Mirrors/ioc-collection
6
0
Fork 0
mirror of https://github.com/avast/ioc synced 2024-06-28 09:41:14 +00:00
Code Issues Packages Projects Releases Wiki Activity
c0d31d6c24
ioc-collection/HackBoss/README.md
avast-ti c429804afa
Update README.md
2021-04-16 12:15:04 +02:00

345 lines
20 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# IOC for HackBoss
Malware analysis and more technical information at <https://decoded.avast.io/romanalinkeova/hackboss-a-cryptocurrency-stealing-malware-distributed-through-telegram/>
### Table of Contents
* [Samples (SHA-256)](#samples-sha-256)
* [Network indicators](#network-indicators)
* [File names](#file-names)
* [Mutexes](#mutexes)
## Samples (SHA-256)
#### Archives
```
4C916853CCD9E7337AF557385FD5EF2E05A62F501B0CF4D7BBC3F9153D206350 - AirbnbCom.rar
50D6A87FB43C486D4171DAE91A2897A8652ABC27D9067418ED48A2AE725AD5FE - Amazon_gift_card_gen.rar
59F9AE970FFA26E31A8131A047C5C1415A1EB17B4BCA76095282CA146932C61B - Amex.rar
65AC1AB8C60EC8BDD45F59AE07103E218A7C307AFDD2BA92E3F687100914399A - Badoo.rar
DFB9ACD09E1303BAADE8C6D71E96489486F4B0471DFB42EA759E09919B717C6F - Badoo_BruteChecker.rar
C3AE43680C910239EA81CD2EAB6A450425C310DE54889BEBF96E48121CAD3BEF - BankCom.rar
B428B9CB3E8AB619FEAB2AF246A96791E3469621478A676A93C2D55906644135 - BankComb.rar
2771DDF380B065F4887F4DF271DBB5ECAEAC845EFE817D55676D41F09BE81C78 - BankCombain.rar
BA50C97E9CA718407AD3AA5195C461F5AAD73FD79685B704686C129772D5AE62 - BankCombain2021.rar
8BE15479F95785054F28F65FE9898C7CEC8DAF29E14F737172E85C1DC3DDD15F - BankCracker.rar
E32A4F828C556AB385A2BF66589BF8854EA9F370C5DFDD0E605911E8CAAAB73E - BankTop.rar
26E17367A3276321CBD553A194A296B6A53EC5C107EED26C12F6A66D2BF8A1E6 - Benaughty.com.rar
FB225C7902D5C876C9BBF4F4A48B047EB4E074838B8C8A4D6B9AD342C920710B - BitcoApp.zip
D2610FE83CED2C92C42DC36365819D54B9BA6FDD77C7E7B728E37858547B9554 - BitcoApp.zip
C6476784FF00D5FB5607716B225D4AB697F762E3D8AADD9C6A75320C13FC7734 - BitcoApp.zip
1772628DF187D1EA56F2D0FCE1B257F2E19DB1C03416F1C22FDF0841BBA2BA6E - BrutePrivKey_Cracker.zip
DDA2A8EE0B13E12ECFA37BA850ED6F91AC8AF0383A6384EEF59D91CA7828C5A4 - BuildBTC.rar
F78927E884724D7DF3E274724F340AEB655E3BD6C6D88B9BC1CBA36E56BEF0D4 - Builder_Stealer.rar
21BCB9F01C0CC8BE4FC5455F0C30314DDCC6F799F9476682B048BBCF1C068B45 - Chase.rar
90AD6734824FA251E03CE8363E629D6CF3D3A9FA7F30C4859DF4DB15ABD46345 - Chime_Brute$Checker.rar
77231FCCE5AF7F66DD1F94580150E0BEA08C21119D81C4A831F38799B7076CAA - Citizens.rar
8428F06EE038688FA3B024C53C51DAA216B128D3D06166068811DFACA6FE7BBC - CombineBA.rar
D7D7765B51B7E793AC221A61BF2C9A34C614EC1B46D922CFEA6BF71ABE7891D1 - ComboCreat.rar
