Analysis Overview
SHA256
5695a75d96e56497ab5f7175d5c1da59a4565df668cb89db774eefbb5bfb6cf5
Threat Level: Known bad
The file 2023-09-04.zip was found to be: Known bad.
Malicious Activity Summary
Async RAT payload
Mirai family
Nanocore family
Irata family
Neshta
RedLine
Darkcloud family
Detect Lumma Stealer payload V4
Detect Neshta payload
njRAT/Bladabindi
Strrat family
AsyncRat
Modifies WinLogon for persistence
Irata payload
Neshta family
RedLine payload
Metasploit family
Dcrat family
DcRat
DCRat payload
Agenttesla family
Process spawned unexpected child process
Njrat family
AgentTesla
Asyncrat family
Formbook
Lumma family
Redline family
Formbook payload
DCRat payload
Command and Scripting Interpreter: PowerShell
Suspicious Office macro
Uses the VBS compiler for execution
UPX packed file
VMProtect packed file
Loads dropped DLL
Looks up external IP address via web service
Adds Run key to start application
Declares broadcast receivers with permission to handle system events
Requests dangerous framework permissions
Declares services with permission to bind to the system
Drops file in Program Files directory
Drops file in Windows directory
Detects Pyinstaller
Program crash
Unsigned PE
NSIS installer
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Creates scheduled task(s)
Uses Task Scheduler COM API
Suspicious behavior: GetForegroundWindowSpam
Office document contains embedded OLE objects
Gathers network information
Checks SCSI registry key(s)
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-05-24 01:45
Signatures
Agenttesla family
Async RAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Asyncrat family
DCRat payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Darkcloud family
Dcrat family
Detect Lumma Stealer payload V4
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detect Neshta payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Irata family
Irata payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Lumma family
Metasploit family
Mirai family
Nanocore family
Neshta family
Njrat family
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Redline family
Strrat family
Suspicious Office macro
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
VMProtect packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Declares broadcast receivers with permission to handle system events
| Description | Indicator | Process | Target |
| Required by device admin receivers to bind with the system. Allows apps to manage device administration features. | android.permission.BIND_DEVICE_ADMIN | N/A | N/A |
Declares services with permission to bind to the system
| Description | Indicator | Process | Target |
| Required by accessibility services to bind with the system. Allows apps to access accessibility features. | android.permission.BIND_ACCESSIBILITY_SERVICE | N/A | N/A |
| Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. | android.permission.BIND_NOTIFICATION_LISTENER_SERVICE | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
NSIS installer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Office document contains embedded OLE objects
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-24 01:42
Reported
2024-05-24 01:56
Platform
win10-20240404-en
Max time kernel
176s
Max time network
542s
Command Line
Signatures
AgentTesla
AsyncRat
DcRat
Detect Neshta payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Formbook
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, \"C:\\Program Files\\Windows NT\\TableTextService\\en-US\\OfficeClickToRun.exe\"" | C:\Users\Admin\Desktop\fol\2023-09-04\1585f8fcf9fcb6c0205456da7993f3d4c3cf0fb9af1ce935c1a37f5da867b05d.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, \"C:\\Program Files\\Windows NT\\TableTextService\\en-US\\OfficeClickToRun.exe\", \"C:\\Recovery\\WindowsRE\\smss.exe\", \"C:\\Users\\All Users\\Adobe\\Setup\\dllhost.exe\"" | C:\Users\Admin\Desktop\fol\2023-09-04\1585f8fcf9fcb6c0205456da7993f3d4c3cf0fb9af1ce935c1a37f5da867b05d.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, \"C:\\Program Files\\Windows NT\\TableTextService\\en-US\\OfficeClickToRun.exe\", \"C:\\Recovery\\WindowsRE\\smss.exe\", \"C:\\Users\\All Users\\Adobe\\Setup\\dllhost.exe\", \"C:\\Users\\Default User\\sppsvc.exe\", \"C:\\Users\\Default\\spoolsv.exe\"" | C:\Users\Admin\Desktop\fol\2023-09-04\1585f8fcf9fcb6c0205456da7993f3d4c3cf0fb9af1ce935c1a37f5da867b05d.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, \"C:\\Program Files\\Windows NT\\TableTextService\\en-US\\OfficeClickToRun.exe\", \"C:\\Recovery\\WindowsRE\\smss.exe\", \"C:\\Users\\All Users\\Adobe\\Setup\\dllhost.exe\", \"C:\\Users\\Default User\\sppsvc.exe\", \"C:\\Users\\Default\\spoolsv.exe\", \"C:\\Windows\\CbsTemp\\sihost.exe\"" | C:\Users\Admin\Desktop\fol\2023-09-04\1585f8fcf9fcb6c0205456da7993f3d4c3cf0fb9af1ce935c1a37f5da867b05d.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, \"C:\\Program Files\\Windows NT\\TableTextService\\en-US\\OfficeClickToRun.exe\", \"C:\\Recovery\\WindowsRE\\smss.exe\", \"C:\\Users\\All Users\\Adobe\\Setup\\dllhost.exe\", \"C:\\Users\\Default User\\sppsvc.exe\", \"C:\\Users\\Default\\spoolsv.exe\", \"C:\\Windows\\CbsTemp\\sihost.exe\", \"C:\\Program Files\\Windows Defender\\de-DE\\services.exe\", \"C:\\Users\\Default\\RuntimeBroker.exe\", \"C:\\Windows\\SystemResources\\Windows.Data.TimeZones\\pris\\wininit.exe\"" | C:\Users\Admin\Desktop\fol\2023-09-04\1585f8fcf9fcb6c0205456da7993f3d4c3cf0fb9af1ce935c1a37f5da867b05d.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, \"C:\\Program Files\\Windows NT\\TableTextService\\en-US\\OfficeClickToRun.exe\", \"C:\\Recovery\\WindowsRE\\smss.exe\"" | C:\Users\Admin\Desktop\fol\2023-09-04\1585f8fcf9fcb6c0205456da7993f3d4c3cf0fb9af1ce935c1a37f5da867b05d.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, \"C:\\Program Files\\Windows NT\\TableTextService\\en-US\\OfficeClickToRun.exe\", \"C:\\Recovery\\WindowsRE\\smss.exe\", \"C:\\Users\\All Users\\Adobe\\Setup\\dllhost.exe\", \"C:\\Users\\Default User\\sppsvc.exe\"" | C:\Users\Admin\Desktop\fol\2023-09-04\1585f8fcf9fcb6c0205456da7993f3d4c3cf0fb9af1ce935c1a37f5da867b05d.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, \"C:\\Program Files\\Windows NT\\TableTextService\\en-US\\OfficeClickToRun.exe\", \"C:\\Recovery\\WindowsRE\\smss.exe\", \"C:\\Users\\All Users\\Adobe\\Setup\\dllhost.exe\", \"C:\\Users\\Default User\\sppsvc.exe\", \"C:\\Users\\Default\\spoolsv.exe\", \"C:\\Windows\\CbsTemp\\sihost.exe\", \"C:\\Program Files\\Windows Defender\\de-DE\\services.exe\"" | C:\Users\Admin\Desktop\fol\2023-09-04\1585f8fcf9fcb6c0205456da7993f3d4c3cf0fb9af1ce935c1a37f5da867b05d.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, \"C:\\Program Files\\Windows NT\\TableTextService\\en-US\\OfficeClickToRun.exe\", \"C:\\Recovery\\WindowsRE\\smss.exe\", \"C:\\Users\\All Users\\Adobe\\Setup\\dllhost.exe\", \"C:\\Users\\Default User\\sppsvc.exe\", \"C:\\Users\\Default\\spoolsv.exe\", \"C:\\Windows\\CbsTemp\\sihost.exe\", \"C:\\Program Files\\Windows Defender\\de-DE\\services.exe\", \"C:\\Users\\Default\\RuntimeBroker.exe\"" | C:\Users\Admin\Desktop\fol\2023-09-04\1585f8fcf9fcb6c0205456da7993f3d4c3cf0fb9af1ce935c1a37f5da867b05d.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, \"C:\\Program Files\\Windows NT\\TableTextService\\en-US\\OfficeClickToRun.exe\", \"C:\\Recovery\\WindowsRE\\smss.exe\", \"C:\\Users\\All Users\\Adobe\\Setup\\dllhost.exe\", \"C:\\Users\\Default User\\sppsvc.exe\", \"C:\\Users\\Default\\spoolsv.exe\", \"C:\\Windows\\CbsTemp\\sihost.exe\", \"C:\\Program Files\\Windows Defender\\de-DE\\services.exe\", \"C:\\Users\\Default\\RuntimeBroker.exe\", \"C:\\Windows\\SystemResources\\Windows.Data.TimeZones\\pris\\wininit.exe\", \"C:\\Users\\Admin\\csrss.exe\"" | C:\Users\Admin\Desktop\fol\2023-09-04\49c73b052a2cc5cbf609b2481c7ad293f28235110165064b54f498eb6d45526b.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, \"C:\\Program Files\\Windows NT\\TableTextService\\en-US\\OfficeClickToRun.exe\", \"C:\\Recovery\\WindowsRE\\smss.exe\", \"C:\\Users\\All Users\\Adobe\\Setup\\dllhost.exe\", \"C:\\Users\\Default User\\sppsvc.exe\", \"C:\\Users\\Default\\spoolsv.exe\", \"C:\\Windows\\CbsTemp\\sihost.exe\", \"C:\\Program Files\\Windows Defender\\de-DE\\services.exe\", \"C:\\Users\\Default\\RuntimeBroker.exe\", \"C:\\Windows\\SystemResources\\Windows.Data.TimeZones\\pris\\wininit.exe\", \"C:\\Users\\Admin\\csrss.exe\", \"C:\\Windows\\ModemLogs\\wininit.exe\"" | C:\Users\Admin\Desktop\fol\2023-09-04\49c73b052a2cc5cbf609b2481c7ad293f28235110165064b54f498eb6d45526b.exe | N/A |
Neshta
Process spawned unexpected child process
| Description | Indicator | Process | Target |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe |
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
njRAT/Bladabindi
DCRat payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Formbook payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Command and Scripting Interpreter: PowerShell
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\fol\2023-09-04\b4cdcd853c6ff95dfa20e1667b4b7901dc74e13a7fa0ee1300da949e527ce288.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\fol\2023-09-04\b4cdcd853c6ff95dfa20e1667b4b7901dc74e13a7fa0ee1300da949e527ce288.exe | N/A |
Uses the VBS compiler for execution
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Windows\CurrentVersion\Run\services = "\"C:\\Program Files\\Windows Defender\\de-DE\\services.exe\"" | C:\Users\Admin\Desktop\fol\2023-09-04\1585f8fcf9fcb6c0205456da7993f3d4c3cf0fb9af1ce935c1a37f5da867b05d.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wininit = "\"C:\\Windows\\SystemResources\\Windows.Data.TimeZones\\pris\\wininit.exe\"" | C:\Users\Admin\Desktop\fol\2023-09-04\1585f8fcf9fcb6c0205456da7993f3d4c3cf0fb9af1ce935c1a37f5da867b05d.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sppsvc = "\"C:\\Users\\Default User\\sppsvc.exe\"" | C:\Users\Admin\Desktop\fol\2023-09-04\1585f8fcf9fcb6c0205456da7993f3d4c3cf0fb9af1ce935c1a37f5da867b05d.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smss = "\"C:\\Recovery\\WindowsRE\\smss.exe\"" | C:\Users\Admin\Desktop\fol\2023-09-04\1585f8fcf9fcb6c0205456da7993f3d4c3cf0fb9af1ce935c1a37f5da867b05d.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spoolsv = "\"C:\\Users\\Default\\spoolsv.exe\"" | C:\Users\Admin\Desktop\fol\2023-09-04\1585f8fcf9fcb6c0205456da7993f3d4c3cf0fb9af1ce935c1a37f5da867b05d.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Windows\CurrentVersion\Run\sihost = "\"C:\\Windows\\CbsTemp\\sihost.exe\"" | C:\Users\Admin\Desktop\fol\2023-09-04\1585f8fcf9fcb6c0205456da7993f3d4c3cf0fb9af1ce935c1a37f5da867b05d.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\services = "\"C:\\Program Files\\Windows Defender\\de-DE\\services.exe\"" | C:\Users\Admin\Desktop\fol\2023-09-04\1585f8fcf9fcb6c0205456da7993f3d4c3cf0fb9af1ce935c1a37f5da867b05d.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Windows\CurrentVersion\Run\RuntimeBroker = "\"C:\\Users\\Default\\RuntimeBroker.exe\"" | C:\Users\Admin\Desktop\fol\2023-09-04\1585f8fcf9fcb6c0205456da7993f3d4c3cf0fb9af1ce935c1a37f5da867b05d.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\csrss = "\"C:\\Users\\Admin\\csrss.exe\"" | C:\Users\Admin\Desktop\fol\2023-09-04\49c73b052a2cc5cbf609b2481c7ad293f28235110165064b54f498eb6d45526b.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Windows\CurrentVersion\Run\OfficeClickToRun = "\"C:\\Program Files\\Windows NT\\TableTextService\\en-US\\OfficeClickToRun.exe\"" | C:\Users\Admin\Desktop\fol\2023-09-04\1585f8fcf9fcb6c0205456da7993f3d4c3cf0fb9af1ce935c1a37f5da867b05d.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Windows\CurrentVersion\Run\dllhost = "\"C:\\Users\\All Users\\Adobe\\Setup\\dllhost.exe\"" | C:\Users\Admin\Desktop\fol\2023-09-04\1585f8fcf9fcb6c0205456da7993f3d4c3cf0fb9af1ce935c1a37f5da867b05d.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Windows\CurrentVersion\Run\spoolsv = "\"C:\\Users\\Default\\spoolsv.exe\"" | C:\Users\Admin\Desktop\fol\2023-09-04\1585f8fcf9fcb6c0205456da7993f3d4c3cf0fb9af1ce935c1a37f5da867b05d.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Windows\CurrentVersion\Run\csrss = "\"C:\\Users\\Admin\\csrss.exe\"" | C:\Users\Admin\Desktop\fol\2023-09-04\49c73b052a2cc5cbf609b2481c7ad293f28235110165064b54f498eb6d45526b.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Windows\CurrentVersion\Run\wininit = "\"C:\\Windows\\ModemLogs\\wininit.exe\"" | C:\Users\Admin\Desktop\fol\2023-09-04\49c73b052a2cc5cbf609b2481c7ad293f28235110165064b54f498eb6d45526b.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Windows\CurrentVersion\Run\smss = "\"C:\\Recovery\\WindowsRE\\smss.exe\"" | C:\Users\Admin\Desktop\fol\2023-09-04\1585f8fcf9fcb6c0205456da7993f3d4c3cf0fb9af1ce935c1a37f5da867b05d.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dllhost = "\"C:\\Users\\All Users\\Adobe\\Setup\\dllhost.exe\"" | C:\Users\Admin\Desktop\fol\2023-09-04\1585f8fcf9fcb6c0205456da7993f3d4c3cf0fb9af1ce935c1a37f5da867b05d.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Windows\CurrentVersion\Run\sppsvc = "\"C:\\Users\\Default User\\sppsvc.exe\"" | C:\Users\Admin\Desktop\fol\2023-09-04\1585f8fcf9fcb6c0205456da7993f3d4c3cf0fb9af1ce935c1a37f5da867b05d.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sihost = "\"C:\\Windows\\CbsTemp\\sihost.exe\"" | C:\Users\Admin\Desktop\fol\2023-09-04\1585f8fcf9fcb6c0205456da7993f3d4c3cf0fb9af1ce935c1a37f5da867b05d.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RuntimeBroker = "\"C:\\Users\\Default\\RuntimeBroker.exe\"" | C:\Users\Admin\Desktop\fol\2023-09-04\1585f8fcf9fcb6c0205456da7993f3d4c3cf0fb9af1ce935c1a37f5da867b05d.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Windows\CurrentVersion\Run\wininit = "\"C:\\Windows\\SystemResources\\Windows.Data.TimeZones\\pris\\wininit.exe\"" | C:\Users\Admin\Desktop\fol\2023-09-04\1585f8fcf9fcb6c0205456da7993f3d4c3cf0fb9af1ce935c1a37f5da867b05d.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wininit = "\"C:\\Windows\\ModemLogs\\wininit.exe\"" | C:\Users\Admin\Desktop\fol\2023-09-04\49c73b052a2cc5cbf609b2481c7ad293f28235110165064b54f498eb6d45526b.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OfficeClickToRun = "\"C:\\Program Files\\Windows NT\\TableTextService\\en-US\\OfficeClickToRun.exe\"" | C:\Users\Admin\Desktop\fol\2023-09-04\1585f8fcf9fcb6c0205456da7993f3d4c3cf0fb9af1ce935c1a37f5da867b05d.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Windows NT\TableTextService\en-US\OfficeClickToRun.exe | C:\Users\Admin\Desktop\fol\2023-09-04\1585f8fcf9fcb6c0205456da7993f3d4c3cf0fb9af1ce935c1a37f5da867b05d.exe | N/A |
| File opened for modification | C:\Program Files\Windows NT\TableTextService\en-US\OfficeClickToRun.exe | C:\Users\Admin\Desktop\fol\2023-09-04\1585f8fcf9fcb6c0205456da7993f3d4c3cf0fb9af1ce935c1a37f5da867b05d.exe | N/A |
| File created | C:\Program Files\Windows NT\TableTextService\en-US\e6c9b481da804f | C:\Users\Admin\Desktop\fol\2023-09-04\1585f8fcf9fcb6c0205456da7993f3d4c3cf0fb9af1ce935c1a37f5da867b05d.exe | N/A |
| File created | C:\Program Files\Windows Defender\de-DE\services.exe | C:\Users\Admin\Desktop\fol\2023-09-04\1585f8fcf9fcb6c0205456da7993f3d4c3cf0fb9af1ce935c1a37f5da867b05d.exe | N/A |
| File created | C:\Program Files\Windows Defender\de-DE\c5b4cb5e9653cc | C:\Users\Admin\Desktop\fol\2023-09-04\1585f8fcf9fcb6c0205456da7993f3d4c3cf0fb9af1ce935c1a37f5da867b05d.exe | N/A |
Drops file in Windows directory
Program crash
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
Creates scheduled task(s)
Gathers network information
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\ipconfig.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\ipconfig.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings | C:\Users\Admin\Desktop\fol\2023-09-04\1585f8fcf9fcb6c0205456da7993f3d4c3cf0fb9af1ce935c1a37f5da867b05d.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings | C:\Users\Admin\Desktop\fol\2023-09-04\49c73b052a2cc5cbf609b2481c7ad293f28235110165064b54f498eb6d45526b.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Desktop\fol\2023-09-04\1585f8fcf9fcb6c0205456da7993f3d4c3cf0fb9af1ce935c1a37f5da867b05d.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Desktop\fol\2023-09-04\49c73b052a2cc5cbf609b2481c7ad293f28235110165064b54f498eb6d45526b.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Desktop\fol\2023-09-04\608c9d863cb5d8e929e019965787ced2f9b697b2344f7e1a5cd341fb131d9518.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Desktop\fol\2023-09-04\9cf6d5cd29fb18af1b61c0a16afbb98bc5ee95cca75539a6a84749ee18f76b4d.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\2023-09-04.zip
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
C:\Users\Admin\Desktop\fol\2023-09-04\35327393d2e14ff4b73dadb9432d9c531f6d3b1d4d0d1ed139aea99c70e55281.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\35327393d2e14ff4b73dadb9432d9c531f6d3b1d4d0d1ed139aea99c70e55281.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\56f03a91d654f16d84bdf638fcfe9656f9c2865e3b88456834b2b62961ff7055.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\56f03a91d654f16d84bdf638fcfe9656f9c2865e3b88456834b2b62961ff7055.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\afa1925b54b7d405a44749b2d349dd7c658ebf4c1e5725e181874919ea22c132.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\afa1925b54b7d405a44749b2d349dd7c658ebf4c1e5725e181874919ea22c132.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\1585f8fcf9fcb6c0205456da7993f3d4c3cf0fb9af1ce935c1a37f5da867b05d.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\1585f8fcf9fcb6c0205456da7993f3d4c3cf0fb9af1ce935c1a37f5da867b05d.exe"
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "OfficeClickToRunO" /sc MINUTE /mo 11 /tr "'C:\Program Files\Windows NT\TableTextService\en-US\OfficeClickToRun.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "OfficeClickToRun" /sc ONLOGON /tr "'C:\Program Files\Windows NT\TableTextService\en-US\OfficeClickToRun.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "OfficeClickToRunO" /sc MINUTE /mo 9 /tr "'C:\Program Files\Windows NT\TableTextService\en-US\OfficeClickToRun.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "smsss" /sc MINUTE /mo 8 /tr "'C:\Recovery\WindowsRE\smss.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "smss" /sc ONLOGON /tr "'C:\Recovery\WindowsRE\smss.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "smsss" /sc MINUTE /mo 7 /tr "'C:\Recovery\WindowsRE\smss.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 6 /tr "'C:\Users\All Users\Adobe\Setup\dllhost.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "dllhost" /sc ONLOGON /tr "'C:\Users\All Users\Adobe\Setup\dllhost.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 5 /tr "'C:\Users\All Users\Adobe\Setup\dllhost.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "sppsvcs" /sc MINUTE /mo 8 /tr "'C:\Users\Default User\sppsvc.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "sppsvc" /sc ONLOGON /tr "'C:\Users\Default User\sppsvc.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "sppsvcs" /sc MINUTE /mo 5 /tr "'C:\Users\Default User\sppsvc.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "spoolsvs" /sc MINUTE /mo 10 /tr "'C:\Users\Default\spoolsv.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "spoolsv" /sc ONLOGON /tr "'C:\Users\Default\spoolsv.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "spoolsvs" /sc MINUTE /mo 6 /tr "'C:\Users\Default\spoolsv.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "sihosts" /sc MINUTE /mo 13 /tr "'C:\Windows\CbsTemp\sihost.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "sihost" /sc ONLOGON /tr "'C:\Windows\CbsTemp\sihost.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "sihosts" /sc MINUTE /mo 7 /tr "'C:\Windows\CbsTemp\sihost.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "servicess" /sc MINUTE /mo 7 /tr "'C:\Program Files\Windows Defender\de-DE\services.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "services" /sc ONLOGON /tr "'C:\Program Files\Windows Defender\de-DE\services.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "servicess" /sc MINUTE /mo 10 /tr "'C:\Program Files\Windows Defender\de-DE\services.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 13 /tr "'C:\Users\Default\RuntimeBroker.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Users\Default\RuntimeBroker.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 9 /tr "'C:\Users\Default\RuntimeBroker.exe'" /rl HIGHEST /f
C:\Users\Admin\Desktop\fol\2023-09-04\860c3c28fe9c4d8b7a334ea7df96b0e18d8cec439738c744b891a954160bbe1f.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\860c3c28fe9c4d8b7a334ea7df96b0e18d8cec439738c744b891a954160bbe1f.exe"
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "wininitw" /sc MINUTE /mo 6 /tr "'C:\Windows\SystemResources\Windows.Data.TimeZones\pris\wininit.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "wininit" /sc ONLOGON /tr "'C:\Windows\SystemResources\Windows.Data.TimeZones\pris\wininit.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "wininitw" /sc MINUTE /mo 9 /tr "'C:\Windows\SystemResources\Windows.Data.TimeZones\pris\wininit.exe'" /rl HIGHEST /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\28f8dD4oeg.bat"
C:\Windows\system32\w32tm.exe
w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
C:\Users\Admin\Desktop\fol\2023-09-04\83cb7222ad53590ca2bcb504002f633a4a79b76204517dc2e99652227521a197.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\83cb7222ad53590ca2bcb504002f633a4a79b76204517dc2e99652227521a197.exe"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" GRz41KVB.JxD -S
C:\Users\Admin\Desktop\fol\2023-09-04\49c73b052a2cc5cbf609b2481c7ad293f28235110165064b54f498eb6d45526b.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\49c73b052a2cc5cbf609b2481c7ad293f28235110165064b54f498eb6d45526b.exe"
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "csrssc" /sc MINUTE /mo 9 /tr "'C:\Users\Admin\csrss.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "csrss" /sc ONLOGON /tr "'C:\Users\Admin\csrss.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "csrssc" /sc MINUTE /mo 14 /tr "'C:\Users\Admin\csrss.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "wininitw" /sc MINUTE /mo 11 /tr "'C:\Windows\ModemLogs\wininit.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "wininit" /sc ONLOGON /tr "'C:\Windows\ModemLogs\wininit.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "wininitw" /sc MINUTE /mo 5 /tr "'C:\Windows\ModemLogs\wininit.exe'" /rl HIGHEST /f
C:\Users\Admin\Desktop\fol\2023-09-04\2810fec0fa1ce5497bacc6ab6f7b13a1396f641fe2466985ae55f742bbb3515c.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\2810fec0fa1ce5497bacc6ab6f7b13a1396f641fe2466985ae55f742bbb3515c.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\VSKioGbcuq.bat"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /u /S J9SMW.NXS
