Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'UnHackMe Monitor' = '%ProgramFiles%\UnHackMe\hackmon.exe'
- [<HKLM>\SOFTWARE\Classes\RNRFile\shell\open\command] '' = '"%ProgramFiles%\UnHackMe\Reanimator.exe" /help "%1"'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%ProgramFiles%\UnHackMe\RegRunInfo.exe' = '%ProgramFiles%\UnHackMe\Reg...
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%ProgramFiles%\UnHackMe\wu.exe' = '%ProgramFiles%\UnHackMe\wu.exe:*:En...
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram program="%ProgramFiles%\UnHackMe\wu.exe" name="UnHackMe Updater" mode=ENABLE profile=CURRENT
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram program="%ProgramFiles%\UnHackMe\regruninfo.exe" name="UnHackMe Info" mode=ENABLE profile=CURRENT
- %TEMP%\aut1.tmp
- %ProgramFiles%\UnHackMe\is-TCAVE.tmp
- %ProgramFiles%\UnHackMe\is-KUGDB.tmp
- %ProgramFiles%\UnHackMe\is-1KTS4.tmp
- %ProgramFiles%\UnHackMe\is-304KA.tmp
- <DRIVERS>\is-8LVKG.tmp
- <SYSTEM32>\is-K7CPL.tmp
- %ProgramFiles%\UnHackMe\is-7VL8O.tmp
- %ProgramFiles%\UnHackMe\is-SS8UG.tmp
- %ALLUSERSPROFILE%\Start Menu\Programs\UnHackMe\Start UnHackMe.lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\UnHackMe\UnHackMe Monitor.lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\UnHackMe\Reanimator.lnk
- %HOMEPATH%\Desktop\UnHackMe.lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\UnHackMe\Read me.lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\UnHackMe\How to register.lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\UnHackMe\Uninstall UnHackMe.lnk
- %ALLUSERSPROFILE%\Start Menu\Programs\UnHackMe\Check for UnHackMe updates.lnk
- %ProgramFiles%\UnHackMe\unins000.msg
- %ProgramFiles%\UnHackMe\unins000.dat
- %TEMP%\GreatisTmp\regruninfo.log
- %HOMEPATH%\My Documents\RegRun2\Regrun2.rr2
- %ProgramFiles%\UnHackMe\regrunex
- %ProgramFiles%\UnHackMe\unhackme.log
- <DRIVERS>\etc\hosts.old
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\dbs[1].ini
- %ProgramFiles%\UnHackMe\dbs.ini
- %ALLUSERSPROFILE%\Documents\RegRunInfo\userinfo.db-journal
- %TEMP%\etilqs_DrzpOEFaHhz0RgjcIb1b
- %ProgramFiles%\UnHackMe\is-CN7NT.tmp
- %ALLUSERSPROFILE%\Documents\RegRunInfo\userinfo.db
- %ProgramFiles%\UnHackMe\is-SHULE.tmp
- %ProgramFiles%\UnHackMe\is-DJIEE.tmp
- %CommonProgramFiles%\~gejpsei.ibo
- %TEMP%\is-NEEJ2.tmp\~gejpsei.tmp
- %TEMP%\is-8DVNE.tmp\_isetup\_shfoldr.dll
- %ProgramFiles%\UnHackMe\is-K6JC5.tmp
- %ProgramFiles%\UnHackMe\is-JRCO0.tmp
- %ProgramFiles%\UnHackMe\is-9G78C.tmp
- %ProgramFiles%\UnHackMe\is-FLU4G.tmp
- %ProgramFiles%\UnHackMe\is-GOK4E.tmp
- %ProgramFiles%\UnHackMe\is-BVS4A.tmp