805D4E8CF09FE2E8CCEA7A7EE3AFE1641FD0B9EBCAB501AD906BEEA0B7CABB3F - Cracker Bitcoin private key.rar
D54D41BE67625E3298B906B93C7A9811242FE4C2C8BF6B81D7974239052FFD8D - DatinG0.rar
68BEF2AF94A61A5A2195035CBA23DBA3DE834FDF26603F6CDA6B0856E776BB1E - DatinGo.rar
22F34A53AB5D2BB554159E695F336FE75DD4C8817721835E549251BFE11B7D7E - DatingIco.rar
83107AA69DDECA9B2B70E49AB2CA91468A3EE07C5AACF7B035B56CEC10B536E0 - DatingMix.rar
D33571435803D75846F9CA0EBB81A1E2C2B859F2E5C4A709DAC0571AAAC9F348 - Ebay Brute&Checker.rar
796BAB707BC08F7B79494A804A1C0C2D6C952BC4858F1D8DAF8786767617AE8F - Epay.rar
FA839F81049E00CE9981DCE117DF171939ECBD1C4EDE2C47514387026D8FD9D6 - FaceBook.rar
5249AD1C26AFFA3B15BC2B73DA39126621C4E426308BB4FD357D4CDA4123BA1E - GeneratorAndBrutePrivKeyBTC.rar
3D490959CAB777506C83EF1FDF4D273B992CB693E6A691B4AF66C61F61583C12 - HappyChase.rar
A7776AF49A25664E6CB1478CC6E8BC460DACDDE95D3797E3ED35286D3C4ED604 - MatchCheck.rar
5BD9A9113302E5AD7A866BCC95E81C931CB04B07B4CC00A5033376654E4C3422 - MatchUS.rar
1CE5E30E8A74E5244BB8ACEED2ABA13A05CAFB0D2612BFC3EE8D5A3921F9DB88 - MegaApi.rar
5B6D1A5A7C4A7D2485BDBEFD396F276C1C89E423A7C595F6ABFE231F28A504E2 - Ourtime.rar
01753BBD00642CC37E3BA5664B0DBDDBE8FFA493E70988D599512D8668A12D0F - ParserLink.rar
3243C113916D6EF4C44887329D8EC573F2F2D7EB3B061EB74976452282CC8825 - PayFast.rar
2A76003A2C7E733F6BFD0468E267D32ACE438B42DC6712E94BE7A0E5F02BBA87 - PayPal_Brute_v2.rar
6235FCC30C58AC7855447FF924C132A04E1B11F658CD27622CF9BA52E2B0A182 - Paypal.rar
E55AAFB86D3178CA43E67D730D643ADB77BF055CE5779DD735DFD1B411879352 - Pof (by LulzSec).rar
13FD093CA563B252A48940DD1880754F3B2BBCA54CB7B997FDE1452DF02E99F6 - PofFullChecker.rar
B3BF515DCCF58ECBA7F44F8DF4DC6E25D280E9FA1AF8082510F61F0CFA37F2FA - ProxyScrape.rar
DEC28A54F8B014AA5DBED1CE034A1DC3B7ACFCB950266418C0743E217292F0DF - SQLi Dumper v.9.7 [Cracked By PC-RET].rar
2983FA1D672D4DAB194ED1D4CAD1A0EA2A1DEE6A76F9AA38253078F896174851 - Smtp_Cracker(Brute).zip
F91005CF0286818D29812780A9C02E80CB8C4A9F9CC498A0B5A1CF3A5C2CAD10 - TelegramSender.rar
C1B8B512FB9445BBE515C194DE5E371EC5EEDC980204629A32111E35B576104C - VisualStudioKey.rar
5C1B26C12DE1517A105BB09EED20FF0624B6D60BC700025649E17715B6B4650A - WishShop.rar
4C46D0B5BE84E91480C8B61CB7762EA8EB75D6878764D1AEEFA4572E440A2E65 - Zoosk.rar
60EF02CBA512E9908111BBB860D0CCD240D6AEC8899A418FF67753632EF9FD15 - bank_Onpointcu.rar
442DEA1F0A964706CF6B1C94F39509289C0AD0B72918770D5993464F4B97E849 - bank_andrewsfcu.rar
F420F45B0EFF9234D715F23B4081D4C3248558F90D9066E8D4533063C1E38D31 - kitco.rar