C:\Windows\system32\w32tm.exe
w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
C:\Users\Admin\Desktop\fol\2023-09-04\608c9d863cb5d8e929e019965787ced2f9b697b2344f7e1a5cd341fb131d9518.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\608c9d863cb5d8e929e019965787ced2f9b697b2344f7e1a5cd341fb131d9518.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\9cf6d5cd29fb18af1b61c0a16afbb98bc5ee95cca75539a6a84749ee18f76b4d.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\9cf6d5cd29fb18af1b61c0a16afbb98bc5ee95cca75539a6a84749ee18f76b4d.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\b4cdcd853c6ff95dfa20e1667b4b7901dc74e13a7fa0ee1300da949e527ce288.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\b4cdcd853c6ff95dfa20e1667b4b7901dc74e13a7fa0ee1300da949e527ce288.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\c923878c9c57da5f62d876f98adb44b7dcb289a9f745ac5ce97b7ac31815b487.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\c923878c9c57da5f62d876f98adb44b7dcb289a9f745ac5ce97b7ac31815b487.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\2040a9add2ed71beb77c5440ef8c12e033c26488aaaed73333d97db37d9b02b2.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\2040a9add2ed71beb77c5440ef8c12e033c26488aaaed73333d97db37d9b02b2.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\49dedf19d0d69cc9c0247803d3748ccf25b2c17504f6e07c48a84d8515ec1575.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\49dedf19d0d69cc9c0247803d3748ccf25b2c17504f6e07c48a84d8515ec1575.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\a7ba40524b86052ac99a051c5f0543f32e241a98faf4d5281c0ae0b8832c9f96.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\a7ba40524b86052ac99a051c5f0543f32e241a98faf4d5281c0ae0b8832c9f96.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\fe9a3910b655d38c2aafa3512aedcdba96fd352d896fc68d8ed345a49c93ec6b.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\fe9a3910b655d38c2aafa3512aedcdba96fd352d896fc68d8ed345a49c93ec6b.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\06a27adaf5718c110f2b6a709f428a83650fba961460795518a6cfebaea02d0e.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\06a27adaf5718c110f2b6a709f428a83650fba961460795518a6cfebaea02d0e.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\4d0e2778ee5d3e6ecd06d412459a79d86e9d2742403e378c7581a70cf0e2451e.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\4d0e2778ee5d3e6ecd06d412459a79d86e9d2742403e378c7581a70cf0e2451e.exe"
C:\Users\Default\spoolsv.exe
"C:\Users\Default\spoolsv.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\bd03f21ffe0e1b5628a0f890aeb7c186e2330a4e59e554f675fee7994ed3ea5d.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\bd03f21ffe0e1b5628a0f890aeb7c186e2330a4e59e554f675fee7994ed3ea5d.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 1816
C:\Users\Admin\Desktop\fol\2023-09-04\06dda69b17263ab5278c87789c0229886c676db72fafc8d503492fce45a78418.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\06dda69b17263ab5278c87789c0229886c676db72fafc8d503492fce45a78418.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\63467054417c08142bccbc1e884540deccc6e7dee2cdd5c30733f3eb70398fe0.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\63467054417c08142bccbc1e884540deccc6e7dee2cdd5c30733f3eb70398fe0.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\49c73b052a2cc5cbf609b2481c7ad293f28235110165064b54f498eb6d45526b.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\49c73b052a2cc5cbf609b2481c7ad293f28235110165064b54f498eb6d45526b.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\0e8ce281e417e03f6a428d872d9b0b7997f5063b259f520b51234c16c87dd0e3.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\0e8ce281e417e03f6a428d872d9b0b7997f5063b259f520b51234c16c87dd0e3.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\0e8ce281e417e03f6a428d872d9b0b7997f5063b259f520b51234c16c87dd0e3.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\0e8ce281e417e03f6a428d872d9b0b7997f5063b259f520b51234c16c87dd0e3.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\97556d3262caa44ece90b032af0f4892b34fc2564ba16684667ea1c48a89e665.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\97556d3262caa44ece90b032af0f4892b34fc2564ba16684667ea1c48a89e665.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\9506cdc2e1dcfdbc7b8be00e12b5bd2e4a2f6b10df353bb19f3affaaaaeafd30.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\9506cdc2e1dcfdbc7b8be00e12b5bd2e4a2f6b10df353bb19f3affaaaaeafd30.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\cbc8fcdf10136e947c68cc5cc2b55364ef04a30c92c4b875cc194a675b322ec7.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\cbc8fcdf10136e947c68cc5cc2b55364ef04a30c92c4b875cc194a675b322ec7.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\901284065d9965909444432aaa22ac55a74d64a8c5932712777cb2f020b3e01c.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\901284065d9965909444432aaa22ac55a74d64a8c5932712777cb2f020b3e01c.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\74bbf54c84c8a59a0f2f99487122908d30a5f04c32f16b633ff09e27a55273d6.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\74bbf54c84c8a59a0f2f99487122908d30a5f04c32f16b633ff09e27a55273d6.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\9506cdc2e1dcfdbc7b8be00e12b5bd2e4a2f6b10df353bb19f3affaaaaeafd30.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\9506cdc2e1dcfdbc7b8be00e12b5bd2e4a2f6b10df353bb19f3affaaaaeafd30.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\c0ca3b7b303eb521724a9304137fc6a0c4b41b1f0af8c42da41275f17a880114.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\c0ca3b7b303eb521724a9304137fc6a0c4b41b1f0af8c42da41275f17a880114.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\9506cdc2e1dcfdbc7b8be00e12b5bd2e4a2f6b10df353bb19f3affaaaaeafd30.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\9506cdc2e1dcfdbc7b8be00e12b5bd2e4a2f6b10df353bb19f3affaaaaeafd30.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\7c26b59eb42db1f55cdf62dae1faefdded5ff0116266b9c025a108f1b0b92155.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\7c26b59eb42db1f55cdf62dae1faefdded5ff0116266b9c025a108f1b0b92155.exe"
C:\Users\Admin\AppData\Local\Temp\ufclwciske.exe
"C:\Users\Admin\AppData\Local\Temp\ufclwciske.exe"
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "fontdrvhostf" /sc MINUTE /mo 10 /tr "'C:\Recovery\WindowsRE\fontdrvhost.exe'" /f
C:\Users\Admin\AppData\Local\Temp\ufclwciske.exe
"C:\Users\Admin\AppData\Local\Temp\ufclwciske.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5132 -s 416
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" -u -s BoHVhBvo.fYN
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "fontdrvhost" /sc ONLOGON /tr "'C:\Recovery\WindowsRE\fontdrvhost.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "fontdrvhostf" /sc MINUTE /mo 9 /tr "'C:\Recovery\WindowsRE\fontdrvhost.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "c923878c9c57da5f62d876f98adb44b7dcb289a9f745ac5ce97b7ac31815b487c" /sc MINUTE /mo 10 /tr "'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\c923878c9c57da5f62d876f98adb44b7dcb289a9f745ac5ce97b7ac31815b487.exe'" /f
C:\Users\Admin\Desktop\fol\2023-09-04\b54441492c600f40cc81d695ddec0bbc824920ed1567b3f8b14c545ec326f867.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\b54441492c600f40cc81d695ddec0bbc824920ed1567b3f8b14c545ec326f867.exe"
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "c923878c9c57da5f62d876f98adb44b7dcb289a9f745ac5ce97b7ac31815b487" /sc ONLOGON /tr "'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\c923878c9c57da5f62d876f98adb44b7dcb289a9f745ac5ce97b7ac31815b487.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "c923878c9c57da5f62d876f98adb44b7dcb289a9f745ac5ce97b7ac31815b487c" /sc MINUTE /mo 14 /tr "'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\c923878c9c57da5f62d876f98adb44b7dcb289a9f745ac5ce97b7ac31815b487.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "49dedf19d0d69cc9c0247803d3748ccf25b2c17504f6e07c48a84d8515ec15754" /sc MINUTE /mo 11 /tr "'C:\Recovery\WindowsRE\49dedf19d0d69cc9c0247803d3748ccf25b2c17504f6e07c48a84d8515ec1575.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "49dedf19d0d69cc9c0247803d3748ccf25b2c17504f6e07c48a84d8515ec1575" /sc ONLOGON /tr "'C:\Recovery\WindowsRE\49dedf19d0d69cc9c0247803d3748ccf25b2c17504f6e07c48a84d8515ec1575.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "49dedf19d0d69cc9c0247803d3748ccf25b2c17504f6e07c48a84d8515ec15754" /sc MINUTE /mo 10 /tr "'C:\Recovery\WindowsRE\49dedf19d0d69cc9c0247803d3748ccf25b2c17504f6e07c48a84d8515ec1575.exe'" /rl HIGHEST /f
C:\Users\Admin\Desktop\fol\2023-09-04\bcc3b49ae655985e603719e39588c754c32a65aefe5a7c38658abb211f18764a.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\bcc3b49ae655985e603719e39588c754c32a65aefe5a7c38658abb211f18764a.exe"
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "smsss" /sc MINUTE /mo 12 /tr "'C:\Users\Public\AccountPictures\smss.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "smss" /sc ONLOGON /tr "'C:\Users\Public\AccountPictures\smss.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "smsss" /sc MINUTE /mo 9 /tr "'C:\Users\Public\AccountPictures\smss.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "explorere" /sc MINUTE /mo 11 /tr "'C:\Users\Admin\explorer.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "explorer" /sc ONLOGON /tr "'C:\Users\Admin\explorer.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "explorere" /sc MINUTE /mo 13 /tr "'C:\Users\Admin\explorer.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 10 /tr "'C:\Program Files\Windows Defender\de-DE\RuntimeBroker.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Program Files\Windows Defender\de-DE\RuntimeBroker.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 13 /tr "'C:\Program Files\Windows Defender\de-DE\RuntimeBroker.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "0e8ce281e417e03f6a428d872d9b0b7997f5063b259f520b51234c16c87dd0e30" /sc MINUTE /mo 13 /tr "'C:\Users\All Users\Microsoft\WinMSIPC\0e8ce281e417e03f6a428d872d9b0b7997f5063b259f520b51234c16c87dd0e3.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "0e8ce281e417e03f6a428d872d9b0b7997f5063b259f520b51234c16c87dd0e3" /sc ONLOGON /tr "'C:\Users\All Users\Microsoft\WinMSIPC\0e8ce281e417e03f6a428d872d9b0b7997f5063b259f520b51234c16c87dd0e3.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "0e8ce281e417e03f6a428d872d9b0b7997f5063b259f520b51234c16c87dd0e30" /sc MINUTE /mo 10 /tr "'C:\Users\All Users\Microsoft\WinMSIPC\0e8ce281e417e03f6a428d872d9b0b7997f5063b259f520b51234c16c87dd0e3.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "49dedf19d0d69cc9c0247803d3748ccf25b2c17504f6e07c48a84d8515ec15754" /sc MINUTE /mo 12 /tr "'C:\Program Files (x86)\Windows Defender\Offline\49dedf19d0d69cc9c0247803d3748ccf25b2c17504f6e07c48a84d8515ec1575.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "49dedf19d0d69cc9c0247803d3748ccf25b2c17504f6e07c48a84d8515ec1575" /sc ONLOGON /tr "'C:\Program Files (x86)\Windows Defender\Offline\49dedf19d0d69cc9c0247803d3748ccf25b2c17504f6e07c48a84d8515ec1575.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "49dedf19d0d69cc9c0247803d3748ccf25b2c17504f6e07c48a84d8515ec15754" /sc MINUTE /mo 7 /tr "'C:\Program Files (x86)\Windows Defender\Offline\49dedf19d0d69cc9c0247803d3748ccf25b2c17504f6e07c48a84d8515ec1575.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 6 /tr "'C:\Users\Default\Music\RuntimeBroker.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Users\Default\Music\RuntimeBroker.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 12 /tr "'C:\Users\Default\Music\RuntimeBroker.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "regsvr32r" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\Windows Mail\en-US\regsvr32.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "regsvr32" /sc ONLOGON /tr "'C:\Program Files (x86)\Windows Mail\en-US\regsvr32.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "regsvr32r" /sc MINUTE /mo 7 /tr "'C:\Program Files (x86)\Windows Mail\en-US\regsvr32.exe'" /rl HIGHEST /f
C:\Users\Admin\Desktop\fol\2023-09-04\d1e98d098f45c722026716f6b574a056d535813805d00a8cc2f1943efc271fa9.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\d1e98d098f45c722026716f6b574a056d535813805d00a8cc2f1943efc271fa9.exe"
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "spoolsvs" /sc MINUTE /mo 7 /tr "'C:\Users\All Users\Adobe\spoolsv.exe'" /f
C:\Users\Admin\AppData\Local\Temp\qaxruk.exe
"C:\Users\Admin\AppData\Local\Temp\qaxruk.exe"
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "spoolsv" /sc ONLOGON /tr "'C:\Users\All Users\Adobe\spoolsv.exe'" /rl HIGHEST /f
C:\Users\Admin\AppData\Local\Temp\qaxruk.exe
"C:\Users\Admin\AppData\Local\Temp\qaxruk.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\b54441492c600f40cc81d695ddec0bbc824920ed1567b3f8b14c545ec326f867.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\b54441492c600f40cc81d695ddec0bbc824920ed1567b3f8b14c545ec326f867.exe"
C:\Windows\SysWOW64\cscript.exe
"C:\Windows\SysWOW64\cscript.exe"
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "spoolsvs" /sc MINUTE /mo 10 /tr "'C:\Users\All Users\Adobe\spoolsv.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "9cf6d5cd29fb18af1b61c0a16afbb98bc5ee95cca75539a6a84749ee18f76b4d9" /sc MINUTE /mo 11 /tr "'C:\Recovery\WindowsRE\9cf6d5cd29fb18af1b61c0a16afbb98bc5ee95cca75539a6a84749ee18f76b4d.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "9cf6d5cd29fb18af1b61c0a16afbb98bc5ee95cca75539a6a84749ee18f76b4d" /sc ONLOGON /tr "'C:\Recovery\WindowsRE\9cf6d5cd29fb18af1b61c0a16afbb98bc5ee95cca75539a6a84749ee18f76b4d.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "9cf6d5cd29fb18af1b61c0a16afbb98bc5ee95cca75539a6a84749ee18f76b4d9" /sc MINUTE /mo 11 /tr "'C:\Recovery\WindowsRE\9cf6d5cd29fb18af1b61c0a16afbb98bc5ee95cca75539a6a84749ee18f76b4d.exe'" /rl HIGHEST /f
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 1816
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "csrssc" /sc MINUTE /mo 10 /tr "'C:\Recovery\WindowsRE\csrss.exe'" /f
C:\Users\Admin\Desktop\fol\2023-09-04\b2823172397c389e1ff948bd03473193ed8527eb19edff06cbb16e2b43ebc19f.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\b2823172397c389e1ff948bd03473193ed8527eb19edff06cbb16e2b43ebc19f.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\b54441492c600f40cc81d695ddec0bbc824920ed1567b3f8b14c545ec326f867.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\b54441492c600f40cc81d695ddec0bbc824920ed1567b3f8b14c545ec326f867.exe"
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "csrss" /sc ONLOGON /tr "'C:\Recovery\WindowsRE\csrss.exe'" /rl HIGHEST /f
C:\Windows\SysWOW64\cmd.exe
/c del "C:\Users\Admin\AppData\Local\Temp\qaxruk.exe"
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "csrssc" /sc MINUTE /mo 12 /tr "'C:\Recovery\WindowsRE\csrss.exe'" /rl HIGHEST /f
C:\Users\Admin\Desktop\fol\2023-09-04\d1e98d098f45c722026716f6b574a056d535813805d00a8cc2f1943efc271fa9.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\d1e98d098f45c722026716f6b574a056d535813805d00a8cc2f1943efc271fa9.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\bd03f21ffe0e1b5628a0f890aeb7c186e2330a4e59e554f675fee7994ed3ea5d.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\bd03f21ffe0e1b5628a0f890aeb7c186e2330a4e59e554f675fee7994ed3ea5d.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\4d0e2778ee5d3e6ecd06d412459a79d86e9d2742403e378c7581a70cf0e2451e.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\4d0e2778ee5d3e6ecd06d412459a79d86e9d2742403e378c7581a70cf0e2451e.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 736
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "fontdrvhostf" /sc MINUTE /mo 13 /tr "'C:\Recovery\WindowsRE\fontdrvhost.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "fontdrvhost" /sc ONLOGON /tr "'C:\Recovery\WindowsRE\fontdrvhost.exe'" /rl HIGHEST /f
C:\Users\Admin\AppData\Local\Temp\qaxruk.exe
"C:\Users\Admin\AppData\Local\Temp\qaxruk.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\532021fc0305c2e6744cccbb73a30f64f7e86584b838e64e537d26bd4ba9dc0c.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\532021fc0305c2e6744cccbb73a30f64f7e86584b838e64e537d26bd4ba9dc0c.exe"
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "fontdrvhostf" /sc MINUTE /mo 13 /tr "'C:\Recovery\WindowsRE\fontdrvhost.exe'" /rl HIGHEST /f
C:\Users\Admin\AppData\Local\Temp\qaxruk.exe
"C:\Users\Admin\AppData\Local\Temp\qaxruk.exe"
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "sppsvcs" /sc MINUTE /mo 14 /tr "'C:\Program Files\Windows NT\sppsvc.exe'" /f
C:\Users\Admin\Desktop\fol\2023-09-04\06dda69b17263ab5278c87789c0229886c676db72fafc8d503492fce45a78418.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\06dda69b17263ab5278c87789c0229886c676db72fafc8d503492fce45a78418.exe"
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "sppsvc" /sc ONLOGON /tr "'C:\Program Files\Windows NT\sppsvc.exe'" /rl HIGHEST /f
C:\Windows\SysWOW64\cmstp.exe
"C:\Windows\SysWOW64\cmstp.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 712
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "sppsvcs" /sc MINUTE /mo 7 /tr "'C:\Program Files\Windows NT\sppsvc.exe'" /rl HIGHEST /f
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\evvGaEBjqQitb.exe"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\evvGaEBjqQitb" /XML "C:\Users\Admin\AppData\Local\Temp\tmpD8AE.tmp"
C:\Users\Admin\Desktop\fol\2023-09-04\ec2a93fc951dac56dd988691db138c94ea8cbd477127bf95c2a9483f602d6b1e.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\ec2a93fc951dac56dd988691db138c94ea8cbd477127bf95c2a9483f602d6b1e.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\822d0f5ac3a56bad03ec102674e60c38bbc99f34f2df3a903ff173bbcaa3eb34.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\822d0f5ac3a56bad03ec102674e60c38bbc99f34f2df3a903ff173bbcaa3eb34.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\9972272899a7a165546fd3c97f1df1c068c658154b947dd234db1a1204d0a484.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\9972272899a7a165546fd3c97f1df1c068c658154b947dd234db1a1204d0a484.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\80e79e78a00245dbe120085f7d1e4e30e6674bcb9f539540e4de667c5783e545.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\80e79e78a00245dbe120085f7d1e4e30e6674bcb9f539540e4de667c5783e545.exe"
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "csrssc" /sc MINUTE /mo 13 /tr "'C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Sa56e3556#\csrss.exe'" /f
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 704
C:\Users\Admin\Desktop\fol\2023-09-04\9972272899a7a165546fd3c97f1df1c068c658154b947dd234db1a1204d0a484.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\9972272899a7a165546fd3c97f1df1c068c658154b947dd234db1a1204d0a484.exe"
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "csrss" /sc ONLOGON /tr "'C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Sa56e3556#\csrss.exe'" /rl HIGHEST /f
C:\Users\Admin\Desktop\fol\2023-09-04\5ed4dfb7da504438688d779092a717cb2426ee88bc4f0ee588b3e989b7567dff.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\5ed4dfb7da504438688d779092a717cb2426ee88bc4f0ee588b3e989b7567dff.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\928900f2a698b6a791232f581192418a953064abbe11f6453cb0bdf7eeec26f2.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\928900f2a698b6a791232f581192418a953064abbe11f6453cb0bdf7eeec26f2.exe"
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "csrssc" /sc MINUTE /mo 9 /tr "'C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Sa56e3556#\csrss.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "cbc8fcdf10136e947c68cc5cc2b55364ef04a30c92c4b875cc194a675b322ec7c" /sc MINUTE /mo 14 /tr "'C:\Recovery\WindowsRE\cbc8fcdf10136e947c68cc5cc2b55364ef04a30c92c4b875cc194a675b322ec7.exe'" /f
C:\Users\Admin\Desktop\fol\2023-09-04\554990b8636baf5af393d52ce85150a8b263b9c5fb214bc0e69a1b032ee8f3ae.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\554990b8636baf5af393d52ce85150a8b263b9c5fb214bc0e69a1b032ee8f3ae.exe"
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "cbc8fcdf10136e947c68cc5cc2b55364ef04a30c92c4b875cc194a675b322ec7" /sc ONLOGON /tr "'C:\Recovery\WindowsRE\cbc8fcdf10136e947c68cc5cc2b55364ef04a30c92c4b875cc194a675b322ec7.exe'" /rl HIGHEST /f
C:\Users\Admin\Desktop\fol\2023-09-04\9477b580ea937f47e54b9d6b022617c2e508fbed2f74f6ac3ed54c7861bf8b2d.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\9477b580ea937f47e54b9d6b022617c2e508fbed2f74f6ac3ed54c7861bf8b2d.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 752
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "cbc8fcdf10136e947c68cc5cc2b55364ef04a30c92c4b875cc194a675b322ec7c" /sc MINUTE /mo 8 /tr "'C:\Recovery\WindowsRE\cbc8fcdf10136e947c68cc5cc2b55364ef04a30c92c4b875cc194a675b322ec7.exe'" /rl HIGHEST /f
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\9477b580ea937f47e54b9d6b022617c2e508fbed2f74f6ac3ed54c7861bf8b2d.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\9477b580ea937f47e54b9d6b022617c2e508fbed2f74f6ac3ed54c7861bf8b2d.exe"
C:\Users\Admin\AppData\Local\Temp\ChromeClose.exe
"C:\Users\Admin\AppData\Local\Temp\ChromeClose.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\gFSIl1zlHq.bat"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\hUpHogpmfLDNN.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 704
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\hUpHogpmfLDNN" /XML "C:\Users\Admin\AppData\Local\Temp\tmp4EE.tmp"
C:\Users\Admin\Desktop\fol\2023-09-04\491b9d7756207e0bf6193028df506a3d3a4e2ee433f508cc262b364293b6e795.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\491b9d7756207e0bf6193028df506a3d3a4e2ee433f508cc262b364293b6e795.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\ca859659dae38d6b501ffd0f6a24e887ad3904422f088760062df9935cfe2d1d.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\ca859659dae38d6b501ffd0f6a24e887ad3904422f088760062df9935cfe2d1d.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\6f89a16231002ca16d388f2fee2ad80acca8c9e7e12d5f778881ac352c35dd8a.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\6f89a16231002ca16d388f2fee2ad80acca8c9e7e12d5f778881ac352c35dd8a.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 720
C:\Users\Admin\AppData\Local\Temp\ChromeClose.exe
"C:\Users\Admin\AppData\Local\Temp\ChromeClose.exe"
C:\Users\Admin\AppData\Local\Temp\ChromeClose.exe
