F42FCE37DB2B6D300D06092A864886F70D01010505003081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F74204341301E170D3036313131373030303030305A170D3336303731363233353935395A3081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100ACA0F0FB8059D49CC7A4CF9DA159730910450C0D2C6E68F16C5B4868495937FC0B3319C2777FCC102D95341CE6EB4D09A71CD2B8C9973602B789D4245F06C0CC4494948D02626FEB5ADD118D289A5C8490107A0DBD74662F6A38A0E2D55444EB1D079F07BA6FEEE9FD4E0B29F53E84A001F19CABF81C7E89A4E8A1D871650DA3517BEEBCD222600DB95B9DDFBAFC515B0BAF98B2E92EE904E86287DE2BC8D74EC14C641EDDCF8758BA4A4FCA68071D1C9D4AC6D52F91CC7C71721CC5C067EB32FDC9925C94DA85C09BBF537D2B09F48C9D911F976A52CBDE0936A477D87B875044D53E6E2969FB3949261E09A5807B402DEBE82785C9FE61FD7EE67C971DD59D0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E041604147B5B45CFAFCECB7AFD31921A6AB6F346EB574850300D06092A864886F70D010105050003820101007911C04BB391B6FCF0E967D40D6E45BE55E893D2CE033FEDDA25B01D57CB1E3A76A04CEC5076E864720CA4A9F1B88BD6D68784BB32E54111C077D9B3609DEB1BD5D16E4444A9A601EC55621D77B85C8E48497C9C3B5711ACAD73378E2F785C906847D96060E6FC073D222017C4F716E9C4D872F9C8737CDF162F15A93EFD6A27B6A1EB5ABA981FD5E34D640A9D13C861BAF5391C87BAB8BD7B227FF6FEAC4079E5AC106F3D8F1B79768BC437B3211884E53600EB632099B9E9FE3304BB41C8C102F94463209E81CE42D3D63F2C76D3639C59DD8FA6E10EA02E41F72E9547CFBCFD33F3F60B617E7E912B8147C22730EEA7105D378F5C392BE404F07B8D568C68
2668
RegAsm.exe
write
HKEY_CURRENT_USER\Software\2E068B6BFBE9
USB
Not ready
2668
RegAsm.exe
write
HKEY_CURRENT_USER\Software\2E068B6BFBE9
Flood
3636
RegAsm.exe
write
HKEY_CURRENT_USER
di
!
3636
RegAsm.exe
write
HKEY_CURRENT_USER\Environment
SEE_MASK_NOZONECHECKS
1
3636
RegAsm.exe
write
HKEY_CURRENT_USER\Software\768f974492b656d81c395f0b8a383046
[kl]
3900
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
3900
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\dhcpqec.dll,-100
DHCP Quarantine Enforcement Client
3900
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\dhcpqec.dll,-101
Provides DHCP based enforcement for NAP
3900
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\dhcpqec.dll,-103
1.0
3900
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\dhcpqec.dll,-102
Microsoft Corporation
3900
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\napipsec.dll,-1
IPsec Relying Party
3900
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\napipsec.dll,-2
Provides IPsec based enforcement for Network Access Protection
3900
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\napipsec.dll,-4
1.0
3900
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\napipsec.dll,-3
Microsoft Corporation
3900
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\tsgqec.dll,-100
RD Gateway Quarantine Enforcement Client
3900
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\tsgqec.dll,-101
Provides RD Gateway enforcement for NAP
3900
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\tsgqec.dll,-102
1.0
3900
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\tsgqec.dll,-103
Microsoft Corporation
3900
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\eapqec.dll,-100
EAP Quarantine Enforcement Client
3900
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\eapqec.dll,-101
Provides Network Access Protection enforcement for EAP authenticated network connections, such as those used with 802.1X and VPN technologies.
3900
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\eapqec.dll,-102
1.0
3900
netsh.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@%SystemRoot%\system32\eapqec.dll,-103
Microsoft Corporation

Files activity

Executable files
18
Suspicious files
1
Text files
2893
Unknown types
3

Dropped files

PID
Process
Filename
Type
3640
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3640.49935\Netflix Gift Card Checker by xRisky\Leaf.xNet.dll
executable
MD5: 42cf916df4ea1d300201ec9559b7bef3
SHA256: 939c8980bcb9bd9a2279714f6086714229e7af194ec4e32677c5a4ed96db5edd
296
NetFlix GC Checker by xRisky.exe
C:\Users\admin\Desktop\Netflix Gift Card Checker by xRisky\puy.exe
executable
MD5: 45717e2f438e01b3d30cdbbdc83c313b
SHA256: 3d8d7486610026dcbe848cfe2d5b4aa9021402b9db382d2635c9f0c460bd7d26
296
NetFlix GC Checker by xRisky.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\r[1].exe
executable
MD5: 45717e2f438e01b3d30cdbbdc83c313b
SHA256: 3d8d7486610026dcbe848cfe2d5b4aa9021402b9db382d2635c9f0c460bd7d26
296
NetFlix GC Checker by xRisky.exe
C:\Users\admin\Desktop\Netflix Gift Card Checker by xRisky\puty.exe
executable
MD5: 4b403654718ea05bce86bc3278393e86
SHA256: f95ac6decb6bf586fc0300dab177c607a6179f6fd6eaf65042e5a6b21daf4a96
296
NetFlix GC Checker by xRisky.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\l[1].exe
executable
MD5: 4b403654718ea05bce86bc3278393e86
SHA256: f95ac6decb6bf586fc0300dab177c607a6179f6fd6eaf65042e5a6b21daf4a96
296
NetFlix GC Checker by xRisky.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\i[1].exe
executable
MD5: 5c6d6f6c0eb2922d340c1ccc3b954cf9
SHA256: cc61576692cbd2b0a247f456f40bcfd4c89c4a25ccca1440ba432fe898bd1154
296
NetFlix GC Checker by xRisky.exe
C:\Users\admin\Desktop\Netflix Gift Card Checker by xRisky\p.exe
executable
MD5: 5c6d6f6c0eb2922d340c1ccc3b954cf9
SHA256: cc61576692cbd2b0a247f456f40bcfd4c89c4a25ccca1440ba432fe898bd1154
296
NetFlix GC Checker by xRisky.exe
C:\Users\admin\Desktop\Netflix Gift Card Checker by xRisky\putty.exe
executable
MD5: 6a30a53a9d3be1be1e71248a65274f4e
SHA256: 9709a1d6ed445bf8e9a04d289a5a9e1d8f9747af8a7ca1b6f62107e3e0bd7af1
296
NetFlix GC Checker by xRisky.exe
C:\Users\admin\AppData\Roaming\NetFlix GC Checker by xRisky.exe
executable
MD5: c20fe813ce74afaaecc2963ed2f38399
SHA256: 0a33ac7f5c5a236e63ff5cc404f39364d6f571601c85484c24e5b4b33b3d5b70
3640
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3640.49935\Netflix Gift Card Checker by xRisky\NetFlix GC Checker by xRisky.exe
executable
MD5: e5ba3e44e5c51e80f0ab074781d7a6ca
SHA256: 993956e836da3868b85a2438eefd48fa425c9a76938cc5b2ab02e053c130cbf6
296
NetFlix GC Checker by xRisky.exe
C:\Users\admin\AppData\Roaming\Robocopy\Data.exe
executable
MD5: 4f065669c381ab507f3636bb2d49b518
SHA256: 48c93aa5a1db5eda86fd9721b8c87eb728514dfd240567f0b755b1e18fc0ee5f
2128
puty.exe