B5D9580EE9C6302E0EEE173C5CFF384A490813BB863BD2506718C75194B1E0BA - mate1.rar
31B90D8B0D4D24D2932784585BEC20BD3E24CD4CCC7E9C8FDD03180B585F7C5F - ny.gov.rar
```
#### Executable files
```
FC9F06517E92E119692D946CE97069D1948E35E224840598DF56F71D8AE044D4 - Airbnb.exe
363EF27F603D6CF5E843BBF44E6EA4EEC112E97F9577D1BE703FB89E484E433B - Airbnb.exe
4370FB6EB93D35A7AB15EA312F94371172F1E05065833EFAE335AC8CA904849B - Amazon_gift_card_gen.exe
22764E629E6778155D8F8358726FD837B282BA1A16773844FCB10B4B8704D8C9 - Amex.exe
6D5C3D3BE26D4A333D52C6C876BAC64DC96C40D1F93DBB9580135AAB94610BAA - Badoo.exe
C373B1B88EE6CCCF38B50D5CAE2B43FF3C4042319FC2518B2B8D9EA28D5EB5C8 - Badoo2.exe
57E40581C5B12F5F0ED7D7C23C717C95653C573337B4A326367E24305089E78E - bank_andrewsfcu.exe
399921E9DCED6491223AE31E4F56530310DC22E90B4241FF39C28C8B25FA841A - bank_Onpointcu.exe
57A859CF8D19C90623ED8598C282D94EAD4CAAC81E4A27082F9C1AE44526F67C - BankCom.exe
7B41D2106EBD53CE23C0D50A245EC307108FB686664F7DF310CF78975FAA38CC - BankComb.exe
064B3A2BA31B755E3FB0699E40219D9700330C7D459B2C9E88AEB172B3BE1810 - BankComb.exe
28799F0FEEB0214EC31DC0615A3526AEA7A2F68B692BC30B2A362F163077EA17 - BankCombain.exe
4386742E3238E6E347B394AE8B1D9DFD7070B63C06A91745DBB6C7825D866FBC - BankCracker.exe
7466BF1FA87C77A3C7197D582D361BE5E057D5286BA66962E03C56D515BA1336 - BankTop.exe
908663AEFB1EA1EE6FCEACB99FFDD5595C247779278612A08B58F44BBF385085 - Benaughty.com.exe
3EB8556E29DA422B183D657E1CFF09FF6ABC66EDD26AEA6B87CFE710C8746502 - BitcoApp.exe
DB7832DA08A75A827960F84974E18571D23BC698C80D239D8D126D11D70C8805 - BitcoApp.exe
C038CF88206371D35A0E89612D8781CDFA69CC37FC5391A8E92D252AC6B9F0B1 - BitcoinFakeTransaction.exe
B97F51C35CEF3C2325BBAAED3C38AA19513AA240864C506B83130D0BCAF686B9 - BitcoinFakeTransaction.exe
CCDEC5EB1E04A4B988B5BA71053B5957C2C88A258F5CC8816E27651491F950E4 - Brute.exe
DDFB1F2638EDE0A8CEDA6136E99802B29FE8E5E3342EDB14B21835434C194B95 - BrutePrivKey.exe
C19A11F392B69827DE83BA06761EFF059741D084F0EC92C83D06BD4B794326A9 - BuildBTC.exe
CCB5ED92E25AF56433933BBACFFA1586D422C20A610B48A5E89C0344017E2748 - Builder_Stealer.exe
0E7614A4C207E6E0504F57FFE014447CA79127B5AE995B1A09AF0ADB427F2AC4 - Chase.exe
4C566CFBF8A37FDEFA304CF0D3DC9A4C871D37D454991C51AFBB2BD5EE22CCA1 - chime.exe
A79AC2F2A09A62FACDC7EE9E21BB109A80EC6C082E13D85D705ACDD21B4A387F - Citizens.exe
161C3AB9AB8C066109580E2BFDAE1037EA0B567537A5B9A5E6278E219CA533BC - coinoco.exe
47804FBB6BB7877CFDF15DE99FD5B18F21EA6F9542BA2BC6E129563DF8B7C2C0 - Combine.exe
3D06C30853F8BB370A2ECD7865F77F0B22932B6C7855C79D10CFB46EB7866766 - Combine.exe
A359A72B0A53AA21B52521B8128A2932B276947E33BDC01EA6CB5D8019E4CB71 - ComboCreat.exe