- %ProgramFiles%\UnHackMe\is-VDE52.tmp
- %ProgramFiles%\UnHackMe\is-O92F2.tmp
- %ProgramFiles%\UnHackMe\is-FOJ09.tmp
- %ProgramFiles%\UnHackMe\is-B84II.tmp
- %ProgramFiles%\UnHackMe\is-I3UR8.tmp
- %ProgramFiles%\UnHackMe\is-BAM8T.tmp
- %ProgramFiles%\UnHackMe\is-M0NOE.tmp
- %ProgramFiles%\UnHackMe\is-M84UE.tmp
- %ProgramFiles%\UnHackMe\is-FBBLK.tmp
- %ProgramFiles%\UnHackMe\is-MJD7O.tmp
- %ProgramFiles%\UnHackMe\is-DPSPM.tmp
- %ProgramFiles%\UnHackMe\is-JGP7M.tmp
- %ProgramFiles%\UnHackMe\is-FFOIU.tmp
- %ProgramFiles%\UnHackMe\is-2MJ5C.tmp
- %ProgramFiles%\UnHackMe\is-3ML4P.tmp
- %ProgramFiles%\UnHackMe\is-1NOI3.tmp
- %ProgramFiles%\UnHackMe\is-2PH5V.tmp
- %ProgramFiles%\UnHackMe\is-B8PVG.tmp
- %ProgramFiles%\UnHackMe\is-0OJ5D.tmp
- %HOMEPATH%\My Documents\RegRun2\rr2log.txt
- %CommonProgramFiles%\~gejpsei.ibo
- %TEMP%\aut1.tmp
- %ProgramFiles%\UnHackMe\Unhackme.exe
- %TEMP%\is-8DVNE.tmp\_isetup\_shfoldr.dll
- %ProgramFiles%\UnHackMe\regrunex
- %TEMP%\is-NEEJ2.tmp\~gejpsei.tmp
- %ALLUSERSPROFILE%\Documents\RegRunInfo\userinfo.db-journal
- from %ProgramFiles%\UnHackMe\is-K6JC5.tmp to %ProgramFiles%\UnHackMe\unins000.exe
- from %ProgramFiles%\UnHackMe\is-2MJ5C.tmp to %ProgramFiles%\UnHackMe\regrun2.hlp
- from %ProgramFiles%\UnHackMe\is-3ML4P.tmp to %ProgramFiles%\UnHackMe\regrunck.exe
- from %ProgramFiles%\UnHackMe\is-1NOI3.tmp to %ProgramFiles%\UnHackMe\regruninfo.db
- from %ProgramFiles%\UnHackMe\is-2PH5V.tmp to %ProgramFiles%\UnHackMe\RegRunInfo.exe
- from %ProgramFiles%\UnHackMe\is-B8PVG.tmp to %ProgramFiles%\UnHackMe\UnHackMe.chm
- from %ProgramFiles%\UnHackMe\is-DJIEE.tmp to %ProgramFiles%\UnHackMe\UnHackMe.cnt
- from %ProgramFiles%\UnHackMe\is-CN7NT.tmp to %ProgramFiles%\UnHackMe\unhackme.log
- from %ProgramFiles%\UnHackMe\is-7VL8O.tmp to %ProgramFiles%\UnHackMe\ShowTrayIcon.exe
- from %ProgramFiles%\UnHackMe\is-TCAVE.tmp to %ProgramFiles%\UnHackMe\unhackmedb.unh
- from %ProgramFiles%\UnHackMe\is-KUGDB.tmp to %ProgramFiles%\UnHackMe\UnHackMeDrv.sys
- from %ProgramFiles%\UnHackMe\is-1KTS4.tmp to %ProgramFiles%\UnHackMe\unhackmeschedule.exe
- from %ProgramFiles%\UnHackMe\is-304KA.tmp to %ProgramFiles%\UnHackMe\wu.exe
- from <DRIVERS>\is-8LVKG.tmp to <DRIVERS>\UnHackMeDrv.sys
- from <SYSTEM32>\is-K7CPL.tmp to <SYSTEM32>\partizan.exe
- from %ProgramFiles%\UnHackMe\is-FFOIU.tmp to %ProgramFiles%\UnHackMe\regrun2.cnt
- from %ProgramFiles%\UnHackMe\is-SHULE.tmp to %ProgramFiles%\UnHackMe\UnHackMe.hlp
- from %ProgramFiles%\UnHackMe\is-JGP7M.tmp to %ProgramFiles%\UnHackMe\regrun2.chm
- from %ProgramFiles%\UnHackMe\is-O92F2.tmp to %ProgramFiles%\UnHackMe\hackmon.exe
- from %ProgramFiles%\UnHackMe\is-JRCO0.tmp to %ProgramFiles%\UnHackMe\Unhackme.exe