C:\Users\admin\iotstartup\BootMenuUX.exe
executable
MD5: 30ca7a0336d4ce186a1605975764e781
SHA256: f1b0a2edd90061c96d9ccf6e58d3e8e9057e60dc4d9379f97cf351f9a28dd822
3640
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3640.49935\Netflix Gift Card Checker by xRisky\MetroSuite 2.0.dll
executable
MD5: 0d30a398cec0ff006b6ea2b52d11e744
SHA256: 8604bf2a1fe2e94dc1ea1fbd0cf54e77303493b93994df48479dc683580aa654
296
NetFlix GC Checker by xRisky.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\l4[1].exe
executable
MD5: 44f2c8f4b8dce3094753417198770aa9
SHA256: dfe4053baa14a7010f333e630cb42cebd2ead36d466a06a9a391932cb8b65db9
344
putty.exe
C:\Users\admin\AppData\Local\Temp\MaxxAudioMeters64\BthpanContextHandler.exe
executable
MD5: cf394572f4691a9a08119a3d96ee48c5
SHA256: f1c56f0f7f802cbcac4c45090ba0b6e82f93052221c721ab24b186ed2bd17cc3
296
NetFlix GC Checker by xRisky.exe
C:\Users\admin\Desktop\Netflix Gift Card Checker by xRisky\pu.exe
executable
MD5: 44f2c8f4b8dce3094753417198770aa9
SHA256: dfe4053baa14a7010f333e630cb42cebd2ead36d466a06a9a391932cb8b65db9
2480
puy.exe
C:\Users\admin\AppData\Roaming\AppVStreamingUX\IMTCLNWZ.exe
executable
MD5: 1dabd4ad545239b98069b812e62683c2
SHA256: 4fd1d6988d6d50f0b371c141d6e674688c1c8ab7c2721f59afee2c27b29ba520
296
NetFlix GC Checker by xRisky.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\c[1].exe
executable
MD5: 6a30a53a9d3be1be1e71248a65274f4e
SHA256: 9709a1d6ed445bf8e9a04d289a5a9e1d8f9747af8a7ca1b6f62107e3e0bd7af1
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: af349d1cbbf23291bacb377541c12e3c
SHA256: 2b5fd40bbf185fd1ccd8c3e63f0b077b64c0fda3718b97e5bc92c5bca67fab88
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: e4b8259c51cf64fadd0472dd38f0c408
SHA256: fce0ae4d2f914ef532b3cfc3a9cfc0460575635f1fbd0bd5e77fa8ba71f49620
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: fd959f5eb896c4e426b87c52900a428b
SHA256: 5068a62138b5f579ee4da8b00ff64331ce30dd2e002263c9ae951d04234db59b
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\UuU.uUu
text
MD5: 194cc7dd2406f3d3d070bf0374ff2d28
SHA256: e8406db0d9bab8cb1809d7ab74b908fa05891c6fc62e7e168b393c621fbdf2d5
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 194cc7dd2406f3d3d070bf0374ff2d28
SHA256: e8406db0d9bab8cb1809d7ab74b908fa05891c6fc62e7e168b393c621fbdf2d5
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 53ff9951d5795be628d1f3e6f844cf8c
SHA256: 3c59b99c14ca3a525f13fe1c810dcc64209f67060dc12a3eb116e759aadc2ea8
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 39c81fbd38628fcfb01955f4a6972aec
SHA256: e8ddd965cdedfe38e3fdb46d158a25b6c61696a588a74501c92f901089a5427e
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 716fdcc54b3b12b648e59c00bf2c5b2c
SHA256: 09719cd365eaeb49d795ca7b5d7ac9d11f1cd81843bd190a3f758b692689e677
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: c655ef0de85884433141def307064d87
SHA256: 0b9291df8583e0efa2f10e6aa2c870ebf40539a86e9b7ff29f2f0b0a8e7e4293
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: c0cda643233a5b877c48bbe5a24d4386
SHA256: 4a1102222264832591c71091e0ea930220f499c63237a2af4e1ad742007a1f15
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
––
MD5:  ––
SHA256:  ––
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: cd3a454851c6bcc330f4aa3aa2636cd5
SHA256: cbbc0640a63e8bd21275885df9c546509b1858db2f2e374f066740baa2b36acd
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 2ac9b7027908160902ff715c730b7825
SHA256: 759d7efac23a73f1a141c434c8c425f711ee68109af8dc3189198865112a07ef
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 146ccecda8701d5239d5faeb1344b250
SHA256: b6b6645b7389740e78507e30b6a4dfdd63bc7bf5b522fe81acceef6bacb992fa
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 3d467ab0da6f0f75913b36c7c5364652
SHA256: 5ba939a94adc38bb336b0aec6ea4a21e4310875c9a708d2a73a9e7ee3295885f
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 683dabc7a9e543883f1bbad902177c39
SHA256: eba0418b7a6904824c3d3cc058491189f296782aefb1f5faca758e83f0966332
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 202b45d31fb57cba4017337e8309fe74
SHA256: e93fbc0eb2d3264b593e8568ee07e88b58a287e359d23fa4228afe4aa7b51b37
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 4c8450cf06e9689896b0e995e4e80746
SHA256: 46f298d78178eaa55229138ae2174e580d1bc4ccf79377c93b69b5b13ef95df1
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 099f76868304089d60e189506023b7a1
SHA256: 3f44bf0d770255c5ff1817f24adb874b23d8d779189ba451bcc9e829290fa3a0
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: d64a06824124bfb842d79c4b1a3e9612
SHA256: 3a158653cbd301ad97168500f6dea238017c87d90fc3564d7ae19be02bdb3073
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: b2acabbcc7f527340f9b4a4428fbddb7
SHA256: fafaaec0b1fb3dc7bff7e9514c8703b963c11fc8b1e575fbd0bb3b6852236726
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: f571f176e93f52596e4434ff131b9bae
SHA256: 4b4c59e54050d4569392aa10efc9cd3f76b1fbf8874a29b3b1837f19372901a6
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: b63a9afbdb21f12ca4e3a6623d8076a1
SHA256: b0e0e954bd99e47b8e66081977632479e3ec526639d5cf03d6caa7b145276347
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 281d13e9aebdd18ca14151f4e16cdb87
SHA256: c5add97273b139e7397e3eed4123f92dc9597cfcf95256ca3c7c6cc96f26d0a0
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: ff668f5d7159c022ec77bef71c81ff40
SHA256: 2e4293ae3dab14e47ed7daf1962613e15df7b96de9beb3a48549efd18cdd488a
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: aab126b0fcfea13620e76268d60ccdd0
SHA256: 4628dbe1d12af99213c87b4c1e4faf04239f91b8685e33f78a59dfa5b51a7f78
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 3f98510c88e9fd47b13b2f7ab3b39235
SHA256: c462f0f57b677eba918c976949a68f4b199a9ba0b3dc31f4c05fefeba99bc0be
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 05d10fa2df93d6233885214217613fdf
SHA256: 76049a9b47aa2c245dfe6b79e504383ea1367d526bae5dde1f1f7c8796253582
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: b3f61108fcbb4276aeeee1c69db4a740
SHA256: 23ed5962e92724c827ad8248cbc5f32105feaa47816e3082fe8611921376c3fe
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: f0f100f4334c2c32434c8398e4fb4997
SHA256: 5c80b9112713ca873e79f865dec55a73adeaf734b633e417364257e93bfec61c