2498572B0A767B4135DC8E8232C7EC7B546C933ED434E20EC8DF3F3F45AC57FC - Cracker Bitcoin private key.exe
3530FE5DC925B9568CA485C70893C57424E917D6F4E22E15EA4CCF24EAB460CF - DatinG0.exe
BFFC1199592463F2229B9AE48EE901BDC0515C955215BC9A171631D326CB409E - DatingIco.exe
B1A878E39A4C2CD12BED9B1FC53D571104004841303CCEE5C4DCD67B7E198D80 - DatingMix.exe
AAF35ADE093448C42C6D8BBE58D920584FD320EA91D879486186EF34622D7EA7 - DatinGo.exe
09BD02E180FD3F92FB0115F6F768CD1AF0B37EE1176B10E007F4BFEC0D77E936 - Ebay Brute&Checker.exe
D78F1228DBA14133045707880CDD09BD5A4743703667286A41E1B43650E6065A - Epay.exe
7BA5855901A108E1F958B8D2683599E8BEF82D7CFB2AAC6C040D688D20534FE6 - FaceBook.exe
5EA5DA6F2E52526A63258FE73973B9672E7D10055832DDF28C35204706143A5D - GeneratorAndBrutePrivKeyBTC.exe
199FF1923C908A8BC639CD80B5B0FE642222EA2DD58D64B4E2DBC5A01037C0AD - GeneratorAndBrutePrivKeyBTC.exe
F1461C68D1A2D73533671BA7D1CF11F40AB33F62C8E6EEAE773A4DA35C0E1FF4 - HappyChase.exe
38F33C2B9C2D676A230B3F71AB021ABF1DD5572108E3679D8EA9A6BD95307ED9 - IAmazom.exe
DAC381361F911EEF5AD9BB0FFCDF3D5A0A96C6D70E3F7AD15D3E729A417446F8 - IBCbank.exe
063DDC9AF98E118677C1D40344BCEA135390367F8E65D84A706E55CE103D4F5C - IControl.exe
93FD746D55DCB8EDD4F9095DAC240E32680D15E663227E155516C035904D282F - MatchCheck.exe
E0222BD72FDC1FFA3241EDF43D265852B0EDCDB3D1BF003DC05B827AE1EF7042 - MatchUS.exe
3454444960BA3E8099F1FA9B6DB24A018EB282DBA22DC69DD5D2E8F19BD0ACFB - mate1.exe
A0DF556E936BE91D4F61400616A3FC8DCAFD6712EE467FCCAAF12E7A12C1A0C7 - MegaApi.exe
D7628E77C593254925F3EA507D4C526B047FBC9C25D3EBDF716504B873DFDEAB - MultiDating.exe
D8F254CADFE601F63D569F53E3BEA5592974A786C1F2B0C49D569063D4FED390 - ny.gov.exe
C8316F6A7409EADE1D93D891243B6EDE9D80E7C8E5D5957363A66B52DD59503E - Ourtime.exe
21534511EC6BBA6D02259F885353C81EF2330787F20481140496DCA1AD84EC8F - ParserLink.exe
763570AD58A8F0EF340343A02363F1CB49B7DB75F02CA51A42608DC594472B3D - PayFast.exe
8AD5E0246FC81AAF2F3083829AA1D8419C281549B783BF2B97132A6388D559C5 - Paypal.exe
2DB410056AD808F6BD12721EFBEE012BE5772CC9B72FC341058104C33C450059 - Pof.exe
628435017444A119136D053E08F8A572A2B0AF6CD55F06E329CDE77D638CB647 - PofFullChecker.exe
54C48DC70286B7106EB985C7AE3A5F02DF1E7B3229E7D0A74051B3E8A67B32E4 - ProxyScrape.exe
81D407F1AD372CCDED9CA12CB5090A3AF11FB402CD8B29491A78DA693625A14C - SendTelegram.exe
FE70E72F8BB0D202D5C26CF5C1319842A8830A76F6D727BFDC0D2B52C6438A63 - SmptSender.exe
60342CDF85D553D1BEE6E4B8D55B8E4E4417C792AE5F4C0D28211EB6767E3FBB - Smtp_Cracker(Brute).exe
3998E2BA6588279A49570F61DAEF37D108E446DB960B7A41A3C0BC8CFBFA271F - SQLi Dumper v.9.7.exe