"C:\Users\Admin\AppData\Local\Temp\ChromeClose.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\71abfe67023b4b2085b187859621c1a5ef06fc8c8eafb4d084881a62a47ffc61.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\71abfe67023b4b2085b187859621c1a5ef06fc8c8eafb4d084881a62a47ffc61.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\e65128450ff1d82705658fe9599d02d0f3b3500542c156eff284e64d80a24dea.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\e65128450ff1d82705658fe9599d02d0f3b3500542c156eff284e64d80a24dea.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 768
C:\Windows\system32\w32tm.exe
w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
C:\Users\Admin\Desktop\fol\2023-09-04\ad7cbe9a265326ac497121d6421e3d2c7db8e6c0ed11aacee84f4b6674317dee.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\ad7cbe9a265326ac497121d6421e3d2c7db8e6c0ed11aacee84f4b6674317dee.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\9056f301f73f5efea589d3a9665a441405a6f5fc77f75c09d5d5c43acf030666.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\9056f301f73f5efea589d3a9665a441405a6f5fc77f75c09d5d5c43acf030666.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\6fc55b8d9f823b6551f50c9966e5a79a5d060f608b98ac334db1542b8730b80d.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\6fc55b8d9f823b6551f50c9966e5a79a5d060f608b98ac334db1542b8730b80d.exe"
C:\Windows\SysWOW64\SndVol.exe
C:\Windows\System32\SndVol.exe
C:\Users\Admin\Desktop\fol\2023-09-04\860c3c28fe9c4d8b7a334ea7df96b0e18d8cec439738c744b891a954160bbe1f.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\860c3c28fe9c4d8b7a334ea7df96b0e18d8cec439738c744b891a954160bbe1f.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\4fd58eee13df4088972d38f3d82ee3fd55e2106e6fc080c1d07eb5e9ed3770d0.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\4fd58eee13df4088972d38f3d82ee3fd55e2106e6fc080c1d07eb5e9ed3770d0.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\308f90718012b047a2ee3b2ae76a16dddb657537dbd61e2a43ee2bb17725c6a0.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\308f90718012b047a2ee3b2ae76a16dddb657537dbd61e2a43ee2bb17725c6a0.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\6c2878ebe0b46fa1c53e17178c365200c86d74530cd80a278d8be8eee02a136d.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\6c2878ebe0b46fa1c53e17178c365200c86d74530cd80a278d8be8eee02a136d.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\9c641b87cd72d0e95757d12a7cc1f98fc4cb4fcfd1f8ec1feb8d442c9fb257f8.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\9c641b87cd72d0e95757d12a7cc1f98fc4cb4fcfd1f8ec1feb8d442c9fb257f8.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\fe9a3910b655d38c2aafa3512aedcdba96fd352d896fc68d8ed345a49c93ec6b.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\fe9a3910b655d38c2aafa3512aedcdba96fd352d896fc68d8ed345a49c93ec6b.exe"
C:\Program Files\Windows Defender\de-DE\RuntimeBroker.exe
"C:\Program Files\Windows Defender\de-DE\RuntimeBroker.exe"
C:\Windows\SysWOW64\mstsc.exe
"C:\Windows\SysWOW64\mstsc.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\3ae8e5fa3663e5a029211030180d17ed9e4b6f70bc2fd3cc54c7108b2b59c6a8.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\3ae8e5fa3663e5a029211030180d17ed9e4b6f70bc2fd3cc54c7108b2b59c6a8.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\a163afbf2a38849f7f9f8f39b17af32425d3d03b95b9a3f0af1af42faa0ab138.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\a163afbf2a38849f7f9f8f39b17af32425d3d03b95b9a3f0af1af42faa0ab138.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\c8846304960a451a7b25b41886c816e5b5f4decfece3de1e76f40765df9432b7.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\c8846304960a451a7b25b41886c816e5b5f4decfece3de1e76f40765df9432b7.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\f14a1debdbef48eb1ff83ed840c1bd6785bcb2bb3ff8a752832bdaf259dfbc45.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\f14a1debdbef48eb1ff83ed840c1bd6785bcb2bb3ff8a752832bdaf259dfbc45.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\539a73b89c941089900d7a97da467fbc0b8a7aca89a94f488c278835583d1a5d.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\539a73b89c941089900d7a97da467fbc0b8a7aca89a94f488c278835583d1a5d.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\b4cdcd853c6ff95dfa20e1667b4b7901dc74e13a7fa0ee1300da949e527ce288.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\b4cdcd853c6ff95dfa20e1667b4b7901dc74e13a7fa0ee1300da949e527ce288.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\06a27adaf5718c110f2b6a709f428a83650fba961460795518a6cfebaea02d0e.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\06a27adaf5718c110f2b6a709f428a83650fba961460795518a6cfebaea02d0e.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 704
C:\Users\Admin\Desktop\fol\2023-09-04\aeed4e9127eaad96d4b7f7e556f405317b337457d723d693ac988e7199c323fc.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\aeed4e9127eaad96d4b7f7e556f405317b337457d723d693ac988e7199c323fc.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\80e79e78a00245dbe120085f7d1e4e30e6674bcb9f539540e4de667c5783e545.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\80e79e78a00245dbe120085f7d1e4e30e6674bcb9f539540e4de667c5783e545.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\052268101b875a7f7d0cdac6f63127b5a4cb39d98b3aab856874b0ffed500ab1.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\052268101b875a7f7d0cdac6f63127b5a4cb39d98b3aab856874b0ffed500ab1.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\7336f458f1c01884b699338576756bf2461706b044eaa056a6302b7e842f63b3.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\7336f458f1c01884b699338576756bf2461706b044eaa056a6302b7e842f63b3.exe"
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding
C:\Users\Admin\Desktop\fol\2023-09-04\173de723e89647bc2b884ed7770fc259dcf9de641c7d3df99693811503d9cd8e.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\173de723e89647bc2b884ed7770fc259dcf9de641c7d3df99693811503d9cd8e.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 820
C:\Users\Admin\AppData\Local\Temp\3582-490\7336f458f1c01884b699338576756bf2461706b044eaa056a6302b7e842f63b3.exe
"C:\Users\Admin\AppData\Local\Temp\3582-490\7336f458f1c01884b699338576756bf2461706b044eaa056a6302b7e842f63b3.exe"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\fol\2023-0~1\82B8AF~1.EXE"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\fol\2023-0~1\3FC32A~1.EXE"
C:\Users\Admin\Desktop\fol\2023-0~1\82B8AF~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\82B8AF~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\WINDOW~1\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\ClWWWrRvtgVoLl.exe"
C:\Users\Admin\Desktop\fol\2023-0~1\3FC32A~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\3FC32A~1.EXE
C:\Windows\SysWOW64\WINDOW~1\v1.0\powershell.exe
C:\Windows\System32\WINDOW~1\v1.0\powershell.exe Add-MpPreference -ExclusionPath C:\Users\Admin\AppData\Roaming\ClWWWrRvtgVoLl.exe
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\ClWWWrRvtgVoLl" /XML "C:\Users\Admin\AppData\Local\Temp\tmp8663.tmp"
C:\Windows\SysWOW64\schtasks.exe
C:\Windows\System32\schtasks.exe /Create /TN Updates\ClWWWrRvtgVoLl /XML C:\Users\Admin\AppData\Local\Temp\tmp8663.tmp
C:\Users\Admin\Desktop\fol\2023-09-04\532021fc0305c2e6744cccbb73a30f64f7e86584b838e64e537d26bd4ba9dc0c.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\532021fc0305c2e6744cccbb73a30f64f7e86584b838e64e537d26bd4ba9dc0c.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 1956
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\9775dbaf-9340-4c38-9184-6c18d9264a96.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\6926a7df-218f-4b56-aa25-71422367825e.vbs"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\fol\2023-0~1\BAB5AA~1.EXE"
C:\Users\Admin\Desktop\fol\2023-0~1\BAB5AA~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\BAB5AA~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\fol\2023-0~1\77939B~1.EXE"
C:\Users\Admin\Desktop\fol\2023-0~1\77939B~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\77939B~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\fol\2023-0~1\6FC55B~1.EXE"
C:\Users\Admin\Desktop\fol\2023-0~1\6FC55B~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\6FC55B~1.EXE
C:\Users\Admin\Desktop\fol\2023-09-04\e65128450ff1d82705658fe9599d02d0f3b3500542c156eff284e64d80a24dea.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\e65128450ff1d82705658fe9599d02d0f3b3500542c156eff284e64d80a24dea.exe"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\fol\2023-0~1\709F3E~1.EXE"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\fol\2023-0~1\9056F3~1.EXE"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 828
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\WINDOW~1\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\jaeWLN.exe"
C:\Program Files\Mozilla Firefox\Firefox.exe
"C:\Program Files\Mozilla Firefox\Firefox.exe"
C:\Users\Admin\Desktop\fol\2023-0~1\709F3E~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\709F3E~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\9056F3~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\9056F3~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\jaeWLN" /XML "C:\Users\Admin\AppData\Local\Temp\tmpCC93.tmp"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\fol\2023-0~1\8D1435~1.EXE"
C:\Windows\SysWOW64\WINDOW~1\v1.0\powershell.exe
C:\Windows\System32\WINDOW~1\v1.0\powershell.exe Add-MpPreference -ExclusionPath C:\Users\Admin\AppData\Roaming\jaeWLN.exe
C:\Windows\SysWOW64\schtasks.exe
C:\Windows\System32\schtasks.exe /Create /TN Updates\jaeWLN /XML C:\Users\Admin\AppData\Local\Temp\tmpCC93.tmp
C:\Users\Admin\Desktop\fol\2023-0~1\8D1435~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\8D1435~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\fol\2023-0~1\A19C21~1.EXE"
C:\Users\Admin\Desktop\fol\2023-09-04\71abfe67023b4b2085b187859621c1a5ef06fc8c8eafb4d084881a62a47ffc61.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\71abfe67023b4b2085b187859621c1a5ef06fc8c8eafb4d084881a62a47ffc61.exe"
C:\Users\Admin\Desktop\fol\2023-0~1\A19C21~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\A19C21~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\8D1435~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\8D1435~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\fol\2023-0~1\133C1A~1.EXE"
C:\Program Files (x86)\Windows Mail\WinMail.exe
"C:\Program Files (x86)\Windows Mail\WinMail" OCInstallUserConfigOE
C:\Users\Admin\Desktop\fol\2023-0~1\133C1A~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\133C1A~1.EXE
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\v4021090.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\v4021090.exe
C:\Program Files\Windows Mail\WinMail.exe
"C:\Program Files\Windows Mail\WinMail" OCInstallUserConfigOE
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\v4144974.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\v4144974.exe
C:\Users\Admin\Desktop\fol\2023-09-04\6c2878ebe0b46fa1c53e17178c365200c86d74530cd80a278d8be8eee02a136d.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\6c2878ebe0b46fa1c53e17178c365200c86d74530cd80a278d8be8eee02a136d.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 824
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\v6310104.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\v6310104.exe
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\v0034876.exe
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\v0034876.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ratt.bat" "
C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\a5123201.exe
C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\a5123201.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\WINDOW~1\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\NzdSupOimejfx.exe"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\NzdSupOimejfx" /XML "C:\Users\Admin\AppData\Local\Temp\tmpFF6B.tmp"
C:\Windows\SysWOW64\WINDOW~1\v1.0\powershell.exe
C:\Windows\System32\WINDOW~1\v1.0\powershell.exe Add-MpPreference -ExclusionPath C:\Users\Admin\AppData\Roaming\NzdSupOimejfx.exe
C:\Windows\SysWOW64\schtasks.exe
C:\Windows\System32\schtasks.exe /Create /TN Updates\NzdSupOimejfx /XML C:\Users\Admin\AppData\Local\Temp\tmpFF6B.tmp
C:\Users\Admin\Desktop\fol\2023-09-04\a163afbf2a38849f7f9f8f39b17af32425d3d03b95b9a3f0af1af42faa0ab138.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\a163afbf2a38849f7f9f8f39b17af32425d3d03b95b9a3f0af1af42faa0ab138.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\a163afbf2a38849f7f9f8f39b17af32425d3d03b95b9a3f0af1af42faa0ab138.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\a163afbf2a38849f7f9f8f39b17af32425d3d03b95b9a3f0af1af42faa0ab138.exe"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\WINDOW~1\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\TmrcmQVVe.exe"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\WINDOW~1\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\nNYCqgKemvRU.exe"
C:\Windows\SysWOW64\WINDOW~1\v1.0\powershell.exe
C:\Windows\System32\WINDOW~1\v1.0\powershell.exe Add-MpPreference -ExclusionPath C:\Users\Admin\AppData\Roaming\TmrcmQVVe.exe
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\TmrcmQVVe" /XML "C:\Users\Admin\AppData\Local\Temp\tmp9CB.tmp"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\WINDOW~1\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\gbxlLRJLa.exe"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\nNYCqgKemvRU" /XML "C:\Users\Admin\AppData\Local\Temp\tmpBA0.tmp"
C:\Windows\SysWOW64\schtasks.exe
C:\Windows\System32\schtasks.exe /Create /TN Updates\TmrcmQVVe /XML C:\Users\Admin\AppData\Local\Temp\tmp9CB.tmp
C:\Windows\SysWOW64\WINDOW~1\v1.0\powershell.exe
C:\Windows\System32\WINDOW~1\v1.0\powershell.exe Add-MpPreference -ExclusionPath C:\Users\Admin\AppData\Roaming\nNYCqgKemvRU.exe
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gbxlLRJLa" /XML "C:\Users\Admin\AppData\Local\Temp\tmpDA4.tmp"
C:\Windows\SysWOW64\WINDOW~1\v1.0\powershell.exe
C:\Windows\System32\WINDOW~1\v1.0\powershell.exe Add-MpPreference -ExclusionPath C:\Users\Admin\AppData\Roaming\gbxlLRJLa.exe
C:\Windows\SysWOW64\schtasks.exe
C:\Windows\System32\schtasks.exe /Create /TN Updates\nNYCqgKemvRU /XML C:\Users\Admin\AppData\Local\Temp\tmpBA0.tmp
C:\Windows\SysWOW64\schtasks.exe
C:\Windows\System32\schtasks.exe /Create /TN Updates\gbxlLRJLa /XML C:\Users\Admin\AppData\Local\Temp\tmpDA4.tmp
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\WINDOW~1\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\Desktop\fol\2023-09-04\aeed4e9127eaad96d4b7f7e556f405317b337457d723d693ac988e7199c323fc.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\539a73b89c941089900d7a97da467fbc0b8a7aca89a94f488c278835583d1a5d.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\539a73b89c941089900d7a97da467fbc0b8a7aca89a94f488c278835583d1a5d.exe"
C:\Windows\SysWOW64\WINDOW~1\v1.0\powershell.exe
C:\Windows\System32\WINDOW~1\v1.0\powershell.exe Add-MpPreference -ExclusionPath C:\Users\Admin\Desktop\fol\2023-09-04\aeed4e9127eaad96d4b7f7e556f405317b337457d723d693ac988e7199c323fc.exe
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\WINDOW~1\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\AUAqafpj.exe"
C:\Users\Admin\Desktop\fol\2023-09-04\ad7cbe9a265326ac497121d6421e3d2c7db8e6c0ed11aacee84f4b6674317dee.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\ad7cbe9a265326ac497121d6421e3d2c7db8e6c0ed11aacee84f4b6674317dee.exe"
C:\Windows\SysWOW64\WINDOW~1\v1.0\powershell.exe
C:\Windows\System32\WINDOW~1\v1.0\powershell.exe Add-MpPreference -ExclusionPath C:\Users\Admin\AppData\Roaming\AUAqafpj.exe
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\AUAqafpj" /XML "C:\Users\Admin\AppData\Local\Temp\tmp16CB.tmp"
C:\Users\Admin\Desktop\fol\2023-09-04\3ae8e5fa3663e5a029211030180d17ed9e4b6f70bc2fd3cc54c7108b2b59c6a8.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\3ae8e5fa3663e5a029211030180d17ed9e4b6f70bc2fd3cc54c7108b2b59c6a8.exe"
C:\Windows\SysWOW64\schtasks.exe
C:\Windows\System32\schtasks.exe /Create /TN Updates\AUAqafpj /XML C:\Users\Admin\AppData\Local\Temp\tmp16CB.tmp
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 752
C:\Users\Admin\Desktop\fol\2023-09-04\aeed4e9127eaad96d4b7f7e556f405317b337457d723d693ac988e7199c323fc.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\aeed4e9127eaad96d4b7f7e556f405317b337457d723d693ac988e7199c323fc.exe"
C:\Windows\SysWOW64\schtasks.exe
"schtasks.exe" /create /f /tn "DPI Service" /xml "C:\Users\Admin\AppData\Local\Temp\tmp25DF.tmp"
C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\b8379606.exe
C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\b8379606.exe
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\WINDOW~1\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\SPhYAl.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 808
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\SPhYAl" /XML "C:\Users\Admin\AppData\Local\Temp\tmp39F3.tmp"
C:\Windows\SysWOW64\schtasks.exe
C:\Windows\System32\schtasks.exe /Create /TN Updates\SPhYAl /XML C:\Users\Admin\AppData\Local\Temp\tmp39F3.tmp
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"
C:\Windows\SysWOW64\WINDOW~1\v1.0\powershell.exe
C:\Windows\System32\WINDOW~1\v1.0\powershell.exe Add-MpPreference -ExclusionPath C:\Users\Admin\AppData\Roaming\SPhYAl.exe
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\B40D11~1\saves.exe"
C:\Users\Admin\AppData\Local\Temp\B40D11~1\saves.exe
C:\Users\Admin\AppData\Local\Temp\B40D11~1\saves.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6580 -s 1464
C:\Users\Admin\Desktop\fol\2023-0~1\3FC32A~1.EXE
"C:\Users\Admin\Desktop\fol\2023-0~1\3FC32A~1.EXE"
C:\Users\Admin\Desktop\fol\2023-0~1\3FC32A~1.EXE
"C:\Users\Admin\Desktop\fol\2023-0~1\3FC32A~1.EXE"
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\c3498677.exe
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\c3498677.exe
C:\Windows\SysWOW64\schtasks.exe
"schtasks.exe" /create /f /tn "DPI Service Task" /xml "C:\Users\Admin\AppData\Local\Temp\tmp4B0B.tmp"
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\d1708714.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\d1708714.exe
C:\Windows\System32\wbem\WMIC.exe
C:\Windows\System32\wbem\WMIC.exe csproduct get uuid
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 836
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 744
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Add-MpPreference -ExclusionPath C:\
C:\Program Files\Windows Defender\de-DE\RuntimeBroker.exe
"C:\Program Files\Windows Defender\de-DE\RuntimeBroker.exe"
C:\Users\Admin\Documents\images.exe
"C:\Users\Admin\Documents\images.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 816
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 788
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\e01d2435-ab9f-4d77-84e3-a219e6eb178a.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\644d7a13-a751-47bf-95ab-df70ab1974f6.vbs"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\fol\2023-0~1\D53E85~1.EXE"
C:\Users\Admin\Desktop\fol\2023-0~1\D53E85~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\D53E85~1.EXE
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 348
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\fol\2023-0~1\7C2499~1.EXE"
C:\Users\Admin\Desktop\fol\2023-0~1\7C2499~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\7C2499~1.EXE
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6580 -s 1464
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\fol\2023-0~1\9EE420~1.EXE"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\fol\2023-0~1\EF50A9~1.EXE"
C:\Users\Admin\Desktop\fol\2023-09-04\052268101b875a7f7d0cdac6f63127b5a4cb39d98b3aab856874b0ffed500ab1.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\052268101b875a7f7d0cdac6f63127b5a4cb39d98b3aab856874b0ffed500ab1.exe"
C:\Users\Admin\Desktop\fol\2023-0~1\EF50A9~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\EF50A9~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\9EE420~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\9EE420~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\fol\2023-0~1\462181~1.EXE"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\fol\2023-0~1\462181~1.EXE"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\cmd.exe" /c ipconfig /release
C:\Users\Admin\Desktop\fol\2023-0~1\462181~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\462181~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\EF50A9~1.EXE
"C:\Users\Admin\Desktop\fol\2023-0~1\EF50A9~1.EXE"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\System32\cmd.exe /c ipconfig /release
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\fol\2023-0~1\655AB6~1.EXE"
C:\Users\Admin\Desktop\fol\2023-0~1\655AB6~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\655AB6~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\462181~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\462181~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\fol\2023-0~1\4402C1~1.EXE"
C:\Users\Admin\Desktop\fol\2023-0~1\4402C1~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\4402C1~1.EXE
C:\Windows\SysWOW64\ipconfig.exe
ipconfig /release
C:\Windows\SysWOW64\mstsc.exe
"C:\Windows\SysWOW64\mstsc.exe"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\fol\2023-0~1\74BBF5~1.EXE"
C:\Users\Admin\Desktop\fol\2023-0~1\74BBF5~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\74BBF5~1.EXE
C:\Users\Admin\AppData\Local\Temp\ufclwciske.exe
"C:\Users\Admin\AppData\Local\Temp\ufclwciske.exe"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\fol\2023-0~1\9506CD~1.EXE"
C:\Users\Admin\Desktop\fol\2023-0~1\9506CD~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\9506CD~1.EXE
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
C:\Users\Admin\AppData\Local\Temp\ufclwciske.exe
"C:\Users\Admin\AppData\Local\Temp\ufclwciske.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8644 -s 364
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\fol\2023-0~1\CC2556~1.EXE"
C:\Windows\SysWOW64\cscript.exe
"C:\Windows\SysWOW64\cscript.exe"
C:\Users\Admin\Desktop\fol\2023-0~1\CC2556~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\CC2556~1.EXE
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 840
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\fol\2023-0~1\901284~1.EXE"
C:\Users\Admin\Desktop\fol\2023-0~1\901284~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\901284~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\fol\2023-0~1\A71AB9~1.EXE"
C:\Users\Admin\Desktop\fol\2023-0~1\A71AB9~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\A71AB9~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\fol\2023-0~1\CBA586~1.EXE"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\fol\2023-0~1\96BB6F~1.EXE"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\fol\2023-0~1\3F04BD~1.EXE"