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 1d0887a08d55db03e06688a16b3df764
SHA256: 3fe917fd993328ae9404c525f9c9fe29cf2f2e3b7d5e3b3688f47ced6606dc09
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: a4181f03a0ee390dc0b99127f75e316f
SHA256: 1def690a11bc2230e13a5699d9045ea33531a3b78aefd44921355a83e9357561
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 24fc0d8c2eef82978871913b42676284
SHA256: 48b1441b7c82d7ae0c62cd89253a9f65896cbac152067a1aae69d300e6326825
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\UuU.uUu
text
MD5: 24fc0d8c2eef82978871913b42676284
SHA256: 48b1441b7c82d7ae0c62cd89253a9f65896cbac152067a1aae69d300e6326825
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 6b04daeb36bf036d407e92ed9400f360
SHA256: 3c09a460c085da377e478fb68c41e01393094149d570e66e265d419307b922f3
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: a60234668320b277e22d0644c79f2e42
SHA256: bbe00d819f82b56f12afeb7d34fd1e640db65a3ff9869ed8210d5d9eb0f7e850
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 55e7f3cd358c283447bc8b147859f676
SHA256: dc753f563c2302188dd0a2419fdad98bdd8e204173b00e08da2ab5795975b404
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 98304bd3431be54ec811188f50ab0927
SHA256: 5a58111ca6e1a912c7e5a9f50c3ff29e8010d09deb8e59667ad20c5e2ded32f3
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 14c6f80810acb34de9caa111c343d83e
SHA256: da51a4e4faf65a8c46cd549010fcfe445f9072cfd0d4ca30e34987bb36ff4e80
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 78cfa64d2b16820f6fc72ffa903325ea
SHA256: 6f56e64d01ea179942d5d289b4d1e9dd58dc1811bf9900f436d16b27d7f5da84
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 10ef5202fdaf9785fb9067e51b880f1a
SHA256: 830a9e8ea585d3fb4663e0bb11d5b3e22037a770d5300ab0eccc7088138e8a29
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: e91804b34ca4422ad1dd973627c2a3d9
SHA256: c50a35a17b293612cb2c9d3946779cc6526f1103fd37cb4cd70131fbe005c025
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 15895d1d7189d31cad1125c2e97b7250
SHA256: 2b3c0e6f602a9b7dd2ff66d4780b8576f99454b760c56be2540b814b6c12e52d
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 702e8d773193557d8f96db4a9e80c2a9
SHA256: 6f0d0851223023e332fc417f2b7d822c0413d1d292daebad8a2671de461e23d2
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 89eef747891ad5ea24ba3742c5d8756a
SHA256: 95a1ebdd4e7484f04e673385d0bd32b1299ccb500ad7633d51666a2be4e579dc
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 54969670862de186d2981b6bef509e5d
SHA256: d572f17066d4e84f225ff62588415e60ad688bf627608de5a1df600aed84bf9c
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 42f1d5b978fd46033faa4532f54c9160
SHA256: 3bff3af5e9848499239ae7f038f258b0475d277e4bf709d0983e1bc57b66ee6a
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: b329a93c612e8cf1aaedc6f1c80e3aa0
SHA256: c0cbafee0ebdc35ea8e20669430fc8e7a291eaad91d6a7e00fc3e6b96ff91177
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 0fc0b10c0bd281f6226143294a420c48
SHA256: 9089c056a63947af75ef97bc3272d698378d1ae1e91f13794f4e0e23317eb785
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: f8b532c82bb52c0e1bc854f72057a459
SHA256: 64c73c7e4e0aa70a596811b12d0ff7a1b2d393eecdffa5688bfd70fb83e28979
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: c26be120589db1366709e88195d68081
SHA256: 5ee3c809af27629e71062c82b170f7b867165d80f8558a87d61c134eba5a8888
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 4b0eaf11ac9c4698a99f7d40f833be62
SHA256: 4151392f2b0398656de024ffd8698743d1207495dea6e7a1969a416928f4212d
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: c76edcc2b6543b874b3773da24716b11
SHA256: e6f99d402bf50dac9026ecad19d50ba1baa347e3d234c0ce98b002a3abcaf8ba
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: bf513bc785ef1808a10cac4c64f955e0
SHA256: 6b98cca18b74278a305a40b3f21282824f92e3c6e94b306de5d06a0474de3bd9
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 9e008a7dea3e21b4ae6e40d62610768c
SHA256: 91ba10c2d8ee98673c30442c5b4215dec9299cd04b7c9a4fa299a8336f8f9dcf
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: d167c732b971d856a7056cc6b718ac30
SHA256: ed5eb6919372aa8c7a8bd3157b6846638a9839525ba2e4a28311ef992d52eb0c
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 6bc876e93edcae0a3f451c7f0f1e3223
SHA256: 9b7b75c1660ab51ff69c072b5fa86276f10b155faf81ba210aa6a25aea67ef3d
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 526d5926ac5a6a1027bb0f41971e733f
SHA256: 2ec3681c1b6433884b21c71f7986b4aa7ab838dda4948e296dd9c4bb024ce0b8
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: c9fd5e2f9fe86299430b2f03393d9abe
SHA256: 707410dcb9349e17840e67f392124600cf5832f84783e9ae2e70f1756da4c9fa
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 50f83ffd9fa142f0babf3572c672198c
SHA256: 372b951ebb26a62339e750a84e6533232b1da1efaecb6eb120f4df3c24db7d77
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 62e176cd549228808ebbd31c3ca33f8f
SHA256: 656fd24671e33d38f6f82c3960c4732e2171931d879910a80024dd2b74655e87
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\UuU.uUu
text
MD5: 072030974afc3428380faeb0bad537d7
SHA256: 28ec7a8cd3f1e2d88e232fc1798a1f728c19687a9f986a6e0e066333f93a405b
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 072030974afc3428380faeb0bad537d7
SHA256: 28ec7a8cd3f1e2d88e232fc1798a1f728c19687a9f986a6e0e066333f93a405b
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 60a07bb49b48b2e7b4208995e6b654ee
SHA256: 45d286b6e8d35168e4ea3b827e1460932febba5dde611195dbacbb96dcb9a6c2
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: de63a6bd67d737da75b57caa9b346853
SHA256: e04f1a56513d34c95b5cca2c40823f3c2f3bce2d1775a6a6c63fac01621135ab
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 8760d6af581c1a5b8174723e3cf21da1
SHA256: dde97cc22318e5849184675beb2eb64fd94f8c07e021a9c714e46d7f69de3832
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 9c5396601004b898c0017def45f2e730
SHA256: 79e5fe5abcddba7617b98aacba0077e7be973c5c4ddcbbe2d93edca3f10cbc1b
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 9cbb5677d11a2d5d79746514b4ccd92f
SHA256: 098318dd673d221e3237c605355c6fa9ac33968401058953c7ffe806bb43ecd5
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 3b1f604f6931a5eedd50b89bea2c12a3