104C8236A281E03423DE1A1CBF566EB41CE33B7A42651461F61CCC82AA8DF538 - v2.exe
EE39590D55C8145534C30F5FFEC1AE66F8CA8E31A319A1CB061B18587F6DF7CE - VisualStudioKeyGen.exe
F502E00CE95D2374C0BF98D259C97BC360C9112A61C36412F2ABD7389486CDEA - Wish.exe
BC08A9F9D7517BB53E62EFFDD012F6357ADAE47FFDA41EA9206C772E24ADC43F - WishShop.exe
853B97F7C3B9F01850E83AA8C57A21FD5F896FFC97F05034D6C8CD625A77A190 - Zoosk.exe
```
#### Encrypted malicious payloads
```
956FCAA432FB7BE2B8BCF863B1998D125A1E0E490518BED3C7B77BE9CC9B7192 - Ce1oJl2u.exe
D4904F755764752EAE7E8B58C927E9D8ED6807AE4D6B4B9CB1D2C0144DE29C13 - Defender.exe
A42794BA75CC315F624F1DF37B51F9981229B551873C73560545CC17F27D385C - DefenderUpdate.exe
775AE003277F3E6A10D47F9412A469C0AE38671572228B867D2568868F9DBC30 - FlashPlayer.exe
7F442358CFDEFD99F3346099B0318F95CAE3BA8FA0C3C00188273AD3F877E50D - FlashPlayer.exe
C41247F10F43D254B1134C4A360E193DC9D2B30532571A298219F8DE9B4445CC - FlashPlayer.exe
C039B400D495D1901F4F7D9E716CE30912A8146510BB884CA5FC88BDEB6BC62A - MSASCui.exe
C4499F2A4D4509084D8EEFEB7516665810D2224454C1E0005DCB80A656D648FF - Net.dll
D45865A5818C168CC16A8623AF5EC0A41CC3AE04A9B221163B5CC6D4FFF1B3AF - Runtime Broker.exe
5D6CF49E65C9A09396A8D76E55841D1110D66DB5ECF4A25705F1E349DAB7221A - RuntimeBroker.exe
BF7B3E1A9369468A4A6C037F0132317CF3D30316D1EDB82BF560A1550281CE4A - RuntimeBroker.exe
EC30FEF4785A86BE5F56DA1FD37C127EDF3D5336C10E855862CE9F99F50115F7 - SecurityHealth.exe
A58CA04EEA862FDD4149F3D238821B5945211A3A323B6548A897C6E65337502F - SecurityHealthSystray.exe
E0E99E28383285C8A3A87DD432FF4BDE9BA671FC426F08C3B768BCE893C230D6 - SecurityHealthSystray.exe
720910B3043A665C42D74988440DFDEBAE706B53674294032B6AD86E966E6F06 - Upexee.exe
079FE5844D3F58A77B3B724505E68C1D57CF99718E3940D44AF024BFDC8828F0 - User.exe
4FBC9F6640D87DED0407F757F9465893B582B27B2226E4130E6C9BB07AE75C79 - UserAccountControlSettings.exe
FCED6B6F3F4EFEC8821F12E536D29358C5CCE0F30FF41F39AE52C68C2FD2EDC1 - UserAccountControlSettings.exe
5731FFE3792C43FA59B3EE0AE88B82C360BAB08ECD476C316C4EF1CACFDD9EB3 - WmiPrvSE.exe
5B125D99BB9DADCC5C718F55DF65EE9065446B0D935D28E31DECBD4271E5D34B - WmiPrvSE.exe
74BE37B8E2715407353CF35A56316F09156817CA9D8D5E4A537821DF4AB88664 - WmiPrvSE.exe
C8720DDA36C403BF6424E27DCE4CAEEDF650B79DBE24B4BD48BFE47AC75F2842 - cssr.exe
4281BBC6A8F13FA8491202F99BDAA4CB51C4AE649D9135CBF230769188D1C998 - splwow.exe
E7C582BE6C599AE1EF3A93DC6EE90154EE6230A177637E3A3BE66614EBA50673 - splwow.exe
E29AE405C09E400B1FD7A5F230839B0FF30D5714C0C9B88A5F3783AF03230BAE - vbgujr7v .exe
6F51F7C331D38BA9B8F6BDBE1C3B599E3A8705BB946224608ECBDD4B66B1EE52 - vbgujr7v.exe
