Analysis Overview
Threat Level: Known bad
The file https://www.mediafire.com/file/nux68zw3jsheeek/ValiantSpooferPaid.rar/file was found to be: Known bad.
Malicious Activity Summary
UAC bypass
Process spawned unexpected child process
DcRat
DCRat payload
Disables Task Manager via registry modification
Checks computer location settings
Executes dropped EXE
Checks whether UAC is enabled
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Scheduled Task/Job: Scheduled Task
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
System policy modification
Uses Volume Shadow Copy service COM API
Modifies registry class
Modifies registry key
Uses Task Scheduler COM API
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-20 20:46
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-20 20:46
Reported
2024-06-20 20:48
Platform
win10v2004-20240611-en
Max time kernel
75s
Max time network
77s
Command Line
Signatures
DcRat
Process spawned unexpected child process
| Description | Indicator | Process | Target |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe | |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\schtasks.exe |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Windows\Vss\Writers\msedge.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\msAgentServer\Windrivercrt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\msAgentServer\Windrivercrt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\msAgentServer\Windrivercrt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\Vss\Writers\msedge.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\Vss\Writers\msedge.exe | N/A |
DCRat payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Disables Task Manager via registry modification
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation | C:\msAgentServer\Windrivercrt.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\ValiantSpooferPaid\valiantspooferpaid.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\ValiantSpooferPaid\valiantspooferpaid.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation | C:\Windows\Vss\Writers\msedge.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\ValiantSpooferPaid\valiantspooferpaid.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\ValiantSpooferPaid\valiantspooferpaid.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\ValiantSpooferPaid\valiantspooferpaid.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\ValiantSpooferPaid\valiantspooferpaid.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\ValiantSpooferPaid\valiantspooferpaid.exe | N/A |
| N/A | N/A | C:\msAgentServer\Windrivercrt.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\ValiantSpooferPaid\valiantspooferpaid.exe | N/A |
| N/A | N/A | C:\Windows\Vss\Writers\msedge.exe | N/A |
| N/A | N/A | C:\msAgentServer\Windrivercrt.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\ValiantSpooferPaid\valiantspooferpaid.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\ValiantSpooferPaid\valiantspooferpaid.exe | N/A |
| N/A | N/A | C:\msAgentServer\Windrivercrt.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\ValiantSpooferPaid\valiantspooferpaid.exe | N/A |
| N/A | N/A | C:\msAgentServer\Windrivercrt.exe | N/A |
| N/A | N/A | C:\msAgentServer\Windrivercrt.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\ValiantSpooferPaid\valiantspooferpaid.exe | N/A |
| N/A | N/A | C:\msAgentServer\Windrivercrt.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\msAgentServer\Windrivercrt.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Windows\Vss\Writers\msedge.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\Vss\Writers\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\msAgentServer\Windrivercrt.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\valiantspooferpaid.exe | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files (x86)\Mozilla Maintenance Service\RuntimeBroker.exe | C:\msAgentServer\Windrivercrt.exe | N/A |
| File created | C:\Program Files (x86)\Mozilla Maintenance Service\9e8d7a4ca61bd9 | C:\msAgentServer\Windrivercrt.exe | N/A |
| File created | C:\Program Files\Windows Security\BrowserCore\en-US\msedge.exe | C:\msAgentServer\Windrivercrt.exe | N/A |
| File created | C:\Program Files\Windows Security\BrowserCore\en-US\61a52ddc9dd915 | C:\msAgentServer\Windrivercrt.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Setup\State\msedge.exe | C:\msAgentServer\Windrivercrt.exe | N/A |
| File created | C:\Windows\Setup\State\61a52ddc9dd915 | C:\msAgentServer\Windrivercrt.exe | N/A |
| File created | C:\Windows\Vss\Writers\msedge.exe | C:\msAgentServer\Windrivercrt.exe | N/A |
| File created | C:\Windows\Vss\Writers\61a52ddc9dd915 | C:\msAgentServer\Windrivercrt.exe | N/A |
| File created | C:\Windows\twain_32\MoUsoCoreWorker.exe | C:\msAgentServer\Windrivercrt.exe | N/A |
| File created | C:\Windows\twain_32\1f93f77a7f4778 | C:\msAgentServer\Windrivercrt.exe | N/A |
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings | C:\Windows\Vss\Writers\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings | C:\Users\Admin\Downloads\ValiantSpooferPaid\valiantspooferpaid.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings | C:\Users\Admin\Downloads\ValiantSpooferPaid\valiantspooferpaid.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings | C:\Users\Admin\Downloads\ValiantSpooferPaid\valiantspooferpaid.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings | C:\Users\Admin\Downloads\ValiantSpooferPaid\valiantspooferpaid.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings | C:\Users\Admin\Downloads\ValiantSpooferPaid\valiantspooferpaid.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings | C:\msAgentServer\Windrivercrt.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings | C:\Users\Admin\Downloads\ValiantSpooferPaid\valiantspooferpaid.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
Scheduled Task/Job: Scheduled Task