SHA256: 4b5ad9d983273d87518f5236707a5652a2ea58b18b76a07785b07b4e8a6aa65f
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 40ce36e751d612b63dc2c495dfddfdb8
SHA256: 9c0e8d456e1898988914188febd39c751674a6114fcff79c7b35204008546818
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 9f190576db4295b974f96dc679a77f71
SHA256: 46a312df9f2200126f174cda51708a2d29f2cbbac8cd931f28faab5543c7ccf9
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: fa5c4c30ff71d753f02549edf00e5693
SHA256: 15fe7c492888a9676901e5c62ee36fc780e0607ad69e5b7c992a95a767e029e9
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 8b1b1c0188150b61113bd462765fc283
SHA256: 558596e75cd42c4e134dca16cbcb206bef6d7a7c0aff8c47f4ca2c3209d71a8e
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: de29ce8e59fc06f03d429013e6fea3d3
SHA256: 594847294284e97b091fc4cf0898d3a5fc05c2510da284df63700dd8b35e77d9
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 5c949dd327d0b80e21622bfcd78193f3
SHA256: a2997a7976603fdf619d7bd23cf11ab9e2b86bf5fdb79d0806257522efaccd8a
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: b67373e2dd43f66cf7c8a6c262a8ff59
SHA256: ed119cc9ca66c2c5f3606853bcc1bf4e7fc70c17ebfd40b7d480b3e296014197
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 4d96b45ad74f97cf855436f486a84297
SHA256: a138572b866949d96fcc662ac73bdbccc063c0a1ca4e644762cb2aa37a15c51c
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 364d4f6174201952118819ac29fb5ecb
SHA256: 13ec30eab3e3f48e4035b9daebce4c2be6db6cd20803e77c92869ef867684852
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: d4e668d1c28336a908612d5931f90632
SHA256: 6ad30b45ce03d41e962621218e553d53d52bfb76a88dc50f35f316206179c6ab
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: c37362a1bb34ff5f17aa9fac0192d6d3
SHA256: 0496fc6da1bc36ee31c625ea90fceab58a23e4445c568f32c09e532920af4c9d
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: d2305b65a6cf0b5033ceae0cc5f658e2
SHA256: cf360b061c8d257397eb20217efe0bb969d414aeea80cae99db1b167df18dd0d
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 8fb7667622df30022993176cf3a848e2
SHA256: 361a8d899c4438b35daf0ff70952a0386c9c6dfdf594930efd6b72e341378efa
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 15673e8e6dbc05f2a26fd88d8045b621
SHA256: 6194a196416fcdf36849dc93125392fa3e8890fb44b431c4388e2b263e7a4ac9
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 5f1919e9fa2efc7aa0a4c49385e2691a
SHA256: aa3fc120363a1c90b14a37e43b21841e799f8a94118cd0ef270eb966bcd3de0b
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: dbbe34ac1e3b2c03ae686e49b0638323
SHA256: 78859a24b54e1973443d923838c12dca44ee99b7e19092fe38daf7882feae045
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 628b43fc36870d86fe50c2e5da1b04b6
SHA256: 8b14a639b3906e7ecd7e862874e4b4eee98cb4bc63a5e85d3d0e157686239d49
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 5214951b2a1ec530e5edc954ccb2ea0a
SHA256: bbb7119fd67bab4055496fd795c90be05e019b4d713b29c35ee80a7ad526d088
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: a814378e407494fd101c6ed7b8ea2d7a
SHA256: f3e2dab795ed083c48c5bbc45f5e23a1097283e6ee02dfe48ebfdeb6d899d030
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 547e007e4b55a74e3401c5c422780e2b
SHA256: 65aa99b20c56795e2d0190f5f4e4dc9ccf61dca4d9066e52211a880dbf9a5805
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\UuU.uUu
text
MD5: 3a46120d0d07977f3b62da9963233710
SHA256: 3bb00258575a0144bfb0a7576a2761c90f04b1ccc0c553aaafbde125504270ca
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 3a46120d0d07977f3b62da9963233710
SHA256: 3bb00258575a0144bfb0a7576a2761c90f04b1ccc0c553aaafbde125504270ca
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: a499500b1c800acdaa77294bb79cf0c1
SHA256: 91a1814d9bf36ed011f484726bcf4625e0f8a19540113ff0ce0d5c0aa0373571
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 864641c3d398a17247289ad8b43d503c
SHA256: 266b74eeced55486ef37cb8c95d2ea06aeb5e7347040a0d1bd1011bc07fa5f5b
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 7e38916f816f7f87d3e2239c443409ec
SHA256: ff5903746e1b0bf85102b5c29843fecb78f4f508a74ebc479fdddde1fa7addc5
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: a07f3355d91203c25452f41ec1095e91
SHA256: 27fcc02b9c48dee061571571d0fb090b3076f862ca628a6f2fc5a95978c343c3
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 7553a8fe8768a081a63df5d837d71738
SHA256: 3510af5415e09b2aa0ac003e441a560fa642610165f83d52880f5bab00f21442
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 58c0ead08aed9f5010f2cf20de4d6b1c
SHA256: 175e436c1b7bc22030b1956497e3ba0e8936cd50cedcc8d341f6b0ec36ba17f6
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 223679c4bcb3e633afb832d8ce92701d
SHA256: 798ac6b8c8bd290d285ce74e3929e631944791c29407f81310f43f38ed6e6e18
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 17004b796c83a48e128c0336ed8eee00
SHA256: 135274cee76ddcb71552b27fe571dc0f7ab28782eb7234502fad850393c19c6f
296
NetFlix GC Checker by xRisky.exe
C:\Users\admin\AppData\Roaming\Robocopy\SecEdit.vbs
text
MD5: 7248e8e3fbd16c0be16491ac71cc3ba2
SHA256: cc35b4b33aa3fa67fc08b1f6e64324a748c67999c8dd348dc7c3b9ac059fbf8f
296
NetFlix GC Checker by xRisky.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SecEdit.url
text
MD5: 8d5940182ca162f47cf9f80e7694418e
SHA256: aae1b79e39eb932313c9af31c229df417abbacb32c17705f9f1f09d140afc37c
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: d1694ef62f8e28655a729f43bcb8830b
SHA256: 528b50464fbba9ff8bc5e7a1e8acb80ccff8fc6b0d53738c9f66906ad0d9f2ab
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 6a12e87bcb8f8e85e4014737aabccb36
SHA256: 48475aab964976859dd0412187c83b2a43b7a4f2bff08be734ede0378e05581b
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 5a3c56c7cd82f66dd7d8f9b5acd9a7c0
SHA256: 9e4ca452fcab61ff09c2b7dbbe96ddcfd7825d5006a2e9798506eaf80030fbe2
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 167d7fa60693fc988c58958df00e3dad
SHA256: 1313bf2110a3c80e86a0b0f83b38417c0b0ed45b76fad2b2f54a27ea6b7da131
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: b9739d6baa59fae20ef6752422699133
SHA256: 51bebd9bcd8322f1bf134c1cdb443d9ca9d8f6485e41dbf7195802e338a48a4a
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: d64a4de0bc6fb0999709ebc17316bf66