```
## Network indicators
#### Url links containing malicious payload
```
2no.co/2OTXs3
2no.co/2uJGT5
2no[.]co/2QEF66
anonfile[.]com/B9g2H307of/Citizens_rar
anonfile[.]com/Zcx7N9r8oa/Chime_Brute_Checker_rar
anonfiles[.]com/15Kfs7C4of/FaceBook_rar
anonfiles[.]com/15Kfs7C4of/FaceBook_rar
anonfiles[.]com/74kb9064qc/Chase_rar
anonfiles[.]com/B7I4icecpc/GeneratorAndBrutePrivKeyBTC_2_0_zip
anonfiles[.]com/B7I4icecpc/GeneratorAndBrutePrivKeyBTC_2_0_zip
anonfiles[.]com/F5y1ReA4oa/BankCom_rar
anonfiles[.]com/H0J53ck9p7/PofFullChecker_rar
anonfiles[.]com/Jbf808k7p5/ProxyScrape_rar
anonfiles[.]com/Jbf808k7p5/ProxyScrape_rar
anonfiles[.]com/LeS9t5J9o5/AirbnbCom_rar
anonfiles[.]com/T9Gf41Tcoa/DatinG0_rar
anonfiles[.]com/V4s3B0H9pb/Amazon_gift_card_gen_rar
anonfiles[.]com/Xbpf05k8p8/Wish_rar
anonfiles[.]com/ZdT0a6lep8/BankCracker_rar
anonfiles[.]com/b8GaC1A3o4/Badoo_BruteChecker_rar
anonfiles[.]com/b8GaC1A3o4/Badoo_BruteChecker_rar
anonfiles[.]com/h5l84aFao9/mate1_rar
anonfiles[.]com/l4Ccn34ao5/PayFast_rar
anonfiles[.]com/l4Ccn34ao5/PayFast_rar»
anonfiles[.]com/neK7WaD6o5/BankTop_rar
anonfiles[.]com/r3ffadg9pf/MatchCheck_rar
anonfiles[.]com/taW231Bco4/ComboCreat_rar
anonfiles[.]com/vdJ1D4U5o5/CombineBA_rar
ezstat[.]ru/2uNGT5
mega[.]nz/file/0Uh1FQxa#H28pgAJpnnuu2VmzZpUOJtUFmYnLP9cJEvK6ElltJUc
mega[.]nz/file/0hgWwBSC#iIVnAImaF6CkA-IzGvmNulS8enc0XTAotAgvJ4aOjOU
mega[.]nz/file/0t4zDKTL#hpGw259NX2Y1TNeEd1aSjPn2gNI1DNTDU_zmHSeuQY4
mega[.]nz/file/1ohS3A4Q#D3IqYeVhT40JWyCfMPSeavKL5k0WW6MIQ7hRSxJdwps
mega[.]nz/file/4gpCBCAZ#h9T8eS71CwXVfLRLwWt4exP9MWYoCBI89exeCL1GLIo
mega[.]nz/file/4hhk1Kyb#9TxYVzWR1oTBvcjLBHfPWC1xUmuk8ZXksjK00BWBVVs
mega[.]nz/file/4lAQ3A7K#xTauQrfLt-YtBwvAmXDtFrxjMEEQJGnqXhJ_9ZWas_M
mega[.]nz/file/4xRkjRCZ#4lTp9wbjH7luLlLbRYnZWPni1SSXqxhs5e2i52owqF0
mega[.]nz/file/5wRzhAoY#rWL97o8gLv4SDXajQW-rOYjc6WHQDvI8i8nq6mR8uqQ
mega[.]nz/file/8l9U2I7S#Z-6pTRYsTP_V-DG9QGi5ro_VuVmN98fGHwH3ai-xQnQ
mega[.]nz/file/8swQQYpZ#Hn7zudXDTMd2e4_keEKkZdnFO4I1sijP7DQMY0Lyaf8
mega[.]nz/file/9lhCkACa#s4GSXbIkkQJ9eNNnb7F26bCLLnBypTxuQJb2_uDxAc8
mega[.]nz/file/AxJzTSxQ#VZg_YvwP912OBAOJmUs4Ynfricl93IbvGVzrGGCbUzo
mega[.]nz/file/B1QgjASD#_sntWOSQO1SqJ54ia4lHK87wIdExpfwoO2VepA1DppA
mega[.]nz/file/BNo3iY6J#pSQapX4q-ZOCccf-8ktUNMCIjbM5ctVsUg7GaD8tdE4
mega[.]nz/file/BlhTAYgY#jaTpHRlOU2roIeWeS6aYGNUmSm-ncxILmN303Ucgy_Y
mega[.]nz/file/E4Ym2RSQ#oE8iWSNt9Sfb0sR4_mIzYDy58Af6j4h92cOnp2_gpW4
mega[.]nz/file/FJgmSaSR#QeAn5MWmq8JWFXMhGq3ELVQbqsRaH3Z3j2wrmTj6nTw
mega[.]nz/file/I1RFTQrZ#UD9lW1FeAccIRNNt3Wp1l5fKFtRPHEWdnYY78FBnTU0
mega[.]nz/file/IsgEXQSQ#mEN1W88KuV2ffEvD-XYkLXzwFPxgHHgRddZ_ylMeh1k
