General Info

File name

Inferno Stresser[3.1].zip

Full analysis
https://app.any.run/tasks/fca0bf63-837b-4f62-b7dc-8bb6667ee295
Verdict
Malicious activity
Analysis date
5/15/2019, 09:49:24
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
application/zip
File info:
Zip archive data, at least v2.0 to extract
MD5

f3d7c89d4be9ee88b267e9f15ff83e30

SHA1

3957c08b6b79101a21db8563d69c56b2689f79ad

SHA256

90e5ecd5bf7ccec925a0001199f66ac456459f8e55237f0ee672cf223e6b1f1a

SSDEEP

196608:ceMVWiRvQ09RYNu5W3UEdcHXLZSo0hKAKdIzJOZOMxzwwerIRnCziaD0aB8GNKru:CVWS4SYc5W3zyLV0RKdgJKDzwwe8RuRD

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
240 seconds
Additional time used
180 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • Inferno Stresser[3.1].exe (PID: 2504)
Loads dropped or rewritten executable
  • SearchProtocolHost.exe (PID: 3824)
  • Inferno Stresser[3.1].exe (PID: 2504)
Reads Environment values
  • Inferno Stresser[3.1].exe (PID: 2504)
Reads Internet Cache Settings
  • Inferno Stresser[3.1].exe (PID: 2504)
Creates files in the user directory
  • Inferno Stresser[3.1].exe (PID: 2504)
Executable content was dropped or overwritten
  • WinRAR.exe (PID: 3244)
  • Inferno Stresser[3.1].exe (PID: 2504)
Reads internet explorer settings
  • Inferno Stresser[3.1].exe (PID: 2504)

No info indicators.

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.zip
|   ZIP compressed archive (100%)
EXIF
ZIP
ZipRequiredVersion:
20
ZipBitFlag:
0x0009
ZipCompression:
Deflated
ZipModifyDate:
2018:05:20 11:00:16
ZipCRC:
0x28fb05f0
ZipCompressedSize:
10858385
ZipUncompressedSize:
11379200
ZipFileName:
Inferno Stresser[3.1].exe

Screenshots

Processes

Total processes
37
Monitored processes
6
Malicious processes
3
Suspicious processes
0

Behavior graph

+
drop and start start winrar.exe notepad.exe no specs inferno stresser[3.1].exe notepad.exe no specs notepad.exe no specs searchprotocolhost.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3244
CMD
"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Inferno Stresser[3.1].zip"
Path
C:\Program Files\WinRAR\WinRAR.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Alexander Roshal
Description
WinRAR archiver
Version
5.60.0
Modules
Image
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\uxtheme.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\riched20.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\winsta.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\winmm.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\wmasf.dll
c:\windows\system32\ehstorapi.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\profapi.dll
c:\windows\system32\notepad.exe
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\users\admin\appdata\local\temp\rar$exb3244.14712\inferno stresser[3.1].exe
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\networkexplorer.dll
c:\program files\filezilla ftp client\fzshellext.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\mssprxy.dll

PID
2148
CMD
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\AppData\Local\Temp\Rar$DIb3244.11892\[Password Inside][ReadME].txt
Path
C:\Windows\system32\NOTEPAD.EXE
Indicators
No indicators
Parent process
WinRAR.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Notepad
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\notepad.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\oleaut32.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\clbcatq.dll

PID
2504
CMD
"C:\Users\admin\AppData\Local\Temp\Rar$EXb3244.14712\Inferno Stresser[3.1].exe"
Path
C:\Users\admin\AppData\Local\Temp\Rar$EXb3244.14712\Inferno Stresser[3.1].exe
Indicators
Parent process
WinRAR.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Description
Inferno-Stresser
Version
3.0.0.0
Modules
Image
c:\users\admin\appdata\local\temp\rar$exb3244.14712\inferno stresser[3.1].exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\shlwapi.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\225759bb87c854c0fff27b1d84858c21\mscorlib.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\52cca48930e580e3189eac47158c20be\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.drawing\646b4b01cb29986f8e076aa65c9e9753\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.windows.forms\5aac750b35b27770dccb1a43f83cced7\system.windows.forms.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\55560c2014611e9119f99923c9ebdeef\system.core.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\microsoft.v9921e851#\7ca6a7b9413844e82108a9d62f88a2d9\microsoft.visualbasic.ni.dll
c:\users\admin\appdata\local\temp\rar$exb3244.14712\geckofx-13.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\accessibility\44a4ab91e8e11c7cb95343e2d9ffe621\accessibility.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.configuration\46957030830964165644b52b0696c5d9\system.configuration.ni.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\system32\shell32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\psapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.runt73a1fc9d#\647f9e8a4465888d8348c3f66611c463\system.runtime.remoting.ni.dll
c:\windows\system32\uxtheme.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xml\d86b080a37c60a872c82b912a2a63dac\system.xml.ni.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\credssp.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\secur32.dll
c:\windows\system32\schannel.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\zipfldr.dll
c:\program files\winrar\rarext.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\winshfhc.dll
c:\windows\system32\wdscore.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\windowscodecs.dll
c:\users\admin\appdata\roaming\xul\xpcom.dll
c:\users\admin\appdata\roaming\xul\xul.dll
c:\users\admin\appdata\roaming\xul\mozjs.dll
c:\users\admin\appdata\roaming\xul\nspr4.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\winmm.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\users\admin\appdata\roaming\xul\mozglue.dll
c:\users\admin\appdata\roaming\xul\smime3.dll
c:\users\admin\appdata\roaming\xul\nss3.dll
c:\users\admin\appdata\roaming\xul\nssutil3.dll
c:\users\admin\appdata\roaming\xul\plc4.dll
c:\users\admin\appdata\roaming\xul\plds4.dll
c:\users\admin\appdata\roaming\xul\ssl3.dll
c:\users\admin\appdata\roaming\xul\mozsqlite3.dll
c:\users\admin\appdata\roaming\xul\mozalloc.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcp80.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\riched20.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\users\admin\appdata\roaming\xul\gkmedias.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\mlang.dll
c:\users\admin\appdata\roaming\xul\softokn3.dll
c:\users\admin\appdata\roaming\xul\nssdbm3.dll
c:\users\admin\appdata\roaming\xul\freebl3.dll
c:\users\admin\appdata\roaming\xul\nssckbi.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\jscript.dll
c:\windows\system32\imgutil.dll
c:\windows\system32\pngfilt.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\t2embed.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\macromed\flash\flash32_26_0_0_131.ocx
c:\windows\system32\dsound.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\mscms.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\xmllite.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\assembly\gac\microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\microsoft.mshtml.dll