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\msAgentServer\Windrivercrt.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\Vss\Writers\msedge.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\msAgentServer\Windrivercrt.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\msAgentServer\Windrivercrt.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\msAgentServer\Windrivercrt.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\msAgentServer\Windrivercrt.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\msAgentServer\Windrivercrt.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\ValiantSpooferPaid\valiantspooferpaid.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\ValiantSpooferPaid\valiantspooferpaid.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\ValiantSpooferPaid\valiantspooferpaid.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\ValiantSpooferPaid\valiantspooferpaid.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\ValiantSpooferPaid\valiantspooferpaid.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\ValiantSpooferPaid\valiantspooferpaid.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\Vss\Writers\msedge.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Windows\Vss\Writers\msedge.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\msAgentServer\Windrivercrt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\msAgentServer\Windrivercrt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\msAgentServer\Windrivercrt.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\Vss\Writers\msedge.exe | N/A |
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/nux68zw3jsheeek/ValiantSpooferPaid.rar/file
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4376,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=3896 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3856,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=4600 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5300,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=5328 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5348,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=5388 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=5804,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=5980 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5796,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=6100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=6108,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=6008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=6036,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=6332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --field-trial-handle=6360,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=6476 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --field-trial-handle=6664,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=6688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --field-trial-handle=6876,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=6940 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --field-trial-handle=7064,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=7196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --field-trial-handle=7392,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=7248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --field-trial-handle=7396,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=7488 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --field-trial-handle=7620,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=7636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --field-trial-handle=7760,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=7640 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --field-trial-handle=7772,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=7928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --field-trial-handle=7776,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=8052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --field-trial-handle=8116,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=8108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --field-trial-handle=8220,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=8308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --field-trial-handle=8436,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=8476 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --field-trial-handle=8520,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=8604 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --field-trial-handle=8660,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=8632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --field-trial-handle=8640,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=8912 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --field-trial-handle=9236,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=9508 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=40 --field-trial-handle=9308,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=9556 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=41 --field-trial-handle=9664,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=8300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=42 --field-trial-handle=9960,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=9136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=43 --field-trial-handle=10096,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=10092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=44 --field-trial-handle=10236,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=10180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --field-trial-handle=10368,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=10332 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=46 --field-trial-handle=10516,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=10480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --field-trial-handle=10176,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=10748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=48 --field-trial-handle=7148,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=9160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --field-trial-handle=10732,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=10948 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=50 --field-trial-handle=9440,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=9796 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=51 --field-trial-handle=8924,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=10088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=52 --field-trial-handle=10072,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=10364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=53 --field-trial-handle=6888,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=7004 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=54 --field-trial-handle=9056,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=8680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=55 --field-trial-handle=9876,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=9924 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=56 --field-trial-handle=10256,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=11084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=57 --field-trial-handle=8300,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=10300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=58 --field-trial-handle=10464,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=11004 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=59 --field-trial-handle=7000,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=6976 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\ValiantSpooferPaid\" -spe -an -ai#7zMap7654:98:7zEvent2033
C:\Users\Admin\Downloads\ValiantSpooferPaid\valiantspooferpaid.exe
"C:\Users\Admin\Downloads\ValiantSpooferPaid\valiantspooferpaid.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\msAgentServer\sFM4S27zDOBzhYps42TIAnTFMK8Zul.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\msAgentServer\7Hr4JaIGGzbo4YnxbteHZfQH0TIt.bat" "
C:\msAgentServer\Windrivercrt.exe
"C:\msAgentServer\Windrivercrt.exe"
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "conhostc" /sc MINUTE /mo 14 /tr "'C:\Users\Public\AccountPictures\conhost.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "conhost" /sc ONLOGON /tr "'C:\Users\Public\AccountPictures\conhost.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "conhostc" /sc MINUTE /mo 7 /tr "'C:\Users\Public\AccountPictures\conhost.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 5 /tr "'C:\Program Files (x86)\Mozilla Maintenance Service\RuntimeBroker.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Program Files (x86)\Mozilla Maintenance Service\RuntimeBroker.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 10 /tr "'C:\Program Files (x86)\Mozilla Maintenance Service\RuntimeBroker.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "taskhostwt" /sc MINUTE /mo 12 /tr "'C:\Users\Default User\taskhostw.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "taskhostw" /sc ONLOGON /tr "'C:\Users\Default User\taskhostw.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "taskhostwt" /sc MINUTE /mo 14 /tr "'C:\Users\Default User\taskhostw.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "MoUsoCoreWorkerM" /sc MINUTE /mo 5 /tr "'C:\Windows\twain_32\MoUsoCoreWorker.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "MoUsoCoreWorker" /sc ONLOGON /tr "'C:\Windows\twain_32\MoUsoCoreWorker.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "MoUsoCoreWorkerM" /sc MINUTE /mo 13 /tr "'C:\Windows\twain_32\MoUsoCoreWorker.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "msedgem" /sc MINUTE /mo 5 /tr "'C:\Program Files\Windows Security\BrowserCore\en-US\msedge.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "msedge" /sc ONLOGON /tr "'C:\Program Files\Windows Security\BrowserCore\en-US\msedge.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "msedgem" /sc MINUTE /mo 9 /tr "'C:\Program Files\Windows Security\BrowserCore\en-US\msedge.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 6 /tr "'C:\msAgentServer\WmiPrvSE.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "WmiPrvSE" /sc ONLOGON /tr "'C:\msAgentServer\WmiPrvSE.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 9 /tr "'C:\msAgentServer\WmiPrvSE.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "msedgem" /sc MINUTE /mo 9 /tr "'C:\Windows\Setup\State\msedge.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "msedge" /sc ONLOGON /tr "'C:\Windows\Setup\State\msedge.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "msedgem" /sc MINUTE /mo 9 /tr "'C:\Windows\Setup\State\msedge.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "TrustedInstallerT" /sc MINUTE /mo 10 /tr "'C:\msAgentServer\TrustedInstaller.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "TrustedInstaller" /sc ONLOGON /tr "'C:\msAgentServer\TrustedInstaller.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "TrustedInstallerT" /sc MINUTE /mo 7 /tr "'C:\msAgentServer\TrustedInstaller.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "msedgem" /sc MINUTE /mo 7 /tr "'C:\Recovery\WindowsRE\msedge.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "msedge" /sc ONLOGON /tr "'C:\Recovery\WindowsRE\msedge.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "msedgem" /sc MINUTE /mo 6 /tr "'C:\Recovery\WindowsRE\msedge.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 13 /tr "'C:\msAgentServer\RuntimeBroker.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\msAgentServer\RuntimeBroker.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 13 /tr "'C:\msAgentServer\RuntimeBroker.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "upfcu" /sc MINUTE /mo 9 /tr "'C:\Recovery\WindowsRE\upfc.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "upfc" /sc ONLOGON /tr "'C:\Recovery\WindowsRE\upfc.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "upfcu" /sc MINUTE /mo 5 /tr "'C:\Recovery\WindowsRE\upfc.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "msedgem" /sc MINUTE /mo 6 /tr "'C:\Windows\Vss\Writers\msedge.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "msedge" /sc ONLOGON /tr "'C:\Windows\Vss\Writers\msedge.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "msedgem" /sc MINUTE /mo 5 /tr "'C:\Windows\Vss\Writers\msedge.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "msedgem" /sc MINUTE /mo 10 /tr "'C:\msAgentServer\msedge.exe'" /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "msedge" /sc ONLOGON /tr "'C:\msAgentServer\msedge.exe'" /rl HIGHEST /f