mega[.]nz/file/JF5BTKpQ#wrOtkfNswmy_g8Jpta9ARln_mJMzALOIxUYpas1dxnc
mega[.]nz/file/MphFWQAL#VA5_7WwtG16236gFu8LuDnD5Hefu5sZ5rgRKpbSA8jc
mega[.]nz/file/Nl9hmKbD#sLCTbv6zsAzIPfnz9G7suYYe_JB81XJW0MP2-UnknR0
mega[.]nz/file/NsxiQbgS#vgZIX9m93fZ13erCT9wEvUX3Mp7Qf7pxyGrD08hDpG4
mega[.]nz/file/QMpnhYQT#t-viTJ-7V7_iMGmXrikGb7F-162wTdgJ8bZJHO90d0A
mega[.]nz/file/QURACQhY#Vk3W73HapLoiaVd1wH9QVGuy7c69wK8pSf9ZAqnr-lA
mega[.]nz/file/QkAFDQhR#QC_l-5MWf9zqt9l3wfFUg2joicLlzR3rGrF7Ab1ELk4
mega[.]nz/file/R8hE2aSJ#8-dRV0iIblfY3BFv8DnR3r6WhgjqFLXtAsdzY8lmNB4
mega[.]nz/file/RsYyDAzJ#rrtWuY1mtC5xy6V13dSdt6yo7nGmNjEluAEQ23udDIY
mega[.]nz/file/UsZnUAhA#3YCXr96qdzMLa00adGYKpiUlwsvcuuyWl6HR5OV1MLA
mega[.]nz/file/V84CBI5J#2OYUKgsYKHGNCvUL6uVzumEd1Ctn2EvqIPPdZCR8iXE
mega[.]nz/file/VMxHSZiT#0aAoz2IluNYHeTmYEOrSb-nqM20Mxc5Lj76r4248T2o
mega[.]nz/file/VhxlACrB#7pNbRtsR2LWonGl_cjkfXh-BUkexBfiAHW8W-80vLR8
mega[.]nz/file/VwRXHKhR#pWZDGJgQLTRTgXzRVh9rgFCrmTLAyTpLnmL7YsdlWOE
mega[.]nz/file/Ys5FmYxS#-0kvjCIBQXqDtGOVP-KAjSK7KNdeLDObncg_DJF-2Xo
mega[.]nz/file/YtFTUITZ#WEeyPncAUVSVjrMs_FnsPgVKfCMX1hCFafWS4q1nuzQ
mega[.]nz/file/ZNg3zCzQ#38bODDuobfEgxCh-jOdcNX3C8UPd6pLCcX639CJJI4U
mega[.]nz/file/ctV2hZTD#koV0C9nv260KWV42OQ9FanR4WdeZTuXKaATM8nee7yk
mega[.]nz/file/cwoXyJRL#kKEZhHP5kvPEGL6ahtctDqSbP9zzX5KnoOYzIPP6kvE
mega[.]nz/file/dBwSXDpC#arKlgBo1114m2PyDOj5xb0BhzPBhqe2wis9KNxtk5aY
mega[.]nz/file/h1lmDDwS#zbgpouBDfw-przmSlD-wlVfwcYxaR41KAgHwUPWGwJM
mega[.]nz/file/hlUm2ZJZ#VSk18Z0E1R46wxq48ETQ1itMXXxFuDzywFwCGNlt35k
mega[.]nz/file/hp4G1aaT#X4DZzEj1PElYzvbptLotEcAmtNihacoRgqRgx4zlWDM
mega[.]nz/file/kFo1yCBD#7nzTGzcTZapq9qZbpiQ4iZklgz5ee6q7yWr-IDQbUd4
mega[.]nz/file/kdAzgCzB#fe74hjumIo2KyeYCw0h0anSedODn-VJC8j1isfBIHEY
mega[.]nz/file/lNgyWTza#SOBvCixV0OOsO8E4rvwpOmUg-i_cZ4vB0tdvJTURiPA
mega[.]nz/file/loYQTKaT#vf_X682ecst_vz4hQjLJ89SZmUVVhugqVTwQgeMO7sc
mega[.]nz/file/o5h2CAzT#iLrtcoRlYtzm6GPYmipJPIGEX7qE-P50yj-ybBU9anI
mega[.]nz/file/p05QwaRT#bqtNVfWKBLtJPNJ9sFOjXRNtjKapwMAk4IwB-eYvNAA
mega[.]nz/file/p05QwaRT#bqtNVfWKBLtJPNJ9sFOjXRNtjKapwMAk4IwB-eYvNAA
mega[.]nz/file/p8kWwTqT#oSTRJloI5oMLhL9FLvmWDsCjwW9CiUD4FIPuP4VWaiI
mega[.]nz/file/ppZEkKaK#B-urCiubVnRNGrLXQ_1lM4OLYNqI-Q4oBDPGRtVwUls
mega[.]nz/file/s4BBGSwT#r_bAc22nLVkjQJU53xnBY9_DRPLxFMbL27vL0-3MSkU
mega[.]nz/file/sBYgSZjZ#F1qjBoGZY_rJEL_wq_sbTNcnKsBCwehzvwcIIcekrMo
mega[.]nz/file/towmjLzI#LzcRgAEL7RN8jwSFOnI6_TU5qV4CfqFqphjQGs0FLvg
mega[.]nz/file/twRCATyZ#5xTdZgrbCxb4HBvN6AM_79Tvg02H_nLLiCwDM95h-KM
mega[.]nz/file/w5oU1LZY#OMW_MbBnpheNlPVZsBECpvDr5K2cWyiiXO1_UHdeHEM
mega[.]nz/file/x8oRAaYY#52wO4k6ENmhZJIqAvxlRlN7YbL-BZRHRq9r_DVrUS-M