C:\Users\Admin\Desktop\fol\2023-0~1\CBA586~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\CBA586~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\96BB6F~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\96BB6F~1.EXE
C:\Windows\SysWOW64\cmd.exe
/c del "C:\Users\Admin\AppData\Local\Temp\ufclwciske.exe"
C:\Users\Admin\Desktop\fol\2023-0~1\3F04BD~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\3F04BD~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\fol\2023-0~1\E5370D~1.EXE"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 768
C:\Users\Admin\Desktop\fol\2023-0~1\E5370D~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\E5370D~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\fol\2023-0~1\A41AF9~1.EXE"
C:\Users\Admin\Desktop\fol\2023-0~1\A41AF9~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\A41AF9~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\fol\2023-0~1\3D935F~1.EXE"
C:\Users\Admin\Desktop\fol\2023-0~1\3D935F~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\3D935F~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\fol\2023-0~1\98E2DD~1.EXE"
C:\Users\Admin\Desktop\fol\2023-0~1\98E2DD~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\98E2DD~1.EXE
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7080 -s 1296
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\WINDOW~1\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\SPhYAl.exe"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\SPhYAl" /XML "C:\Users\Admin\AppData\Local\Temp\tmp4DC5.tmp"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\fol\2023-0~1\D1E98D~1.EXE"
C:\Windows\SysWOW64\WINDOW~1\v1.0\powershell.exe
C:\Windows\System32\WINDOW~1\v1.0\powershell.exe Add-MpPreference -ExclusionPath C:\Users\Admin\AppData\Roaming\SPhYAl.exe
C:\Users\Admin\Desktop\fol\2023-0~1\D1E98D~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\D1E98D~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\fol\2023-0~1\B54441~1.EXE"
C:\Windows\SysWOW64\schtasks.exe
C:\Windows\System32\schtasks.exe /Create /TN Updates\SPhYAl /XML C:\Users\Admin\AppData\Local\Temp\tmp4DC5.tmp
C:\Users\Admin\Desktop\fol\2023-0~1\B54441~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\B54441~1.EXE
C:\Users\Admin\AppData\Local\Temp\qaxruk.exe
"C:\Users\Admin\AppData\Local\Temp\qaxruk.exe"
C:\Users\Admin\Documents\images.exe
"C:\Users\Admin\Documents\images.exe"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\fol\2023-0~1\6145A4~1.EXE"
C:\Users\Admin\Desktop\fol\2023-0~1\6145A4~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\6145A4~1.EXE
C:\Users\Admin\AppData\Local\Temp\qaxruk.exe
"C:\Users\Admin\AppData\Local\Temp\qaxruk.exe"
C:\Users\Admin\AppData\Local\Temp\uqcea.exe
"C:\Users\Admin\AppData\Local\Temp\uqcea.exe"
C:\Windows\SysWOW64\ipconfig.exe
"C:\Windows\SysWOW64\ipconfig.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell Add-MpPreference -ExclusionPath C:\
C:\Users\Admin\AppData\Local\Temp\uqcea.exe
"C:\Users\Admin\AppData\Local\Temp\uqcea.exe"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\fol\2023-0~1\D1E98D~1.EXE"
C:\Users\Admin\Desktop\fol\2023-0~1\D1E98D~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\D1E98D~1.EXE
C:\Users\Admin\AppData\Local\Temp\qaxruk.exe
"C:\Users\Admin\AppData\Local\Temp\qaxruk.exe"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\fol\2023-0~1\95B410~1.EXE"
C:\Users\Admin\AppData\Local\Temp\qaxruk.exe
"C:\Users\Admin\AppData\Local\Temp\qaxruk.exe"
C:\Users\Admin\Desktop\fol\2023-0~1\95B410~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\95B410~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\fol\2023-0~1\B391E7~1.EXE"
C:\Users\Admin\Desktop\fol\2023-0~1\B391E7~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\B391E7~1.EXE
C:\Windows\SysWOW64\ipconfig.exe
"C:\Windows\SysWOW64\ipconfig.exe"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\fol\2023-0~1\14EB5C~1.EXE"
C:\Users\Admin\Desktop\fol\2023-0~1\14EB5C~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\14EB5C~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\fol\2023-0~1\3AE8E5~1.EXE"
C:\Users\Admin\Desktop\fol\2023-0~1\3AE8E5~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\3AE8E5~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\fol\2023-0~1\A163AF~1.EXE"
C:\Users\Admin\Desktop\fol\2023-0~1\A163AF~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\A163AF~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\fol\2023-0~1\C88463~1.EXE"
C:\Users\Admin\Desktop\fol\2023-0~1\C88463~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\C88463~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\fol\2023-0~1\9056F3~1.EXE"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\fol\2023-0~1\6FC55B~1.EXE"
C:\Users\Admin\Desktop\fol\2023-0~1\9056F3~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\9056F3~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\6FC55B~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\6FC55B~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\fol\2023-0~1\8D1435~1.EXE"
C:\Users\Admin\Desktop\fol\2023-0~1\8D1435~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\8D1435~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\fol\2023-0~1\AD7CBE~1.EXE"
C:\Users\Admin\Desktop\fol\2023-0~1\AD7CBE~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\AD7CBE~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\8D1435~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\8D1435~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\WINDOW~1\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\Desktop\fol\2023-0~1\9EE420~1.EXE"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\WINDOW~1\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Fhebjt.exe"
C:\Program Files\Mozilla Firefox\Firefox.exe
"C:\Program Files\Mozilla Firefox\Firefox.exe"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\Fhebjt" /XML "C:\Users\Admin\AppData\Local\Temp\tmp9B1A.tmp"
C:\Windows\SysWOW64\schtasks.exe
C:\Windows\System32\schtasks.exe /Create /TN Updates\Fhebjt /XML C:\Users\Admin\AppData\Local\Temp\tmp9B1A.tmp
C:\Windows\SysWOW64\WINDOW~1\v1.0\powershell.exe
C:\Windows\System32\WINDOW~1\v1.0\powershell.exe Add-MpPreference -ExclusionPath C:\Users\Admin\Desktop\fol\2023-0~1\9EE420~1.EXE
C:\Windows\SysWOW64\WINDOW~1\v1.0\powershell.exe
C:\Windows\System32\WINDOW~1\v1.0\powershell.exe Add-MpPreference -ExclusionPath C:\Users\Admin\AppData\Roaming\Fhebjt.exe
C:\Users\Admin\Desktop\fol\2023-0~1\462181~1.EXE
"C:\Users\Admin\Desktop\fol\2023-0~1\462181~1.EXE"
C:\Users\Admin\Desktop\fol\2023-0~1\9EE420~1.EXE
"C:\Users\Admin\Desktop\fol\2023-0~1\9EE420~1.EXE"
C:\Users\Admin\Desktop\fol\2023-0~1\462181~1.EXE
"C:\Users\Admin\Desktop\fol\2023-0~1\462181~1.EXE"
C:\Users\Admin\Desktop\fol\2023-0~1\462181~1.EXE
"C:\Users\Admin\Desktop\fol\2023-0~1\462181~1.EXE"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "svchost" /tr '"C:\Users\Admin\AppData\Roaming\svchost.exe"' & exit
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\fol\2023-0~1\BEA968~1.EXE"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmpAA9A.tmp.bat""
C:\Windows\SysWOW64\cmd.exe
C:\Windows\System32\cmd.exe /c schtasks /create /f /sc onlogon /rl highest /tn svchost /tr '"C:\Users\Admin\AppData\Roaming\svchost.exe"' & exit
C:\Users\Admin\Desktop\fol\2023-0~1\BEA968~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\BEA968~1.EXE
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Windows\SysWOW64\autoconv.exe
"C:\Windows\SysWOW64\autoconv.exe"
C:\Windows\SysWOW64\explorer.exe
"C:\Windows\SysWOW64\explorer.exe"
C:\Program Files\Windows Defender\de-DE\RuntimeBroker.exe
"C:\Program Files\Windows Defender\de-DE\RuntimeBroker.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mdoyifg.cmd" "
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9800 -s 1920
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /sc onlogon /rl highest /tn svchost /tr '"C:\Users\Admin\AppData\Roaming\svchost.exe"'
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\fol\2023-0~1\D21D1A~1.EXE"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\fol\2023-0~1\A4C3E9~1.EXE"
C:\Users\Admin\Desktop\fol\2023-0~1\D21D1A~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\D21D1A~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\CBA586~1.EXE
"C:\Users\Admin\Desktop\fol\2023-0~1\CBA586~1.EXE"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"
C:\Users\Admin\Desktop\fol\2023-0~1\A4C3E9~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\A4C3E9~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\fol\2023-0~1\BD03F2~1.EXE"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\WINDOW~1\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\RDYHjw.exe"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\fol\2023-0~1\D3BB09~1.EXE"
C:\Users\Admin\Desktop\fol\2023-0~1\BD03F2~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\BD03F2~1.EXE
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 680
C:\Windows\SysWOW64\WINDOW~1\v1.0\powershell.exe
C:\Windows\System32\WINDOW~1\v1.0\powershell.exe Add-MpPreference -ExclusionPath C:\Users\Admin\AppData\Roaming\RDYHjw.exe
C:\Users\Admin\Desktop\fol\2023-0~1\D3BB09~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\D3BB09~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\RDYHjw" /XML "C:\Users\Admin\AppData\Local\Temp\tmpCF97.tmp"
C:\Windows\SysWOW64\schtasks.exe
C:\Windows\System32\schtasks.exe /Create /TN Updates\RDYHjw /XML C:\Users\Admin\AppData\Local\Temp\tmpCF97.tmp
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\regsvr32.exe" BhZ~DUo7.52_ /s
C:\Users\Admin\Desktop\fol\2023-0~1\CC2556~1.EXE
"C:\Users\Admin\Desktop\fol\2023-0~1\CC2556~1.EXE"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\Desktop\fol\2023-0~1\A4C3E9~1.EXE"
C:\Users\Admin\Desktop\fol\2023-0~1\A4C3E9~1.EXE
C:\Users\Admin\Desktop\fol\2023-0~1\A4C3E9~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\regsvr32.exe" /s 4dY5~.X
C:\Windows\SysWOW64\regsvr32.exe
C:\Windows\System32\regsvr32.exe /s 4dY5~.X
C:\Windows\SysWOW64\regsvr32.exe
C:\Windows\System32\regsvr32.exe BhZ~DUo7.52_ /s
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\cmd.exe" /c ipconfig /renew
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 912
C:\Windows\SysWOW64\cmd.exe
C:\Windows\System32\cmd.exe /c ipconfig /renew
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\regsvr32.exe" /s 4dY5~.X
C:\Windows\System32\wbem\WMIC.exe
C:\Windows\System32\wbem\WMIC.exe csproduct get uuid
C:\Windows\SysWOW64\regsvr32.exe
C:\Windows\System32\regsvr32.exe /s 4dY5~.X
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\448fe79f-5af1-4ce6-8f89-73f2fca7a3ff.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\effd0a2f-bd77-46e1-85f0-2c160c585b9a.vbs"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\WINDOW~1\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\Desktop\fol\2023-0~1\E5370D~1.EXE"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\WINDOW~1\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\Desktop\fol\2023-0~1\A71AB9~1.EXE"
C:\Windows\SysWOW64\WINDOW~1\v1.0\powershell.exe
C:\Windows\System32\WINDOW~1\v1.0\powershell.exe Add-MpPreference -ExclusionPath C:\Users\Admin\Desktop\fol\2023-0~1\E5370D~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\WINDOW~1\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\VpfPpsKULlYyB.exe"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\WINDOW~1\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\YxTQbd.exe"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VpfPpsKULlYyB" /XML "C:\Users\Admin\AppData\Local\Temp\tmp4FF.tmp"
C:\Windows\SysWOW64\WINDOW~1\v1.0\powershell.exe
C:\Windows\System32\WINDOW~1\v1.0\powershell.exe Add-MpPreference -ExclusionPath C:\Users\Admin\Desktop\fol\2023-0~1\A71AB9~1.EXE
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\YxTQbd" /XML "C:\Users\Admin\AppData\Local\Temp\tmp647.tmp"
C:\Windows\SysWOW64\WINDOW~1\v1.0\powershell.exe
C:\Windows\System32\WINDOW~1\v1.0\powershell.exe Add-MpPreference -ExclusionPath C:\Users\Admin\AppData\Roaming\VpfPpsKULlYyB.exe
C:\Windows\SysWOW64\WINDOW~1\v1.0\powershell.exe
C:\Windows\System32\WINDOW~1\v1.0\powershell.exe Add-MpPreference -ExclusionPath C:\Users\Admin\AppData\Roaming\YxTQbd.exe
C:\Windows\SysWOW64\schtasks.exe
C:\Windows\System32\schtasks.exe /Create /TN Updates\YxTQbd /XML C:\Users\Admin\AppData\Local\Temp\tmp647.tmp
C:\Windows\SysWOW64\schtasks.exe
C:\Windows\System32\schtasks.exe /Create /TN Updates\VpfPpsKULlYyB /XML C:\Users\Admin\AppData\Local\Temp\tmp4FF.tmp
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
C:\Windows\SysWOW64\ipconfig.exe
ipconfig /renew
C:\Users\Admin\Desktop\fol\2023-0~1\95B410~1.EXE
"C:\Users\Admin\Desktop\fol\2023-0~1\95B410~1.EXE"
C:\Windows\ModemLogs\wininit.exe
C:\Windows\ModemLogs\wininit.exe
C:\Users\Admin\Desktop\fol\2023-0~1\95B410~1.EXE
"C:\Users\Admin\Desktop\fol\2023-0~1\95B410~1.EXE"
C:\Users\All Users\Adobe\Setup\dllhost.exe
"C:\Users\All Users\Adobe\Setup\dllhost.exe"
C:\Users\Admin\Desktop\fol\2023-0~1\95B410~1.EXE
"C:\Users\Admin\Desktop\fol\2023-0~1\95B410~1.EXE"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\WINDOW~1\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\NzdSupOimejfx.exe"
C:\Windows\SysWOW64\WINDOW~1\v1.0\powershell.exe
C:\Windows\System32\WINDOW~1\v1.0\powershell.exe Add-MpPreference -ExclusionPath C:\Users\Admin\AppData\Roaming\NzdSupOimejfx.exe
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\NzdSupOimejfx" /XML "C:\Users\Admin\AppData\Local\Temp\tmp2170.tmp"
C:\Windows\SysWOW64\schtasks.exe
C:\Windows\System32\schtasks.exe /Create /TN Updates\NzdSupOimejfx /XML C:\Users\Admin\AppData\Local\Temp\tmp2170.tmp
C:\Users\Admin\Desktop\fol\2023-0~1\A163AF~1.EXE
"C:\Users\Admin\Desktop\fol\2023-0~1\A163AF~1.EXE"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 848
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\WINDOW~1\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\nNYCqgKemvRU.exe"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\nNYCqgKemvRU" /XML "C:\Users\Admin\AppData\Local\Temp\tmp2AC7.tmp"
C:\Windows\SysWOW64\WINDOW~1\v1.0\powershell.exe
C:\Windows\System32\WINDOW~1\v1.0\powershell.exe Add-MpPreference -ExclusionPath C:\Users\Admin\AppData\Roaming\nNYCqgKemvRU.exe
C:\Windows\SysWOW64\schtasks.exe
C:\Windows\System32\schtasks.exe /Create /TN Updates\nNYCqgKemvRU /XML C:\Users\Admin\AppData\Local\Temp\tmp2AC7.tmp
C:\Users\Admin\Desktop\fol\2023-0~1\3AE8E5~1.EXE
"C:\Users\Admin\Desktop\fol\2023-0~1\3AE8E5~1.EXE"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 944
C:\Program Files\Mozilla Firefox\Firefox.exe
"C:\Program Files\Mozilla Firefox\Firefox.exe"
C:\Users\Admin\Desktop\fol\2023-0~1\BD03F2~1.EXE
"C:\Users\Admin\Desktop\fol\2023-0~1\BD03F2~1.EXE"
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\WINDOW~1\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\gbxlLRJLa.exe"
C:\Windows\SysWOW64\WINDOW~1\v1.0\powershell.exe
C:\Windows\System32\WINDOW~1\v1.0\powershell.exe Add-MpPreference -ExclusionPath C:\Users\Admin\AppData\Roaming\gbxlLRJLa.exe
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gbxlLRJLa" /XML "C:\Users\Admin\AppData\Local\Temp\tmp654F.tmp"
C:\Windows\SysWOW64\schtasks.exe
C:\Windows\System32\schtasks.exe /Create /TN Updates\gbxlLRJLa /XML C:\Users\Admin\AppData\Local\Temp\tmp654F.tmp
C:\Users\Admin\Desktop\fol\2023-0~1\AD7CBE~1.EXE
"C:\Users\Admin\Desktop\fol\2023-0~1\AD7CBE~1.EXE"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 908
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 788
C:\Users\Admin\Desktop\fol\2023-0~1\D3BB09~1.EXE
"C:\Users\Admin\Desktop\fol\2023-0~1\D3BB09~1.EXE"
C:\Windows\SysWOW64\wlanext.exe
"C:\Windows\SysWOW64\wlanext.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 908
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 716
C:\Users\Admin\Desktop\fol\2023-09-04\9506cdc2e1dcfdbc7b8be00e12b5bd2e4a2f6b10df353bb19f3affaaaaeafd30.exe
"C:\Users\Admin\Desktop\fol\2023-09-04\9506cdc2e1dcfdbc7b8be00e12b5bd2e4a2f6b10df353bb19f3affaaaaeafd30.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8936 -s 632
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 820
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 884
C:\Program Files\Windows Defender\de-DE\RuntimeBroker.exe
"C:\Program Files\Windows Defender\de-DE\RuntimeBroker.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 812
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 952
C:\Windows\svchost.com
"C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\dllhost.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 816
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 896
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | seznam.zapto.org | udp |
| GB | 45.76.129.156:5050 | seznam.zapto.org | tcp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | adminbogota.duckdns.org | udp |
| US | 8.8.8.8:53 | unicornio2020.duckdns.org | udp |
| US | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| US | 172.94.39.213:2015 | adminbogota.duckdns.org | tcp |
| US | 8.8.8.8:53 | 156.129.76.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.130.159.162.in-addr.arpa | udp |
| CO | 179.13.0.48:9966 | unicornio2020.duckdns.org | tcp |
| US | 8.8.8.8:53 | 16agostok.duckdns.org | udp |
| US | 8.8.8.8:53 | t.me | udp |
| NL | 149.154.167.99:443 | t.me | tcp |
| US | 8.8.8.8:53 | 99.167.154.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.111.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| US | 8.8.8.8:53 | 41.249.124.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16agostok.duckdns.org | udp |
| US | 8.8.8.8:53 | 66.43.201.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cx11830.tw1.ru | udp |
| CO | 191.93.112.225:8004 | 16agostok.duckdns.org | tcp |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| US | 8.8.8.8:53 | files.catbox.moe | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | 37.20.181.108.in-addr.arpa | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| BE | 104.68.92.92:443 | steamcommunity.com | tcp |
| US | 172.94.39.213:2015 | adminbogota.duckdns.org | tcp |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| CO | 179.13.0.48:9966 | unicornio2020.duckdns.org | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | 92.92.68.104.in-addr.arpa | udp |
| CO | 191.93.112.225:8004 | 16agostok.duckdns.org | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | transfer.sh | udp |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| FI | 65.109.229.201:80 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| CO | 191.93.112.225:8004 | 16agostok.duckdns.org | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| CO | 191.93.112.225:8004 | 16agostok.duckdns.org | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| NL | 37.139.129.251:2404 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| CO | 191.93.112.225:8004 | 16agostok.duckdns.org | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 172.94.39.213:2015 | adminbogota.duckdns.org | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| CO | 179.13.0.48:9966 | unicornio2020.duckdns.org | tcp |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| CO | 191.93.112.225:8004 | 16agostok.duckdns.org | tcp |
| US | 8.8.8.8:53 | nginx.org | udp |
| DE | 3.125.197.172:443 | nginx.org | tcp |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| US | 8.8.8.8:53 | i.ibb.co | udp |
| DE | 3.125.197.172:443 | nginx.org | tcp |
| FR | 162.19.58.156:443 | i.ibb.co | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| CO | 191.93.112.225:8004 | 16agostok.duckdns.org | tcp |
| US | 8.8.8.8:53 | 156.58.19.162.in-addr.arpa | udp |
| FR | 162.19.58.156:443 | i.ibb.co | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| RU | 45.135.232.2:21308 | tcp | |
| NL | 37.139.129.251:2404 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| FR | 162.19.58.156:443 | i.ibb.co | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| CO | 191.93.112.225:8004 | 16agostok.duckdns.org | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| US | 8.8.8.8:53 | onedrive.live.com | udp |
| US | 13.107.137.11:443 | onedrive.live.com | tcp |
| US | 8.8.8.8:53 | 11.137.107.13.in-addr.arpa | udp |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| US | 8.8.8.8:53 | u0uemq.ph.files.1drv.com | udp |
| US | 8.8.8.8:53 | adminbogota.duckdns.org | udp |
| US | 13.107.42.12:443 | u0uemq.ph.files.1drv.com | tcp |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| US | 8.8.8.8:53 | 12.42.107.13.in-addr.arpa | udp |
| FR | 162.19.58.156:443 | i.ibb.co | tcp |
| US | 8.8.8.8:53 | z.nnnaajjjgc.com | udp |
| US | 8.8.8.8:53 | unicornio2020.duckdns.org | udp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| RU | 45.135.232.2:21308 | tcp | |
| US | 172.94.39.213:2015 | adminbogota.duckdns.org | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| CO | 179.13.0.48:9966 | unicornio2020.duckdns.org | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| FR | 162.19.58.156:443 | i.ibb.co | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 8.8.8.8:53 | files.catbox.moe | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | www.xpcslda.com | udp |
| US | 167.172.228.26:80 | www.xpcslda.com | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | 26.228.172.167.in-addr.arpa | udp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 8.8.8.8:53 | 16agostok.duckdns.org | udp |
| FR | 162.19.58.156:443 | i.ibb.co | tcp |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| RU | 45.135.232.2:21308 | tcp | |
| NL | 37.139.129.251:2404 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| CO | 191.93.112.225:8004 | 16agostok.duckdns.org | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| US | 8.8.8.8:53 | mass2023.duckdns.org | udp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 80.76.51.237:2023 | mass2023.duckdns.org | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| EG | 156.223.59.18:4444 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| US | 8.8.8.8:53 | qu.ax | udp |
| RU | 45.135.232.2:21308 | tcp | |
| US | 104.21.86.112:443 | qu.ax | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| FR | 162.19.58.156:443 | i.ibb.co | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| CO | 191.93.112.225:8004 | 16agostok.duckdns.org | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | 112.86.21.104.in-addr.arpa | udp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 172.94.39.213:2015 | adminbogota.duckdns.org | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | www.vlamodel.one | udp |
| DE | 3.64.163.50:80 | www.vlamodel.one | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| CO | 179.13.0.48:9966 | unicornio2020.duckdns.org | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 8.8.8.8:53 | 50.163.64.3.in-addr.arpa | udp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| FR | 162.19.58.156:443 | i.ibb.co | tcp |
