IOC Report
https://transfiles.ru/vyjw4

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\Downloads\Loader.rar (copy)
RAR archive data, v5
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon May 27 12:00:58 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon May 27 12:00:58 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 09:23:19 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon May 27 12:00:58 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon May 27 12:00:58 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon May 27 12:00:58 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
dropped
C:\Users\user\Desktop\Loader.exe
PE32+ executable (console) x86-64, for MS Windows
dropped
C:\Users\user\Downloads\7a171e63-c919-4223-98ab-f871613dd714.tmp
RAR archive data, v5
dropped
C:\Users\user\Downloads\Loader.rar.crdownload
RAR archive data, v5
dropped
Chrome Cache Entry: 112
ASCII text, with very long lines (43121), with no line terminators
downloaded
Chrome Cache Entry: 113
ASCII text, with very long lines (65483)
downloaded
Chrome Cache Entry: 114
GIF image data, version 89a, 32 x 32
downloaded
Chrome Cache Entry: 115
Unicode text, UTF-8 text, with CRLF line terminators
downloaded
Chrome Cache Entry: 116
ASCII text
downloaded
Chrome Cache Entry: 117
GIF image data, version 89a, 1 x 1
dropped
Chrome Cache Entry: 118
ASCII text, with very long lines (2343)
downloaded
Chrome Cache Entry: 119
ASCII text, with very long lines (3968)
downloaded
Chrome Cache Entry: 120
GIF image data, version 89a, 1 x 1
dropped
Chrome Cache Entry: 121
GIF image data, version 89a, 1 x 1
downloaded
Chrome Cache Entry: 122
GIF image data, version 89a, 1 x 1
downloaded
Chrome Cache Entry: 123
ASCII text, with very long lines (32003)
downloaded
Chrome Cache Entry: 124
GIF image data, version 89a, 1 x 1
dropped
Chrome Cache Entry: 125
ASCII text, with very long lines (2628)
downloaded
Chrome Cache Entry: 126
Unicode text, UTF-8 text, with very long lines (11822)
downloaded
Chrome Cache Entry: 127
PNG image data, 22 x 22, 8-bit colormap, non-interlaced
downloaded
Chrome Cache Entry: 128
PNG image data, 111 x 111, 8-bit colormap, non-interlaced
dropped
Chrome Cache Entry: 129
RAR archive data, v5
downloaded
Chrome Cache Entry: 130
PNG image data, 15 x 15, 8-bit colormap, non-interlaced
downloaded
Chrome Cache Entry: 131
PNG image data, 20 x 13, 8-bit colormap, non-interlaced
dropped
Chrome Cache Entry: 132
PNG image data, 150 x 44, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 133
PNG image data, 22 x 22, 8-bit colormap, non-interlaced
dropped
Chrome Cache Entry: 134
GIF image data, version 89a, 1 x 1
downloaded
Chrome Cache Entry: 135
ASCII text, with very long lines (4246)
downloaded
Chrome Cache Entry: 136
ASCII text
downloaded
Chrome Cache Entry: 137
PNG image data, 20 x 13, 8-bit colormap, non-interlaced
downloaded
Chrome Cache Entry: 138
PNG image data, 20 x 13, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 139
HTML document, ASCII text, with very long lines (532)
downloaded
Chrome Cache Entry: 140
Unicode text, UTF-8 (with BOM) text, with very long lines (561)
downloaded
Chrome Cache Entry: 141
PNG image data, 15 x 15, 8-bit colormap, non-interlaced
dropped
Chrome Cache Entry: 142
GIF image data, version 89a, 1 x 1
downloaded
Chrome Cache Entry: 143
PNG image data, 230 x 72, 8-bit colormap, non-interlaced
downloaded
Chrome Cache Entry: 144
C++ source, ASCII text, with very long lines (3386)
downloaded
Chrome Cache Entry: 145
ASCII text, with very long lines (2937)
downloaded
Chrome Cache Entry: 146
PNG image data, 30 x 30, 8-bit colormap, non-interlaced
dropped
Chrome Cache Entry: 147
GIF image data, version 89a, 1 x 1
downloaded
Chrome Cache Entry: 148
HTML document, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
downloaded
Chrome Cache Entry: 149
Unicode text, UTF-8 text, with very long lines (12938)
downloaded
Chrome Cache Entry: 150
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 174x174, components 3
dropped
Chrome Cache Entry: 151
GIF image data, version 89a, 1 x 1
dropped
Chrome Cache Entry: 152
HTML document, ASCII text, with very long lines (51875), with no line terminators
downloaded
Chrome Cache Entry: 153
HTML document, ASCII text, with very long lines (51993), with no line terminators
downloaded
Chrome Cache Entry: 154
PNG image data, 230 x 72, 8-bit colormap, non-interlaced
dropped
Chrome Cache Entry: 155
GIF image data, version 89a, 1 x 1
downloaded
Chrome Cache Entry: 156
ASCII text, with very long lines (1921)
downloaded
Chrome Cache Entry: 157
ASCII text, with very long lines (2950)
downloaded
Chrome Cache Entry: 158
Unicode text, UTF-8 text, with CRLF line terminators
downloaded
Chrome Cache Entry: 159
GIF image data, version 89a, 1 x 1
dropped
Chrome Cache Entry: 160
ASCII text, with very long lines (2861)
downloaded
Chrome Cache Entry: 161
ASCII text, with very long lines (5945)
downloaded
Chrome Cache Entry: 162
GIF image data, version 89a, 1 x 1
dropped
Chrome Cache Entry: 163
Web Open Font Format (Version 2), TrueType, length 61628, version 1.0
downloaded
Chrome Cache Entry: 164
Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
downloaded
Chrome Cache Entry: 165
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 174x174, components 3
downloaded
Chrome Cache Entry: 166
PNG image data, 150 x 44, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 167
ASCII text, with very long lines (1054)
downloaded
Chrome Cache Entry: 168
Web Open Font Format (Version 2), TrueType, length 61736, version 1.0
downloaded
Chrome Cache Entry: 169
PNG image data, 20 x 13, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 170
JSON data
downloaded
Chrome Cache Entry: 171
PNG image data, 30 x 30, 8-bit colormap, non-interlaced
downloaded
Chrome Cache Entry: 172
ASCII text
downloaded
Chrome Cache Entry: 173
PNG image data, 111 x 111, 8-bit colormap, non-interlaced