SHA256: 344d0494c54730e763a1a084d624b16c108771d429f900133304e2c941d25e0c
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 3224b26316b926096066a710064762a0
SHA256: 4d7f34bc35e9e2959ea70f979c494a66dfab7867b0ee4ea4ead98f705cb37bf9
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 8c52c01a14482a743fa4797fbdaebace
SHA256: 84b8b3783ec0137dbb5ff476e141bef80e69682638965d07305255069cdacbd1
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 6b77ac5c29829d20d74989dfe527d7f2
SHA256: 6a940431c5316277ba41251469a4ed3e25a63690aa84881a8af02bf76f61c3e3
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 8e72c8782d4b82bc2880d77fa1fe6815
SHA256: d53e02c8b40840fadd06f2fad43c473bacc2acf1295939a6d6f83086371455f7
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 20e71d3d48ed047c221c95c8ef9c5daa
SHA256: f1a39e34386bcf35d9cb3ce644e7063fa8f1ef6ad31bcfbd8ba9943e38c138e4
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 7f216923de0b5c2ff7463766ff49b2f3
SHA256: c24fd24aad91bb0dcfc749527a806ca88f1c295b035e8f1ed71a5bd1b6ca1e1e
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 97c08c54e8352a009ec25bebf36b08c0
SHA256: 19d0c90ec7a5bb065f76023366f7bcb26e1669ba8c8f2f4284d6735492de9d4f
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: ce6289f63e97b4c34ac7fb0675630d4b
SHA256: 3c76cbcf5f1b4fa784ef1a628c55a8b904f01116b98733b5c1650c1292f4ff91
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: bb54a91b6e2a90e4ee66ef4d6d9bf264
SHA256: 6c8186e16254e7131d00988b0cc4a522720711ec5bfbc688edf4a86fecb01583
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 15579c0879a12971556ca68af61445f6
SHA256: ac78119109dbd3a4292c21c652491f3b0c7a6cf2058548fc7086f853391a8887
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: e276424ca6d9331134260c4c8bf64a49
SHA256: 1188a1ae7a11b8a86813f2c029f8f7853ae971cca47294ffbf3e21d95cb2f1fa
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 1c1a4413b89ca7969ad41488a0992430
SHA256: 7d3beb91fd67591ec31370454cf318acf6e97da9cb2a663ff4ebd2d9b5036439
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: ced8038f66753dfbec34bb6685ea282e
SHA256: 7fcc51b7df8052ddee9cfd26eeb342edb4f00a8898fc3654fe4d46917044d473
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\UuU.uUu
text
MD5: 280effb5d61b591a68b0574e8075ba48
SHA256: 6fe4bc4bd9c6d106c2754986db68ac9f021d2c2fa258b3d9c878bd600947da52
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 280effb5d61b591a68b0574e8075ba48
SHA256: 6fe4bc4bd9c6d106c2754986db68ac9f021d2c2fa258b3d9c878bd600947da52
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 486f3a6773530926633fcc5b502f5be3
SHA256: af6b8ab927330f887bd6fb70cd12d5675ddc6e1d22b3758697843f9b9b4262d2
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 1ed992878a11e63871d7de18467c1a7e
SHA256: 546620a277765ff5bf67d94af9bc1ad85029f4b6455cadde97685e98c54c6faf
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 306577ad80eb62725141081ae403f9e4
SHA256: ea5d694506fe20cc3482792b432dcfbf65ebd3325b2acfd14b112912c4775320
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: bc1c36504959e7d08efc8827b63e26dd
SHA256: ca3fa1eb9163e9e0450c7f74afb75e977b57480a43f9dd9015f350ba94807c84
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 93961c2f0dbb07af53271df17f97043f
SHA256: eee1f08c2522e22981d25225ad8d1fd3b0566ce920c631d8d42daf5aa1e95165
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 9b40b63a60cd464495a6cd3e2240ec5b
SHA256: 3288d347149b4c55be41be1363e3591af4c76c9e8712b83ae4d254e23b1cdca2
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 18187d92929cd50ec44f4e41ddbebb56
SHA256: 46db1fd7c44b1c32707101cebc75755bf5f00829fc338fefef49a6e3a9f6be70
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 2deb928078285bfea4f512c67017d3b6
SHA256: a4afc37d01c6f76ba6cad04020d6d00a902778ccc1b66b1eb62acfc2aef6bcfd
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: b26da09ea415940151ef93f41bbe0055
SHA256: 4bbec06e66ef28b29080069af03655151509980f043ddc5d25d060b2e80a62c7
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: f30529ca1ab6ab7a4d61b92663022164
SHA256: 3391b6caf41bc623e8f3caa02a691513367a1a5ad6738518a906a7550f67eb3f
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: a6e4e5b56581487a4fe2845c346d8cf0
SHA256: e3d7e8ee033901ddf9448723c3896917c56f5c7638d40889e5988aaf13964223
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 9e40d3a380ea2e8025c0e46691a01f96
SHA256: d4b0ba765a61bbf42953285748771d86d1c19fad3de1f1fb8e772c54603dcbed
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 3e130d16dcef8772120897bafc1d735f
SHA256: e661bc1f50d24a2050851b295070b52201eab75ab63c111ec0520c1fe4473ae1
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 813aa8311b842da38a1096c24f3948b5
SHA256: 9e67bfc399849b36ef5971d7f5dc7751bfcfb72d774d272b3b8c3dbd4e0692f6
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: bdd19b7db3ed8455ebb5b15ea726a84d
SHA256: bdb3951704ec7e9ea663c54cfb3fa9ba644ef604a7dceeea9f5ec66ff90c7697
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 707e20e4d245a7748f220fa66369015e
SHA256: 85e50cba338ac2c6a6c59059d03396aff41f06bca2aedceb70b17be84598010b
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 645b4572184c768e319874c512fb1152
SHA256: a5ce23a6f15f23983b9d93400b6c56247f78a530feb46065f6732113ee56a9e8
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: c860041474a3eb9d885647ed9acd5587
SHA256: 02acc9bfef74f033aaae1d670c46f1189d60732868537a2c5dab0c6021967f15
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 7148956617b1ba79093aae398feddef2
SHA256: a02f9830030d4a06e22862735b99738226aa728ad77495b6574d532f291c1136
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 883deadb2f0b97d1489073d47c86cb1f
SHA256: 8e24d8928c56cd6396ee4741c6f03f24bef05949f19ed6928fc0a289cbf406cb
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 756c1903b5ce13d1634b06a054e4344b
SHA256: 3512afd4bdc1b675210eeaa3b613ec996a0d1f86ec5c80fc3892117a21f3e89f
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 3f452f7e69c33fa24e56403d6e5b86d2
SHA256: e620b04c57871129e7a26a79fc119f988a6efa4d5c8ece19f16235e4c43356e8
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: e278154934fc97af0dbe4ce58fb14a29
SHA256: 82751d52ebae52ff73ad1dffd5088005e53e4ffc73479415f9dddf19b568778e