| CO | 191.93.112.225:8004 | 16agostok.duckdns.org | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| DE | 3.64.163.50:80 | www.vlamodel.one | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 8.8.8.8:53 | www.iran-protests.com | udp |
| US | 65.181.111.28:80 | www.iran-protests.com | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | 28.111.181.65.in-addr.arpa | udp |
| RU | 45.135.232.2:21308 | tcp | |
| US | 8.8.8.8:53 | showip.net | udp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| DE | 162.55.60.2:80 | showip.net | tcp |
| CO | 191.93.112.225:8004 | 16agostok.duckdns.org | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 8.8.8.8:53 | 64.43.201.23.in-addr.arpa | udp |
| FR | 162.19.58.156:443 | i.ibb.co | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 83.220.169.211:80 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| NL | 37.139.129.251:2404 | tcp | |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| US | 8.8.8.8:53 | 2.60.55.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| NL | 149.154.167.99:443 | t.me | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| BE | 104.68.92.92:443 | steamcommunity.com | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| CO | 191.93.112.225:8004 | 16agostok.duckdns.org | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 80.76.51.237:2023 | mass2023.duckdns.org | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| FR | 162.19.58.156:443 | i.ibb.co | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| FI | 65.109.229.201:80 | tcp | |
| US | 8.8.8.8:53 | www.9518837.com | udp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| HK | 103.209.129.147:80 | www.9518837.com | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 8.8.8.8:53 | mail.tubesales.co.in | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| US | 64.90.62.162:25 | mail.tubesales.co.in | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 172.94.39.213:2015 | adminbogota.duckdns.org | tcp |
| CO | 191.93.112.225:8004 | 16agostok.duckdns.org | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 103.209.129.147:80 | www.9518837.com | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| CO | 179.13.0.48:9966 | unicornio2020.duckdns.org | tcp |
| US | 8.8.8.8:53 | phonevronlene.xyz | udp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| FR | 162.19.58.156:443 | i.ibb.co | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| CO | 191.93.112.225:8004 | 16agostok.duckdns.org | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 83.220.169.211:80 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 8.8.8.8:53 | gapi-node.io | udp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| NL | 37.139.129.251:2404 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| FR | 162.19.58.156:443 | i.ibb.co | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| US | 64.90.62.162:25 | mail.tubesales.co.in | tcp |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| CO | 191.93.112.225:8004 | 16agostok.duckdns.org | tcp |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | www.7300-banking.pro | udp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 8.8.8.8:53 | api.ipify.org | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 104.26.12.205:443 | api.ipify.org | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 104.26.12.205:443 | api.ipify.org | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | 205.12.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pelsotin.buzz | udp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| FR | 162.19.58.156:443 | i.ibb.co | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| CO | 191.93.112.225:8004 | 16agostok.duckdns.org | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 80.76.51.237:2023 | mass2023.duckdns.org | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 8.8.8.8:53 | adminbogota.duckdns.org | udp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 172.94.39.213:2015 | adminbogota.duckdns.org | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | unicornio2020.duckdns.org | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| CO | 179.13.0.48:9966 | unicornio2020.duckdns.org | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 8.8.8.8:53 | 16agostok.duckdns.org | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| FI | 77.91.124.82:19071 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| FR | 162.19.58.156:443 | i.ibb.co | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| CO | 191.93.112.225:8004 | 16agostok.duckdns.org | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 192.3.179.161:80 | tcp | |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 8.8.8.8:53 | 6141.ddns.net | udp |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.4.4:53 | 6141.ddns.net | udp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 8.8.8.8:53 | 6141.ddns.net | udp |
| NL | 37.139.129.251:2404 | tcp | |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.4.0.4.0.8.0.8.0.ip6.arpa | udp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| CO | 191.93.112.225:8004 | 16agostok.duckdns.org | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 192.3.179.161:80 | tcp | |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| US | 8.8.4.4:53 | 6141.ddns.net | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| FR | 162.19.58.156:443 | i.ibb.co | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 8.8.8.8:53 | 6141.ddns.net | udp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 8.8.8.8:53 | www.bcdwg.com | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 167.172.228.26:80 | www.bcdwg.com | tcp |
| US | 64.90.62.162:25 | mail.tubesales.co.in | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 8.8.8.8:53 | showip.net | udp |
| DE | 162.55.60.2:80 | showip.net | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 8.8.8.8:53 | 6141.ddns.net | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 192.3.179.161:80 | tcp | |
| US | 8.8.4.4:53 | 6141.ddns.net | udp |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| CO | 191.93.112.225:8004 | 16agostok.duckdns.org | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 8.8.8.8:53 | 6141.ddns.net | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| FR | 162.19.58.156:443 | i.ibb.co | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 8.8.8.8:53 | www.9518837.com | udp |
| HK | 103.209.129.147:80 | www.9518837.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 172.94.39.213:2015 | adminbogota.duckdns.org | tcp |
| IN | 103.212.81.152:6141 | tcp | |
| US | 8.8.8.8:53 | mass2023.duckdns.org | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 192.3.179.161:80 | tcp | |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 80.76.51.237:2023 | mass2023.duckdns.org | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| CO | 179.13.0.48:9966 | unicornio2020.duckdns.org | tcp |
| CO | 191.93.112.225:8004 | 16agostok.duckdns.org | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| FR | 162.19.58.156:443 | i.ibb.co | tcp |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | www.k1l1b1.top | udp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| CA | 23.227.38.74:80 | www.k1l1b1.top | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | 74.38.227.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.telegram.org | udp |
| NL | 37.139.129.251:2404 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 192.3.179.161:80 | tcp | |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | 220.167.154.149.in-addr.arpa | udp |
| FI | 77.91.124.82:19071 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| CA | 23.227.38.74:80 | www.k1l1b1.top | tcp |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| CO | 191.93.112.225:8004 | 16agostok.duckdns.org | tcp |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| FR | 162.19.58.156:443 | i.ibb.co | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| CA | 23.227.38.74:80 | www.k1l1b1.top | tcp |
| US | 8.8.8.8:53 | futotarsakse.hu | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | 24.249.124.192.in-addr.arpa | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 192.3.179.161:80 | tcp | |
| US | 8.8.8.8:53 | www.jstzzlm.com | udp |
| RU | 83.220.169.211:80 | tcp | |
| US | 50.2.151.236:80 | www.jstzzlm.com | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | 236.151.2.50.in-addr.arpa | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 64.90.62.162:25 | mail.tubesales.co.in | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | futotarsakse.hu | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| FR | 162.19.58.156:443 | i.ibb.co | tcp |
| US | 8.8.8.8:53 | www.zzennsensual.com | udp |
| CO | 191.93.112.225:8004 | 16agostok.duckdns.org | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| DE | 81.169.145.84:80 | www.zzennsensual.com | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| ES | 84.54.50.31:80 | tcp | |
| US | 8.8.8.8:53 | 84.145.169.81.in-addr.arpa | udp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| DE | 81.169.145.84:80 | www.zzennsensual.com | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 192.3.179.161:80 | tcp | |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | futotarsakse.hu | udp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| FR | 162.19.58.156:443 | i.ibb.co | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| DE | 81.169.145.84:80 | www.zzennsensual.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| CO | 191.93.112.225:8004 | 16agostok.duckdns.org | tcp |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 172.94.39.213:2015 | adminbogota.duckdns.org | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| CO | 179.13.0.48:9966 | unicornio2020.duckdns.org | tcp |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 192.3.179.161:80 | tcp | |
| US | 8.8.8.8:53 | futotarsakse.hu | udp |
| IN | 103.212.81.152:6141 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 8.8.8.8:53 | www.xbavju.top | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| FR | 162.19.58.156:443 | i.ibb.co | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| CA | 23.227.38.74:80 | www.xbavju.top | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| US | 80.76.51.237:2023 | mass2023.duckdns.org | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| NL | 37.139.129.251:2404 | tcp | |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| CO | 191.93.112.225:8004 | 16agostok.duckdns.org | tcp |
| CA | 23.227.38.74:80 | www.xbavju.top | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 192.3.179.161:80 | tcp | |
| BE | 104.68.92.92:443 | steamcommunity.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | futotarsakse.hu | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| CA | 23.227.38.74:80 | www.xbavju.top | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| US | 8.8.8.8:53 | www.getxgp.link | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 83.220.169.211:80 | tcp | |
| FI | 65.109.229.201:80 | tcp | |
| FR | 162.19.58.156:443 | i.ibb.co | tcp |
| FI | 77.91.124.82:19071 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | pelsotin.buzz | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| CO | 191.93.112.225:8004 | 16agostok.duckdns.org | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | www.1776strong.com | udp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 74.208.236.46:80 | www.1776strong.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 192.3.179.161:80 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | futotarsakse.hu | udp |
| US | 8.8.8.8:53 | 46.236.208.74.in-addr.arpa | udp |
| FR | 162.19.58.156:443 | i.ibb.co | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 74.208.236.46:80 | www.1776strong.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | onedrive.live.com | udp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 13.107.137.11:443 | onedrive.live.com | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | 16agostok.duckdns.org | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | www.vevo-verify.com | udp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 8.8.8.8:53 | futotarsakse.hu | udp |
| US | 74.208.236.46:80 | www.1776strong.com | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| RU | 45.135.232.2:21308 | tcp | |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 192.3.179.161:80 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| LV | 46.183.222.77:5200 | tcp | |
| FR | 162.19.58.156:443 | i.ibb.co | tcp |
| CO | 191.93.112.225:8004 | 16agostok.duckdns.org | tcp |
| US | 8.8.8.8:53 | thanhancompany.com | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 192.185.191.127:443 | thanhancompany.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| US | 8.8.8.8:53 | adminbogota.duckdns.org | udp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | 127.191.185.192.in-addr.arpa | udp |
| US | 172.94.39.213:2015 | adminbogota.duckdns.org | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 192.3.179.161:80 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | api.ipify.org | udp |
| US | 172.67.74.152:443 | api.ipify.org | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | unicornio2020.duckdns.org | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 8.8.8.8:53 | 152.74.67.172.in-addr.arpa | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| CO | 179.13.0.48:9966 | unicornio2020.duckdns.org | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | www.5528981.com | udp |
| HK | 103.145.22.251:80 | www.5528981.com | tcp |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 8.8.8.8:53 | futotarsakse.hu | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 8.8.8.8:53 | www.doonc.xyz | udp |
| DE | 91.195.240.123:80 | www.doonc.xyz | tcp |
| US | 192.3.179.161:80 | tcp | |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| IN | 103.212.81.152:6141 | tcp | |
| NL | 37.139.129.251:2404 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| FR | 162.19.58.156:443 | i.ibb.co | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | 123.240.195.91.in-addr.arpa | udp |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| CO | 191.93.112.225:8004 | 16agostok.duckdns.org | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| DE | 91.195.240.123:80 | www.doonc.xyz | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 80.76.51.237:2023 | mass2023.duckdns.org | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | futotarsakse.hu | udp |
| US | 8.8.8.8:53 | www.opleermandmand.com | udp |
| NL | 185.104.28.238:80 | www.opleermandmand.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | 238.28.104.185.in-addr.arpa | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 192.3.179.161:80 | tcp | |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 8.8.8.8:53 | mail.parivartansandeshfoundation.com | udp |
| SG | 184.168.111.8:587 | mail.parivartansandeshfoundation.com | tcp |
| FR | 162.19.58.156:443 | i.ibb.co | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| CO | 191.93.112.225:8004 | 16agostok.duckdns.org | tcp |
| FI | 77.91.124.82:19071 | tcp | |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | futotarsakse.hu | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 192.3.179.161:80 | tcp | |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 104.21.86.112:443 | qu.ax | tcp |
| FR | 162.19.58.156:443 | i.ibb.co | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| CO | 191.93.112.225:8004 | 16agostok.duckdns.org | tcp |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| US | 8.8.8.8:53 | futotarsakse.hu | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 192.3.179.161:80 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | www.rogerstrong.com | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 192.3.179.161:80 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 172.94.39.213:2015 | adminbogota.duckdns.org | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| LV | 46.183.222.77:5200 | tcp | |
| FR | 162.19.58.156:443 | i.ibb.co | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| CO | 179.13.0.48:9966 | unicornio2020.duckdns.org | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 172.67.74.152:443 | api.ipify.org | tcp |
| US | 8.8.8.8:53 | www.barbarahensonrealestate.com | udp |
| US | 3.33.130.190:80 | www.barbarahensonrealestate.com | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| US | 8.8.8.8:53 | futotarsakse.hu | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | 190.130.33.3.in-addr.arpa | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| NL | 37.139.129.251:2404 | tcp | |
| CO | 191.93.112.225:8004 | 16agostok.duckdns.org | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 192.3.179.161:80 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 8.8.8.8:53 | 6141.ddns.net | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | www.bitinu.tech | udp |
| US | 8.8.4.4:53 | 6141.ddns.net | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | 6141.ddns.net | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 8.8.8.8:53 | futotarsakse.hu | udp |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| FR | 162.19.58.156:443 | i.ibb.co | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | mass2023.duckdns.org | udp |
| US | 80.76.51.237:2023 | mass2023.duckdns.org | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| CO | 191.93.112.225:8004 | 16agostok.duckdns.org | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 192.3.179.161:80 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 172.67.74.152:443 | api.ipify.org | tcp |
| US | 8.8.8.8:53 | 6141.ddns.net | udp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.4.4:53 | 6141.ddns.net | udp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | 6141.ddns.net | udp |
| US | 172.67.74.152:443 | api.ipify.org | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| US | 8.8.8.8:53 | futotarsakse.hu | udp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | www.blackgrow.info | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 8.8.8.8:53 | www.jrys117.top | udp |
| FI | 77.91.124.82:19071 | tcp | |
| FR | 162.19.58.156:443 | i.ibb.co | tcp |
| US | 203.161.53.83:80 | www.blackgrow.info | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| CO | 191.93.112.225:8004 | 16agostok.duckdns.org | tcp |
| US | 192.3.179.161:80 | tcp | |
| US | 8.8.8.8:53 | 6141.ddns.net | udp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 8.8.4.4:53 | 6141.ddns.net | udp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | 6141.ddns.net | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | 83.53.161.203.in-addr.arpa | udp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| US | 8.8.8.8:53 | www.shimakaze-83.cfd | udp |
| US | 203.161.53.83:80 | www.blackgrow.info | tcp |
| US | 192.3.179.161:80 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| IN | 103.212.81.152:6141 | tcp | |
| US | 203.161.53.83:80 | www.blackgrow.info | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 172.94.39.213:2015 | adminbogota.duckdns.org | tcp |
| US | 8.8.8.8:53 | www.serofix.com | udp |
| FR | 162.19.58.156:443 | i.ibb.co | tcp |
| US | 3.33.130.190:80 | www.serofix.com | tcp |
| CO | 191.93.112.225:8004 | 16agostok.duckdns.org | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | futotarsakse.hu | udp |
| CO | 179.13.0.48:9966 | unicornio2020.duckdns.org | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| NL | 37.139.129.251:2404 | tcp | |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| US | 8.8.8.8:53 | www.whistle.news | udp |
| LT | 84.32.84.32:80 | www.whistle.news | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 8.8.8.8:53 | pelsotin.buzz | udp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| LV | 46.183.222.77:5200 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | www.transportlogistcs.com | udp |
| US | 192.3.179.161:80 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 8.8.8.8:53 | 32.84.32.84.in-addr.arpa | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | www.transportlogistcs.com | udp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| LT | 84.32.84.32:80 | www.whistle.news | tcp |
| RU | 83.220.169.211:80 | tcp | |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| FR | 162.19.58.156:443 | i.ibb.co | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| CO | 191.93.112.225:8004 | 16agostok.duckdns.org | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 8.8.8.8:53 | www.transportlogistcs.com | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | futotarsakse.hu | udp |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 172.67.74.152:443 | api.ipify.org | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 192.3.179.161:80 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 80.76.51.237:2023 | mass2023.duckdns.org | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | 16agostok.duckdns.org | udp |
| US | 8.8.8.8:53 | www.ui-un.com | udp |
| CO | 191.93.112.225:8004 | 16agostok.duckdns.org | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| FI | 95.216.242.245:80 | www.ui-un.com | tcp |
| US | 8.8.8.8:53 | www.ichsport.com | udp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 3.33.130.190:80 | www.ichsport.com | tcp |
| FR | 162.19.58.156:443 | i.ibb.co | tcp |
| US | 8.8.8.8:53 | 245.242.216.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | futotarsakse.hu | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 192.3.179.161:80 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| FI | 95.216.242.245:80 | www.ui-un.com | tcp |
| US | 192.3.179.161:80 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| FI | 77.91.124.82:19071 | tcp | |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| FI | 95.216.242.245:80 | www.ui-un.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | futotarsakse.hu | udp |
| CO | 191.93.112.225:8004 | 16agostok.duckdns.org | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 8.8.8.8:53 | www.charcoal-id.com | udp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| FR | 162.19.58.156:443 | i.ibb.co | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| ID | 202.52.146.246:80 | www.charcoal-id.com | tcp |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | adminbogota.duckdns.org | udp |
| US | 172.94.39.213:2015 | adminbogota.duckdns.org | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| NL | 37.139.129.251:2404 | tcp | |
| US | 192.3.179.161:80 | tcp | |
| IN | 103.212.81.152:6141 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| BE | 104.68.92.92:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | 246.146.52.202.in-addr.arpa | udp |
| US | 8.8.8.8:53 | futotarsakse.hu | udp |
| ID | 202.52.146.246:80 | www.charcoal-id.com | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | unicornio2020.duckdns.org | udp |