downloaded
Chrome Cache Entry: 174
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 175
GIF image data, version 89a, 32 x 32
dropped
Chrome Cache Entry: 176
ASCII text, with very long lines (19040)
downloaded
There are 66 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://transfiles.ru/vyjw4
 malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 --field-trial-handle=1980,i,5191005634875542788,15932232829212940879,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
malicious
C:\Windows\System32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\user\Desktop\" -an -ai#7zMap29805:70:7zEvent23307
C:\Users\user\Desktop\Loader.exe
"C:\Users\user\Desktop\Loader.exe"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

URLs

Name
IP
Malicious
https://transfiles.ru/vyjw4
https://stats.g.doubleclick.net/g/collect
unknown
https://cdn.bidbrain.app/sqoutlogo_1716467887.png
172.67.176.164
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9678335887055925&output=html&h=100&slotname=8540115672&adk=3304334544&adf=3870114935&pi=t.ma~as.8540115672&w=970&abgtt=3&lmt=1716814864&format=970x100&url=https%3A%2F%2Ftransfiles.ru%2Fvyjw4&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xNDkiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTQ5Il0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xNDkiXV0sMF0.&dt=1716814862312&bpp=1&bdt=3665&idt=1804&shv=r20240522&mjsv=m202405220101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=970x280&correlator=2846887072687&frm=20&pv=1&ga_vid=625688542.1716814864&ga_sid=1716814864&ga_hid=478524190&ga_fc=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=147&ady=823&biw=1263&bih=907&scr_x=0&scr_y=58&eid=44759876%2C44759927%2C44759842%2C31081564%2C31083869%2C31083906%2C42532523%2C95331982%2C31083976%2C95331711%2C21065724%2C31078663%2C31078665%2C31078668%2C31078670&oid=2&pvsid=4347612559431098&tmod=1276184472&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C1280%2C907&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1&td=1&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=2&uci=a!2&fsb=1&dtd=1809
https://googleads.g.doubleclick.net/pagead/html/r20240522/r20110914/zrt_lookup_fy2021.html#RS-2-&adk=1812271801&client=ca-pub-9678335887055925&fa=1&ifi=6&uci=a!6&btvi=2
https://googleads.g.doubleclick.net/pagead/adview?ai=ClnvfEoRUZt6kF8Sk78EPwYeYiAi9qs_Ndemi3NbEEsCNtwEQASAAYMkGggEXY2EtcHViLTk2NzgzMzU4ODcwNTU5MjXIAQmoAwHIAwKqBOkBT9DJs4DwZkFXazdC1vb_IfyT66cVwzssloIAuPYWdk2pvdtdkGfl8RgS3j-Rb1GTsGsjffrBVrJompxkEBZ924zCEaxLXjpE8OBkyCvMc-kiBz_1sMZqZ6htcQ27oYfZHqEPFnNPxSHQPU1iEcdIX0FhjqCDTxj4rDa-b17-SC3kMU1BJlX07cp2Z9WAoB96JWUXADgY-JX7-YKhNJ443k1YUuN81i0TyhiIYfAGYqM-zP8TWNDBiwTRBYrnljr4fSJestOWOB7pVjcW6IT-vAxBFegz9lpnTD1Nae1FR4Aefzq-zoyo2HGABq_-tKHlnqO4kwGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7ECqAetvrEC2AcA0ggiCIBhEAEyAooCOgmAQIDAgICAoChIvf3BOljO2oTi8a2GA4AKAfoLAggBgAwB0BUBgBcBshcaChgSFHB1Yi05Njc4MzM1ODg3MDU1OTI1GAA&sigh=2wcJhgJJwFM&uach_m=%5BUACH%5D&cid=CAQSTgDaQooLoh93Sadr21NHJ2zkjDpMZfnXwrBt59depIsu5gVxrAevUT4Mr3AQrbvEezgmEpr4CE-bTyWvTiwSPN_8bxGxnJJ5_qKbjddvxxgB&cbvp=2&vis=1
216.58.206.66
https://cdn.bidbrain.app/ng-assets/creative/assets/index-cb91ca65.css
172.67.176.164
https://transfiles.ru/images/btn_qrcode.png
65.108.228.44
https://mc.yandex.
unknown
https://ampcid.google.com/v1/publisher:getClientId
unknown
https://mc.yandex.com/sync_cookie_image_decide_secondary?token=10382.PHokSIao8yHItpVHoilKJ7LvElhcKk_OfeMiRfRUAgZFbdT46izlmiBOc95P41WQVdZoaHSNmzacvchSIRLsAY-LRphnUACZ3FDhGTBBZqn6Bhvm3QpWT2dpAkU5csY4NoyTXdi0OOB-upnzWehEU4VYYeizz3kakGib1K_v3IrBnoGG5wDQeWCaVEMh-C_xZ5S90lf4fiLJREm5w_U2Nvm1jAiRpncuE676e0bo3io%2C.z5voVyT0_z8pviNRWNtRjPKoezg%2C
87.250.250.119
https://transfiles.ru/css/jquery.bxslider.css
65.108.228.44
https://www.google.com
unknown
https://mc.yandex.com/watch/33590114/1?page-url=https%3A%2F%2Ftransfiles.ru%2Fvyjw4&charset=utf-8&hittoken=1716814866_a54e6e707aa72c8d42e3cb06a15c3291caee60b99711d9e761410aa4eb2bb118&browser-info=nb%3A1%3Acl%3A4367%3Aar%3A1%3Avf%3Aqwnfzu763lnwkqrexyqp4e3mj%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1350%3Acn%3A1%3Adp%3A1%3Als%3A1430974270378%3Ahid%3A880766209%3Az%3A-240%3Ai%3A20240527090125%3Aet%3A1716814885%3Ac%3A1%3Arn%3A3598640%3Arqn%3A2%3Au%3A1716814863853134129%3Aw%3A1263x907%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A%2C%2C%2C%2C%2C%2C%2C4718%2C10%2C9666%2C%2C%2C7143%3Aco%3A0%3Acpf%3A1%3Aeu%3A2%3Ans%3A1716814856326%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1716814885&t=gdpr(14)clc(1-206-579)rqnt(2)lt(8900)aw(0)rcm(1)cdl(na)eco(21037572)dss(2)fid(140)ti(0)&force-urlencoded=1&site-info=%7B%22__ym%22%3A%7B%22ct%22%3A%5B%5D%7D%7D
87.250.250.119
https://fundingchoicesmessages.google.com/i/%
unknown
https://mc.yandex.com/webvisor/33590114?wv-part=4&wv-type=7&wmode=0&wv-hit=880766209&page-url=https%3A%2F%2Ftransfiles.ru%2Fvyjw4&rn=99049005&browser-info=we%3A1%3Aet%3A1716814877%3Aw%3A1263x907%3Av%3A1350%3Az%3A-240%3Ai%3A20240527090117%3Au%3A1716814863853134129%3Avf%3Aqwnfzu763lnwkqrexyqp4e3mj%3Ast%3A1716814877&t=gdpr(14)ti(1)
87.250.250.119
https://transfiles.ru/images/bg.jpg
65.108.228.44
https://quickchart.io/qr?text=
unknown
https://serve.bidbrain.app/sig.js
172.67.176.164
https://mc.yandex.com/webvisor/33590114?wv-part=4&wv-check=43811&wv-type=0&wmode=0&wv-hit=880766209&page-url=https%3A%2F%2Ftransfiles.ru%2Fvyjw4&rn=629003795&browser-info=we%3A1%3Aet%3A1716814893%3Aw%3A1263x907%3Av%3A1350%3Az%3A-240%3Ai%3A20240527090133%3Au%3A1716814863853134129%3Avf%3Aqwnfzu763lnwkqrexyqp4e3mj%3Ast%3A1716814893&t=gdpr(14)ti(1)
87.250.250.119
https://mc.yandex.com/clmap/33590114?page-url=https%3A%2F%2Ftransfiles.ru%2Fvyjw4&pointer-click=rn%3A532174762%3Ax%3A38665%3Ay%3A28398%3At%3A33%3Ap%3APA1AA1AAAAA%3AX%3A206%3AY%3A679&browser-info=u%3A1716814863853134129%3Av%3A1350%3Avf%3Aqwnfzu763lnwkqrexyqp4e3mj%3Arqnl%3A1%3Ast%3A1716814866&t=gdpr(14)ti(1)