PID
3128
CMD
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\AppData\Local\Temp\Rar$DIb3244.17667\GIVE IT AT LEAST 60s TO OPEN BEFORE YOU START SPAM CLICKING IT, THERE IS A LOT TO LOAD SO GIVE IT TIME.txt
Path
C:\Windows\system32\NOTEPAD.EXE
Indicators
No indicators
Parent process
WinRAR.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Notepad
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\notepad.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\clbcatq.dll

PID
1860
CMD
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\AppData\Local\Temp\Rar$DIb3244.18683\IT WONT OPEN IF YOU FORGET EXTRACT geckofx-13.dll TO THE SAME FOLDER!!!.txt
Path
C:\Windows\system32\NOTEPAD.EXE
Indicators
No indicators
Parent process
WinRAR.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Notepad
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\notepad.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\clbcatq.dll

PID
3824
CMD
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe6_ Global\UsGthrCtrlFltPipeMssGthrPipe6 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
Path
C:\Windows\system32\SearchProtocolHost.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft Windows Search Protocol Host
Version
7.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\searchprotocolhost.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\tquery.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msshooks.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\msidle.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\mssph.dll
c:\windows\system32\mapi32.dll
c:\windows\system32\authz.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shell32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\propsys.dll
c:\windows\system32\version.dll
c:\users\admin\downloads\geckofx-13.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\profapi.dll
c:\windows\system32\notepad.exe
c:\users\admin\downloads\inferno stresser[3.1].exe

Registry activity

Total events
1217
Read events
1134
Write events
83
Delete events
0

Modification events

PID
Process
Operation
Key
Name
Value
3244
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtBMP
3244
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
ShellExtIcon
3244
WinRAR.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
3244
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
0
C:\Users\admin\AppData\Local\Temp\Inferno Stresser[3.1].zip
3244
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
name
120
3244
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
size
80
3244
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
type
120
3244
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
mtime
100
3244
WinRAR.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\system32\notepad.exe,-469
Text Document
3244
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface
ShowPassword
0
3244
WinRAR.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3244
WinRAR.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3244
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
name
120
3244
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
size
80
3244
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
psize
80
3244
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
type
120
3244
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
mtime
100
3244
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
crc
70
3244
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\DialogEditHistory\ExtrPath
0
C:\Users\admin\Downloads
3244
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin
Placement
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF42000000420000000204000037020000
3244
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General
LastFolder
C:\Users\admin\AppData\Local\Temp
3244
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General\Toolbar\Layout
Band56_0
38000000730100000402000000000000D4D0C800000000000000000000000000220105000000000039000000B40200000000000001000000
3244
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General\Toolbar\Layout
Band56_1
38000000730100000500000000000000D4D0C8000000000000000000000000002A01050000000000160000002A0000000000000002000000
3244
WinRAR.exe
write
HKEY_CURRENT_USER\Software\WinRAR\General\Toolbar\Layout
Band56_2
38000000730100000400000000000000D4D0C8000000000000000000000000005E0204000000000016000000640000000000000003000000
2148
NOTEPAD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Notepad
iWindowPosX
66
2148
NOTEPAD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Notepad
iWindowPosY
66
2148
NOTEPAD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Notepad
iWindowPosDX
960
2148
NOTEPAD.EXE
write
HKEY_CURRENT_USER\Software\Microsoft\Notepad
iWindowPosDY
501
2504
Inferno Stresser[3.1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Inferno Stresser[3_RASAPI32
EnableFileTracing
0
2504
Inferno Stresser[3.1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Inferno Stresser[3_RASAPI32
EnableConsoleTracing
0
2504
Inferno Stresser[3.1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Inferno Stresser[3_RASAPI32
FileTracingMask
4294901760
2504
Inferno Stresser[3.1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Inferno Stresser[3_RASAPI32
ConsoleTracingMask
4294901760
2504
Inferno Stresser[3.1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Inferno Stresser[3_RASAPI32
MaxFileSize
1048576
2504
Inferno Stresser[3.1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Inferno Stresser[3_RASAPI32
FileDirectory
%windir%\tracing
2504
Inferno Stresser[3.1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Inferno Stresser[3_RASMANCS
EnableFileTracing
0
2504
Inferno Stresser[3.1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Inferno Stresser[3_RASMANCS
EnableConsoleTracing
0
2504
Inferno Stresser[3.1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Inferno Stresser[3_RASMANCS
FileTracingMask
4294901760
2504
Inferno Stresser[3.1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Inferno Stresser[3_RASMANCS
ConsoleTracingMask
4294901760
2504
Inferno Stresser[3.1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Inferno Stresser[3_RASMANCS
MaxFileSize
1048576
2504
Inferno Stresser[3.1].exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Inferno Stresser[3_RASMANCS
FileDirectory
%windir%\tracing
2504
Inferno Stresser[3.1].exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
2504
Inferno Stresser[3.1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2504
Inferno Stresser[3.1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2504
Inferno Stresser[3.1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E307050003000F00070034000300F80100000000
2504
Inferno Stresser[3.1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2504
Inferno Stresser[3.1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000071000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2504
Inferno Stresser[3.1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Internet Explorer\DOMStore
2504
Inferno Stresser[3.1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore
CachePrefix
DOMStore
2504
Inferno Stresser[3.1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore
CacheLimit
1000
2504
Inferno Stresser[3.1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore
CacheOptions
8
2504
Inferno Stresser[3.1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\DOMStore
CacheRepair
0
2504
Inferno Stresser[3.1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\Total
83
2504
Inferno Stresser[3.1].exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DOMStorage\supercounters.com
83
3824
SearchProtocolHost.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
3824
SearchProtocolHost.exe
write
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\system32\notepad.exe,-469
Text Document