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 2b610be72e667071ab61f3a5548fe08d
SHA256: cd93c5aae333b8512e4100d0a094ceadece902e41de247b840c1514b00e0d7d4
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 3059384fac79fa0f53eff695b5ed2d41
SHA256: 387dfca375afe0aa7026f8a62034868e86cde10102b3c0190b364da2bf6f8e61
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 13ecda712317c0fb76be2d9c9b1adc92
SHA256: e3623bef47ce9114c3e803574b34b1f97b2b22690b75fdd5c5f2352e9369be27
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 6595d84dbbda631b501cdd0a7865816c
SHA256: 182a5d5fecfd28f3135725072c2e81506588fcd371bc948f586b49ecf73ec77f
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\UuU.uUu
text
MD5: d4beeabe43c7c72c9ecbde09d1573cba
SHA256: b5b0554184985907453637f688217a770c436f8b96a5376c8eca48aded578787
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: d4beeabe43c7c72c9ecbde09d1573cba
SHA256: b5b0554184985907453637f688217a770c436f8b96a5376c8eca48aded578787
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 0f1e6e4a81b38780b84517850148e1c4
SHA256: f67688d4bb44005f58134ec900903c67b3c5dee3775e7ab219fe322a4827e81c
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 083a78932da8e3c3a7dd11d4a16ff577
SHA256: 3cdc4c515d4b2cafd4e765f25e2fcbd3a2f4e65e489d7be55a626f7a215f42d6
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: cdb9aa3b5a938c4939cd62cb8ba4dc0f
SHA256: b8c6a224d219f866e66e1ba0614116fe388a52cb6bdf395087e547ddaeaf9d7b
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: d4f285f1077450b557a9417ac150c7d5
SHA256: 96a7b89797c41533fb693f73fcdad388c913dfeb13604412786b94e27e75a785
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: c3ad6fbd223ff65b55eea9bf9ea2dbef
SHA256: 2ffc84ec10912d2ed93a1b438ee8641fb7ecaca91378bac784109f67e0e53f48
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 9b1bb9afdbcf7eca6d8397e6ed8db3f2
SHA256: b8c2c36db12e1a9358a1b8aebf6f54705d2547e4fa5430947e2ef4b393630e9f
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: dd70a98a41182627f6d959ec73d10334
SHA256: b87c2f04001d72f582463287cb950ab92ba732f929bbbf872956e962f96889af
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: c386fc59db2ae09084343231d032cfc4
SHA256: 2aadff446f1edd3dfe2100f6b70851d5e2cb27372fd3ced291637c380c322ead
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: c3c1a1ffda77e8d8658d3d780e3ec747
SHA256: dbfc80e1ecee47bbd4f63ca00491ad5f5e15e1e0079d442cb4629f373b474b5a
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 6cd055fc6760a7634f93eff42fab45b6
SHA256: d5d57e3ac259a01ca511bf73bfca8c6e6632dd0960845a4d61a6e412a154c0e0
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 7e9a761ca5fbc0746e590a0457dc7b78
SHA256: ad66ba8e79273b6d8ad38936b85190f572734b0763e45df134bf1fc6d1392623
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 251de9f716966ec0e582a63c376511a8
SHA256: e9e6e9732435dfc4f23c6c7a3cf95b77f9e64609c6f9c3fbaf3828f44e7a1f3f
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: af4646a0747faf4ce57e9c85b97630e0
SHA256: ecd3be07b15cc3436900ceff1d99ff04a50131672ae5064fa659eaa1e73d60ef
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: cc6cf0996a2ce69c2572c927b211e912
SHA256: d1cd6b00e2bee1fc686832de65ac3675c2f4231ec07f5c17baa8216f41376cbc
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: fade4b1c179a466f319ad060fb33b488
SHA256: 215ffa9c12bf654e690afd3d80f518519fcf53887d23d7373441420a4dd496d0
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 1ae43118215c6cb472cdd9628b0f453a
SHA256: a148b5cae65adbc40e4c9ed2ec34577dc6058fef3ae86543f20b79450875d0d6
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 0b02c968a4f440a5383c3dc2469fdb03
SHA256: 872ac418776084deffe20f049e90a9c8f56742728a5828e1a1e663c9d9f6dd86
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: a912efef999d3d754658628fc9c33888
SHA256: b6b8d79212c9d8790e5e7eab24aae58b8967834817db9d801d5019b0676c9d76
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: cf622c8261f8d0d2caab774fd9a79ce6
SHA256: 9a8acea25886aab771c1e5d0662fc2181d0f951a1f265523128e70f1541e840f
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 6e1d84df98d7595a3920f87457652ffa
SHA256: 2a512c48ee10e9349ca7d2664eb174a3e884659a574bb94815922c347ab6e1ed
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 5d51d8f9662f9cf93bfe7939619dac99
SHA256: 73707a420687c1c893c46916b074639afabbac28af814905d0f440e1f8718d1a
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 838f4a8132f64769c797147f6b782127
SHA256: fb74944d0b71dc1fdbf2b6f7463cc08c3ecbb3782122299b44d72c933b8ce687
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 55b58288e43142a0ef106f7e7680fef1
SHA256: 9e0b39a9175f579ad4954f3b458a7c9f937ddfc18b8362045ee02b5415c874af
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: a0298876a926258aabbe79fbb20c2be9
SHA256: def267698e96c12c5d08fd35e373155ba3fec0f10b6ceabaf98dd98fcccff1a0
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 976b8ca12d65dfa2d1a278e672a3f087
SHA256: ba3d2c6d951b1665e1a715dd18103d96c875dabce43ee38550b3d8984870bb9c
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 4c9b9848fdfa761a37be51bcbb2e69b2
SHA256: 988fb35eaa33a2c389adef997a0bba764df5adf00516176a6b7790d1e0ca652a
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: eee878876b3b341c8ac78ce6dc67ecc4
SHA256: 78518c9f6bac0980116d16671b5092b71287a37d585bc20162d5a2132575dce1
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: b6673f4b0be3129de52688a6e64c8635
SHA256: 618338eb1451b8fdf0f8ed989312f5cedf8c2c570f05c32ac27b4392a09bba5c
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: a319cc5e5b7e81b40f51e62eeb9ad807
SHA256: 99f94cd1de9bd5fc16eb895e082bc8e9f71d43808ee362928d9b9913b7c29402
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\UuU.uUu
text
MD5: a10a72d34a07b2f5d3bbddf8214f66c8
SHA256: 108ad4eb192f27b170437e03b7efd6a1a8076d57db001f2b9fd964a853853207
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: a10a72d34a07b2f5d3bbddf8214f66c8
SHA256: 108ad4eb192f27b170437e03b7efd6a1a8076d57db001f2b9fd964a853853207
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: e41abc5643df96f1da568d0dfede4ff9
SHA256: 78fdb00b6c8546151518bcb56ba0efe9eb4f6d8175fa0d0f4beaaaad37961568
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 33dcb8bab1b728f130a2ad2b63791b88