87.250.250.119
https://transfiles.ru/images/btn_ok_passive.png
65.108.228.44
https://transfiles.ru/vyjw4
https://stats.g.doubleclick.net/j/collect
unknown
https://cdn.ampproject.org/amp4ads-host-v0.js
unknown
https://s3.mds.yandex.net/internal-metrika-betas
unknown
https://mc.yandex.ru/metrika/tag.js
87.250.250.119
https://googleads.g.doubleclick.net/pagead/html/$
unknown
https://yastatic.net/s3/metrika
unknown
https://mc.yandex.md/cc
unknown
https://transfiles.ru/images/loader.gif
65.108.228.44
https://www.google.com/adsense
unknown
https://yandex.com/an/sync_cookie
unknown
https://cdn.bidbrain.app/ng-assets/creative/assets/index-5ff4bbc8.js
172.67.176.164
https://mc.yandex.com/watch/33590114/1?wmode=7&page-url=https%3A%2F%2Ftransfiles.ru%2Fvyjw4&charset=utf-8&uah=chu%0A%22Google%20Chrome%22%3Bv%3D%22117%22%2C%22Not%3BA%3DBrand%22%3Bv%3D%228%22%2C%22Chromium%22%3Bv%3D%22117%22%0Acha%0Ax86%0Achb%0A64%0Achf%0A117.0.5938.149%0Achl%0A%22Google%20Chrome%22%3Bv%3D%22117.0.5938.149%22%2C%22Not%3BA%3DBrand%22%3Bv%3D%228.0.0.0%22%2C%22Chromium%22%3Bv%3D%22117.0.5938.149%22%0Achm%0A%3F0%0Achp%0AWindows%0Achv%0A10.0.0&browser-info=pv%3A1%3Avf%3Aqwnfzu763lnwkqrexyqp4e3mj%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1350%3Acn%3A1%3Adp%3A0%3Als%3A1430974270378%3Ahid%3A880766209%3Az%3A-240%3Ai%3A20240527090102%3Aet%3A1716814863%3Ac%3A1%3Arn%3A553862080%3Arqn%3A1%3Au%3A1716814863853134129%3Aw%3A1263x907%3As%3A1280x1024x24%3Ask%3A1%3Afp%3A4793%3Awv%3A2%3Ads%3A0%2C1736%2C311%2C108%2C26%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Acpf%3A1%3Ans%3A1716814856326%3Arqnl%3A1%3Ast%3A1716814864%3At%3ATransFiles%20-%20free%20file%20sharing%20service%20without%20registration%20-%20Page%20to%20download%20the%20upload%20vyjw4&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%281%29cdl%28na%29eco%2821037572%29ti%281%29&redirnss=1
87.250.250.119
https://mc.yandex.ru/sync_cookie_image_start_secondary?redirect_domain=mc.yandex.com&token=10382.91OTDC7CGhMUgd5msKBQIdMJAOVISv1vNGp9EokNsvH6IRYIY439ilpR9ghFy4Z1.AZ1YOtlm9mvrCEh9G3ToKwugLbw%2C
87.250.250.119
https://g.bidbrain.app/rtimp?sid=2e24c048-1c29-11ef-9fb3-461def39b9c5&d=transfiles.ru&cr=ext_continue_sqout_nd32&a=imp&p=ZlSEEgAF0l4CO9JEAAYDwf_oVh8NlMxuVSTtyg&im=csTClgnNfcpzdZKOYPVS4AvGC71xOMJpdRfirF6zakSHapprQEYr70VZBY2CDDimrqDbxBrqQRgM2kPbfaGjE3WpBLcswnTxJgoObX02k6-KiztT_vYR4wO4hY1yz1EXXu5TxjYh-Qj7HmQ5PbFloc0nQhX8IVDC866aJqbSTql8vHj7_pJX_a95XX4rSjiXd4Na51NTHs1Fbk7EPhLVXq21sQ37tP1x0rHKsWQdP-mTgMcQTLcuZUk6guOp_Ji83jtLJQlmRol5AMRJw4VTLm49kqz2sd3npcfeWRDMzVAK6RO6QPn_MeolthgAxovwV6N8r04wYn-ewqY1oQ5RFWv2_PeqDr4kKCJvAOAFDsU&cbvp=2
172.67.176.164
https://adservice.google.com/pagead/regclk
unknown
https://cct.google/taggy/agent.js
unknown
https://googleads.g.doubleclick.net/pagead/html/r20240522/r20110914/zrt_lookup_fy2021.html#RS-1-&adk=1812271804&client=ca-pub-9678335887055925&fa=4&ifi=5&uci=a!5&btvi=1
http://mathiasbynens.be/
unknown
https://www.google.com/adsense/search/async-ads.js
unknown
https://transfiles.ru/js/functions.js?rnd=11
65.108.228.44
https://mc.yandex.com/webvisor/33590114?wv-part=1&wv-check=5780&wv-type=0&wmode=0&wv-hit=880766209&page-url=https%3A%2F%2Ftransfiles.ru%2Fvyjw4&rn=716971472&browser-info=we%3A1%3Aet%3A1716814869%3Aw%3A1263x907%3Av%3A1350%3Az%3A-240%3Ai%3A20240527090108%3Au%3A1716814863853134129%3Avf%3Aqwnfzu763lnwkqrexyqp4e3mj%3Ast%3A1716814869&t=gdpr(14)ti(1)
87.250.250.119
https://mc.yandex.com/webvisor/33590114?wv-part=3&wv-type=7&wmode=0&wv-hit=880766209&page-url=https%3A%2F%2Ftransfiles.ru%2Fvyjw4&rn=638068873&browser-info=we%3A1%3Aet%3A1716814873%3Aw%3A1263x907%3Av%3A1350%3Az%3A-240%3Ai%3A20240527090113%3Au%3A1716814863853134129%3Avf%3Aqwnfzu763lnwkqrexyqp4e3mj%3Ast%3A1716814873&t=gdpr(14)ti(1)
87.250.250.119
https://www.google.%/ads/ga-audiences
unknown
https://cdn.bidbrain.app/compressedFonts/RobotoRegular.woff2
172.67.176.164
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9678335887055925&output=html&adk=1812271804&adf=3025194257&abgtt=3&lmt=1716814864&plat=2%3A16777216%2C3%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=135x714_r&format=0x0&url=https%3A%2F%2Ftransfiles.ru%2Fvyjw4&pra=7&wgl=1&easpi=0&aihb=0&asro=0&aiael=1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xNDkiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTQ5Il0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xNDkiXV0sMF0.&dt=1716814863478&bpp=2&bdt=4830&idt=648&shv=r20240522&mjsv=m202405220101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=970x280%2C970x100&nras=1&correlator=2846887072687&frm=20&pv=1&ga_vid=625688542.1716814864&ga_sid=1716814864&ga_hid=478524190&ga_fc=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1263&bih=907&scr_x=0&scr_y=58&eid=44759876%2C44759927%2C44759842%2C31081564%2C31083869%2C31083906%2C42532523%2C95331982%2C31083976%2C95331711%2C21065724%2C31078663%2C31078665%2C31078668%2C31078670&oid=2&pvsid=4347612559431098&tmod=1276184472&uas=0&nvt=1&fsapi=1&fc=896&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C1280%2C907&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&td=1&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=3&uci=a!3&fsb=1&dtd=660
http://googleads.g.doubleclick.net
unknown
http://bxslider.com
unknown
https://transfiles.ru/securimage/show
65.108.228.44
https://yastatic.net/s3/taxi-front/yango-gdpr-popup/
unknown