Files activity

Executable files
39
Suspicious files
7
Text files
61
Unknown types
1

Dropped files

PID
Process
Filename
Type
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Roaming\xulrunner\xulrunner.exe
executable
MD5: 8760f832171e2acd6154cf2cdb18a8c0
SHA256: a2f8d8380474feefdf1bc6ca488b23a5db12b4df9da5354dcce5c2315550ca17
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Roaming\xulrunner\libEGL.dll
executable
MD5: 8e9582460a865c1575b05ff670764cfd
SHA256: 95ab6f2fa98fbee3bc596a0658d42761e20e5301ce63bcab5ed500ac6fac5e2c
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Roaming\xulrunner\smime3.dll
executable
MD5: a526060b6a662b147cc443beda672c38
SHA256: fe5025831fad840c29eeabe371c157329877b6336c5dd3768f07020688cfde5e
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Roaming\xulrunner\js.exe
executable
MD5: f12abfbe13e5ae9bc01a4751ef357c4b
SHA256: a52c88de98736f785d273a1b5558d5afd3df9a7c4b47a9507d4ba0f19af1ff5c
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Roaming\xulrunner\redit.exe
executable
MD5: eefedec54856f32de03b75bceac5b479
SHA256: 2dd727da95901a50a8a311da43dbdf77d83548943e881d6a64c7c5c877995ce9
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Roaming\xulrunner\IA2Marshal.dll
executable
MD5: 2eb38b981d81266a40eb09e7dc405b8b
SHA256: 8fbc31f32b6a6ea762d8cb6278239d309464b1dabb188c0c39761db9b161530b
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Roaming\xulrunner\ssl3.dll
executable
MD5: 21adb7954b4d863e2b6be98bd32eada5
SHA256: 9894027299ecbf1fc0d87d387cc5848e81bb4a79f6e5a2a7a112dca6ccc14036
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Roaming\xulrunner\gkmedias.dll
executable
MD5: efe4042e5891e254235ac15c86b47edb
SHA256: 1ba841c090d45bf6060c806be6ef9241f3068ea3c977b1a90d61354d8476da47
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Roaming\xulrunner\updater.exe
executable
MD5: 1a980c0d379ff08d3d88c658c4c22abe
SHA256: 27a3d645a42f8d6171ccd5d7b41006080abc3c79371c345c4dd42033ff934449
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Roaming\xulrunner\freebl3.dll
executable
MD5: 5664fe215846afd441e1d45ea8842c3a
SHA256: e3cd9604e3a27288e1821537d9fe20fabd3a6089105fc66adce0a2bc117f0198
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Roaming\xulrunner\libGLESv2.dll
executable
MD5: 0c058e9588b66860e73af0c29cfe3af2
SHA256: ea59aabaed6ecf2b56f55b80ea7a75fea01bc39f42e8757f6b4c741f7e56f0c5
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Roaming\xulrunner\xpcom.dll
executable
MD5: 1e35d487a99683630dccad7acd38bbba
SHA256: 2ee9b5f0ab91eed0bdc35216e0bdffdf8051b7d4d4036a3ad614c50bb1091714
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Roaming\xulrunner\plugin-container.exe
executable
MD5: 411b906f61482d8b0ceaf32e921cd072
SHA256: c1a65e2136e55f101b05df969be6a7597f6babc70d02d139d9cae638d6397a1d
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Roaming\xulrunner\d3dx9_43.dll
executable
MD5: 86e39e9161c3d930d93822f1563c280d
SHA256: 0b28546be22c71834501f7d7185ede5d79742457331c7ee09efc14490dd64f5f
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Roaming\xulrunner\mozalloc.dll
executable
MD5: 3d40bf6c5746e1b7822a61bec5b6b045
SHA256: e9a439f4ea616a9bcc4f7d47ad8c34c27f6fde1fb2a041684cc3b08912b6532a
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Roaming\xulrunner\xpcshell.exe
executable
MD5: c25dba25d1ccca7880f4d9a5bd551c9a
SHA256: 77d22d190f1ff10ae7feb9298299f7e76f176824fc0e32175e5c011165bbc10f
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Roaming\xulrunner\plds4.dll
executable
MD5: f1b5496ab7620409dcf30c87fffff0b2
SHA256: be64199fb574ade079b900aaf2e7a4bfbcf543f16ecea80733227d1bcbad9878
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Roaming\xulrunner\D3DCompiler_43.dll
executable
MD5: 1c9b45e87528b8bb8cfa884ea0099a85
SHA256: 2f23182ec6f4889397ac4bf03d62536136c5bdba825c7d2c4ef08c827f3a8a1c
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Roaming\xulrunner\mozglue.dll
executable
MD5: 0cfff8bf4f71f6c00ee34d4b1f793ff5
SHA256: 869bd9e703f708621a1770c6e34f0e057d95dac8b3d263174c0a301f0b33c0ff
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Roaming\xulrunner\xul.dll
executable
MD5: a48f3853ee85090f214b4219c8e58b54
SHA256: 6f2edbaa10cff9754d2beb530d1c4e64be4c8409dd8592e8992904d70386e3de
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Roaming\xulrunner\plc4.dll
executable
MD5: 68fbd743d2d6fb010147efc3ef58b592