| US | 8.8.8.8:53 | www.janus.news | udp |
| FI | 65.109.229.201:80 | tcp | |
| CO | 179.13.0.48:9966 | unicornio2020.duckdns.org | tcp |
| US | 8.8.8.8:53 | www.5528981.com | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 18.205.222.128:80 | www.janus.news | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 83.220.169.211:80 | tcp | |
| CO | 191.93.112.225:8004 | 16agostok.duckdns.org | tcp |
| US | 172.67.74.152:443 | api.ipify.org | tcp |
| HK | 103.145.22.251:80 | www.5528981.com | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | 128.222.205.18.in-addr.arpa | udp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| ID | 202.52.146.246:80 | www.charcoal-id.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 18.205.222.128:80 | www.janus.news | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| LV | 46.183.222.77:5200 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 192.3.179.161:80 | tcp | |
| US | 8.8.8.8:53 | www.lydia324711.com | udp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 8.8.8.8:53 | futotarsakse.hu | udp |
| DE | 62.116.130.8:80 | www.lydia324711.com | tcp |
| FR | 162.19.58.156:443 | i.ibb.co | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 8.8.8.8:53 | 8.130.116.62.in-addr.arpa | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 18.205.222.128:80 | www.janus.news | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | www.essencedelanature.com | udp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 198.185.159.144:80 | www.essencedelanature.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| DE | 62.116.130.8:80 | www.lydia324711.com | tcp |
| CO | 191.93.112.225:8004 | 16agostok.duckdns.org | tcp |
| US | 8.8.8.8:53 | www.waremart.top | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 162.0.213.94:80 | www.waremart.top | tcp |
| US | 8.8.8.8:53 | 144.159.185.198.in-addr.arpa | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | www.dlandolfi.com | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 8.8.8.8:53 | futotarsakse.hu | udp |
| US | 8.8.8.8:53 | 94.213.0.162.in-addr.arpa | udp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| DE | 185.225.208.56:80 | www.dlandolfi.com | tcp |
| US | 192.3.179.161:80 | tcp | |
| DE | 62.116.130.8:80 | www.lydia324711.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 162.0.213.94:80 | www.waremart.top | tcp |
| FR | 162.19.58.156:443 | i.ibb.co | tcp |
| US | 8.8.8.8:53 | 56.208.225.185.in-addr.arpa | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | www.mydesigneredge.com | udp |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| US | 162.144.13.104:80 | www.mydesigneredge.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 192.3.179.161:80 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 80.76.51.237:2023 | mass2023.duckdns.org | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | 104.13.144.162.in-addr.arpa | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 162.0.213.94:80 | www.waremart.top | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 162.144.13.104:80 | www.mydesigneredge.com | tcp |
| US | 8.8.8.8:53 | futotarsakse.hu | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 8.8.8.8:53 | www.bnmlk.org | udp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 52.184.89.129:80 | www.bnmlk.org | tcp |
| US | 192.3.179.161:80 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| FR | 162.19.58.156:443 | i.ibb.co | tcp |
| US | 162.144.13.104:80 | www.mydesigneredge.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | 129.89.184.52.in-addr.arpa | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 52.184.89.129:80 | www.bnmlk.org | tcp |
| FI | 77.91.124.82:19071 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 8.8.8.8:53 | www.calculaqui.com | udp |
| US | 172.67.203.131:80 | www.calculaqui.com | tcp |
| CO | 191.93.112.225:8004 | 16agostok.duckdns.org | tcp |
| US | 8.8.8.8:53 | futotarsakse.hu | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | 131.203.67.172.in-addr.arpa | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| NL | 37.139.129.251:2404 | tcp | |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 172.94.39.213:2015 | adminbogota.duckdns.org | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 192.3.179.161:80 | tcp | |
| HK | 52.184.89.129:80 | www.bnmlk.org | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 172.67.203.131:80 | www.calculaqui.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| FR | 162.19.58.156:443 | i.ibb.co | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| IN | 103.212.81.152:6141 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| CO | 179.13.0.48:9966 | unicornio2020.duckdns.org | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | futotarsakse.hu | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 172.67.203.131:80 | www.calculaqui.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| CO | 191.93.112.225:8004 | 16agostok.duckdns.org | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 192.3.179.161:80 | tcp | |
| US | 8.8.8.8:53 | www.tartar.life | udp |
| US | 66.29.145.248:80 | www.tartar.life | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | www.farmacianovapiel.com | udp |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | 248.145.29.66.in-addr.arpa | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 162.144.239.6:80 | www.farmacianovapiel.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| FR | 162.19.58.156:443 | i.ibb.co | tcp |
| US | 8.8.8.8:53 | 6.239.144.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.particlecraft.net | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 66.29.145.248:80 | www.tartar.life | tcp |
| LV | 46.183.222.77:5200 | tcp | |
| US | 8.8.8.8:53 | www.yle4ql.cfd | udp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 8.8.8.8:53 | futotarsakse.hu | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 162.144.239.6:80 | www.farmacianovapiel.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 192.3.179.161:80 | tcp | |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 66.29.145.248:80 | www.tartar.life | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| CO | 191.93.112.225:8004 | 16agostok.duckdns.org | tcp |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 192.3.179.161:80 | tcp | |
| US | 162.144.239.6:80 | www.farmacianovapiel.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | futotarsakse.hu | udp |
| FR | 162.19.58.156:443 | i.ibb.co | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | pelsotin.buzz | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | www.banking-products.com | udp |
| US | 192.3.179.161:80 | tcp | |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 8.8.8.8:53 | www.safartour.org | udp |
| CA | 147.182.158.121:80 | www.banking-products.com | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| GB | 109.70.148.72:80 | www.safartour.org | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| US | 8.8.8.8:53 | mass2023.duckdns.org | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 80.76.51.237:2023 | mass2023.duckdns.org | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | www.75788yh.com | udp |
| US | 8.8.8.8:53 | 121.158.182.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.148.70.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | futotarsakse.hu | udp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| CO | 191.93.112.225:8004 | 16agostok.duckdns.org | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 206.119.4.228:80 | www.75788yh.com | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| FR | 162.19.58.156:443 | i.ibb.co | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| CA | 147.182.158.121:80 | www.banking-products.com | tcp |
| GB | 109.70.148.72:80 | www.safartour.org | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | 228.4.119.206.in-addr.arpa | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 206.119.4.228:80 | www.75788yh.com | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 192.3.179.161:80 | tcp | |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| NL | 37.139.129.251:2404 | tcp | |
| CA | 147.182.158.121:80 | www.banking-products.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| GB | 109.70.148.72:80 | www.safartour.org | tcp |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 172.94.39.213:2015 | adminbogota.duckdns.org | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | futotarsakse.hu | udp |
| HK | 206.119.4.228:80 | www.75788yh.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| CO | 191.93.112.225:8004 | 16agostok.duckdns.org | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| CO | 179.13.0.48:9966 | unicornio2020.duckdns.org | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| FR | 162.19.58.156:443 | i.ibb.co | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 8.8.8.8:53 | www.sandiegosharon.com | udp |
| US | 8.8.8.8:53 | 6141.ddns.net | udp |
| US | 8.8.4.4:53 | 6141.ddns.net | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | 6141.ddns.net | udp |
| US | 154.37.4.113:80 | www.sandiegosharon.com | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 192.3.179.161:80 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | www.foodstore.top | udp |
| US | 8.8.8.8:53 | www.soniakmahajan.com | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 3.33.130.190:80 | www.soniakmahajan.com | tcp |
| US | 44.227.76.166:80 | www.foodstore.top | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | 113.4.37.154.in-addr.arpa | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | www.wangbaomen23.xyz | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | 166.76.227.44.in-addr.arpa | udp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | futotarsakse.hu | udp |
| US | 34.120.55.112:80 | www.wangbaomen23.xyz | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 154.37.4.113:80 | www.sandiegosharon.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | 112.55.120.34.in-addr.arpa | udp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 8.8.8.8:53 | 16agostok.duckdns.org | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| CO | 191.93.112.225:8004 | 16agostok.duckdns.org | tcp |
| FR | 162.19.58.156:443 | i.ibb.co | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | 6141.ddns.net | udp |
| US | 172.67.74.152:443 | api.ipify.org | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.4.4:53 | 6141.ddns.net | udp |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | www.freeprosoftz.download | udp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| US | 172.67.175.76:80 | www.freeprosoftz.download | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 34.120.55.112:80 | www.wangbaomen23.xyz | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 192.3.179.161:80 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 154.37.4.113:80 | www.sandiegosharon.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 192.3.179.161:80 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | 76.175.67.172.in-addr.arpa | udp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| LV | 46.183.222.77:5200 | tcp | |
| US | 8.8.8.8:53 | futotarsakse.hu | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 172.67.175.76:80 | www.freeprosoftz.download | tcp |
| US | 34.120.55.112:80 | www.wangbaomen23.xyz | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | 6141.ddns.net | udp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.4.4:53 | 6141.ddns.net | udp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 8.8.8.8:53 | 6141.ddns.net | udp |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| FR | 162.19.58.156:443 | i.ibb.co | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| US | 172.67.175.76:80 | www.freeprosoftz.download | tcp |
| CO | 191.93.112.225:8004 | 16agostok.duckdns.org | tcp |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| US | 8.8.8.8:53 | www.astros84.click | udp |
| US | 192.3.179.161:80 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 8.8.8.8:53 | futotarsakse.hu | udp |
| RU | 45.135.232.2:21308 | tcp | |
| US | 8.8.8.8:53 | www.warnernc.com | udp |
| IN | 103.212.81.152:6141 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| US | 80.76.51.237:2023 | mass2023.duckdns.org | tcp |
| FR | 162.19.58.156:443 | i.ibb.co | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | www.ng1ljmv67o.com | udp |
| US | 208.91.197.44:80 | www.ng1ljmv67o.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| CO | 191.93.112.225:8004 | 16agostok.duckdns.org | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 8.8.8.8:53 | 44.197.91.208.in-addr.arpa | udp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 192.3.179.161:80 | tcp | |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| NL | 37.139.129.251:2404 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | adminbogota.duckdns.org | udp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 8.8.8.8:53 | futotarsakse.hu | udp |
| US | 172.94.39.213:2015 | adminbogota.duckdns.org | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 208.91.197.44:80 | www.ng1ljmv67o.com | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| US | 8.8.8.8:53 | www.cloud-force.club | udp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 8.8.8.8:53 | unicornio2020.duckdns.org | udp |
| US | 8.8.8.8:53 | www.dconnekt.com | udp |
| CO | 179.13.0.48:9966 | unicornio2020.duckdns.org | tcp |
| HK | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| RU | 45.135.232.2:21308 | tcp | |
| US | 8.8.8.8:53 | www.nongsanvietco.com | udp |
| US | 8.8.8.8:53 | sept4em.tuktuk.ug | udp |
| US | 3.33.244.179:80 | www.dconnekt.com | tcp |
| US | 8.8.8.8:53 | www.hrwv098.xyz | udp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 8.8.8.8:53 | www.cloud-force.club | udp |
| FI | 77.91.124.82:19071 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| VN | 103.75.184.21:80 | www.nongsanvietco.com | tcp |
| US | 208.91.197.44:80 | www.ng1ljmv67o.com | tcp |
| US | 8.8.8.8:53 | 179.244.33.3.in-addr.arpa | udp |
| RU | 45.135.232.2:21308 | tcp | |
| RU | 45.135.232.2:21308 | tcp | |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| US | 108.181.20.37:443 | files.catbox.moe | tcp |
| FR | 162.19.58.156:443 | i.ibb.co | tcp |
Files
memory/3812-7-0x00000000002A0000-0x0000000000350000-memory.dmp
memory/3812-8-0x0000000004B90000-0x0000000004C2C000-memory.dmp
memory/3812-9-0x0000000005390000-0x000000000588E000-memory.dmp
memory/3812-10-0x0000000004D70000-0x0000000004E02000-memory.dmp
memory/3812-11-0x0000000002820000-0x000000000282A000-memory.dmp
memory/3812-12-0x0000000004CD0000-0x0000000004D26000-memory.dmp
memory/3812-13-0x0000000004E10000-0x0000000004E5A000-memory.dmp
memory/3812-14-0x0000000005340000-0x000000000534C000-memory.dmp
memory/4412-15-0x0000000000D30000-0x0000000000E24000-memory.dmp
memory/4412-16-0x0000000002E80000-0x0000000002E8E000-memory.dmp
memory/4412-17-0x0000000002E90000-0x0000000002E9C000-memory.dmp
C:\Program Files\Windows NT\TableTextService\en-US\OfficeClickToRun.exe
| MD5 | 153bbcb1f4e7dc0682912461dc23a716 |
| SHA1 | 34d821a6a40243ec9c2bc058c6c83cd25756e33c |
| SHA256 | 1585f8fcf9fcb6c0205456da7993f3d4c3cf0fb9af1ce935c1a37f5da867b05d |
| SHA512 | ec589074b826df304eb2df25340a4659bf1908516092602940ffbaba54e3fa339e8ea08327265bc0a16b697ff90873636658a4cacb8addc10be2a719dee70130 |
memory/4908-48-0x0000000000750000-0x00000000007F6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\28f8dD4oeg.bat
| MD5 | 41d5a7e9771f7b2108063401d7386f0a |
| SHA1 | 05d1df5e4f203740d4fe1561939a7b71f7e5b10c |
| SHA256 | 3eb0b40fdecbc299115796d5275784e7808ecc4736dcd8da5135ca7fbe99efd9 |
| SHA512 | 1e14be3982dff2eedb5f69301930c688a9979d43179d57b5a9c08c00b62308bc25bf8250bdb7757ba9f0414f31c6f71c63ec3ae65d3e77a8b6e298917d4b3762 |
memory/4908-52-0x00000000051C0000-0x00000000051DA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GRz41KVB.JxD
| MD5 | c969eb4ab278b8b50fb7883c01480e39 |
| SHA1 | 400d8637c209ec6bec0bcbe674d439d1bcac69a2 |
| SHA256 | d456847efc5d7e79bd959b22aadc08996cc9f6c05247426fe8223ac09aafb02b |
| SHA512 | 7e44a85edb33dcccd2f90d0ada358bbd62608b96d7bd6ae453cf872493bc1ccee6a21e1dff5da9b55ae5e0f61e9529cb3488f39f025f083daa415a88713dbe4f |
memory/2388-59-0x0000000000400000-0x0000000000619000-memory.dmp
memory/1956-61-0x0000000000290000-0x000000000036A000-memory.dmp
memory/1956-62-0x0000000002480000-0x000000000249C000-memory.dmp
memory/1956-65-0x0000000002300000-0x0000000002312000-memory.dmp
memory/1956-64-0x000000001AF90000-0x000000001AFA6000-memory.dmp
memory/1956-63-0x000000001AFE0000-0x000000001B030000-memory.dmp
memory/1956-68-0x00000000024A0000-0x00000000024AE000-memory.dmp
memory/1956-67-0x0000000002360000-0x000000000236A000-memory.dmp
memory/1956-69-0x000000001AFD0000-0x000000001AFD8000-memory.dmp
memory/1956-66-0x000000001BC30000-0x000000001C156000-memory.dmp
C:\Users\Admin\csrss.exe
| MD5 | 082db4007f97530f2a58c598ba34c777 |
| SHA1 | ec4c6c7f632c243b775ce266b25691e79dfe8bc4 |
| SHA256 | 49c73b052a2cc5cbf609b2481c7ad293f28235110165064b54f498eb6d45526b |
| SHA512 | acc430f305acb8554a2e5bfea8a3e3853d3172d7968de392b2bdfd6025f9f4e888ca2d8f28485431fac479bddd8e3bd5d2afa77daa9723072cadf454b637f57e |
C:\Users\Admin\AppData\Local\Temp\J9SMW.NXS
| MD5 | e53a4ae918b729caeeef26f1fb762c2c |
| SHA1 | 689e76a00d4d4957d63823b873f5277f6c8d0eb2 |
| SHA256 | 0b18993e39094c2f85590ac4abcac3539bcf3f28d1e4c291567860992977459c |
| SHA512 | 919bd69b5eeb76e8a20b52d01b2df760a044610fafd336a22493cb707e28eab28308524dc9cc7e21ae5d3d0d08c68b9d13d5f5c8ad380e3648c27b3c9fd5c5c3 |
C:\Users\Admin\AppData\Local\Temp\VSKioGbcuq.bat
| MD5 | 812a202ee7ef5139147f2e637adf5554 |
| SHA1 | 6df0cac6296fdb1d7bc4bc9c23a0aaf709da29c6 |
| SHA256 | 76186a5ef026b09657576a6c86837a6a49f25167d782a273ab8d62875cf1e038 |
| SHA512 | 8b6e9c73e269e84e3ef57552a9c2af44364839db8db3092ccd458327c7b7ef42fbc087c09e1468cc04f50dba95209ab7dc4b1347c0522eea3f0662b97bc90902 |
memory/3696-88-0x0000000000400000-0x0000000000618000-memory.dmp
memory/2388-90-0x0000000004AF0000-0x0000000004BEC000-memory.dmp
memory/2388-94-0x0000000004C00000-0x0000000004CE3000-memory.dmp
memory/2388-91-0x0000000004C00000-0x0000000004CE3000-memory.dmp
memory/4940-95-0x000001665A3D0000-0x000001665A3EE000-memory.dmp
memory/2780-96-0x0000000000720000-0x000000000075E000-memory.dmp
memory/3696-97-0x0000000004FE0000-0x00000000050DC000-memory.dmp
\Users\Admin\AppData\Local\Temp\nsw1F13.tmp\System.dll
| MD5 | 6e55a6e7c3fdbd244042eb15cb1ec739 |
| SHA1 | 070ea80e2192abc42f358d47b276990b5fa285a9 |
| SHA256 | acf90ab6f4edc687e94aaf604d05e16e6cfb5e35873783b50c66f307a35c6506 |
| SHA512 | 2d504b74da38edc967e3859733a2a9cacd885db82f0ca69bfb66872e882707314c54238344d45945dc98bae85772aceef71a741787922d640627d3c8ae8f1c35 |
memory/4856-105-0x0000000000660000-0x0000000000672000-memory.dmp
memory/3812-109-0x00000000061E0000-0x0000000006246000-memory.dmp
memory/3696-110-0x00000000050E0000-0x00000000051C3000-memory.dmp
memory/3696-113-0x00000000050E0000-0x00000000051C3000-memory.dmp
memory/2952-114-0x000002B99C1D0000-0x000002B99C22A000-memory.dmp
memory/4420-118-0x00000000001C0000-0x0000000000246000-memory.dmp
memory/1288-120-0x00000000008A0000-0x0000000000950000-memory.dmp
memory/4888-125-0x00000000059B0000-0x0000000005A12000-memory.dmp
memory/2388-126-0x0000000000400000-0x0000000000619000-memory.dmp
memory/4888-124-0x00000000034F0000-0x0000000003556000-memory.dmp
memory/3144-122-0x0000000000EE0000-0x0000000000F88000-memory.dmp
memory/2356-123-0x00000000001F0000-0x0000000000292000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\49c73b052a2cc5cbf609b2481c7ad293f28235110165064b54f498eb6d45526b.exe.log
| MD5 | 430a3e587f99c7640a58a042ce63bdd6 |
| SHA1 | 5d11d6b74e56cf622796971b8f57f57ca37592db |
| SHA256 | a087c10187c77ec487d0dcce45d36d5b1ff44f063aba489a17937f041de70bf7 |
| SHA512 | 0b2422fceade7f32cabf29cbb658663ec6f05c977435f66d1bd80c99ae0043e0d95f1bfafa4ec4fe84bc77a1a3b45bf38e84ce8737a6cf2b25bad4e37af0797d |
memory/3144-128-0x0000000005A20000-0x0000000005A34000-memory.dmp
memory/1288-129-0x0000000005C10000-0x0000000005C2A000-memory.dmp
memory/4564-150-0x0000000000400000-0x0000000000430000-memory.dmp
\Users\Admin\AppData\Local\Temp\nsn3C30.tmp\System.dll
| MD5 | a4dd044bcd94e9b3370ccf095b31f896 |
| SHA1 | 17c78201323ab2095bc53184aa8267c9187d5173 |
| SHA256 | 2e226715419a5882e2e14278940ee8ef0aa648a3ef7af5b3dc252674111962bc |
| SHA512 | 87335a43b9ca13e1300c7c23e702e87c669e2bcf4f6065f0c684fc53165e9c1f091cc4d79a3eca3910f0518d3b647120ac0be1a68eaade2e75eaa64adfc92c5a |
memory/4564-151-0x0000000006F60000-0x0000000006F66000-memory.dmp
memory/4444-152-0x0000000000880000-0x00000000008C4000-memory.dmp
memory/1112-153-0x0000000000230000-0x000000000026E000-memory.dmp
memory/4564-155-0x0000000009CB0000-0x000000000A2B6000-memory.dmp
memory/4564-164-0x0000000009720000-0x000000000976B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsz4AF7.tmp\System.dll
| MD5 | 17ed1c86bd67e78ade4712be48a7d2bd |
| SHA1 | 1cc9fe86d6d6030b4dae45ecddce5907991c01a0 |
| SHA256 | bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb |
| SHA512 | 0cbed521e7d6d1f85977b3f7d3ca7ac34e1b5495b69fd8c7bfa1a846baf53b0ecd06fe1ad02a3599082ffacaf8c71a3bb4e32dec05f8e24859d736b828092cd5 |
memory/4564-158-0x00000000096E0000-0x000000000971E000-memory.dmp
memory/1308-173-0x0000000000660000-0x000000000073C000-memory.dmp
memory/532-174-0x0000000005990000-0x00000000059F6000-memory.dmp
memory/4564-157-0x0000000009540000-0x0000000009552000-memory.dmp
memory/4564-156-0x00000000097B0000-0x00000000098BA000-memory.dmp
memory/3248-175-0x0000000005910000-0x0000000005976000-memory.dmp
memory/532-176-0x0000000005EF0000-0x0000000005F52000-memory.dmp
memory/1924-183-0x0000000002670000-0x0000000002682000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ufclwciske.exe
| MD5 | 0cf1c234e21549b221bc4b2c81e28037 |
| SHA1 | 06f7b2c8d262c7703ac8bbcc3038a6bbea1a4b67 |
| SHA256 | 45ff6ee0df94a3cb333b709f521ca3818bc567bf34bfe7fd4533d3971789d539 |
| SHA512 | 6c2423374598fcf7d782450363a2e871deb2909a436f0daafc193ff17ea3a4ab575b4bba73eed608416f62231cc28dcd953de07da6ad913707b52611ae98897c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Kompilator243\Tontine\Optimales\remember.c
| MD5 | 7967587ae63f62994753eaa6a3385a3f |
| SHA1 | ab8a0326d6a4352552a0ea852a8669bb049b0d33 |
| SHA256 | 9d66bfaddb35901308c2b0a422f65016ce6f565f2835c5c866991965df0c1e9d |
| SHA512 | 6971d6f07efc2b0bb04e2a61baf28b45e9d93570bf9865a050001655b4a017af763762a5c566c0759a0fb5ff5a6043fbe8cda88c17725e644a35d1a530225424 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Kompilator243\Tontine\Optimales\mail-attachment.png
| MD5 | d3e1af9be162e4602ec498caaa8f4309 |
| SHA1 | 1e6b226f05cbc0517f18695ad3365363c7c0e9ca |
| SHA256 | e01793ce6ac58ad98d7500ed1ef1e525d8b07b11215a1fdcc939b7fd9f77381e |