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9678335887055925&output=html&h=280&slotname=7823858479&adk=642103812&adf=441738196&pi=t.ma~as.7823858479&w=970&abgtt=3&fwrn=4&fwrnh=100&lmt=1716814864&rafmt=1&format=970x280&url=https%3A%2F%2Ftransfiles.ru%2Fvyjw4&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xNDkiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTQ5Il0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xNDkiXV0sMF0.&dt=1716814862308&bpp=4&bdt=3661&idt=1768&shv=r20240522&mjsv=m202405220101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=2846887072687&frm=20&pv=2&ga_vid=625688542.1716814864&ga_sid=1716814864&ga_hid=478524190&ga_fc=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=147&ady=158&biw=1263&bih=907&scr_x=0&scr_y=20&eid=44759876%2C44759927%2C44759842%2C31081564%2C31083869%2C31083906%2C42532523%2C95331982%2C31083976%2C95331711%2C21065724%2C31078663%2C31078665%2C31078668%2C31078670&oid=2&pvsid=4347612559431098&tmod=1276184472&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1280%2C0%2C1280%2C984%2C1280%2C907&vis=1&rsz=%7C%7CeoE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&td=1&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&fsb=1&dtd=1792
https://mc.yandex.com/webvisor/33590114?wv-part=2&wv-type=7&wmode=0&wv-hit=880766209&page-url=https%3A%2F%2Ftransfiles.ru%2Fvyjw4&rn=137156753&browser-info=bt%3A1%3Awe%3A1%3Aet%3A1716814871%3Aw%3A1263x907%3Av%3A1350%3Az%3A-240%3Ai%3A20240527090111%3Au%3A1716814863853134129%3Avf%3Aqwnfzu763lnwkqrexyqp4e3mj%3Ast%3A1716814871&t=gdpr(14)ti(1)
87.250.250.119
https://mc.yandex.com/webvisor/33590114?wv-part=1&wv-type=7&wmode=0&wv-hit=880766209&page-url=https%3A%2F%2Ftransfiles.ru%2Fvyjw4&rn=613221953&browser-info=we%3A1%3Aet%3A1716814870%3Aw%3A1263x907%3Av%3A1350%3Az%3A-240%3Ai%3A20240527090110%3Au%3A1716814863853134129%3Avf%3Aqwnfzu763lnwkqrexyqp4e3mj%3Ast%3A1716814870&t=gdpr(14)ti(1)
87.250.250.119
https://transfiles.ru/images/donate.png
65.108.228.44
https://transfiles.ru/manifest.json
65.108.228.44
https://transfiles.ru/images/abuse.png
65.108.228.44
https://securepubads.g.doubleclick.net/static/topics/topics_frame.html
unknown
https://transfiles.ru/getFilelist
65.108.228.44
http://google.com
unknown
https://www.google.com/recaptcha/api2/aframe
unknown
https://mc.yandex.com/sync_cookie_image_check_secondary
87.250.250.119
https://cdn.bidbrain.app/compressedFonts/RobotoBold.woff2
172.67.176.164
https://googleads.g.doubleclick.net/pagead/html/r20240522/r20110914/zrt_lookup_fy2021.html#RS-0-&adk=1812271808&client=ca-pub-9678335887055925&fa=8&ifi=4&uci=a!4
https://www.google.com/s2/favicons?sz=64&domain_url=
unknown
https://googleads.g.doubleclick.net/pagead/html/r20240522/r20110914/zrt_lookup_fy2021.html
http://stevenwanderski.com
unknown
https://googleads.g.doubleclick.net/pagead/adview?ai=CAIqXEoRUZq7LD8Gd78EPgtSXmAe9qs_Ndemi3NbEEsCNtwEQASAAYMkGggEXY2EtcHViLTk2NzgzMzU4ODcwNTU5MjXIAQmoAwHIAwKqBOkBT9DtPGeYQY5dYXYiBj0xruaMf1DEhRVGynZK6w48Ujl41s1YPYGOkYOeHnwQe97oPGQH0hefM4OQTmRK9is87HziHmkIVO0EeFPn3aSDtoDufow8b7k6amJVFY1EeWS0hifj7LDmnZUcELLtYABjxNzTh529P4wHkBv2BKadUbtokO9GZBiTODx8EiP32YbxhtXI0KAi1FCczvBC6nmsWM2BI4BoNaS0hSCvCvhn9TWKDRYF4MqYhV87SQGKWj58APy9zEhQ1PkFIlgKbhRGezn4zFWaRUTVRP1cLa9a3j8uNBULEHk3sDuABq_-tKHlnqO4kwGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7ECqAetvrEC2AcA0ggiCIBhEAEyAooCOgmAQIDAgICAoChIvf3BOliwhv3h8a2GA4AKAfoLAggBgAwB0BUBgBcBshcaChgSFHB1Yi05Njc4MzM1ODg3MDU1OTI1GAA&sigh=X-cx5vN0UcU&uach_m=%5BUACH%5D&cid=CAQSTgDaQooLTW7u4oge14IuBjKtz3YT8jNF6w2C2f2dpMInZBKZdkhNtx6SNLsj0rEk5kU2Z30Vy-VDSFFKHeVSUvnj0Vh7CRDgM4E2fEuvdBgB&cbvp=2&vis=1
216.58.206.66
https://transfiles.ru/assets/504097ca/jquery.min.js
65.108.228.44
https://googleads.g.doubleclick.net/pagead/adview?ai=ChkXoEoRUZtabGPrV78EPi5KcyAW9qs_Ndemi3NbEEsCNtwEQASAAYMkGggEXY2EtcHViLTk2NzgzMzU4ODcwNTU5MjXIAQmoAwHIAwKqBOoBT9AlBXsp115XZA7Amy_hNtZN7Fu4gGE0K_C2VEOzYhKFiTzi6z6F5bSB43mKXoWFjL0rhutsk1D7LCgTdJZVmsyPLS6iHWK6xDS3uYNkAHIRo2qMqVqABDQRBkP-wc6m2NgRWxnlFJlOwd8xLNYpS5AVzvKA-MhbiJo0PoYWk4H0BKkTlI_Dv39CQ7SkJna53Mqr0XWRmCK5qNfbcFwe_YfuwyZS6H7S8VI4DNgSq2eIQ8oFmKODii4u_asf7HU2op18-afZVnT8ogGJRPG6RVAIN4b1g-GhHBb8yN1jaxJBy1CERrewT5lhgAav_rSh5Z6juJMBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAqgHrb6xAtgHANIIIgiAYRABMgKKAjoJgECAwICAgKAoSL39wTpY9LeF4vGthgOACgH6CwIIAYAMAdAVAYAXAbIXGgoYEhRwdWItOTY3ODMzNTg4NzA1NTkyNRgA&sigh=BZmvZsc00Ug&uach_m=%5BUACH%5D&cid=CAQSTgDaQooLNLBfoQVCmJOdffnJqi40f_xWMBJ0aoP0NYY3lCOpK9Ard5Y6VEggUHLn7qVkB0kkfAYylevaQD5lNX5wuqGnRSXClVGmF7emcxgB&cbvp=2&vis=1
216.58.206.66
https://g.bidbrain.app/rtimp?sid=2e0e941e-1c29-11ef-9fb8-16c77870c855&d=transfiles.ru&cr=ext_continue_sqout_nd32&a=imp&p=ZlSEEgAD5a4CO87BAAXqAkO-BDQEmDBZTmf2Jw&im=ywfmR2pDhgFZ29M1QD0u7KbGNvKqoIeCNHh4KGkQ1dC2XSH5b7FXZyvz8fXBwrnP_j336behaBhG_l925hs-oP57YzR_SraPoWWNDaFhr11y_Lu1-P-fJrgIfZm2SFi9e_uJWGoA1WacgJ_5BBNOM88Y5rIKRcYHKI7inJGL1bvY7oqQ8cXdlucoAPyei5KnxwwgvgUwFwT2GCM3ZaLZryWSVhRAvSjj4bn3G0skWmojUUgxhDZY5pA1Q4FMtWNt0e-5w0CPeyryGO_fFIKaPBAXKYoUN-dDujfjxw3XKBjvd-3qhajYhJlX2qQgp7Ar&cbvp=2
172.67.176.164
https://mc.yandex.com/webvisor/33590114?wv-part=2&wv-check=20957&wv-type=0&wmode=0&wv-hit=880766209&page-url=https%3A%2F%2Ftransfiles.ru%2Fvyjw4&rn=25282607&browser-info=we%3A1%3Aet%3A1716814871%3Aw%3A1263x907%3Av%3A1350%3Az%3A-240%3Ai%3A20240527090111%3Au%3A1716814863853134129%3Avf%3Aqwnfzu763lnwkqrexyqp4e3mj%3Ast%3A1716814871&t=gdpr(14)ti(1)
87.250.250.119
https://transfiles.ru/images/logo.png
65.108.228.44
https://transfiles.ru/js/jquery.mCustomScrollbar.concat.min.js
65.108.228.44
http://www.apache.org/licenses/LICENSE-2.0
unknown
https://transfiles.ru/images/en.png
65.108.228.44
https://cse.google.com/cse.js
unknown
https://cdn.bidbrain.app/ng-assets/creative/assets/polyfills-89a25f2d.js
172.67.176.164
https://transfiles.ru/getFiles/4002015
65.108.228.44
https://transfiles.ru/js/jquery.bxslider.min.js
65.108.228.44
https://googleads.g.doubleclick.net
unknown
https://tagassistant.google.com/
unknown
https://cdn.ampproject.org/rtv/$
unknown
https://mc.yandex.com/sync_cookie_image_check
87.250.250.119
https://transfiles.ru/css/common.css?rnd=11
65.108.228.44
http://opensource.org/licenses/MIT
unknown
https://transfiles.ru/js/download.js?rnd=11
65.108.228.44
https://yastatic.net/s3/gdpr/v3/gdpr
unknown
https://mc.yandex.com/webvisor/33590114?wv-part=1&wv-type=7&wmode=0&wv-hit=880766209&page-url=https%3A%2F%2Ftransfiles.ru%2Fvyjw4&rn=487012232&browser-info=bt%3A1%3Awe%3A1%3Aet%3A1716814870%3Aw%3A1263x907%3Av%3A1350%3Az%3A-240%3Ai%3A20240527090109%3Au%3A1716814863853134129%3Avf%3Aqwnfzu763lnwkqrexyqp4e3mj%3Ast%3A1716814870&t=gdpr(14)ti(1)