SHA256: 2217bf4278936e1e2d61be864bab204a181e6742e914e593954958867ccf5da0
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Roaming\xulrunner\crashreporter.exe
executable
MD5: ff3487777d6bbf414fa57641e98af612
SHA256: 307d071a5ad1af768b4d4c8603c618f0d7722613e23ed948f4aa7cdcb8c1a515
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Roaming\xulrunner\mozjs.dll
executable
MD5: 320a1820cef8da922887a83a2fa09f4e
SHA256: 9be4e4fd21ee2a62bd945b56c3d76a0761982266ce338a6d81f2dec206385392
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Roaming\xulrunner\xulrunner-stub.exe
executable
MD5: 08c5d45e224f9385b31759cafb43fecf
SHA256: 797661f3449a51f11a4455add8d1a11490ad14a82cd53454e53eda6bed2a4c3b
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Roaming\xulrunner\mozsqlite3.dll
executable
MD5: 272f109c2154609ccb36815e4c2c008f
SHA256: 3b7c527ad6e3d5515948b70b35652e0d0cbe092d7d8983ea65d2bf0cab33d1a2
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Roaming\xulrunner\AccessibleMarshal.dll
executable
MD5: 9bc800295d3b0da5ff8c8f6b1db343ac
SHA256: c5b2905a73880aafc4879c33158e01d1612c13561367f2457f78ac1f0f10334b
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Roaming\xulrunner\msvcm80.dll
executable
MD5: cae6861b19a2a7e5d42fefc4dfdf5ccf
SHA256: c4c8c2d251b90d77d1ac75cbd39c3f0b18fc170d5a95d1c13a0266f7260b479d
3244
WinRAR.exe
C:\Users\admin\Downloads\Inferno Stresser[3.1].exe
executable
MD5: 2e576b45f650be5fbb12fb919a1bd58a
SHA256: c035e71bc91e1f5b7ed35b4a1d8dff2b45ccc5620941c320ab3ca19b21e1b5d7
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Roaming\xulrunner\msvcp80.dll
executable
MD5: 4c8a880eabc0b4d462cc4b2472116ea1
SHA256: 2026f3c4f830dff6883b88e2647272a52a132f25eb42c0d423e36b3f65a94d08
3244
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$EXb3244.14712\geckofx-13.dll
executable
MD5: e00b8d01c276bec209e7dd6df484f066
SHA256: 98334d7f1d645cc4e992ccadf892e7289cb4a7820f19b874af70b88e939afe10
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Roaming\xulrunner\msvcr80.dll
executable
MD5: e4fece18310e23b1d8fee993e35e7a6f
SHA256: 02bdde38e4c6bd795a092d496b8d6060cdbe71e22ef4d7a204e3050c1be44fa9
3244
WinRAR.exe
C:\Users\admin\Downloads\geckofx-13.dll
executable
MD5: e00b8d01c276bec209e7dd6df484f066
SHA256: 98334d7f1d645cc4e992ccadf892e7289cb4a7820f19b874af70b88e939afe10
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Roaming\xulrunner\nssutil3.dll
executable
MD5: 8cd5585e76c45f8cf044815c9ad30cdf
SHA256: 9791de18dc401395de0cd64377d98fd319e9345a2fb68ed1e2d278da18f4932b
3244
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$EXb3244.14712\Inferno Stresser[3.1].exe
executable
MD5: 2e576b45f650be5fbb12fb919a1bd58a
SHA256: c035e71bc91e1f5b7ed35b4a1d8dff2b45ccc5620941c320ab3ca19b21e1b5d7
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Roaming\xulrunner\nss3.dll
executable
MD5: 338733937c9a4968e0af9d773ab89f2e
SHA256: 3e844b27cdaeaa7074be957c62362a662df3c8550b78a1baac0453c63af7e3f0
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Roaming\xulrunner\nspr4.dll
executable
MD5: 415a071d20d7e22842c002558a0c11bc
SHA256: e0b990f9423c7764bc12e25eda7eabd9c42d71ef10f62fd21f6f702c1182c768
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Roaming\xulrunner\nssckbi.dll
executable
MD5: d424188f098b4ddfc063edf8cbf6d435
SHA256: 236cb3f23b6c3783d817f19a89498017eec1bc67ce563bf5a346dcd42e1cf64e
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Roaming\xulrunner\nssdbm3.dll
executable
MD5: 619e5823fda20470d41a9e8d90d9bbc7
SHA256: d6037904651e965fc66c2f9b5110002ce74d8de4f5220e28dfd4a56440f34af5
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Roaming\xulrunner\softokn3.dll
executable
MD5: e43e08cb5d126ad5f53037b531e4ffcf
SHA256: e55feab9ee9f2ad7ae1709ba70e4edf002592a3cd911bc8778f5bf3ecc4ff0ce
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\httpErrorPagesScripts[1]
text
MD5: e7ca76a3c9ee0564471671d500e3f0f3
SHA256: 58268ca71a28973b756a48bbd7c9dc2f6b87b62ae343e582ce067c725275b63c
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\errorPageStrings[1]
text
MD5: 1a0563f7fb85a678771450b131ed66fd
SHA256: eb5678de9d8f29ca6893d4e6ca79bd5ab4f312813820fe4997b009a2b1a1654c
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\ErrorPageTemplate[1]
text
MD5: f4fe1cb77e758e1ba56b8a8ec20417c5
SHA256: 8d018639281b33da8eb3ce0b21d11e1d414e59024c3689f92be8904eb5779b5f