SHA256: 9c1bda9f81338a03967f7a207efd0de74dd2bca8f8d00739f87bfe2cad868986
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 71d3efadfcbae68f62731b005659d18c
SHA256: 5c1ce13f3aac5814e22fedb619d0253b3bcd89e5d68fd8d64bcb1c3031264c60
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 3ab35d416b2fa25797914c19ab4128ee
SHA256: 2bc5a170cff1df7fdf323f1f1fe872bf8d31b7d66ed40ebdf7c9d9e4e0cd7022
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 34b39359ea0c9742ca4e827bccf70d84
SHA256: baf9d323cba02c5ab74963ab889972c179e2c28558cc8fa63b248f482a7e2ba5
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 216591534bccbc481b0e9985c76bb5c1
SHA256: a79a47cd128623f17e270a59eb454db9dda1b089c008b2514ac9cd36321eed57
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: c6663c22e86663f25e5a3f1e173fbb60
SHA256: 94ace90c44b7ae3018d92b7e60730f56292ec4459051b27bafd088eafd80aae7
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: e1952ae59ad634149958968b9f20833a
SHA256: fadcbc7a7bfff82fdbc508d66443c04e99cfaf30391605f7f74ba04b79d25f94
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: b06daf851b44fb7d8c59c43e7f3ff66b
SHA256: 283fe361fa0a09e9bb0ab9b67dcf6b920873cd7e9b330ab602857ca91bf0ef36
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 996c33f9643f5f5ba685e3f8da71ac8c
SHA256: 745d0fd95cd3ca717c64b4cd81526d67e6e9bbdcdc8ddc7bf802264a7c0f9187
2480
puy.exe
C:\Users\admin\AppData\Roaming\AppVStreamingUX\at.vbs
text
MD5: 87aee3a40b1b0d5f66ee44cabada4ee2
SHA256: 84ec1fa9fa3bad2c9da447b1ce582d1e313e2f9e28fa9e06cfc7773135e7cf3f
2480
puy.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\at.url
text
MD5: 800532656e6233b51964102fc9d4011e
SHA256: c2332491819bf0286a3fcee2f03275169183b61bb47981e96641e6b2508a1a87
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: c83bb8cc98010c369d84cdf350680915
SHA256: 7bcf46b2b90442112f9fd85639afc59f414d06ff8b123d306bdff153bc2dbb6c
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 438ed2c2ab3d4b71bdcbf61728af530e
SHA256: 008544ab0e1657bb635d79293428c7869b351f4759a2de5787bb1b53b8c99140
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: b8f38bc492e5ac046eb0a5e6c45c08bf
SHA256: 52172cb72099afa84b86e321a760b6205058761ce995a4d759a7804db7f8ad4b
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: ba0b8879201f734eeb42337e26e29af8
SHA256: c91b2008c16f0fd10f951c26fbf59530d6f4c8d209c185cb7574123facf6add6
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: b8d342ecb7426bbdb5c165c8fbcd884f
SHA256: b2ad65125b349d2312ea4d37b8b4d50cb7def9ffd3b7237835142fa3a5847c2d
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: ccdf2cbcb61032ad23ad384b7058399f
SHA256: b6f22dafe3b26488a4268987a3c9fd90921082e85c9ec4b9952a47881fbc86fd
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 2357a8914bbc2342d49f65f7fa8ed960
SHA256: 558fad17aa3c3e1eabd0ea9fa17760e8836628edad516cc70c289eba42f3b09c
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: cf83833a16a5c4573f59ea6abc029560
SHA256: 9754818d45fd5d8c00f5577086f9d396b8897d11c8bdb6ba877e0369293f35a0
916
pu.exe
C:\Users\admin\iotstartup\VsGraphicsRemoteEngine.vbs
text
MD5: f23eceb5c138605f658e6bc9bef926bb
SHA256: e47fc8f41fdda51d758a9de62b64a0fb445814042850cacd1307600aac3e0937
916
pu.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VsGraphicsRemoteEngine.url
text
MD5: 1db6eb9dd8837965242b07ecaf9282d2
SHA256: e23955123a038436f5e01b536b4cca25a6a2f802ae35516f1b32a6769bcd391a
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\UuU.uUu
text
MD5: 2860504efe271ed7132f505d97ec50a7
SHA256: 0a14991a1e1e02d16e355d7f1864ada58de81f5b94574de3fddb4c91a381ff5d
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 2860504efe271ed7132f505d97ec50a7
SHA256: 0a14991a1e1e02d16e355d7f1864ada58de81f5b94574de3fddb4c91a381ff5d
3132
svchost.exe
C:\Users\admin\AppData\Roaming\cglogs.dat
text
MD5: bf3dba41023802cf6d3f8c5fd683a0c7
SHA256: 4a8e75390856bf822f492f7f605ca0c21f1905172f6d3ef610162533c140507d
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 24b8887a340ef9fac1179c51ebd7288d
SHA256: b51aebddb66b87284ccd7cfaafbc08daf2c9c3c641e62254a9e76ded929a25bb
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: dc1f3b110b7e4622383c304238394375
SHA256: 14eb134dad873b58b15d361839f9481a14eaf55f2c9d4eaed6286562602a2e54
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 3ebbf8deb2f5d3b009228e030fe026f2
SHA256: 7e07c27ca756013e00c0c4e0b41c198320fc0a47e03f3931dc76c0dc38851f94
2128
puty.exe
C:\Users\admin\iotstartup\VsGraphicsRemoteEngine.vbs
text
MD5: f23eceb5c138605f658e6bc9bef926bb
SHA256: e47fc8f41fdda51d758a9de62b64a0fb445814042850cacd1307600aac3e0937
2128
puty.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VsGraphicsRemoteEngine.url
text
MD5: 1db6eb9dd8837965242b07ecaf9282d2
SHA256: e23955123a038436f5e01b536b4cca25a6a2f802ae35516f1b32a6769bcd391a
988
svchost.exe
C:\Users\admin\AppData\Local\Temp\XX--XX--XX.txt
binary
MD5: ca08f307132fafc111f6b9c5954581af
SHA256: ef5850bd883dd869a425b39546fc53ec1c820ebb2e20ae866e13d241a09792a8
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 3e67c948095d438bdf11de04d33f17fe
SHA256: fb462a83c7472024379910535ae48cb689f133e6de3d91c1b8ea6234a0718da7
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 5138e1d3caaaf170b7bb9f992fd6cbb1
SHA256: 00a9f3ad6e16c95d71ea6133225bdf3f15431e5831967e098950273043e11909
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: d6a8d2f1b6b9e19ea0fb3823660f88fe
SHA256: 0a091e2ea972bf9d94ba900ce89c461d38070d5c4dae16403597dcc3881d81c5
344
putty.exe
C:\Users\admin\AppData\Local\Temp\MaxxAudioMeters64\AppReadiness.vbs
text
MD5: 573b13f208b83c179226590ec0be579c
SHA256: ef08c65cc4c144ea1f5cf26ada011deaaf2e37c94cdd0ea73b33ff4a9772eae3
344
putty.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AppReadiness.url
text
MD5: a1b36beb68210e63fadfd15026501d31
SHA256: caa9655fa49a2ebf36c8044274943df1725a08ad9e184229a1a95cc2ded08c60
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: d8327be1a095900bf6e327a54a6bb469
SHA256: ac896afae6d9d1f338bc643e568527cea7afcbf8e3fa80dc7f69307bbd9d843f
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: d9910813558c2508b9e39e0e9f92dad5
SHA256: aee5c07e4d5afb85cd2c26bae337bb44d9476027dfa14cb26048ad7bd3df75bc
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: a2fa63d3edc2222ed819cf87b661931f