87.250.250.119
https://ymetrica1.com/watch/3/1
unknown
https://g.bidbrain.app/rtimp
172.67.176.164
https://mc.yandex.com/webvisor/33590114?wv-part=3&wv-check=38163&wv-type=0&wmode=0&wv-hit=880766209&page-url=https%3A%2F%2Ftransfiles.ru%2Fvyjw4&rn=196412308&browser-info=we%3A1%3Aet%3A1716814872%3Aw%3A1263x907%3Av%3A1350%3Az%3A-240%3Ai%3A20240527090112%3Au%3A1716814863853134129%3Avf%3Aqwnfzu763lnwkqrexyqp4e3mj%3Ast%3A1716814872&t=gdpr(14)ti(1)
87.250.250.119
https://transfiles.ru/images/ru.png
65.108.228.44
https://mc.yandex.com/webvisor/33590114?wv-part=2&wv-type=7&wmode=0&wv-hit=880766209&page-url=https%3A%2F%2Ftransfiles.ru%2Fvyjw4&rn=305471114&browser-info=we%3A1%3Aet%3A1716814872%3Aw%3A1263x907%3Av%3A1350%3Az%3A-240%3Ai%3A20240527090111%3Au%3A1716814863853134129%3Avf%3Aqwnfzu763lnwkqrexyqp4e3mj%3Ast%3A1716814872&t=gdpr(14)ti(1)
87.250.250.119
http://bxcreative.com
unknown
https://transfiles.ru/css/jquery.mCustomScrollbar.css
65.108.228.44
https://www.google.com/ads/ga-audiences
unknown
https://td.doubleclick.net
unknown
https://www.merchant-center-analytics.goog
unknown
https://mc.yandex.com/metrika/metrika_match.html
93.158.134.119
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
mc.yandex.ru
87.250.250.119
googleads.g.doubleclick.net
172.217.18.98
transfiles.ru
65.108.228.44
cdn.bidbrain.app
172.67.176.164
www.google.com
216.58.212.164
serve.bidbrain.app
172.67.176.164
g.bidbrain.app
172.67.176.164
mc.yandex.com
unknown

IPs

IP
Domain
Country
Malicious
172.67.176.164
cdn.bidbrain.app
United States
216.58.212.164
www.google.com
United States
65.108.228.44
transfiles.ru
United States
216.58.206.66
unknown
United States
87.250.250.119
mc.yandex.ru
Russian Federation
192.168.2.18
unknown
unknown
239.255.255.250
unknown
Reserved
93.158.134.119
unknown
Russian Federation
172.217.16.194
unknown
United States
172.217.18.98
googleads.g.doubleclick.net
United States

Registry

Path
Value
Malicious
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.FriendlyAppName
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe.ApplicationCompany
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files\Mozilla Firefox\firefox.exe.FriendlyAppName
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files\Mozilla Firefox\firefox.exe.ApplicationCompany
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files\Internet Explorer\iexplore.exe.FriendlyAppName
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files\Internet Explorer\iexplore.exe.ApplicationCompany
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE.FriendlyAppName
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE.ApplicationCompany
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Windows\system32\mspaint.exe.FriendlyAppName
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Windows\system32\mspaint.exe.ApplicationCompany
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Windows\system32\NOTEPAD.EXE.FriendlyAppName
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Windows\system32\NOTEPAD.EXE.ApplicationCompany
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files (x86)\Microsoft Office\root\Office16\Winword.exe.FriendlyAppName
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files (x86)\Microsoft Office\root\Office16\Winword.exe.ApplicationCompany
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files (x86)\Windows Media Player\wmplayer.exe.FriendlyAppName
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files (x86)\Windows Media Player\wmplayer.exe.ApplicationCompany
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE.FriendlyAppName
HKEY_CURRENT_USER_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE.ApplicationCompany
There are 8 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
26176F88000
heap
page read and write
26176F80000
heap
page read and write
261770DB000
heap
page read and write
22D03AA4000
heap
page read and write
26176F84000
heap
page read and write
26176F57000
heap
page read and write
26177088000
heap
page read and write
26177132000
heap
page read and write
26176FB1000
heap
page read and write
26177075000
heap
page read and write
26175076000
heap
page read and write
261750C5000
heap
page read and write
26177099000
heap
page read and write
26176F9C000
heap
page read and write
26176F8D000
heap
page read and write
22D03A8D000
heap
page read and write
261770C3000
heap
page read and write
C341BFD000
stack
page read and write
26176F97000
heap
page read and write
26176F50000
heap
page read and write
26176F88000
heap
page read and write
261750B9000
heap
page read and write
776C8FE000
stack
page read and write
261770FD000
heap
page read and write
26176F7C000
heap
page read and write
26176FA7000
heap
page read and write
26176FA0000
heap
page read and write
261770AB000
heap
page read and write
26175060000
heap
page read and write
26179CA0000
heap
page read and write
26176FB1000
heap
page read and write
26176F8F000
heap
page read and write
22D03A81000
heap
page read and write
26176F9B000
heap
page read and write
26176FB2000
heap
page read and write
26176F8A000
heap
page read and write
26176F7C000
heap
page read and write
26176F8B000
heap
page read and write
CF8F4FC000
stack
page read and write
7FF73DF57000
unkown
page readonly
261770DD000
heap
page read and write
261750BF000
heap
page read and write
26176FA6000
heap
page read and write
22D03A73000
heap
page read and write
CF8F6FF000
stack
page read and write
261797D5000
heap
page read and write
261750B0000
heap
page read and write
26176FBA000
heap
page read and write
261797BA000
heap
page read and write
26176F88000
heap
page read and write
26176F97000
heap
page read and write
26177116000
heap
page read and write
261750E3000
heap
page read and write
26175078000