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\navcancl[1]
html
MD5: 4bcfe9f8db04948cddb5e31fe6a7f984
SHA256: bee0439fcf31de76d6e2d7fd377a24a34ac8763d5bf4114da5e1663009e24228
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Local\Geckofx\DefaultProfile\secmod.db
binary
MD5: d39e6f8961ae4b5400d70773494d5ed3
SHA256: 04db37af108813ce7205ec38a27d00d909477cf9368566721033438ac0c9f2bd
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Local\Geckofx\DefaultProfile\permissions.sqlite-journal
––
MD5:  ––
SHA256:  ––
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Local\Geckofx\DefaultProfile\cookies.sqlite-journal
––
MD5:  ––
SHA256:  ––
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Roaming\loaded.txt
text
MD5: 7de94e9f73f59d51104ba34f82613416
SHA256: 6165ce9a1ad9977ecae893b1a523b82c1a588f249125e7bc8ef1f75e72e35488
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\1029205[3].txt
text
MD5: 74cbeed19924cd67051dd8a828cac351
SHA256: 26e9b1e00f0e813db4592fd86b554a61b7c4251645eccc3d7e32d896d6f3323e
3244
WinRAR.exe
C:\Users\admin\Downloads\[Password Inside][ReadME].txt
text
MD5: 585a5ddc0acb1c2b5cdcc87ea2377b6d
SHA256: 686fc8c90cb07242b038829efb2a317fe5ac80e26930e1600222ec5418c54c38
3244
WinRAR.exe
C:\Users\admin\Downloads\IT WONT OPEN IF YOU FORGET EXTRACT geckofx-13.dll TO THE SAME FOLDER!!!.txt
text
MD5: 2833157cc74290ca657dcf3a685b2355
SHA256: db6c42fc1461d7107ab410f899362ea70e4c2582a7b9bb5c1c82b6fe671e8021
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\1029205[1].txt
text
MD5: 74cbeed19924cd67051dd8a828cac351
SHA256: 26e9b1e00f0e813db4592fd86b554a61b7c4251645eccc3d7e32d896d6f3323e
3244
WinRAR.exe
C:\Users\admin\Downloads\GIVE IT AT LEAST 60s TO OPEN BEFORE YOU START SPAM CLICKING IT, THERE IS A LOT TO LOAD SO GIVE IT TIME.txt
text
MD5: 2d18d9a143976ccd96c8ed037887d2c0
SHA256: a62cbac993beadfd206c730b3b922f3f3346a406c5e8c5fc8cd2c3631ce4bca5
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Roaming\xul
––
MD5:  ––
SHA256:  ––
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Roaming\xulrunner\dictionaries\en-US.dic
––
MD5:  ––
SHA256:  ––
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Roaming\xulrunner\dictionaries\en-US.aff
text
MD5: de7d2fb2a926fd13f49b784f9272cd65
SHA256: 3e13de9b20b1a2e7c21b73979d748fe255d789031793857d750bda9966d9d6b6
3244
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DIb3244.11892\[Password Inside][ReadME].txt
text
MD5: 585a5ddc0acb1c2b5cdcc87ea2377b6d
SHA256: 686fc8c90cb07242b038829efb2a317fe5ac80e26930e1600222ec5418c54c38
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\1029205[1].txt
text
MD5: 74cbeed19924cd67051dd8a828cac351
SHA256: 26e9b1e00f0e813db4592fd86b554a61b7c4251645eccc3d7e32d896d6f3323e
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\1029205[2].txt
text
MD5: 74cbeed19924cd67051dd8a828cac351
SHA256: 26e9b1e00f0e813db4592fd86b554a61b7c4251645eccc3d7e32d896d6f3323e
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\1029205[2].txt
text
MD5: 74cbeed19924cd67051dd8a828cac351
SHA256: 26e9b1e00f0e813db4592fd86b554a61b7c4251645eccc3d7e32d896d6f3323e
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\cb=gapi[1].loaded_1
text
MD5: 87469b12e0add9035c503db21a85447c
SHA256: 602cff86076fd1c58aeb5bfb4729cf8f822de79119bb2a8e184eda177a614ff7
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\cb=gapi[1].loaded_0
text
MD5: ad60e84569f5a5e45576abebfa3c5fcb
SHA256: 4d143b98f3402e2136ecb90b0b6486b52c8139749e493d672546eed21744164d
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZEIMT0J1\www.supercounters[1].xml
text
MD5: 828da808ca75094ab529ca377cfed276
SHA256: 423d631a00254228c01cc43953eaa888254698d974d87a230a3a88b99ec0189d
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
dat
MD5: 4b22576e79e62b9657591dbdbc3b89d6
SHA256: 889d6f586ef461eae83d7d8839c8426107b467f663c35a321ac0efec1e4c8f92
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Roaming\xulrunner\softokn3.chk
binary
MD5: cc7335a6461958680fe9c5eae0b8e422
SHA256: a333a5cb54c63332292e6a09998676879dbeb1d04319711b8d7e92bf037fbeb3
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\plusone[1].js
html
MD5: b200742235d0e7dee8274fb71178a11a
SHA256: 90b726c8600dcace2986e1c8bd5a1e69c69c3d0895445da3e6381a190cf2adf9
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: e57ea25701de38243f72d0bdb4cdb714
SHA256: 3fd5b4b9768c3abd8dcbe6405a6497c11b081f2fa1093fe59c90dd76b5aff210