SHA256: c7e10f33bc8024e07ab4d9fd04a575fcaa7c83affa58a2d9a89af848cfa2b173
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 9170a7b52061c81ba1974c74bd58dcae
SHA256: f54f6593458aaadd7e025035ce7b47b9af478a8ece98b59b15b754584a4fe934
1024
rundll32.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
dat
MD5: d7a950fefd60dbaa01df2d85fefb3862
SHA256: 75d0b1743f61b76a35b1fedd32378837805de58d79fa950cb6e8164bfa72073a
1024
rundll32.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
dat
MD5: d7a950fefd60dbaa01df2d85fefb3862
SHA256: 75d0b1743f61b76a35b1fedd32378837805de58d79fa950cb6e8164bfa72073a
1024
rundll32.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
dat
MD5: 2c0ef878892e2f807c5ece91b66117a0
SHA256: 6e1b1d31fae08007e48fb427b150fc7bddedeae551a715a4a82c577a97fa6223
1024
rundll32.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H7SPBY9W\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
1024
rundll32.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0CWTM367\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
1024
rundll32.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GTTQLHXE\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
1024
rundll32.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IS4SVBAK\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
1024
rundll32.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
1024
rundll32.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3640
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DRa3640.49935\Netflix Gift Card Checker by xRisky\PRIVATE COMBOLIST.txt
––
MD5:  ––
SHA256:  ––
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: b9c064f31586cf5afcbce55710d4dd31
SHA256: 045eb3a672e5d9b5e247d241d0fd0e46a702e5dcd3ef7456f262eebcc3c674ea
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: b4de9d0fe937f497081c8db5b9afb612
SHA256: 7c33daa80d73da2226c466464bcf1281b35253bdf8378653bb684f1cd1a0ff4e
3132
svchost.exe
C:\Users\admin\AppData\Local\Temp\XxX.xXx
text
MD5: 0f04354d2984f4e696a6112488331c33
SHA256: cec86547156806c000afc6209dbe7325b239475c16c2d37a0ea54edd906e4984

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
5
TCP/UDP connections
33
DNS requests
20
Threats
25

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
296 NetFlix GC Checker by xRisky.exe GET 200 88.13.146.179:80 http://Chrome.theworkpc.com/c.exe ES
executable
malicious
296 NetFlix GC Checker by xRisky.exe GET 200 88.13.146.179:80 http://Chrome.theworkpc.com/l.exe ES
executable
malicious
296 NetFlix GC Checker by xRisky.exe GET 200 88.13.146.179:80 http://Chrome.theworkpc.com/r.exe ES
executable
malicious
296 NetFlix GC Checker by xRisky.exe GET 200 88.13.146.179:80 http://Chrome.theworkpc.com/l4.exe ES
executable
malicious
296 NetFlix GC Checker by xRisky.exe GET –– 88.13.146.179:80 http://Chrome.theworkpc.com/i.exe ES
––
––
malicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
296 NetFlix GC Checker by xRisky.exe 88.13.146.179:80 Telefonica De Espana ES malicious
1136 RegAsm.exe 88.13.146.179:3344 Telefonica De Espana ES malicious
3132 svchost.exe 88.13.146.179:1552 Telefonica De Espana ES malicious
2668 RegAsm.exe 104.20.209.21:443 Cloudflare Inc US shared
2668 RegAsm.exe 88.13.146.179:9898 Telefonica De Espana ES malicious
3636 RegAsm.exe 88.13.146.179:5553 Telefonica De Espana ES malicious
–– –– 88.13.146.179:3344 Telefonica De Espana ES malicious

DNS requests

Domain IP Reputation
chrome.theworkpc.com 88.13.146.179
malicious
redlan.hopto.org 88.13.146.179
malicious
pastebin.com 104.20.209.21
104.20.208.21
shared

Threats

PID Process Class Message
296 NetFlix GC Checker by xRisky.exe Potential Corporate Privacy Violation ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile
296 NetFlix GC Checker by xRisky.exe A Network Trojan was detected ET TROJAN Single char EXE direct download likely trojan (multiple families)
296 NetFlix GC Checker by xRisky.exe A Network Trojan was detected ET INFO AutoIt User Agent Downloading EXE
296 NetFlix GC Checker by xRisky.exe Potentially Bad Traffic ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile
296 NetFlix GC Checker by xRisky.exe Potential Corporate Privacy Violation ET POLICY PE EXE or DLL Windows file download HTTP
296 NetFlix GC Checker by xRisky.exe Potential Corporate Privacy Violation ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile
296 NetFlix GC Checker by xRisky.exe A Network Trojan was detected ET TROJAN Single char EXE direct download likely trojan (multiple families)
296 NetFlix GC Checker by xRisky.exe A Network Trojan was detected ET INFO AutoIt User Agent Downloading EXE
296 NetFlix GC Checker by xRisky.exe Potentially Bad Traffic ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile
296 NetFlix GC Checker by xRisky.exe Potential Corporate Privacy Violation ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile
296 NetFlix GC Checker by xRisky.exe A Network Trojan was detected ET TROJAN Single char EXE direct download likely trojan (multiple families)
296 NetFlix GC Checker by xRisky.exe A Network Trojan was detected ET INFO AutoIt User Agent Downloading EXE
296 NetFlix GC Checker by xRisky.exe Potentially Bad Traffic ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile
296 NetFlix GC Checker by xRisky.exe Potential Corporate Privacy Violation ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile
296 NetFlix GC Checker by xRisky.exe A Network Trojan was detected ET INFO AutoIt User Agent Downloading EXE
296 NetFlix GC Checker by xRisky.exe Potentially Bad Traffic ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile
296 NetFlix GC Checker by xRisky.exe Potential Corporate Privacy Violation ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile
296 NetFlix GC Checker by xRisky.exe A Network Trojan was detected ET TROJAN Single char EXE direct download likely trojan (multiple families)
296 NetFlix GC Checker by xRisky.exe A Network Trojan was detected ET INFO AutoIt User Agent Downloading EXE
296 NetFlix GC Checker by xRisky.exe Potentially Bad Traffic ET CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile

5 ETPRO signatures available at the full report

Debug output strings

No debug info.