heap
page read and write
261750E0000
heap
page read and write
22D03A92000
heap
page read and write
26175018000
heap
page read and write
22D03A8A000
heap
page read and write
26176F8B000
heap
page read and write
26176F9C000
heap
page read and write
22D05360000
heap
page read and write
26176F52000
heap
page read and write
261770A8000
heap
page read and write
261770C7000
heap
page read and write
26176FA5000
heap
page read and write
7FF73DF10000
unkown
page readonly
26175108000
heap
page read and write
797C9CE000
stack
page read and write
22D05BE4000
trusted library allocation
page read and write
26176F8B000
heap
page read and write
22D05C20000
trusted library allocation
page read and write
22D05310000
heap
page read and write
26176F69000
heap
page read and write
22D039B0000
heap
page read and write
261750E4000
heap
page read and write
261770AB000
heap
page read and write
26176FA0000
heap
page read and write
22D059A0000
trusted library allocation
page read and write
261770A3000
heap
page read and write
261750E9000
heap
page read and write
26176F69000
heap
page read and write
261797C8000
heap
page read and write
261797B5000
heap
page read and write
26176F60000
heap
page read and write
261750E0000
heap
page read and write
261750ED000
heap
page read and write
26176F74000
heap
page read and write
26176F84000
heap
page read and write
261750C9000
heap
page read and write
C341DFE000
stack
page read and write
261750CB000
heap
page read and write
26176F65000
heap
page read and write
261750BD000
heap
page read and write
261797A5000
heap
page read and write
26176F84000
heap
page read and write
261750BC000
heap
page read and write
261750DA000
heap
page read and write
CF8F5FF000
stack
page read and write
261769CC000
heap
page read and write
261770A9000
heap
page read and write
26177042000
heap
page read and write
22D05367000
heap
page read and write
22D03A8A000
heap
page read and write
26176F9C000
heap
page read and write
261770C0000
heap
page read and write
22D05BE2000
trusted library allocation
page read and write
261770DB000
heap
page read and write
261770A2000
heap
page read and write
261750ED000
heap
page read and write
26176F9A000
heap
page read and write
2617B804000
trusted library allocation
page read and write
261750C9000
heap
page read and write
26176F84000
heap
page read and write
26176FA7000
heap
page read and write
26176F66000
heap
page read and write
26176F8D000
heap
page read and write
26176F9B000
heap
page read and write
26176F6F000
heap
page read and write
7FF73DF41000
unkown
page read and write
26177132000
heap
page read and write
797CE7C000
stack
page read and write
2617705C000
heap
page read and write
261750DB000
heap
page read and write
261770C2000
heap
page read and write
2617979C000
heap
page read and write
C3420FF000
stack
page read and write
261750AA000
heap
page read and write
2617704D000
heap
page read and write
261750A6000
heap
page read and write
2617708D000
heap
page read and write
26176FA7000
heap
page read and write
26176F84000
heap
page read and write
26176FA7000
heap
page read and write
261770DD000
heap
page read and write
26176F8B000
heap
page read and write
7FF73DF11000
unkown
page execute read
2617707E000
heap
page read and write
26177058000
heap
page read and write
26176FB3000
heap
page read and write
26175010000
heap
page read and write
26176F80000
heap
page read and write
26176F78000
heap
page read and write
261750A6000
heap
page read and write
26177116000
heap
page read and write
22D03A89000
heap
page read and write
261797CA000
heap
page read and write
26175083000
heap
page read and write
2617708D000
heap
page read and write
26176F40000
heap
page read and write
22D03A7F000
heap
page read and write
26176F97000
heap
page read and write
26176F69000
heap
page read and write
22D03A96000
heap
page read and write
22D05BA0000
trusted library allocation
page read and write
261770DB000
heap
page read and write
797CD7E000
stack
page read and write
26177094000
heap
page read and write
2617510A000
heap
page read and write
26176F78000
heap
page read and write
26176F5B000
heap
page read and write
2617507C000
heap
page read and write
26176F9D000
heap
page read and write
26174FD0000
heap
page read and write
24341E18000
heap
page read and write
261750C3000
heap
page read and write
26176FA7000
heap
page read and write
26176F80000
heap
page read and write
26176F55000
heap
page read and write
26176F6A000
heap
page read and write
261770BD000
heap
page read and write
26176F5E000
heap
page read and write
2617B822000
trusted library allocation
page read and write
26176F9B000
heap
page read and write
22D05BD7000
trusted library allocation
page read and write
261750CB000
heap
page read and write
26176F97000
heap
page read and write
26176F8B000
heap
page read and write
2617712E000
heap
page read and write
261750EA000
heap
page read and write
26176F9B000
heap
page read and write
26176FA5000
heap
page read and write
24341E1E000
heap
page read and write
22D03A53000
heap
page read and write
26176FA0000
heap
page read and write
26176F78000
heap
page read and write
261750F0000
heap
page read and write
26176FA4000
heap
page read and write
26176F8B000
heap
page read and write
26176F97000
heap
page read and write
776C97E000
stack
page read and write
2617706E000
heap
page read and write
22D03AAA000
heap
page read and write
26176F5D000
heap
page read and write
26177060000
heap
page read and write
2617508D000
heap
page read and write
22D03A80000
heap
page read and write
261770A0000
heap
page read and write
7FF73DF44000
unkown
page readonly
26179797000
heap
page read and write
261750D3000
heap
page read and write
22D03AA4000
heap
page read and write
26176FA9000
heap
page read and write
261797A1000
heap
page read and write
26176F60000
heap
page read and write
26176FB5000
heap
page read and write
22D03A86000
heap
page read and write
261797C2000
heap
page read and write
26176F68000
heap