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Roaming\xulrunner\README.txt
text
MD5: ffc6f1315f689b98a928ee92437d7399
SHA256: eebe9b38f4c459d9135f3838af07aee1aa3c1b65d81e8b30f011306d270042e1
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\zrt_lookup[1].html
html
MD5: 8b85a2022c49b25b6ef5a815b3a46153
SHA256: 45ab37b0e65d2575c5162487147310996996007eed5511aabb5d5305f32b8058
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Roaming\xulrunner\precomplete
text
MD5: 87370002cd4997f76d59623141ac2f24
SHA256: fadac805ab14a170f6023d1060eee69db56616abe43d25ac633f71a9a04379b8
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\ca-pub-4884937050275938[1].js
text
MD5: 2c94c620fbdeda5b5dbda77ea902ce58
SHA256: 7e7fa886d5d75c745d95be4fc3c5bfb4c988019b3f643c669734612345e1b8c8
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: 138b7c8a4ed6ef1029ec1e26ed6b29d2
SHA256: 776fa269c5fcb2c5cbf8f0bdc2e10b5555a50ef19a0977e09201e276e8e7e4f4
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Roaming\xulrunner\platform.ini
text
MD5: b3d7d75a7516d0f36175532e859317c9
SHA256: 4dfc90e2a8e6ec37238050804f0a05d3f47bd13dba051ed2a3b2018035dc5a7d
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Roaming\xulrunner\omni.ja
compressed
MD5: 766b5d7f69fae506623b0d413c014fd7
SHA256: 7f77aa7f91336f40db843d14b136a79511030a4109c6760abec1c353c0e1a262
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\1029205[1].txt
text
MD5: 74cbeed19924cd67051dd8a828cac351
SHA256: 26e9b1e00f0e813db4592fd86b554a61b7c4251645eccc3d7e32d896d6f3323e
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
––
MD5:  ––
SHA256:  ––
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Roaming\xulrunner\nssdbm3.chk
binary
MD5: 4d65d6e5e08f97c2e1817f7c03e55b81
SHA256: 68ac456c9cc1d95e025e7234be2c589e9cda5864d31d3b42ec6864cfe06a5ec0
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\cont-bg[1].gif
image
MD5: 4a1e979b1027d4d6772b925c57e97d3a
SHA256: c0ab198078ca544daa30e07767d50fa4747d2e19d91ec5f2327974828f7c3ff0
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\ga[1].js
text
MD5: e9372f0ebbcf71f851e3d321ef2a8e5a
SHA256: 1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\logo[1].png
image
MD5: 97345da679b2bcfaeb463dda2f5caa42
SHA256: 3fd22a7e8ad7ce9c7ab45bf8199e4458a878a2e76bdb254dd6cf16f8d3c609cc
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\all[1].js
text
MD5: 5dfcdf20f23ff1753440953f8cee98ed
SHA256: 6062e0af3945720f518cb1258eccb58b3cf5c291a18da3b9ac39cbe51ecf9267
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\f[1].txt
text
MD5: 0f5b7d450e6a0cefec9a7146d36cf6ef
SHA256: 1a1aa951f309db3d666aecff29a7aeb2d408519fa0fa5b39c3689d9ef10df648
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\cookieconsent.min[1].js
text
MD5: a0664de8c68e4220f254dc12ccedbfe7
SHA256: cb41292903f6bd996333bdfe6fbc58e1dbdb6109074505ee3ea46373bb23be70
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\cookieconsent.min[1].css
text
MD5: 1f24997c332709912dfeadb7f99baea4
SHA256: 135606845ce38f1456e06fb6090cb4ebd1bf45387d164991de1f2969f99c6593
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\stats[1].js
html
MD5: 8b7eb2bdf21366ea1c8fc5e86f4160a4
SHA256: 1d0188ceab014f7d13eaf305a1df6ba461635712b170a23b87e75c20d328a365
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\g[1].js
text
MD5: bd11c44a8fc9ee0b73d0a034a61e5346
SHA256: 90f3519b1cf74589bd0103c4e9d705b8ff934b1b257726ce7e338bc2733e5df1
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\jquery-1.6.1.min[1].js
html
MD5: a34f78c3aecd182144818eb4b7303fda
SHA256: c784376960f3163dc760bc019e72e5fed78203745a5510c69992a39d1d8fe776
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Roaming\xulrunner\Microsoft.VC80.CRT.manifest
xml
MD5: 541423a06efdcd4e4554c719061f82cf
SHA256: 17ad1a64ba1c382abf89341b40950f9b31f95015c6b0d3e25925bfebc1b53eb5
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Roaming\xulrunner\LICENSE
text
MD5: dc9b6ecd19a14a54a628edaaf23733bf
SHA256: a799adf18bfb1911f16086dc0e2a6d1cd0e31272f47e7ee6841b465b74d249de
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\jquery.corner[1].js
text
MD5: 315c5a3fceaa8e7d3e92a2bc1e469778
SHA256: baac19e001dac09e3a0ff13fa44d82a095c59e24d5647bc683522709be0cd450
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\f[2].txt
text
MD5: 37daf457b61208e8fb3ed02ac7df2cf3
SHA256: 9d0e21ace908eadadd2d71fdba4b78bfdea15babea75d4b0bd71bb06ab50bc8c