| SHA512 | 321dd4c9172dc8e8ee568bcc379f929e33ca5af4088b011595d56a186f935ad24b2f5f306023f7027bacd422dadafb4e6b173a838a472b60e453740cbcf8d9f4 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Kompilator243\Tontine\Influenced\Geheimrat\battery-level-50-charging-symbolic.symbolic.png
| MD5 | 67d67418e29b486a27b87cba4329d73c |
| SHA1 | 8e869401abbb8e1642fd5a0de31a12f138f50170 |
| SHA256 | 938dbd300814c255b814bc025a3af876f96a5f01177066a62a30b74a53189a93 |
| SHA512 | cfdd25fb3e2d5c9871f414574339dd84b0239f6973ce289e50f89ef4c39e498bd9679294174e165540f8de0cda3b2f7dfc9fe8858f56404f0b79eac0de98b6d0 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Kompilator243\Tontine\Minification.Sge
| MD5 | e051e5883c70332def5df4eb691d214e |
| SHA1 | cf3b65db07a018776579007ce5d0b335315c08f8 |
| SHA256 | fc09f41e517a983cd3a6d14fc909b9ea727a10e4d6ef3ddefd713aef214e8211 |
| SHA512 | 5e7a8c8c2cefd44dda6b2367d29c6d5f595ca18b934d8ac85e29a8512c7607ce49f03d0f5187258115c407e9515a5080a616f907c058e6d62f17abdea5408e4b |
memory/2364-200-0x0000000000550000-0x0000000000598000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\uzgsf.dl
| MD5 | a626e878a12016674242642dfaf0c150 |
| SHA1 | abec6f393244a575cf08e6c38ebbf8d4b338e676 |
| SHA256 | f51e4f240e5029490d9b4623dc90ca4914dc99208664519b8d4b3695a1051451 |
| SHA512 | 35428c35ad64335d0aa6c87c10b574fcf02d58e868cfe762b667018dbf0348f74ec99cda540833ee7b80ecb6ad6739cdecf369ff5c4d213a61b68eeb1b814a05 |
\Users\Admin\AppData\Local\Temp\BohvhBvo.fyn
| MD5 | 264e8dcef8c402a4725283374e3e70b7 |
| SHA1 | 21d97163ba61e01b48912ca8e72e3173a3fd03f3 |
| SHA256 | 05aec7ada3bd9384e58b70be7517a1492aefd3d37e27843678622acadd267bb6 |
| SHA512 | 268de85154f7bf8484180052edc112d548f67583afb1b42d749f459c7f48aa3e3be7418a5cd6f1ffb14a2ed02cfe7350eb67c832a85ba31202e2be339a04e3f4 |
memory/5432-243-0x0000000000400000-0x0000000000624000-memory.dmp
memory/5732-251-0x0000000000C80000-0x0000000000D5C000-memory.dmp
memory/6048-263-0x00000000008A0000-0x00000000009A8000-memory.dmp
memory/5432-278-0x0000000004D30000-0x0000000004E2D000-memory.dmp
memory/5432-287-0x0000000005160000-0x0000000005245000-memory.dmp
memory/5432-282-0x0000000005160000-0x0000000005245000-memory.dmp
memory/4908-302-0x00000000053B0000-0x00000000053BA000-memory.dmp
memory/4908-303-0x00000000067D0000-0x000000000683A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\qaxruk.exe
| MD5 | c2dae9b244388a0440d6cf19a367fed4 |
| SHA1 | 5ab80320f6e365db0a8444aa94db3f2dd5ed3787 |
| SHA256 | b21695b2254d5be16a00a93b76ca2651f3da7c27c9ba347b65e768ccf2fdd6c5 |
| SHA512 | d2e018c2e73ea1738d6da6fe91ecf23cc2442fe5f204dfb1fecafc9d1221f1f0b645d755c9e531be9187057926e710c57ec62b833e7a5696279e0a9868059480 |
C:\Users\Admin\AppData\Local\Temp\jknzojxbhyc.pp
| MD5 | fbe44376f8fda55210d2af21ce663135 |
| SHA1 | 6cb0f1e1ff2664d751207cf0a7f819f673231146 |
| SHA256 | c43c4c1df2d51d26b59216893a27c0e5e144ed70b1027d405b64c13492bc53b7 |
| SHA512 | c048d2c9bbf5cf5d8cda3b2eaa04e3be6ede57524b5462724c23a1e25424984ce08e3da3f8c69d367b3a12cb7cdb0bb8d3fe0e854e1a8152b3c853fc7cf78399 |
memory/1840-313-0x0000000000400000-0x000000000042F000-memory.dmp
memory/1840-330-0x0000000000400000-0x000000000042F000-memory.dmp
memory/5832-332-0x0000000001330000-0x0000000001357000-memory.dmp
memory/5832-331-0x0000000001330000-0x0000000001357000-memory.dmp
memory/2372-336-0x0000000000400000-0x00000000013BA000-memory.dmp
memory/4888-337-0x0000000000400000-0x00000000013C3000-memory.dmp
memory/532-342-0x0000000000400000-0x00000000013C3000-memory.dmp
memory/4420-357-0x00000000061F0000-0x000000000623C000-memory.dmp
memory/6060-358-0x0000000000400000-0x000000000042F000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
| MD5 | a3e13487a9a2f94eeca18833ac321927 |
| SHA1 | 4644c348656095198082563b6e96ce57c323b588 |
| SHA256 | 72ab937a9aec4c984aa303f46f513fe3535e1b7180d522906db08910e4ede377 |
| SHA512 | 5058ec2144bf347bb2ebb81501014f6af3235303cb808d5a69387eef219889613408e66de45992ebed4f05c23e72d426cfe9ce7d73e0ef612db2cd2244e762b5 |
memory/2356-368-0x0000000006230000-0x00000000062AC000-memory.dmp
memory/5964-356-0x0000000000400000-0x0000000000435000-memory.dmp
memory/3144-347-0x00000000083C0000-0x0000000008434000-memory.dmp
memory/1288-346-0x00000000069D0000-0x0000000006A3E000-memory.dmp
memory/3248-338-0x0000000000400000-0x00000000013C3000-memory.dmp
memory/1288-341-0x0000000005C80000-0x0000000005C8C000-memory.dmp
memory/3144-340-0x0000000006CE0000-0x0000000006CEE000-memory.dmp
memory/3144-339-0x0000000005A40000-0x0000000005A4C000-memory.dmp
memory/3696-335-0x0000000000400000-0x0000000000618000-memory.dmp
memory/5484-376-0x0000000000400000-0x0000000000442000-memory.dmp
memory/5316-375-0x0000000000710000-0x00000000007B6000-memory.dmp
memory/5316-388-0x00000000053E0000-0x00000000053F4000-memory.dmp
memory/5624-391-0x0000000000F90000-0x0000000000FA6000-memory.dmp
memory/5624-390-0x0000000000F90000-0x0000000000FA6000-memory.dmp
memory/996-389-0x0000000000400000-0x000000000042F000-memory.dmp
memory/316-399-0x0000000005B70000-0x0000000005B9A000-memory.dmp
memory/5544-454-0x0000000006C70000-0x0000000007298000-memory.dmp
memory/5544-453-0x00000000064A0000-0x00000000064D6000-memory.dmp
memory/316-414-0x0000000005B70000-0x0000000005B93000-memory.dmp
memory/316-412-0x0000000005B70000-0x0000000005B93000-memory.dmp
memory/316-410-0x0000000005B70000-0x0000000005B93000-memory.dmp
memory/316-408-0x0000000005B70000-0x0000000005B93000-memory.dmp
memory/316-406-0x0000000005B70000-0x0000000005B93000-memory.dmp
memory/316-404-0x0000000005B70000-0x0000000005B93000-memory.dmp
memory/316-402-0x0000000005B70000-0x0000000005B93000-memory.dmp
memory/316-401-0x0000000005B70000-0x0000000005B93000-memory.dmp
memory/5676-400-0x0000000000910000-0x00000000009D2000-memory.dmp
memory/316-398-0x00000000050C0000-0x00000000050D2000-memory.dmp
memory/316-397-0x0000000005310000-0x0000000005660000-memory.dmp
memory/316-394-0x0000000004F90000-0x000000000501A000-memory.dmp
memory/316-393-0x0000000000840000-0x00000000008CC000-memory.dmp
memory/5568-396-0x00000000003D0000-0x00000000004AC000-memory.dmp
memory/5676-457-0x00000000056D0000-0x00000000056E6000-memory.dmp
memory/6580-460-0x0000000000400000-0x0000000000442000-memory.dmp
memory/6764-471-0x0000000000380000-0x0000000000A02000-memory.dmp
memory/7080-477-0x0000000000630000-0x000000000157C000-memory.dmp
memory/5544-487-0x00000000072A0000-0x0000000007306000-memory.dmp
memory/5544-486-0x0000000006BA0000-0x0000000006BC2000-memory.dmp
memory/6184-489-0x0000000000190000-0x00000000001EA000-memory.dmp
memory/5544-488-0x0000000007560000-0x00000000078B0000-memory.dmp
memory/6636-511-0x00000000005A0000-0x0000000000B3E000-memory.dmp
memory/7124-519-0x00000000007E0000-0x0000000000E34000-memory.dmp
memory/5844-520-0x00000000001B0000-0x000000000080A000-memory.dmp
memory/5484-530-0x0000000005EC0000-0x0000000005F10000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ChromeClose.exe
| MD5 | 7a3059b652dcbe5b578ec98a507dfb16 |
| SHA1 | 9f6938dac4e567fedbf5d6baa5488bf17cff7873 |
| SHA256 | 8eca6c037417729d3c44acffb290a49564ff244b82cf35f4415ec0615ede241c |
| SHA512 | ed66233263745d80a72179744fa9c1b252c3674821e15f456cdc3e8de1843ed249fefb9102761251686ed75ec4b620fdd35a0f918748d98b2368c1472b24c1d9 |
memory/7084-549-0x0000000000400000-0x000000000045A000-memory.dmp
memory/5540-548-0x0000000000400000-0x000000000045A000-memory.dmp
memory/5544-558-0x00000000074E0000-0x00000000074FC000-memory.dmp
memory/5544-569-0x0000000007C10000-0x0000000007C86000-memory.dmp
memory/204-590-0x0000000000640000-0x00000000006FA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_tyejcx40.fn1.ps1
| MD5 | c4ca4238a0b923820dcc509a6f75849b |
| SHA1 | 356a192b7913b04c54574d18c28d46e6395428ab |
| SHA256 | 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b |
| SHA512 | 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a |
memory/6404-591-0x00000000004F0000-0x0000000000590000-memory.dmp
memory/5544-625-0x000000006BFD0000-0x000000006C01B000-memory.dmp
memory/5932-631-0x00000000009C0000-0x0000000000A74000-memory.dmp
memory/5544-626-0x00000000089F0000-0x0000000008A0E000-memory.dmp
memory/5544-636-0x0000000008EA0000-0x0000000008F45000-memory.dmp
memory/5544-624-0x0000000008D70000-0x0000000008DA3000-memory.dmp
memory/5544-645-0x0000000009020000-0x00000000090B4000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\fe9a3910b655d38c2aafa3512aedcdba96fd352d896fc68d8ed345a49c93ec6b.exe.log
| MD5 | 0c2899d7c6746f42d5bbe088c777f94c |
| SHA1 | 622f66c5f7a3c91b28a9f43ce7c6cabadbf514f1 |
| SHA256 | 5b0b99740cadaeff7b9891136644b396941547e20cc7eea646560d0dad5a5458 |
| SHA512 | ab7a3409ed4b6ca00358330a3aa4ef6de7d81eb21a5e24bb629ef6a7c7c4e2a70ca3accfbc989ed6e495fdb8eb6203a26d6f2a37b2a5809af4276af375b49078 |
C:\ProgramData\remcos\logs.dat
| MD5 | 824a554c089e361f24515e4c63c8fc9e |
| SHA1 | e8a5e006d5afe617393d95ebaab791fa388e5b94 |
| SHA256 | 8c607d2eafc61b6029802d09d99d9580ae8d44227e6da4e57149a2b794d250c3 |
| SHA512 | 338cc8c813f0556f214dcc3b4230fa3a508eae824f3f6202ce283516c1c3257a5cbbc3b41bc6d9a490a9ff13863cb02bced5fa39f6288318057292deea615d06 |
C:\Windows\directx.sys
| MD5 | 2761d99dea096e65d4618c35a6d65a7c |
| SHA1 | ac9048f6d356f7240892cebc82ffbfbee0f8d43d |
| SHA256 | 83b47313d3f2a802a379d4ae23a2e64f99c5bb5b80c98968ea43cc9b90c2a786 |
| SHA512 | eb1e426f9e996aad021ba51cae470d2e40ac2a9aea1db349e3ea3902aa61eb58dfbedde8b830d69d3fc3a034f58968f6a4bcd527e1d80cd7f839371e76aab92d |
C:\Windows\directx.sys
| MD5 | d123c919732322fb99c8084d2be75b78 |
| SHA1 | 50727c831715f3f63c17d9822066a9bfc3aa4c4a |
| SHA256 | 8e0bf2150cbda42dbe8a9111cd2d70908253238a4023a439d5546a1384766a75 |
| SHA512 | f0b963cd148a83bee92b54b0511e3bbefa2ad4102611889d666ced6b782d8b7510975ce6b404fce9823aa0f87d999109e5edc758c64ec5d7838e02f1f847364f |
C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROBR~1.EXE
| MD5 | 39c8a4c2c3984b64b701b85cb724533b |
| SHA1 | c911f4c4070dfe9a35d9adcb7de6e6fb1482ce00 |
| SHA256 | 888a1dd0033e5d758a4e731e3e55357de866e80d03b1b194375f714e1fd4351d |
| SHA512 | f42ca2962fe60cff1a13dea8b81ff0647b317c785ee4f5159c38487c34d33aecba8478757047d31ab2ee893fbdcb91a21655353456ba6a018fc71b2278db4db2 |
C:\Windows\directx.sys
| MD5 | 244f8e4371e18bf01fd442434c772084 |
| SHA1 | 93137d245db7cafa334a3f3fcb081b6dd804d1d8 |
| SHA256 | ec8cd2fcbac726ad0e786087dd7743ad145c339a2d25dade113075b49e879e23 |
| SHA512 | 595ebc010c6d363fafbb69c750a1b6575caab94a9a9105fc166691da8310a4919f830228be46fc8a2e8ad86618f7d2185393e33e3968b4925622497cc4b31e77 |
C:\Windows\directx.sys
| MD5 | 4f90407dc7300e4b688268756d5e04de |
| SHA1 | 1e77100cbae74eb41b03fecdacb6f885371c74a2 |
| SHA256 | 6ca961a23e542d62fbe749ad1d09d7909fe3c9082801bb055c6478ee6edd3d35 |
| SHA512 | 2ef1b40bc6e5f65694ec1d35b78791fd9d4d2b48240404da7344d287045a08a7dc57f52da6b0f95204036221188e3e12d6b1951d728292de33b71fa86bb22979 |
C:\Windows\directx.sys
| MD5 | 552ae0f8f5afafeccefb8062e02d2a18 |
| SHA1 | ffc59fcb74be707af45ea02c14f581527b77e6e5 |
| SHA256 | 345170651e57b98b3996ab43733aeb0dd88b08a8855b1e38c004f39d82b8f08d |
| SHA512 | 8e00cc89ec2f8187a199d5d8d813f17390c6a6ec9ddc6ad8eb6e4d0fd1a7ad09f69a99f5817c15e0b1f3266d2529e649630b489606f917a6b5e2073d7567e659 |
C:\Windows\directx.sys
| MD5 | 1e3c719d91dc2e824b2502a9f1be8733 |
| SHA1 | 0c7c41d726c0093e98556132ef30c1406b286df8 |
| SHA256 | 24339db99616b795afc54761d9208d2fd688b321903dd85c7444f7c7fea78188 |
| SHA512 | 4d7c00d0372592a0923ebe7ead6a060f0336ed2235044e24c8da01b3b1e3f151a8b0cb7427db9941aafa66184ca48b96d293172b07c096796ac491e60bdd82e3 |
C:\Windows\directx.sys
| MD5 | 19dbcb295ae0530ce29d9462e062243e |
| SHA1 | b66eb6cf766f13ce118096c20214df6f14c88e15 |
| SHA256 | 132dc83a1917fa63332012f36f12224674b2947a05a29be100be876e27c49289 |
| SHA512 | 0bf2e7874b518685925248dfc592ae417f45a09c04d8dce5504ad0452c0afeadfbf6b680774acda6662c2dc175e3c291bc6003cd2f295eeccd1b391083d4f9bc |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\NDTNZVHN-Admin\Files\Opened.docx
| MD5 | bfbc1a403197ac8cfc95638c2da2cf0e |
| SHA1 | 634658f4dd9747e87fa540f5ba47e218acfc8af2 |
| SHA256 | 272ed278e82c84cf4f80f48ec7989e1fc35f2055d6d05b63c8a31880846597a6 |
| SHA512 | b8938526fcbf7152805aec130ca553e3ec949cb825430a5d0a25c90ec5eb0863857010484a4b31fdc4bb65a4c92ad7127c812b93114be4569a677f60debe43b1 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\NDTNZVHN-Admin\Files\Files.docx
| MD5 | 4a8fbd593a733fc669169d614021185b |
| SHA1 | 166e66575715d4c52bcb471c09bdbc5a9bb2f615 |
| SHA256 | 714cd32f8edacb3befbfc4b17db5b6eb05c2c8936e3bae14ea25a6050d88ae42 |
| SHA512 | 6b2ebbbc34cd821fd9b3d7711d9cdadd8736412227e191883e5df19068f8118b7c80248eb61cc0a2f785a4153871a6003d79de934254b2c74c33b284c507a33b |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\NDTNZVHN-Admin\Files\ConfirmCompare.xlsx
| MD5 | 3108b40c731000e718cc66526ac21182 |
| SHA1 | 139afeec58165a6046e6078a5c245094a55e395b |
| SHA256 | e423bfbcbb95315c02c38d462f0dac4be9ef29316f38fcd18b8099b3cfc2e76f |
| SHA512 | 6cb6702d6460fecd22e11b696134ea46e377e52dca03541045942256fba40749d147b983698dc3713eefc579f8b822a59c497205467aa1dd4f8f3058fd6998e7 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\NDTNZVHN-Admin\Files\Are.docx
| MD5 | a33e5b189842c5867f46566bdbf7a095 |
| SHA1 | e1c06359f6a76da90d19e8fd95e79c832edb3196 |
| SHA256 | 5abf8e3d1f78de7b09d7f6fb87f9e80e60caacf13ef3c1289665653dacd7c454 |
| SHA512 | f2ad3812ec9b915e9618539b0f103f2e9acaad25fbbacd84941c954ce070af231324e83a4621e951c1dbae8d40d50410954e40dd52bbd46e34c54b0d1957407b |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\NDTNZVHN-Admin\Files.zip
| MD5 | 98a833e15d18697e8e56cdafb0642647 |
| SHA1 | e5f94d969899646a3d4635f28a7cd9dd69705887 |
| SHA256 | ff006c86b5ec033fe3cafd759bf75be00e50c375c75157e99c0c5d39c96a2a6c |
| SHA512 | c6f9a09d9707b770dbc10d47c4d9b949f4ebf5f030b5ef8c511b635c32d418ad25d72eee5d7ed02a96aeb8bf2c85491ca1aa0e4336d242793c886ed1bcdd910b |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\NDTNZVHN-Admin\Files\These.docx
| MD5 | 87cbab2a743fb7e0625cc332c9aac537 |
| SHA1 | 50f858caa7f4ac3a93cf141a5d15b4edeb447ee7 |
| SHA256 | 57e3b0d22fa619da90237d8bcf8f922b142c9f6abf47efc5a1f5b208c4d3f023 |
| SHA512 | 6b678f0dd0030806effe6825fd52a6a30b951e0c3dcf91dfd7a713d387aa8b39ec24368e9623c463360acba5e929e268f75ce996526c5d4485894b8ac6b2e0fa |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\NDTNZVHN-Admin\Files\Recently.docx
| MD5 | 3b068f508d40eb8258ff0b0592ca1f9c |
| SHA1 | 59ac025c3256e9c6c86165082974fe791ff9833a |
| SHA256 | 07db44a8d6c3a512b15f1cb7262a2d7e4b63ced2130bc9228515431699191cc7 |
| SHA512 | e29624bc8fecb0e2a9d917642375bd97b42502e5f23812195a61a4920cae5b6ed540e74dfcf8432dcceb7de906ad0501cdd68056f9b0ec86a6bb0c1e336bfe32 |
C:\Windows\directx.sys
| MD5 | ef775e5c46702bf54c4f8e0dd951c69d |
| SHA1 | 31c308caa8485e032bdf05f1640ff1c78dbcdb54 |
| SHA256 | 875acb038529658893006922834b081bf12dc67b94f1074f889cfa2d29891afc |
| SHA512 | f256db6bd18f46fbd054efc92ba8ad7f06399e18612fa5e83dcef7490e5d02464d15d2cd0b0a58b0ae2cc744cd4d6d1b3411bd6186b8c795043dd8eba8474789 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\NDTNZVHN-Admin\Files.zip
| MD5 | e779c66a1499b17fd3f432b0b0cacfcf |
| SHA1 | 94e28d4b7e1404447be65fecd0d717fb2457d790 |
| SHA256 | 8466f719200eb6741fd273530ece320076fadfd5740ce237d44e026ab5d050b2 |
| SHA512 | 516c1fce89158196624db57419d946dae79c7f424ac485972479754377923da8f08731c47bfe7c074b9dcfb5ac100bc7b57a2ae3a643165ba0148d8359e484a7 |
C:\Windows\directx.sys
| MD5 | 7fd869e38790073eb0df5e69009fb5a7 |
| SHA1 | 4983d8f4dd6a1fe0152fd3250e918766d3f7d21b |
| SHA256 | 8abeed0b9763dc15c71e1f800e4b5dabab000308047aa0c31583e714ae96e341 |
| SHA512 | 767df8b958733cc703777a32518b4e94849a1d901869fb77ff699e404bbbca1ae815381c101107da51b36df5c74adb774da39182e839f87086406a41a0c4007c |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\NDTNZVHN-Admin\Files\WatchSkip.docm
| MD5 | e24874dfc6ead9077557c4b860974834 |
| SHA1 | fcca1ef268f4dcd8fc1b0987239d255cc3ba9eae |
| SHA256 | b82906fc717d77cf2c764c606b7ec69e3eb203c13652fcbd75567d5149a408d1 |
| SHA512 | df3e74b7af30e976fcde23402d7cb9cf93dffd360a3a00ad978a6f0c9c5923044d600f7f88bf5bfac4b8250abf8d4d3353619d02300fce98dc129261803db421 |
C:\Windows\directx.sys
| MD5 | 9d4a98ed223d0ce4a5c232099d3fe63c |
| SHA1 | 291d922c8bc7e4a24da3e571d0ccebf46b5bd4aa |
| SHA256 | c2468d529f0b6981a0f0fd0a307aecc06f2fb902993b8b58c4fae511c64ab8f4 |
| SHA512 | add5ac1413aca52111a64dc8dd6c27ba8ea05503a90adc57c4b1eab15262ebd5de20f87a981c34fe5e6c0327f0f8ff12fdb14d4633ae85e28bbfcaa70daec1be |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\NDTNZVHN-Admin\Files\SearchUnblock.docm
| MD5 | 72116e0e48bcce3c7b71a8003e8576db |
| SHA1 | c8cfdf8da1e3a0801e5c6922782926e862bb539e |
| SHA256 | 05f4f256e87d23d57e3acd044ae189fe9bb7b063596e79888bce3330c428e3e6 |
| SHA512 | 8ab4969f8e633b66f64a1d82824f248cb640d5ac662a988e1c4cd3930731df3399ad0468239f5f2c59e75ee5d1bba74f64555d012bb484bfb7f4368d982e840b |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\NDTNZVHN-Admin\Files\SaveDisable.pdf
| MD5 | cfa9be9a2c7b0d5aa85b55886769c08e |
| SHA1 | 96e73fc3aa058562e19ce03709ef2a1ba4a5ad01 |
| SHA256 | ff1f096a06ec85bb61fc748467a8b8fc85459b247c03f08a4758c693f4b43404 |
| SHA512 | 85f29d732642059ed6b9505d97bbba72bade792d0120a586aada62fb6d00b12d0d2c17f995a12adb08ea09feb533a606a0ad427a89736e41a4996e7f30588489 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\NDTNZVHN-Admin\Files\ResizeConfirm.doc
| MD5 | a758a662a59d20ce745cc69cdd3c0548 |
| SHA1 | 7389020e58186614d4f941c4115b7603a433259a |
| SHA256 | 8b2c50e4d34cf9ebc8b891ddb4d4e6bc9265c96a3fb0df2fee0369368a4df629 |
| SHA512 | 5d79e6964213097ae5f7b9fc8980546585d516c685556f154c0277321d1ea81f88aaf86732b24fa2d2bf546dfc46a629e72b70b3bad09615f9819d102ba9b951 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\NDTNZVHN-Admin\Files\ProtectUpdate.txt
| MD5 | 182c3902159f6f6df21e029ddb4ee90c |
| SHA1 | 98555fe366a0edd58aa38204d9f68b8971f201b8 |
| SHA256 | 9704a1da9128f298a836f7c25f914a5ae6d3d19e6a9c8c796fccc8d855ce3717 |
| SHA512 | f7c7449a7e1c0ebacc2fa4abb006e2152460c5c7ccfbccd44b278cba3a470452d0247ca802b1f79f2c8e87c9a5ce01bab50a53c92db53655bfcfc3231423c3d5 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\NDTNZVHN-Admin\Files\PingStop.docm
| MD5 | 01fce05db1cc09a2a627ea814a790f30 |
| SHA1 | 1e3f5cbfc49f4304ebdc7ae39b8d7582f6ca5c99 |
| SHA256 | f8f86fcb645c312d40223c52c5ccd85a75b66fc7736fe3a015abf3d33918c849 |
| SHA512 | 91535c14f9b4d6d06aa49c3b43a6cf8d4457531545de3db92e8944fddc7b8d195cce7f797b222799899264d78c6f1c28ac13897bc1d90ae6cd5f96b9ae208605 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\NDTNZVHN-Admin\Files\PingRegister.pdf
| MD5 | 02069a0f64e2ee98dde5c9e382d97373 |
| SHA1 | d151e45f4bb784be0cdb6242d2fabe1eb4b39e50 |
| SHA256 | a6c6e407f2b31d2a06152be78b57180fe59ff9cbf2d2aacc446245a99f94665b |
| SHA512 | 090158b01fac2d7b816726f80984ff0e241a9687ce8037561594462ab6f5820e4f38cf9adab6638a5780fad970d739563817b080a146d2b51c846b9124dd0f1c |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\NDTNZVHN-Admin\Files\MoveSkip.pdf
| MD5 | 9581d7fd0e567f3acda09dec5d952906 |
| SHA1 | 0148cb9e4cab43cd0c01b41cd88f83f754b755e6 |
| SHA256 | d116f192cecc129ae92aa066098b8f22f168aa3c3c85849b3c50b9f46fc990b8 |
| SHA512 | b830ee1263823298492b9608a9e08d496e98eaf21bf2be3635f85ff268d633184cdd33db8870aac80cb85457073adad899160e8524d25b6684eed01bfd5c58ec |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\NDTNZVHN-Admin\Files\EnterUndo.pdf
| MD5 | a45ee7d26800252e30a8a4d0ddcc977e |
| SHA1 | 2b45fee542088dea7bbaec03189d852ac00c6d85 |
| SHA256 | f63ac3353c5b11e7efbfa141749c4a201f3bd1529c583ac6dae8be1fae8e9110 |
| SHA512 | 0804798730759a872d5594395cfd637cd336938dad04183f0cdfe7de74a914f12a61b8cef1d20c1b0d3a44c57cd14e772afbe227b22a280baa03b8bd9c75624d |
C:\Windows\directx.sys
| MD5 | a4bffddadc3ff2427bf4b5272f02c4f0 |
| SHA1 | 2cc07955e418e39173b03f5fc85963d7dfe730dc |
| SHA256 | 23b8844f3c10b1d03057d297b757c9e33b79d4cc367cc07309ffafa071761228 |
| SHA512 | 0cb2dc7369ee55a386a06e279c95683e9ce686ad4805d7f8fdb2fce87ebeb1c02d39816d4db38caa0aa495a5c451f6dcfb195ae041cce3b7c293daead8957ae7 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
| MD5 | c9bf9ccc9c7a8e2fdb75d0761044a989 |
| SHA1 | 4f60735536f989942e5504a51ddaded016253049 |
| SHA256 | 4875dd83d506ed9b4d8b9f9c3e6851aee813b8f4d5f15f1d233a46dda56b79bf |
| SHA512 | ac192814591def6f5ec9c2affd51532d6c2e6ddb9db5a55fc93039e2449e5ea78e21e31e5cf55adfbc8d6684370dd2ff555151b914faa33be615fbd1328a184a |
C:\Windows\directx.sys
| MD5 | 6f1955b09a906cae3dd5f63d0b1b0140 |
| SHA1 | 128be2adeaaa5c38b85dcb211940b0320489056b |
| SHA256 | 7e11952b798f9e9e01633b2d28a2839953f3fc01ce330638987c35c2552a6d71 |
| SHA512 | e082616a9a9239a9529a97575f3ac8ffa7abe6975ca186020bf7b2f2998c2653fd387fd1397c667366ad6cf89423948d0da88fa4c7dfa712230e2efc523de222 |
C:\Windows\directx.sys
| MD5 | 918bc6e2bf7d73e36efb7123561b4548 |
| SHA1 | 47b297d07752f80bfdfe6beef019e9977f828285 |
| SHA256 | 726bd3aa5bf3716ecc31be6a2c885acb2c7876d29de932aa9d5bcceea591edc8 |
| SHA512 | b036dc499841410f6f0caa3da519df48b3f79dcedc68429dc0c2e3d1bc3f77d37abc45132116735fb3611c8d80d166e5dd232cc33d92f7f63dd77bfda86bb4c7 |
C:\Windows\directx.sys
| MD5 | 393fa9b1b9541c9de50a7a42fad72cbc |
| SHA1 | 8ee464f1670a7bd3df86d7b594c4c3e2255d842a |
| SHA256 | f3c894d41c5f928851c8670ae082bf1cf0867fae9fffbb853e3cebc7d7a9b8e5 |
| SHA512 | 42d89fc710cfaf13260ce0c30da4f796a6bb1abd9224164112462df55430cb4b2bd4a4c683573eacb24b18d19f4c51610b8f7c244b688db371c73bd85b25887e |
C:\Windows\directx.sys
| MD5 | 7824759fafc0947d9393d5b3a8520450 |
| SHA1 | a719b22d473450526a353db44b43df8ed063957d |
| SHA256 | 59c4946aa8b000a19e72b5b26630a8ae52cc55f67a32aa674e7b34ecb57799d1 |
| SHA512 | 28d337a2651085985af30511e0803f0e3ede9d350058af396931d4733dbf7db17cba7c86be7c2104779d52449f30d6ebc952401b3ee81f124162e7d706622ce4 |
C:\Windows\directx.sys
| MD5 | 125142bfe820f417edf851b41dd429fb |
| SHA1 | 830bca34e614ab7fbeecf6e061fb355f2c3694d3 |
| SHA256 | c131dd223e74d3f3752e706f80fd936ba4f8c23efb3cc6ccdbd2c81b253e238d |
| SHA512 | 32f59620b04c473c8ac6ae00d064ab3e19218f5f4c291062b11b1bbfaa3dc615600b2a3bcaef415f74a7baddb0790b7fd24b9bad91ee8db18e201c9d8e38e9d3 |
C:\Windows\directx.sys
| MD5 | 9825c1d7595f6825473b67b22479c0a7 |
| SHA1 | ca63b9ca6605a48e8baab503119319f53e5d3c98 |
| SHA256 | e42e2f8ec8f9124d6695a1cec39a21c4f9de606d173c4370ac848e95747c12bf |
| SHA512 | d41755dc79fdd7b3f1b0f80818c545e31a0cbccdd879ac279bd7a18d5297b6a56275fda7b4e24828a159b582d946e8514e5c6d13c7aec76c57afaac85124f0dc |
C:\ProgramData\remcos\logs.dat
| MD5 | 6e54d57c108a062c2eda5b65e98d452e |
| SHA1 | 4d2b137d86ccdbdfadd7ebcd210801559610f874 |
| SHA256 | 9195e6f7fe0fcb635d8db7bd26ebb33a1303e57ab4a73aa918330d06bdd9cb66 |
| SHA512 | ae6ea2c1913986ed1e502b4a99e1db797512af1857aa1da74012ce4efdb65cd57ea89b10df90523991745a34e69bb5494690f31c387658d46942b3735fa58ba1 |