page read and write
26176F70000
heap
page read and write
26177136000
heap
page read and write
26176F9B000
heap
page read and write
22D03A05000
heap
page read and write
26176F74000
heap
page read and write
26176F7C000
heap
page read and write
26175104000
heap
page read and write
2617709C000
heap
page read and write
261750C3000
heap
page read and write
26176F6F000
heap
page read and write
7FF73DF32000
unkown
page readonly
261770DB000
heap
page read and write
26176F5B000
heap
page read and write
2617706C000
heap
page read and write
22D03A85000
heap
page read and write
26176F65000
heap
page read and write
261797C8000
heap
page read and write
26176F50000
heap
page read and write
261750AA000
heap
page read and write
261750C0000
heap
page read and write
26177122000
heap
page read and write
261770E2000
heap
page read and write
26175104000
heap
page read and write
261750DF000
heap
page read and write
2617709F000
heap
page read and write
26176FB4000
heap
page read and write
22D03A9B000
heap
page read and write
261750B0000
heap
page read and write
7FF73DF32000
unkown
page readonly
26176F88000
heap
page read and write
261770C7000
heap
page read and write
24341D20000
heap
page read and write
26176FAD000
heap
page read and write
261769C0000
heap
page read and write
261769B0000
heap
page read and write
26176F61000
heap
page read and write
797C946000
stack
page read and write
26176F84000
heap
page read and write
261797C5000
heap
page read and write
26176F7C000
heap
page read and write
26176F9A000
heap
page read and write
261750B5000
heap
page read and write
2617713B000
heap
page read and write
26176F78000
heap
page read and write
26177084000
heap
page read and write
26176F78000
heap
page read and write
22D039D0000
heap
page read and write
22D070F0000
trusted library allocation
page read and write
26177040000
heap
page read and write
26177055000
heap
page read and write
26176FAE000
heap
page read and write
26176F62000
heap
page read and write
22D03AA4000
heap
page read and write
26176F66000
heap
page read and write
261750BE000
heap
page read and write
776C9FF000
stack
page read and write
26177086000
heap
page read and write
26176F89000
heap
page read and write
26176F60000
heap
page read and write
26176F6F000
heap
page read and write
26175100000
heap
page read and write
26176F78000
heap
page read and write
261770B3000
heap
page read and write
797CC7E000
stack
page read and write
24341E10000
heap
page read and write
261750E9000
heap
page read and write
26177083000
heap
page read and write
26176F97000
heap
page read and write
26176F8B000
heap
page read and write
26175070000
heap
page read and write
22D05D20000
trusted library allocation
page read and write
261750C7000
heap
page read and write
2617979C000
heap
page read and write
26176F60000
heap
page read and write
22D070F0000
trusted library allocation
page read and write
26176F8B000
heap
page read and write
26176F79000
heap
page read and write
261770BA000
heap
page read and write
261750DF000
heap
page read and write
261750D2000
heap
page read and write
26176F84000
heap
page read and write
26176F59000
heap
page read and write
261770AD000
heap
page read and write
2617707D000
heap
page read and write
7FF73DF40000
unkown
page readonly
23EF0380000
heap
page read and write
7FF73DF41000
unkown
page write copy
C341CFD000
stack
page read and write
26176FA5000
heap
page read and write
261750B1000
heap
page read and write
26177060000
heap
page read and write
2617713A000
heap
page read and write
26176FA4000
heap
page read and write
22D03A80000
heap
page read and write
26175089000
heap
page read and write
26177083000
heap
page read and write
C341FFE000
stack
page read and write
26176F88000
heap
page read and write
26177132000
heap
page read and write
797CEFB000
stack
page read and write
261770BB000
heap
page read and write
261770BD000
heap
page read and write
26179190000
trusted library allocation
page read and write
261750CE000
heap
page read and write
2617713D000
heap
page read and write
26176FA4000
heap
page read and write
261797A7000
heap
page read and write
261750B0000
heap
page read and write
261750D7000
heap
page read and write
26177104000
heap
page read and write
23EF04B0000
heap
page read and write
22D038D0000
heap
page read and write
261797C8000
heap
page read and write
261750E6000
heap
page read and write
261750E6000
heap
page read and write
261797C3000
heap
page read and write
22D05350000
heap
page read and write
26179780000
heap
page read and write
26176F97000
heap
page read and write
2617711C000
heap
page read and write
261750B5000
heap
page read and write
261770A0000
heap
page read and write
26177097000
heap
page read and write
26177075000
heap
page read and write
26177086000
heap
page read and write
797CCFE000
stack
page read and write
26176F97000
heap
page read and write
26176F6F000
heap
page read and write
22D03A9C000
heap
page read and write
2617510A000
heap
page read and write
23EF0460000
heap
page read and write
261770DB000
heap
page read and write
26176F95000
heap
page read and write
26176F9C000
heap
page read and write
26175078000
heap
page read and write
22D03A76000
heap
page read and write
22D03A40000
heap
page read and write
26175083000
heap
page read and write
24342060000
heap
page read and write
797D0FB000
stack
page read and write
26176F78000
heap
page read and write
26176F71000
heap
page read and write
261770BF000
heap
page read and write
22D03AA4000
heap
page read and write
26175090000
heap
page read and write
2617508B000
heap
page read and write
26176F80000
heap
page read and write
261750E3000
heap
page read and write
26176F89000
heap
page read and write
26177075000
heap
page read and write
26175078000
heap
page read and write
26177091000
heap
page read and write
22D03A89000
heap
page read and write
22D03A00000
heap
page read and write
26176F53000
heap
page read and write
261750D6000
heap
page read and write
26177066000
heap
page read and write