mega[.]nz/file/xNAUjSQS#WufFv-cdrc45BL2TrUdeNa3ijAo8CxoDoZImCon-RMQ
mega[.]nz/folder/ogBBnCYD#8dsYu-ikNdnM-uDAjutoMg
progs[.]su
sendspace[.]com/file/061inf
sendspace[.]com/file/0prar9
sendspace[.]com/file/2vxjkh
sendspace[.]com/file/6cuxdb
sendspace[.]com/file/91b1l8
sendspace[.]com/file/azfe6l
sendspace[.]com/file/blhldl
sendspace[.]com/file/buti2l
sendspace[.]com/file/cbzy9i
sendspace[.]com/file/cbzy9i
sendspace[.]com/file/dr1xxh
sendspace[.]com/file/dsilg9
sendspace[.]com/file/e87sfs
sendspace[.]com/file/eq6sea
sendspace[.]com/file/eq6sea
sendspace[.]com/file/fkziff
sendspace[.]com/file/fu4u7g
sendspace[.]com/file/fu4u7g
sendspace[.]com/file/hl3g7v
sendspace[.]com/file/kg0m46
sendspace[.]com/file/otxi12
sendspace[.]com/file/plwz9u
sendspace[.]com/file/qfjn7e
sendspace[.]com/file/s0ltvx
sendspace[.]com/file/s0ltvx
sendspace[.]com/file/vk3zjv
sendspace[.]com/file/xw8ldd
sendspace[.]com/file/zepg6n
sendspace[.]com/file/zepg6n
vk[.]progs[.]su
```
## File names
```
%APPDATA%\Local\Temp\1qw23.exe
%APPDATA%\Local\Temp\DavzZL\MSASCui.exe
%APPDATA%\Local\Temp\MSASCui.exe
%APPDATA%\Local\Temp\RuntimeBroker.exe
%APPDATA%\Local\Temp\SecurityHelth.exe
%APPDATA%\Local\Temp\vbgujr7v.exe
%APPDATA%\Roaming\AdobeX\UserAccountControlSettings.exe
%APPDATA%\Roaming\AdobeX\flashplayer.exe
%APPDATA%\Roaming\Defender\DefenderUpdate.exe
%APPDATA%\Roaming\Defender\MSASCui.exe
%APPDATA%\Roaming\FlashPlayer\FlashPlayer.exe
%APPDATA%\Roaming\Health\SecurityHealthSystray.exe
%APPDATA%\Roaming\NVIDIA\SecurityHealth.exe
%APPDATA%\Roaming\Protect\WmiPrve.exe
%APPDATA%\Roaming\Realtek\SearchProtocolHost.exe
%APPDATA%\Roaming\Realtek\SecurityHealth.exe
%APPDATA%\Roaming\Security\SecurityHealth.exe
%APPDATA%\Roaming\System\DXCpl.exe
%APPDATA%\Roaming\System\splwow.exe
%APPDATA%\Roaming\WIND0WS\Explorer.exe
%APPDATA%\Roaming\WIND0WS\FlashPlayer.exe
%APPDATA%\Roaming\WIND0WS\User.exe
%APPDATA%\Roaming\WIND0WS\UserAccountControlSettings.exe
%APPDATA%\Roaming\WINDDWS\Winserv.exe
%APPDATA%\Roaming\WinSecurityHealth\SecurityHealth.exe
%APPDATA%\Roaming\WmiPrv\WmiPrvSE.exe
%APPDATA%\Roaming\dftmp\SecurityHealth.exe
%APPDATA%\Roaming\p60fhh\Flash.exe
```
## Mutexes
```
0kezHr8NVFLmGsLePNFaEYm7FPxK9L9yn
3C35FH8hKAuPv8jYboeJXnysvZqUt3f3q
AyxTVEBaJDByEHaGYTW3FG56zf1s5P6gx
GI8Pu5K9UQSNmuJiM3CPvVbSOdYQjCDvwsMWxkXXGrybkBvMRzUJbqWcVjB3u4TS
Vs3xjr1pNeqf3f32CU1Qf2uLQNRY7QHuT
WBU7punCFmjK4sZCZc592RnzYpJr2APgZ
uf7UX2VR3HPhtOKAHyn33pDN4v716mEjB
x1jh28RpFlszLbjvp8A8GzBBA3Vm7DQy5
x1jh28RpFlszLbjvp8A8GzBBA3VmDQy5
x1jh28RpFlszLbjvp8A8GzBBA3VmDQy578
```
Reference in New Issue View Git Blame Copy Permalink