- from %ProgramFiles%\UnHackMe\is-9G78C.tmp to %ProgramFiles%\UnHackMe\7za.exe
- from %ProgramFiles%\UnHackMe\is-FLU4G.tmp to %ProgramFiles%\UnHackMe\database.rdb
- from %ProgramFiles%\UnHackMe\is-GOK4E.tmp to %ProgramFiles%\UnHackMe\dbs.db
- from %ProgramFiles%\UnHackMe\is-BVS4A.tmp to %ProgramFiles%\UnHackMe\dbswww.ini
- from %ProgramFiles%\UnHackMe\is-VDE52.tmp to %ProgramFiles%\UnHackMe\greatis.rdb
- from %ProgramFiles%\UnHackMe\is-FOJ09.tmp to %ProgramFiles%\UnHackMe\jsonfast.dll
- from %ProgramFiles%\UnHackMe\is-MJD7O.tmp to %ProgramFiles%\UnHackMe\readme.txt
- from %ProgramFiles%\UnHackMe\is-B84II.tmp to %ProgramFiles%\UnHackMe\license.txt
- from %ProgramFiles%\UnHackMe\is-I3UR8.tmp to %ProgramFiles%\UnHackMe\logo.bmp
- from %ProgramFiles%\UnHackMe\is-BAM8T.tmp to %ProgramFiles%\UnHackMe\mozlz4d.exe
- from %ProgramFiles%\UnHackMe\is-M0NOE.tmp to %ProgramFiles%\UnHackMe\order.txt
- from %ProgramFiles%\UnHackMe\is-M84UE.tmp to %ProgramFiles%\UnHackMe\parser.dll
- from %ProgramFiles%\UnHackMe\is-FBBLK.tmp to %ProgramFiles%\UnHackMe\partizan.exe
- from %ProgramFiles%\UnHackMe\is-DPSPM.tmp to %ProgramFiles%\UnHackMe\reanimator.exe
- from %ProgramFiles%\UnHackMe\is-SS8UG.tmp to %ProgramFiles%\UnHackMe\rune.exe
- %ProgramFiles%\UnHackMe\Unhackme.exe
- %ALLUSERSPROFILE%\Documents\RegRunInfo\userinfo.db-journal
- 'ap#.###eanalytics.com':443
- 'gr##tis.com':80
- 'ap#.###eanalytics.com':80
- '20#.#6.232.182':80
- http://gr##tis.com/dbs.ini
- http://crl.microsoft.com/pki/crl/products/WindowsPCA.crl via 20#.#6.232.182
- http://ap#.###eanalytics.com/v2/84f59394d02af0dc667a9d9deda58ef2/init
- http://ap#.###eanalytics.com/v2/84f59394d02af0dc667a9d9deda58ef2/events
- DNS ASK ap#.###eanalytics.com
- DNS ASK gr##tis.com
- DNS ASK crl.microsoft.com
- ClassName: 'MS_WINHELP' WindowName: ''
- ClassName: 'TApplication' WindowName: 'UnhackMe'
- ClassName: 'TfrmMon' WindowName: ''
- '%CommonProgramFiles%\~gejpsei.ibo' /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP-
- '%TEMP%\is-NEEJ2.tmp\~gejpsei.tmp' /SL5="$100E2,18763322,56832,%CommonProgramFiles%\~gejpsei.ibo" /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP-
- '%ProgramFiles%\UnHackMe\unhackmeschedule.exe'
- '%ProgramFiles%\UnHackMe\reanimator.exe' /c
- '%ProgramFiles%\UnHackMe\RegRunInfo.exe' /postins
- '%ProgramFiles%\UnHackMe\Unhackme.exe'
- '%ProgramFiles%\UnHackMe\hackmon.exe'
- '%ProgramFiles%\UnHackMe\ShowTrayIcon.exe'
- '%ProgramFiles%\UnHackMe\reanimator.exe' /wiz /full /malw
- '%ProgramFiles%\UnHackMe\wu.exe' http://gr##tis.com/dbs.ini /r /i
- '%ProgramFiles%\UnHackMe\reanimator.exe' /wiz /full /hid