23EF0490000
heap
page read and write
22D03A7F000
heap
page read and write
26176F6F000
heap
page read and write
26176FA4000
heap
page read and write
26176F97000
heap
page read and write
24341F30000
heap
page read and write
26176F97000
heap
page read and write
26176F9B000
heap
page read and write
26176F8D000
heap
page read and write
24341FB0000
heap
page read and write
22D05353000
heap
page read and write
26175083000
heap
page read and write
26176F6F000
heap
page read and write
26176FAD000
heap
page read and write
2617706A000
heap
page read and write
261770E2000
heap
page read and write
26176F52000
heap
page read and write
26174EF0000
heap
page read and write
22D03A92000
heap
page read and write
261750C1000
heap
page read and write
23EF04BC000
heap
page read and write
22D03A47000
heap
page read and write
261750B0000
heap
page read and write
261769CD000
heap
page read and write
26176F8B000
heap
page read and write
26177060000
heap
page read and write
24342065000
heap
page read and write
261750CC000
heap
page read and write
26176F78000
heap
page read and write
26176F74000
heap
page read and write
26176F84000
heap
page read and write
261770B8000
heap
page read and write
261750D7000
heap
page read and write
261770AD000
heap
page read and write
24341F10000
heap
page read and write
26176F79000
heap
page read and write
26177095000
heap
page read and write
261750DF000
heap
page read and write
261797A7000
heap
page read and write
C341AFA000
stack
page read and write
22D05D30000
trusted library allocation
page read and write
261769C4000
heap
page read and write
261750D4000
heap
page read and write
2617505F000
heap
page read and write
261750AA000
heap
page read and write
26176F7C000
heap
page read and write
261750C4000
heap
page read and write
26176FAD000
heap
page read and write
26176FAD000
heap
page read and write
2617712E000
heap
page read and write
22D03A97000
heap
page read and write
26177068000
heap
page read and write
26177064000
heap
page read and write
22D03A7C000
heap
page read and write
26176F7C000
heap
page read and write
776C87C000
stack
page read and write
26176F5D000
heap
page read and write
2617707E000
heap
page read and write
261750E3000
heap
page read and write
26177138000
heap
page read and write
23EF1E30000
heap
page read and write
797CDFD000
stack
page read and write
261750B7000
heap
page read and write
26176F88000
heap
page read and write
261768B0000
heap
page read and write
There are 420 hidden memdumps, click here to show them.

DOM / HTML

URL
Malicious
https://transfiles.ru/vyjw4
https://googleads.g.doubleclick.net/pagead/html/r20240522/r20110914/zrt_lookup_fy2021.html
https://googleads.g.doubleclick.net/pagead/html/r20240522/r20110914/zrt_lookup_fy2021.html
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9678335887055925&output=html&adk=1812271804&adf=3025194257&abgtt=3&lmt=1716814864&plat=2%3A16777216%2C3%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=135x714_r&format=0x0&url=https%3A%2F%2Ftransfiles.ru%2Fvyjw4&pra=7&wgl=1&easpi=0&aihb=0&asro=0&aiael=1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xNDkiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTQ5Il0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xNDkiXV0sMF0.&dt=1716814863478&bpp=2&bdt=4830&idt=648&shv=r20240522&mjsv=m202405220101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=970x280%2C970x100&nras=1&correlator=2846887072687&frm=20&pv=1&ga_vid=625688542.1716814864&ga_sid=1716814864&ga_hid=478524190&ga_fc=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=126
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9678335887055925&output=html&h=280&slotname=7823858479&adk=642103812&adf=441738196&pi=t.ma~as.7823858479&w=970&abgtt=3&fwrn=4&fwrnh=100&lmt=1716814864&rafmt=1&format=970x280&url=https%3A%2F%2Ftransfiles.ru%2Fvyjw4&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xNDkiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTQ5Il0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xNDkiXV0sMF0.&dt=1716814862308&bpp=4&bdt=3661&idt=1768&shv=r20240522&mjsv=m202405220101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=2846887072687&frm=20&pv=2&ga_vid=625688542.1716814864&ga_sid=1716814864&ga_hid=478524190&ga_fc=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=147&ady=158&biw=1263&bih=907&scr_x=0&scr_y=20&eid=44759876%2C44759927%2C44759842%2C31081564%2C31083869%2C31083906%2C42532523%2C95331982%2C31083976%2C95331711%2C21065724%2C3107866
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9678335887055925&output=html&h=100&slotname=8540115672&adk=3304334544&adf=3870114935&pi=t.ma~as.8540115672&w=970&abgtt=3&lmt=1716814864&format=970x100&url=https%3A%2F%2Ftransfiles.ru%2Fvyjw4&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xNDkiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTQ5Il0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xNDkiXV0sMF0.&dt=1716814862312&bpp=1&bdt=3665&idt=1804&shv=r20240522&mjsv=m202405220101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=970x280&correlator=2846887072687&frm=20&pv=1&ga_vid=625688542.1716814864&ga_sid=1716814864&ga_hid=478524190&ga_fc=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=147&ady=823&biw=1263&bih=907&scr_x=0&scr_y=58&eid=44759876%2C44759927%2C44759842%2C31081564%2C31083869%2C31083906%2C42532523%2C95331982%2C31083976%2C95331711%2C21065724%2C31078663%2C31078665%2C31078668%2C31078670&oid=2&p
https://googleads.g.doubleclick.net/pagead/html/r20240522/r20110914/zrt_lookup_fy2021.html#RS-0-&adk=1812271808&client=ca-pub-9678335887055925&fa=8&ifi=4&uci=a!4
https://googleads.g.doubleclick.net/pagead/html/r20240522/r20110914/zrt_lookup_fy2021.html#RS-2-&adk=1812271801&client=ca-pub-9678335887055925&fa=1&ifi=6&uci=a!6&btvi=2
https://googleads.g.doubleclick.net/pagead/html/r20240522/r20110914/zrt_lookup_fy2021.html#RS-1-&adk=1812271804&client=ca-pub-9678335887055925&fa=4&ifi=5&uci=a!5&btvi=1