C:\Users\Admin\AppData\Local\Temp\b40d11255d\saves.exe
| MD5 | 1becedbe14ef560b3afe4ba28a2fa557 |
| SHA1 | 3b67f1f9b74cc8084f8a90b1846e596b4cd68983 |
| SHA256 | 27ae9b2f97163a11842883ae13e0190ea5217a242c559b08b9c1d94de6a86873 |
| SHA512 | 1558aeae9b76153d93af3dae96da3988a3dde2d460df1a5359d6c2702c4c5c03b40ef9356dd35bc0c8a037d5d624b4ac460302180e60c2e97a7735ad63929f3f |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\NDTNZVHN-Admin\LogfirepinkemCdnQPoaISMopKeGDfuPfQgaloisian
| MD5 | 02d2c46697e3714e49f46b680b9a6b83 |
| SHA1 | 84f98b56d49f01e9b6b76a4e21accf64fd319140 |
| SHA256 | 522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9 |
| SHA512 | 60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\NDTNZVHN-Admin\WebData
| MD5 | 55d8864e58f075cbe2dbd43a1b2908a9 |
| SHA1 | 0d7129d95fa2ddb7fde828b22441dc53dffc5594 |
| SHA256 | e4e07f45a83a87aff5e7f99528464abaad495499e9e2e3e0fcd5897819f88581 |
| SHA512 | 89ce123d2685448826f76dce25292b2d2d525efd8b78fd9235d1e357ad7ae2d4b3461ef903e2994cd2b8e28f56b0cc50137dd90accdd3f281472e488f6c7cf2e |
C:\Windows\directx.sys
| MD5 | 17b87334cb68caa3bedb9e1d4606bb28 |
| SHA1 | cade974bce729bf42cff41eeb4791508981ce0fc |
| SHA256 | b72e09c483e81b1c7aad062c27d33142caab8a9c7aa69f3396e2694c54916d3f |
| SHA512 | cf13a9559e84419ea1a494cdf3a2bcdfae79f1c8ff51fe51a1a689d7599f7b827825f0143f40d6b1ff39820b5bd6836c0f983a339d6473cea700513d4018036d |
C:\Windows\directx.sys
| MD5 | b853229a8829345fd8c02f2b299af767 |
| SHA1 | dcbde31220a3bf271782c9189f350a667f333b53 |
| SHA256 | f0f004ebb88a705c20ca22bb69696edfb3f9b7e641538779176a4603612bef95 |
| SHA512 | 2d35ef207d84cb5ce8052799125b428d452f7b5579799fabf94d4e1dfc7f4ef71f5658b8668fcd5a20b7e9c1094ca27b0245f8a17cd5fa785bdff9ae51525974 |
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3699363923-1875576828-3287151903-1000\0f5007522459c86e95ffcc62f32308f1_98f325b1-1085-43b7-8e27-43d9cdb6ea3f
| MD5 | d898504a722bff1524134c6ab6a5eaa5 |
| SHA1 | e0fdc90c2ca2a0219c99d2758e68c18875a3e11e |
| SHA256 | 878f32f76b159494f5a39f9321616c6068cdb82e88df89bcc739bbc1ea78e1f9 |
| SHA512 | 26a4398bffb0c0aef9a6ec53cd3367a2d0abf2f70097f711bbbf1e9e32fd9f1a72121691bb6a39eeb55d596edd527934e541b4defb3b1426b1d1a6429804dc61 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\VLCTL50VJHA3T5GL9DDB.temp
| MD5 | 329f110f82c1f07835ed759cb269f0c0 |
| SHA1 | 8ef25cc8b82c4cd9965540e99356f8a75f7a2aac |
| SHA256 | 7d1de6b1a826ca831eaf07ad8dbd58cb98714ab01494fb53c60b6f8280a4af33 |
| SHA512 | 5bdcb31953dd7f5f844cb8e357537a867eb11867e180c18232af365917e1dbbcedaadd873b721e7e5abcfc1c9254788f323da7acaa33e718fb46bfb837a4d6ac |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
| MD5 | 7e90fc808c92ae4b0c1021c6d144e7c6 |
| SHA1 | b01f2852b34c765548e8c6311d018d349333c0b7 |
| SHA256 | 2c83c9a573e02d942d8fe60a92bff1c945e64e872c7dab7167228a631e10553a |
| SHA512 | 565a35bb0a01e3a32d7cacf06acaf33a09f42bd8f8bb8bba64dabbbe7ec26590613f7344b4a570ea4a1d98bc7884a56da0f606a354179e595ce231b1c70078ee |
C:\ProgramData\remcos\logs.dat
| MD5 | 816a91aa82849ece5e8ddb144a7ad7f8 |
| SHA1 | 8799d6d71a648b2536996de9010fcc40fd43cb24 |
| SHA256 | 3729cfd53f53a9a4cecb06154f3f2f1e0b26d9b61e4b585ef32222f3bce53b75 |
| SHA512 | 5ec8971f611680731de54666e14607e6d111d6e7b607fc60b818b2b0ff1ab0450d29b08744d86e6d61dd6503d6400114499e89b5be119b882d7cbb787d857b7b |
C:\Users\Admin\Documents\images.exe
| MD5 | 694164fe134ff6ceb763adae6a0c7947 |
| SHA1 | 457595b4d760e4008b7af5bb43bb6fd9a82f74b6 |
| SHA256 | 3fc32a17e44244ca407e4f217e71f433abc587fbec3185a56a9893bc28d9a22e |
| SHA512 | ef9f684cae9c447b9d791ee28fc035ec9f750d4ab0931ce46e9144f1191374eb9aec8384b28ddd5d15338a79e97ec5f550dd54163bf1bc97745b3ee7a21fd4c5 |
C:\Users\Admin\AppData\Local\Temp\644d7a13-a751-47bf-95ab-df70ab1974f6.vbs
| MD5 | 0b3b510b9869bf341f1c8146fab396b6 |
| SHA1 | f547a58bbacfa261db253652b957bfb74ad80829 |
| SHA256 | 00aaac1c2f7c5b8ea0150977db52103363ceb3016dada373a76156f7e5949ba5 |
| SHA512 | 0315ab3bccf0405a922b571f12b347ecb0b36cb28a11183194a9c2c16f91f046ef5de8d5834ec201c84719f0f1ad0b42070db98784f6d5151af29338171b78b1 |
C:\Windows\directx.sys
| MD5 | 9a26412e06a3d310d238103f9634f1d0 |
| SHA1 | 5ab75748bab45bec7f3a92037a9db65fabddd8bc |
| SHA256 | 930557763f8fef442488cb55e7ec921c8d02f668d31c24c51affeb365012e855 |
| SHA512 | c5d786b2f441017821ab209178b9fa36693450b1ebd11227872662b2c49195d285b5f6fcf2475c7ef9b29f6609a136636e2b9d4db83271e53f5ed2bb208eedd4 |
C:\Windows\directx.sys
| MD5 | a4462b7ba1c302848d37ff761d7c9545 |
| SHA1 | 862f63a62fb68ae71a4c5fb29338909ad0dc0b6c |
| SHA256 | 2aeed86d8a67863cdbcf28d9de832db353c8c4890e5d41334a18558af9321bab |
| SHA512 | 59f2977ada10dc86de74456c37c6165070f04db07f75fb4ab90cc3f6fb515a4ac0dca7c45ebe134b36c275df2b38815129f027571fec5017846387ba7d37540b |
C:\Windows\directx.sys
| MD5 | 7a620abf5ec21caef350da9a75f8fba6 |
| SHA1 | 2a3a0c49ec1e23101721c544e6ea2197306aa3d9 |
| SHA256 | 6c9635db2e12cd0565795d49acdbe74eb0e0f62ef69dc543842dfb1b9684fef3 |
| SHA512 | bb057906ed32d826a25eb69b25f6265e422f7903f4de6ea9facf746069bc2e7b7153e7c0bc50e21708ed07e20dbdb128b24e52df75b6cad387a11649f23a9348 |
C:\Windows\directx.sys
| MD5 | 729c6108ff3637415c46430e27db8086 |
| SHA1 | 395424e637ae69676b1fbb8412c9a05031d25ad2 |
| SHA256 | 23e0ca41e3c4a13d9a155de232b734d0c4fba538cdb574d1e98f4fb97f46687f |
| SHA512 | 068f129e80e8dfec86fdd27d39e7ef65b7e6a30d21ba63dae56c72d1bac1b0cc5649f570535a74b742aa203d3ff02ff441aec309357295030ed234673f98a887 |
C:\Windows\directx.sys
| MD5 | 78a228cb02b9e8959fcabaf178c9274c |
| SHA1 | 73231cd5d12d4c4bfebc06df7606feaaee2775dd |
| SHA256 | 8dba03427dcb72d9011dc81f46a1d3bee318dbee751ed27ca4af67df3d6a4018 |
| SHA512 | 543a0f609b6f3a453108d0064b5935fc397f096dc37ad2a8770e884f684ea4626adb914d12fbefcd0f029f3c447e8fc481c4e47a375e639080eea89e4bd608ec |
C:\Windows\directx.sys
| MD5 | 76d89e8691e51779c5cfbb7f1d897900 |
| SHA1 | eaf0accb87b19687d04ba8dad2e4819badc358bd |
| SHA256 | 783b2ed403cbded2751bc78150c9c2e2b74d8120c04d6b82a3e37bc9e29b8987 |
| SHA512 | c5c435d9446c16ed5b380dcd10389c8bf9e207acedd7c0e38da0f3d9124bb4bf3320d63040007a45492b98c0dc1f58f93345d55188127f1ce88646ea5ddda47c |
C:\Windows\directx.sys
| MD5 | 4e788a1e2022b9d6c62db5cd0cf53db0 |
| SHA1 | 3f615b3cdbc6db3a7100e021d401e8c560ed03ed |
| SHA256 | c01164e3231e285e58d1ca607c2512eed3e7fb92192d77488fb17a3e8dfc7c10 |
| SHA512 | a0aef01eaf4e0a22deb497d0101c1bc8059a51bb30c9b3746f53e321ed8a376e752bce4d5b67d064ceb49f6ee09254298336897406600dbf8ff12a2e2dcb72db |
C:\Windows\directx.sys
| MD5 | bac7cf28b9eaaebd8ca49df2c66c67a8 |
| SHA1 | d97927e92b157f86751bc870e0f70138c72e8c31 |
| SHA256 | fcec28db7d8bbfc9c89ef83992997a7321d2a1d5dbae689c4550e187c7d02f7d |
| SHA512 | a6c1182c9a6c9cc0fe949de707413eb0b95e2d78c231abd68c8739c3624be2a4b72b8de616e44be6e5aeb862e989e7ed1e9d8058df42c63569f01e5fd531465a |
C:\Windows\directx.sys
| MD5 | 992caecaca0b0c8c4766237828e40837 |
| SHA1 | a76831f09fb7c66be69ddbb979dd4b7d26139637 |
| SHA256 | 9003675a35d1da6edf4949615496ee0fcdc367b4446c6ec2a9e4d05578557bc9 |
| SHA512 | f32024330bf6647b31950e1925281cc33c4d1b831b0deb4639badc983365c977da32d42322582d1971f3addf693546f523a0cb6550b15bb10c003d7c47c0a254 |
C:\Windows\directx.sys
| MD5 | 8512615d3bab4a861728b6b59836e7aa |
| SHA1 | 4ae66243559ed37921d84e28a41ed0a9b15d8f4f |
| SHA256 | 3c3146cfaf24111ef940dddea9d4da181ff60cb07df0247614624ba7d3474032 |
| SHA512 | 8b9dc022f08029656f38381ec6c52bc3912340e16243f455566a2595a2d077a77d6e50b27ea2eb7aa5a7ff655f192fc3910243a64b836030dcf057eabe48bf83 |
C:\Windows\directx.sys
| MD5 | a443ddf134f4f0577618f90c863eb7bf |
| SHA1 | 10e76a36ed13decf9e1a946073e57e685b1cb392 |
| SHA256 | 1fb57df080281b91a6ddd0524a362c8e1548e7b8f6021d044fb67dc80913d468 |
| SHA512 | 29caa1d48f253eb633be2c4cd557c48883348018dc157d00d7fcbfd2494b7a3508ddba854ec12641d9854ec6c8e6764626fb54bed79f49c1877d9fbad9a2ee08 |
C:\Windows\directx.sys
| MD5 | afe7afd8fc7f3f0bcaaa9d3781b4c642 |
| SHA1 | 503b7b70d4722e068e5ed77196e4169bbbcad50c |
| SHA256 | 115868ebf9e9f392d1a74f558e2368e89025ba7483a9604bbfa0a113d9a6b5aa |
| SHA512 | 3bae76c5384af67f01f27afeb8a4e06acd0ab795e323b6dbf01470c3154097dabf0365c8d613668453826040b0859da72664c2e05f94dcd93aae43651199b1bf |
C:\Windows\directx.sys
| MD5 | 7b71aefce9fed9fc0d2e3bab06fce6dd |
| SHA1 | 3c712a73fb841747fa878cb88bdb33c7af758ea9 |
| SHA256 | e219454eceb13aaa8d5ef7fed881051d025d22e2ef8b25b572280f48ae4ad04b |
| SHA512 | 44f3b8b0b06c97d5d541a1261ea7b7902eb81090cfcce049a78b27e28c692759cec7ca05db2f13936b0bf88b43677afa4280915c4af4329eb92d0e2df1ad75df |
C:\Windows\directx.sys
| MD5 | 18059cf86fbeb924eb6c4722bf2f983a |
| SHA1 | f02d85367d4d3220571b5e56f144fc884c8b78d1 |
| SHA256 | 08bc863c91ae1e0bd87157690a9e22a61620905b433467f23293dd6a99732edb |
| SHA512 | a2618b6e3c89d8efd37c5825ba57dccd6bc761f7104d216f9a96c4dae4c78b354ef9368564957ed2729815be8b9645abab07760313269640f6fda92e3e55a969 |
C:\Windows\directx.sys
| MD5 | 9fa5d57afcc409e0a78d55919dab0708 |
| SHA1 | 653b6e2230d5d84562339f4871dae6365ada9ab2 |
| SHA256 | eb9d9ae7e483e8a3edd4d7a43dad1ba4ece1336c47ec5671eac16c8abc900837 |
| SHA512 | 5032e63535d474b2b8dbf768a58e8bb175e9f1fe47357298d37c3019ef0263eaf6f2fa7557e51742095b311175ab9dee7669d3836305f83e01a7a300a4bd678d |
C:\Windows\directx.sys
| MD5 | 0bdb52ecebffb0d389f82bb4a03a0564 |
| SHA1 | c5ef9efaeb128e7cb417bcd24f810d6929f4fcbc |
| SHA256 | 3d6d7fe916aa3747e504e917728a388a1181241976373ed13546a686b5fc1a7f |
| SHA512 | cef72b6d32479d44d661b4fa97bcee5a3aa2ccc2b0e7a47b21838d8537bae31bed3074e27f5c325e5f43b903c682c8b6822e395743d54f3cffb34d16f62dc3f9 |
C:\Windows\directx.sys
| MD5 | e853ca6bda11a8affe67c071f5b69fb8 |
| SHA1 | 8c1bff43777e527c9799f77fe12ee9fbdb5d3a98 |
| SHA256 | f278256e5402c06dd12308211751351a242f7f8d69cbe4b2ea9dc4b6bbf32eb4 |
| SHA512 | bb5047ac2c527da41653e3a3212da01ed3cac65b42cd3b775fc7323a135c6774522cb7e2a5c76b7f13e87c89a4914f6652a9eb95ad06b3e6a31e53c1867e3256 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
| MD5 | 39da831f81dcbdb2db8b1b621a0da5f8 |
| SHA1 | 54bd886895eab3e1b17137ffc87b75c496250e12 |
| SHA256 | 221686b498b6aae42ea9f1fd05a1c8d791d9392f4efeb3a8857fddcbccc2c582 |
| SHA512 | 188cad066823468ea8a940b9b0aafe8970d66a1c7778f027d1d2c2b5393eb1aec8e188c02f11c92ede3b70225218fe5c308a99bc1cc53bcc1f91dbeb8c3644bc |
C:\Windows\directx.sys
| MD5 | a84db7e6778627ab8dc2786464c655d2 |
| SHA1 | 0394808a02773c1a0a7246359f6105b1d89a7c28 |
| SHA256 | 60511ff98b996330fa391799e3fa0e9c5ba88f23a18554db557b945337b3d07d |
| SHA512 | 8e63cd52c4af092455fb9e57a12c2e82da9bb903ecbc2c38553ecd290cb8c82a30e90b3c54d95f663b54145736acd654337ff06574cb2f31e1055b060125c05f |
C:\Users\Admin\Desktop\fol\2023-0~1\D1E98D~1.EXE
| MD5 | 733c1f4d4d369abba739caf23bbb0b81 |
| SHA1 | 06caf773c278ec16792bfcb3261cfdb08a2e13d4 |
| SHA256 | d1e98d098f45c722026716f6b574a056d535813805d00a8cc2f1943efc271fa9 |
| SHA512 | d1583b0e45df2e24731c998d5646999cbe726730fd2a9a6a4747385eb42ea2ca341b9b80fcf6ea9cb65555e182dc9dbc0152c1bfb7db4860d2b2ff40f4737f32 |
C:\Windows\directx.sys
| MD5 | 0cc023266437674e8f5a3e6c8c05c459 |
| SHA1 | 74681ea482d871a1e8c2255f609a2ca6f7980845 |
| SHA256 | 843140cf4544ca9992aa96a4e8b80219b73ff0327680e519f73e6459800f5bea |
| SHA512 | 3580fd2b976a4268125f6fc46e7334211e365d40769403f95adfc2531effb31a48b4f23a4be911186422717cd92533f5f7f58ec923ee40b017205af87b97d287 |
C:\Windows\directx.sys
| MD5 | 2bd9e9380f9f696297fe2452495a5b48 |
| SHA1 | 6e9888cb605ab7a06ff6fcb6764a4550eb5cb81b |
| SHA256 | 0c7132b487f695f0602ddbbf37246c470b07e384a815a9d6938ad7b7389fb7e7 |
| SHA512 | f15ede6b75976a3cf7651db4c5349a52ae4af01a2503f3f9eef7deb497e4d831445645f81602721350266b22f637335501f75b3a8dea0c8249d8aa8f66bdc4e7 |
C:\Windows\directx.sys
| MD5 | 9c41d543cda45b59a9e38cad2dfb853a |
| SHA1 | cd00dd7f24d6296f3b00c4f53421f1bc635d76e5 |
| SHA256 | 34d10f203a43c71dc48aaf4159729354bea12706d005b8dcf3cc6f04fe99ce7d |
| SHA512 | c9a6b8facbd105c5a0ebafa5bba01ec5d43afc85fbbf7924216f3e5f0a072fdd9f98ca54418a285fb6a36d75d478c9b5aa6227a099ffc1da32c3654977fe47a0 |
C:\Windows\directx.sys
| MD5 | 911608c7722003436213a231d321dd54 |
| SHA1 | dececfd047dbb11265671c792e503277eb496040 |
| SHA256 | 7025a980f545bb954854500d8af0a23b68a09e709fd134faff0fa04595efba07 |
| SHA512 | 116da54b8b16272b38833f01e376680d9010fb10ddb98823e41c0278f753cf5f1e66db36707dedef951fca39fceae85d9e29c0a1f365c75a70bbba409dc41701 |
C:\Windows\directx.sys
| MD5 | 7e7939cdb0eefbd13bdb37ed2eb4e693 |
| SHA1 | bfa6ce5ed61c779ad8b8216b97c2e126d6812551 |
| SHA256 | 3fd5031c199de04b0490df63cc7aefe52966857317b3d1a1a923ed25be615069 |
| SHA512 | f4ea49d12edf7bd10f5a199a049f321bcdd308d5bb85ec9823c6bcb73a6d9b0033045b257c8e088b36c217629f5db6af5331dfb86f334b8ade83b843e18ff3ac |
C:\Windows\directx.sys
| MD5 | 877e8a54bcbf429ddd5cd5d0553f64da |
| SHA1 | 863523096f5ec7f83955035120c3e80548795650 |
| SHA256 | 289212f76f9ddf277a1aaae53314999578adbe60448366a4701a99df0eb99ed7 |
| SHA512 | 87b5e85183ed08cc1b52a58e23663565febf6a8f3531b702ee3f22dea410faebdda49712b52f4641bf6734c8391f44b3751a562d24c7d2975f5420d61cedd093 |
C:\Windows\directx.sys
| MD5 | 457ebd92e951e0c065240998223e8c0e |
| SHA1 | 76707b382fbb97daed80cf8516ae38fcdaef11b4 |
| SHA256 | cd48ad63d2b5886bc4210312db03bc0a6d0e5c09c9fe675b9edf28dce783cc3e |
| SHA512 | 4193ef51a8037ffafba127215b8e293aab488c1f7fc16ffe9d876c6d7df31c196531dfd97b96fa30792ed1dbb0f09e61d1eeede68420966c4ce8bfb3c6f57da9 |
C:\Windows\directx.sys
| MD5 | e216c6a3075413026f51ef42c02f8c98 |
| SHA1 | 07e84ce66179d36d61ab1f8f6af65f2da8c72d9c |
| SHA256 | 9b4483e18c3020de762538aefffb2dcd39d6e5bd7125541f839a2f07766a9ae8 |
| SHA512 | 372aa0dc96afddce6c91958353e61cc5027a55d2b7e62db492ccacca1ec26e60f8ca25923a174cc53704a63b179ad917991e1b9ddefdcc188df3dce8248c7370 |
C:\Windows\directx.sys
| MD5 | e5e8ada90c1351378ec3d87cc2c8c068 |
| SHA1 | abe0ac0b45f453cf2a904ff2485ad48b32e04ce7 |
| SHA256 | 5efc73123daa649f54b9707be885533f2e88f44cbec3f4ee95fc0cb36c55b09f |
| SHA512 | dece975672177bffa929cf9d1fdba4f5f9ce5ffcfa8db664265b2294bc4c2cc4f7860e13e60262976172f48cfe13a88472e704b775a83376f499b9831972654f |
C:\ProgramData\remcos\logs.dat
| MD5 | d1497ed17f896d2757cfbba2c0c4d77c |
| SHA1 | 4b602a178af12c925cbd1fb1594a8353ca3dcc60 |
| SHA256 | a94be21f188c39bead737d43ed92065d8a86935fb5ec4388526812f4fe3016e5 |
| SHA512 | 349d14e332915b151b473989c55c9303de5a3f861112e484915db1ab3713dd8c4f9491f905eddb5c6e51bac59605694ec5e31427b647e8e4b535e594da3ea5a8 |
C:\Windows\directx.sys
| MD5 | b1930d852d81b838f338be7cc443cef7 |
| SHA1 | 0dd3b7490e96adf1fff8938c15329e318884b44c |
| SHA256 | 05a4dc21a94cda916ba08474f8a87169de718c6c6b7da68fdc079e1c2a5c61cf |
| SHA512 | 3564df0420fee41d8130435e608fa5a9045df66467166cd0df6854576b35da1899fc33c2e20a5c0345036b199bd92a47315547b96e9a3bc738fa47fe3fbbc86f |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
| MD5 | bf21120329105f180ce0b941286a7ea8 |
| SHA1 | c6e8343cba82d01a40a56a9514edf51f80267942 |
| SHA256 | e5df1241f7c6d71ce63b28dd59e029969659d2376399e450532867e5948cf28e |
| SHA512 | a515e4e4228527e4d33ce69a1ddeebc2ea69c8b4dd4516f2fcbb15ec50cf8bb116543e0da15bb9f405366d8ff6a2a24357ba3cdd1988f6e60f20f232b8327a9c |
C:\Users\Admin\AppData\Roaming\RDYHjw.exe
| MD5 | 9e72d74d36027dc748aad84c04b910d2 |
| SHA1 | 907dd71471ee0d5db7b9bc359146365f9e3fede4 |
| SHA256 | cc2556dc4dd2e1f164c1919338bd557f16b157a1ec0cce9d27f16698f64c6ec0 |
| SHA512 | 553788f918baeed47c179a18325b66dc922e257abac7b20567cf82282c19ecdc884ba2471110c114145d6f0eba98831143b8a5f7df6ca1e4802e49133508cea4 |
C:\Windows\directx.sys
| MD5 | c4f154e1e6a90e39add5fec4ad31cd84 |
| SHA1 | 46012b66cb7b3176ab07c798ed66c95d49429525 |
| SHA256 | da9c5d034244c60aeabae97dce383e857d7bdc6a8b7083cfe8bd29ad9dc4c628 |
| SHA512 | 7656cb6484fcd291182665c8d7a8761c74a076e3e2b6960ee1c0c451f61901ed31aabe2686d9d58c2ce5f9cd8e4ded897bb153797bbb9c180eb8f6cc6c83c925 |
C:\Windows\directx.sys
| MD5 | 91247ea83dff7811affc12629af489b5 |
| SHA1 | dfd8659ddf8271fa503352b83e0427209c365e43 |
| SHA256 | aca7906f275fcfc67fef22169fc6b552a9729db5b8cf79d635c2a2e0ad0dc3c0 |
| SHA512 | 679fc3a57957748655154480d71ec57b56290efc9991f1d1828b9f9527a67be177e31c750e675e3a3fbe34cdf8df8683b2928018087f1511fd38b46fad7c363c |
C:\Windows\directx.sys
| MD5 | 1f5dab82254bce896d360a4cecbf197e |
| SHA1 | febfb2fd93c05f8d30036fc558c005340083ffdb |
| SHA256 | fda15ef7d21ddd1fa842e9dcd461c248298b6bd25b21e906bd36ac85d46ecc10 |
| SHA512 | 852fb7defee973ef1bc5f02b235254d53be05a529a673f3e05b1128213148afce33bcc2dcb63a1d6120d36e61dc953f4c05024d9cffa2c76551da29484e56cff |
C:\Windows\directx.sys
| MD5 | 0d34ea604a1743433c92ab69c32d34a3 |
| SHA1 | 45ce3b5af79406815e51e287c2cb40b0de10490d |
| SHA256 | 753d380048f67673debe583b0608cc5188f350890f24f3b1de22f338e026a218 |
| SHA512 | 696bd689ce39f9f4cbd45d4ddf8bdbdea817ca624761d6ded39d8ff315afbaf6662092a5b37efd12015aff53cafcc15b5919fa1dea49885a84cab964bb4516ee |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
| MD5 | 84ccbf994e62363103357029563a1d7e |
| SHA1 | 5c33d077eccb6b4bda10d90d142d2ef39fc6b5ef |
| SHA256 | 6a316b59e9344a197045156596cb247f2f5e7a23dfe00602e3651f53100ed20f |
| SHA512 | d86657f9bc40f91c4d1102a8aae5bad112c531510ea8a00a217b16b9b11320d91f850c16e6e4a8c47bb31f48accd0b37ba5ee5e5a36410db157ae3836fa5a015 |
C:\Users\Admin\AppData\Roaming\mAFTl\mAFTl.exe
| MD5 | e69c86e2bf6fcc2d11e084b00c9232cb |
| SHA1 | 872221c248ec38e900368fc4043675491a727b42 |
| SHA256 | 9ee420b781fdb315ed430a7be919d357b79a0505db735d36b3080e1ae6091566 |
| SHA512 | a55de13537f177cb782efb2c39e6347412d040c0d14c9544df9d896990b0355432a1933163b3568ddefe15528a8bd020fc526e85b099bf57ea7f8c0011e11e9e |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\D53E85~1.EXE.log
| MD5 | 1d1ad81054ca4f7e1705e47dbbd38096 |
| SHA1 | f43f4579bd5c6d61d2e3559801e4b92d2b0274ec |
| SHA256 | 85774d8a9602cdd6dd90cf987551e9cc49a4d46610f071b8386706155dcaf079 |
| SHA512 | a37abc8304bb8ab453f465cd635ba04d0381d1a3471806af337a4cc7d85dd0a3deaebea3875fdaf7b6d2032c03f9d7a8777145d1b5b09caf80858cf9a0407e65 |
C:\Users\Admin\AppData\Roaming\VpfPpsKULlYyB.exe
| MD5 | 022b804985fc3bc1857b8587e4330a74 |
| SHA1 | afdad4b0d85fbadd0cfc214ed13cb85640805756 |
| SHA256 | a71ab993f1473361fb74e378e0a2983d904b3fede85849ded23426c4b9e80339 |
| SHA512 | 7fa44183354bf99678215e552bb539918d7b55a4c1fbb0646828980c40a5330c81ad075e983daccb04fe3abd28de256b2dc4a97a5c4e4647e3ae54f826873155 |
C:\Windows\directx.sys
| MD5 | 46902d314f5f2d6fa0ef2fa5cf5afd3b |
| SHA1 | a2c9dafb3f8dade63e9582bafef0713440a9b2a2 |
| SHA256 | 08850adafb815a3bc7a66c491f8ddb395358df0d8363931a08cbd095c28ec8be |
| SHA512 | 7d5cd450a9bd3dd337043d85e6b34df168876939a57450da1792e89d0c45b15530f3d6c85c3cdae4d2fc18a35ef80363b01eecebf9d738d614b882d88ed42098 |
C:\Users\Admin\AppData\Roaming\YxTQbd.exe
| MD5 | 904d9a8a5b31139b3c895ef48806c646 |
| SHA1 | 23305c7323f220e8eb6b87f12244ca9419fda48f |
| SHA256 | e5370d47a36c3b7af18e4c8e1adb4a08f18bf9ee424f821ccfd585dfb7c111e0 |
| SHA512 | 71dbc2495b7b3e4e724340059b8cc8a74d3fde9a4367b008f74e3f63a987c34d61feeb8a4daf007712981fbf72d6f0268a4e9622e3cf87a89c3487669e415bda |
C:\Windows\directx.sys
| MD5 | 67dd18439a77cc25807c0c81197ad008 |
| SHA1 | 0647001d253af2933ec7c66e8e1de6784d117c50 |
| SHA256 | d32bfe1b6fbb3dce0ee7bf6653d9fbac774871c18122f2038075ae814182174f |
| SHA512 | 5857ab1d1f81ae2f31af722816b1837926cb3765e5899bd541afda47ebc0db383ea24ae802e6219c95f54390f16410790878f68ced6ada6992ec919c832822fa |
C:\Windows\directx.sys
| MD5 | 162b8b2bd10d755441a18a78d37950ec |
| SHA1 | 276915fe8834c7aa2b30e8015a7ef3d38131e988 |
| SHA256 | 0d25bc766b62e6e1c816de8641207219816f08b85825a3af588d7cdd72315a65 |
| SHA512 | 64ad3299260524976abae3b3b82049a556c9248b4d78f70919cdc9baa54e08805d4391de488479520a535ffb8404f333645136ed63f2c145827b0c9bc0560f7e |
C:\Windows\directx.sys
| MD5 | b3c06581858575b5d88eb63d03f23be3 |
| SHA1 | f2940c61ec39fb920d3dcf225c5becc0e18ae081 |
| SHA256 | a114c9b1a7e9e88311c64154314aac3d0ccb9f1dd4b9511ba47dcdeba2734f37 |
| SHA512 | 5959c3d8ef3b28fb454acbfc9c91f0c73b0145949593edbc2dd3965e59052aff392ee9ba00ec76da251d924fb19d3e2421f0380a0fa5d98721b1c535c554b086 |
C:\Windows\directx.sys
| MD5 | 4c6d0931ccdff74d7c6f72a9599558c2 |
| SHA1 | 29c487a695735253f193537853c6827012d5f039 |
| SHA256 | 12a29c45bcb851f1657426923f289c42773d4e6dceac08e0c6a8653f0318a6e0 |
| SHA512 | c376934695dc41232b2dfa979a6d2013999840852880b724670ba02b63a5ab522677d58ad6f77dabb4e781ca9f40ce8d866567cef07ca52156fbb0bb4fb53dd2 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\F8ZZF0QBXSJML8CNBIKR.temp
| MD5 | e60f19d95fe164593fbd7415fb1674b0 |
| SHA1 | 65c98b651f870559dd4b247eedb055172f2f3481 |
| SHA256 | c096c7cb6f8c8ca03f579d139350546c4e30cb6352b6f614b50bb50e862b773b |
| SHA512 | 560a5925dc3800fd97c38c8cd5594fc64604a3b1f8c1603078f8f72d498eca710fc9c97d85b4d430344f5bf902634602760ec5d0be423209e96fc507c8bc1b03 |
C:\Windows\directx.sys
| MD5 | 1db8457709e1d9523b1f7c3bee81ee85 |
| SHA1 | 37a1e0ab81bcb689dd213a6f7154b0d50c8ebf2e |
| SHA256 | ab4e9c0e284f972dab851505ee599ae3c998d5aab12dc320f7bfbfc4419db630 |
| SHA512 | 030f21684964e4cb568390ebc76521b34ce5bb71fa73ea2929df1706b1539dcc846db782d49c8e196c70d785bef85bebf75af434c536ecfbd4081e66d1f8fc16 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
| MD5 | d6f43d7ea5131a283a2b54ad0ab02585 |
| SHA1 | 69a6be926b80c3a241ef8c7e4f4b1f324e038c00 |
| SHA256 | 2a428f9ef818897951eafe3af1038fb6b417bca2e67d308cd6ca370f7afdb965 |
| SHA512 | cdb15bc123a6f486a43458f48c5c46839341a081211c5b7ae4a929e270e4083b4d5b1f47f5d45c297a0e3a102f7418443940028e7826084ea90ceee1063c6eab |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
| MD5 | e22ac5de842731b6a528ddd56dd66428 |
| SHA1 | c025cfcce9d0c1982dcaaee1138377fb5e787de0 |
| SHA256 | 0010617e4d51aebe71709653cc9636c7f243b31a335c17edb93ab4f9606062ed |
| SHA512 | 991cc2b3b604a234ecafbc6db7aee6d1411c7c738501664f531cc4f81ceb1bef047bcb9cbf6fa31b80e009781195a7bfc35ff374a552908e5a5e6cc11faf996e |
C:\Users\Admin\AppData\Local\Google\Media\2024-5-24_1.55.55_Administrator: Windows PowerShell.jpeg
| MD5 | 9f52af56b5292730b38c161f5cb3741e |
| SHA1 | c491d45165cc86fe78f4fdc0d9a9e3a2ac3153f4 |
| SHA256 | 95b66191447a805f28dd96771478829f4d2ab06bed376edbbaff41d953ce110f |
| SHA512 | ccf84f3fe468321c5e2f5b9ee36012f707535199dd67191fb97515b65acbea94812500ed632598d727dae3c82ee1863cf4a1c016fe7fd2f7b66d5cb9f74ac061 |
C:\ProgramData\remcos\logs.dat
| MD5 | e54d97ea043524dfa395135881991bfd |
| SHA1 | 450ecddcf920cbfd21f35483825dbf0e2508e287 |
| SHA256 | 61a822488b7db9d41dc23376b0f793771e9b2140071aa55beb7eec558a55f03e |
| SHA512 | bfb38dc01639c9f6b742157972c2c7b096f5388e0e25c6846d9e1fc8cd15c1371b0817772c31680617d84df46d98904a84ea5bcdea936f44761177dd1c9d2de5 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
| MD5 | 0fd6add767bbd166cfa40d7165680bd5 |
| SHA1 | 4df49856c0c8c4af33070005cc3907a2a5db8f35 |
| SHA256 | a7c67e99add1eeb92266f630e9590edd62a6bf841e125d23e12d32692313f818 |
| SHA512 | 68d31100a26dee3428917466f15870414fa989f7ab893961adb7e48964aaa4bc385c5e0784e2411f03dbfde35fa766b2171adfdbad77120756b0588ce78f2396 |