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\f[1].txt
text
MD5: 1f88e6389f69a59ff6f918b89570b13f
SHA256: 430f128265d6e2fb536d7583889bd3a8cf5588c1070db802da8ee6a28077b876
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\addthis_widget[1].js
text
MD5: 8f83032d445f46b8e678c483f9c28f62
SHA256: 3a5bcf2ee6518b4887d7907e840dbbf8cc3c4f3a213d3719f567974ed01cab68
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\ie[1].css
text
MD5: 76160f34c7ab6ea59c3528c2b35ec62e
SHA256: fb2b58744c163defbf18503a58f806d03bac060871fc9d3a4a77a9412e4dc49c
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\screen[1].css
text
MD5: 285955233aa8fddfe3f73a4a6fb3c642
SHA256: fc9f782637f4b07894635a46d0fe6084b11eb5ad179e25197fd6aca14075d604
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Roaming\xulrunner\freebl3.chk
binary
MD5: 580054b486c81405768fdb9e7f790e1f
SHA256: 764cb0434b45550eea2076319054cdb85c04e32470803434fe18ccb3ab74329d
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Roaming\xulrunner\dependentlibs.list
text
MD5: 7720b7a47172a08f9a633ac34c2dc31c
SHA256: e5518149fe4a62820f2ff10f795849f2d284144ecc20aed1af4bc3665c731a5c
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\print[1].css
text
MD5: a15a8f707c794e7e214d077ca3c1e310
SHA256: 6cce12559c4ea213587234ff018d2195cc08716cb492500e9065ccf2ce4deaa4
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\1029205[1].txt
binary
MD5: 01c1841642323ecfe584f9a7070f577d
SHA256: 7a33eed4a3f7c60dec9dd09d32bf7ea427a52ff784866dc26645db0ba17ea7fc
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Roaming\xulrunner\crashreporter.ini
text
MD5: e4dec9a44c9388c402d31f0425619a5d
SHA256: 7932c409e90a1fb643b81f0c2d305ccf705ff7a8e304affc1eba39d2e035ee30
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Local\Geckofx\DefaultProfile\places.sqlite-journal
––
MD5:  ––
SHA256:  ––
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Roaming\xulrunner\chrome.manifest
text
MD5: 8f2e87a15606de2ad90c1e6deaed4624
SHA256: 994140bb34a92512c8ec82bf331364e822ec267e54001825acfba6d09c12b9e0
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\background_gradient[1]
image
MD5: 20f0110ed5e4e0d5384a496e4880139b
SHA256: 1471693be91e53c2640fe7baeecbc624530b088444222d93f2815dfce1865d5b
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Roaming\xul.zip
compressed
MD5: 079f60ac7631fd01155b6bc7b898aeab
SHA256: d7848fa0c6f08985b30fe8215679cd7e2b23a57b9cee00733e7a361336c4c683
3244
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DIb3244.18683\IT WONT OPEN IF YOU FORGET EXTRACT geckofx-13.dll TO THE SAME FOLDER!!!.txt
text
MD5: 2833157cc74290ca657dcf3a685b2355
SHA256: db6c42fc1461d7107ab410f899362ea70e4c2582a7b9bb5c1c82b6fe671e8021
3244
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$DIb3244.17667\GIVE IT AT LEAST 60s TO OPEN BEFORE YOU START SPAM CLICKING IT, THERE IS A LOT TO LOAD SO GIVE IT TIME.txt
text
MD5: 2d18d9a143976ccd96c8ed037887d2c0
SHA256: a62cbac993beadfd206c730b3b922f3f3346a406c5e8c5fc8cd2c3631ce4bca5
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\bullet[1]
image
MD5: 0c4c086dd852704e8eeb8ff83e3b73d1
SHA256: 1cb3b6ea56c5b5decf5e1d487ad51dbb2f62e6a6c78f23c1c81fda1b64f8db16
3244
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$EXb3244.14712\[Password Inside][ReadME].txt
text
MD5: 585a5ddc0acb1c2b5cdcc87ea2377b6d
SHA256: 686fc8c90cb07242b038829efb2a317fe5ac80e26930e1600222ec5418c54c38
3244
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$EXb3244.14712\IT WONT OPEN IF YOU FORGET EXTRACT geckofx-13.dll TO THE SAME FOLDER!!!.txt
text
MD5: 2833157cc74290ca657dcf3a685b2355
SHA256: db6c42fc1461d7107ab410f899362ea70e4c2582a7b9bb5c1c82b6fe671e8021
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\info_48[1]
image
MD5: 49e0ef03e74704089a60c437085db89e
SHA256: caa140523ba00994536b33618654e379216261babaae726164a0f74157bb11ff
3244
WinRAR.exe
C:\Users\admin\AppData\Local\Temp\Rar$EXb3244.14712\GIVE IT AT LEAST 60s TO OPEN BEFORE YOU START SPAM CLICKING IT, THERE IS A LOT TO LOAD SO GIVE IT TIME.txt
text
MD5: 2d18d9a143976ccd96c8ed037887d2c0
SHA256: a62cbac993beadfd206c730b3b922f3f3346a406c5e8c5fc8cd2c3631ce4bca5
2504
Inferno Stresser[3.1].exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\1029205[3].txt
text
MD5: 74cbeed19924cd67051dd8a828cac351
SHA256: 26e9b1e00f0e813db4592fd86b554a61b7c4251645eccc3d7e32d896d6f3323e

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
28
TCP/UDP connections
22
DNS requests
13
Threats
1

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2504 Inferno Stresser[3.1].exe GET 404 104.31.65.8:80 http://inferno-stress.com/account/ US
html
unknown
2504 Inferno Stresser[3.1].exe GET 200 172.104.29.90:80 http://www.supercounters.com/online/1029205 US
binary
unknown
2504 Inferno Stresser[3.1].exe GET 200 172.104.29.90:80 http://www.supercounters.com/css/print.css US
text
unknown
2504 Inferno Stresser[3.1].exe GET 200 172.104.29.90:80 http://www.supercounters.com/css/screen.css US
text
unknown
2504 Inferno Stresser[3.1].exe GET 404 104.31.65.8:80 http://inferno-stress.com/account/sys_cpanel/images/bottombody.jpg US
html
unknown
2504 Inferno Stresser[3.1].exe GET 200 172.104.29.90:80 http://www.supercounters.com/css/ie.css US
text
unknown
2504 Inferno Stresser[3.1].exe GET 200 172.104.29.90:80 http://www.supercounters.com/js/jquery-1.6.1.min.js US
html
unknown
2504 Inferno Stresser[3.1].exe GET 200 172.217.21.194:80 http://pagead2.googlesyndication.com/pagead/show_ads.js US
text
whitelisted
2504 Inferno Stresser[3.1].exe GET 200 172.217.21.194:80 http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js US
text
whitelisted
2504 Inferno Stresser[3.1].exe GET 200 23.210.248.44:80 http://s7.addthis.com/js/300/addthis_widget.js NL
text
whitelisted
2504 Inferno Stresser[3.1].exe GET 200 172.104.29.90:80 http://www.supercounters.com/js/jquery.corner.js US
text
unknown
2504 Inferno Stresser[3.1].exe GET 200 172.104.29.90:80 http://www.supercounters.com/js/g.js US
text
unknown
2504 Inferno Stresser[3.1].exe GET 200 172.104.29.90:80 http://www.supercounters.com/js/stats.js US
html
unknown
2504 Inferno Stresser[3.1].exe GET 200 172.104.29.90:80 http://www.supercounters.com/css/cookieconsent.min.css US
text
unknown
2504 Inferno Stresser[3.1].exe GET 200 172.104.29.90:80 http://www.supercounters.com/js/cookieconsent.min.js US
text
unknown
2504 Inferno Stresser[3.1].exe GET 200 172.217.21.194:80 http://pagead2.googlesyndication.com/pagead/js/r20190513/r20190131/show_ads_impl.js US
text
whitelisted
2504 Inferno Stresser[3.1].exe GET 200 172.104.29.90:80 http://www.supercounters.com/images/logo.png US
image
unknown
2504 Inferno Stresser[3.1].exe GET 200 157.240.20.19:80 http://connect.facebook.net/en_US/all.js US
text
whitelisted
2504 Inferno Stresser[3.1].exe GET 200 172.217.18.174:80 http://www.google-analytics.com/ga.js US
text
whitelisted
2504 Inferno Stresser[3.1].exe GET 200 172.104.29.90:80 http://www.supercounters.com/images/cont-bg.gif US
image
unknown
2504 Inferno Stresser[3.1].exe GET 200 172.104.29.90:80 http://www.supercounters.com/ajax-online/1029205?_=1557906744255 US
text
unknown
2504 Inferno Stresser[3.1].exe GET 302 172.217.18.174:80 http://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1754278258&utmhn=www.supercounters.com&utmcs=utf-8&utmsr=1280x720&utmvp=179x94&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=26.0%20r0&utmdt=Online%20Visitors%20-%20Website%20tracking%20service%20-%20Supercounters.com&utmhid=1635118938&utmr=-&utmp=%2Fonline%2F1029205&utmht=1557906744489&utmac=UA-22216019-1&utmcc=__utma%3D151926459.439710858.1557906744.1557906744.1557906744.1%3B%2B__utmz%3D151926459.1557906744.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1497336826&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~ US
html
whitelisted
2504 Inferno Stresser[3.1].exe GET 200 172.104.29.90:80 http://www.supercounters.com/ajax-online/1029205?_=1557906759286 US
text
unknown
2504 Inferno Stresser[3.1].exe GET 200 172.104.29.90:80 http://www.supercounters.com/ajax-online/1029205?_=1557906774286 US
text
unknown
2504 Inferno Stresser[3.1].exe GET 200 172.104.29.90:80 http://www.supercounters.com/ajax-online/1029205?_=1557906789286 US
text
unknown
2504 Inferno Stresser[3.1].exe GET 200 172.104.29.90:80 http://www.supercounters.com/ajax-online/1029205?_=1557906804286 US
text
unknown
2504 Inferno Stresser[3.1].exe GET 200 172.104.29.90:80 http://www.supercounters.com/ajax-online/1029205?_=1557906819286 US
text
unknown
2504 Inferno Stresser[3.1].exe GET 200 172.104.29.90:80 http://www.supercounters.com/ajax-online/1029205?_=1557906834286 US
text
unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2504 Inferno Stresser[3.1].exe 13.35.250.7:443 US unknown
2504 Inferno Stresser[3.1].exe 104.31.65.8:80 Cloudflare Inc US unknown
2504 Inferno Stresser[3.1].exe 172.104.29.90:80 Linode, LLC US unknown
2504 Inferno Stresser[3.1].exe 172.217.21.194:80 Google Inc. US whitelisted
2504 Inferno Stresser[3.1].exe 23.210.248.44:80 Akamai International B.V. NL whitelisted
2504 Inferno Stresser[3.1].exe 172.217.21.194:443 Google Inc. US whitelisted
2504 Inferno Stresser[3.1].exe 172.217.23.130:443 Google Inc. US whitelisted
2504 Inferno Stresser[3.1].exe 157.240.20.19:80 Facebook, Inc. US whitelisted
2504 Inferno Stresser[3.1].exe 172.217.16.206:443 Google Inc. US whitelisted
2504 Inferno Stresser[3.1].exe 172.217.18.174:80 Google Inc. US whitelisted
2504 Inferno Stresser[3.1].exe 66.102.1.157:443 Google Inc. US whitelisted
2504 Inferno Stresser[3.1].exe 172.217.22.100:443 Google Inc. US whitelisted
2504 Inferno Stresser[3.1].exe 216.58.207.67:443 Google Inc. US whitelisted

DNS requests

Domain IP Reputation
ftp.mozilla.org 13.35.250.7
whitelisted
swaggy-freddy.in No response unknown
inferno-stress.com 104.31.65.8
104.31.64.8
unknown
www.supercounters.com 172.104.29.90
unknown
s7.addthis.com 23.210.248.44
whitelisted
pagead2.googlesyndication.com 172.217.21.194
whitelisted
googleads.g.doubleclick.net 172.217.23.130
whitelisted
connect.facebook.net 157.240.20.19
whitelisted
apis.google.com 172.217.16.206
whitelisted
www.google-analytics.com 172.217.18.174
whitelisted
stats.g.doubleclick.net 66.102.1.157
66.102.1.156
66.102.1.155
66.102.1.154
whitelisted
www.google.com 172.217.22.100
whitelisted
www.google.be 216.58.207.67
whitelisted

Threats

PID Process Class Message
2504 Inferno Stresser[3.1].exe Misc activity SUSPICIOUS [PTsecurity] Cmd.Powershell.Download HTTP UserAgent (Win7)

Debug output strings

Process Message
Inferno Stresser[3.1].exe %s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s