C:\Windows\system32\schtasks.exe
schtasks.exe /create /tn "msedgem" /sc MINUTE /mo 11 /tr "'C:\msAgentServer\msedge.exe'" /rl HIGHEST /f
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\N2kvYgGXaz.bat"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
C:\Windows\system32\w32tm.exe
w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
C:\Users\Admin\Downloads\ValiantSpooferPaid\valiantspooferpaid.exe
"C:\Users\Admin\Downloads\ValiantSpooferPaid\valiantspooferpaid.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\msAgentServer\sFM4S27zDOBzhYps42TIAnTFMK8Zul.vbe"
C:\Windows\Vss\Writers\msedge.exe
"C:\Windows\Vss\Writers\msedge.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\msAgentServer\7Hr4JaIGGzbo4YnxbteHZfQH0TIt.bat" "
C:\msAgentServer\Windrivercrt.exe
"C:\msAgentServer\Windrivercrt.exe"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\a95e41f4-e9f2-461e-bc97-edbe74c69a00.vbs"
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\6c53e1cd-0b14-4089-b381-1276ebbef57f.vbs"
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
C:\Users\Admin\Downloads\ValiantSpooferPaid\valiantspooferpaid.exe
"C:\Users\Admin\Downloads\ValiantSpooferPaid\valiantspooferpaid.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\msAgentServer\sFM4S27zDOBzhYps42TIAnTFMK8Zul.vbe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5536,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=5636 /prefetch:8
C:\Users\Admin\Downloads\ValiantSpooferPaid\valiantspooferpaid.exe
"C:\Users\Admin\Downloads\ValiantSpooferPaid\valiantspooferpaid.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\msAgentServer\sFM4S27zDOBzhYps42TIAnTFMK8Zul.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\msAgentServer\7Hr4JaIGGzbo4YnxbteHZfQH0TIt.bat" "
C:\msAgentServer\Windrivercrt.exe
"C:\msAgentServer\Windrivercrt.exe"
C:\Users\Admin\Downloads\ValiantSpooferPaid\valiantspooferpaid.exe
"C:\Users\Admin\Downloads\ValiantSpooferPaid\valiantspooferpaid.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\msAgentServer\sFM4S27zDOBzhYps42TIAnTFMK8Zul.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\msAgentServer\7Hr4JaIGGzbo4YnxbteHZfQH0TIt.bat" "
C:\msAgentServer\Windrivercrt.exe
"C:\msAgentServer\Windrivercrt.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\msAgentServer\7Hr4JaIGGzbo4YnxbteHZfQH0TIt.bat" "
C:\msAgentServer\Windrivercrt.exe
"C:\msAgentServer\Windrivercrt.exe"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=9468,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=9272 /prefetch:8
C:\Users\Admin\Downloads\ValiantSpooferPaid\valiantspooferpaid.exe
"C:\Users\Admin\Downloads\ValiantSpooferPaid\valiantspooferpaid.exe"
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\msAgentServer\sFM4S27zDOBzhYps42TIAnTFMK8Zul.vbe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\msAgentServer\7Hr4JaIGGzbo4YnxbteHZfQH0TIt.bat" "
C:\msAgentServer\Windrivercrt.exe
"C:\msAgentServer\Windrivercrt.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 104.16.113.74:443 | www.mediafire.com | udp |
| US | 104.16.113.74:443 | www.mediafire.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 2.20.12.87:443 | bzib.nelreports.net | tcp |
| US | 172.67.199.186:443 | the.gatekeeperconsent.com | udp |
| GB | 87.248.205.0:80 | tcp | |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 104.22.74.216:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | www.ezojs.com | udp |
| US | 8.8.8.8:53 | www.ezojs.com | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 8.8.8.8:53 | cdn.otnolatrnup.com | udp |
| US | 8.8.8.8:53 | cdn.otnolatrnup.com | udp |
| US | 104.21.42.32:443 | privacy.gatekeeperconsent.com | udp |
| US | 104.21.63.106:443 | www.ezojs.com | udp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| FR | 13.249.9.41:443 | cdn.amplitude.com | tcp |
| US | 104.16.53.110:443 | cdn.otnolatrnup.com | udp |
| GB | 142.250.187.238:443 | translate.google.com | tcp |
| US | 8.8.8.8:53 | www.mediafiredls.com | udp |
| US | 8.8.8.8:53 | www.mediafiredls.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 104.21.42.32:443 | privacy.gatekeeperconsent.com | udp |
| US | 104.26.2.173:443 | www.mediafiredls.com | tcp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 104.26.2.70:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 52.11.51.140:443 | api.amplitude.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | 74.113.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.199.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.74.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.42.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.63.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.53.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.79.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.9.249.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.2.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.24.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| US | 8.8.8.8:53 | data-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | data-edge.smartscreen.microsoft.com | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| FR | 13.39.145.251:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 8.8.8.8:53 | go.ezodn.com | udp |
| US | 8.8.8.8:53 | go.ezodn.com | udp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | udp |
| BE | 64.233.166.157:443 | stats.g.doubleclick.net | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | udp |
| US | 172.67.142.121:443 | go.ezodn.com | udp |
| GB | 142.250.187.202:443 | translate.googleapis.com | tcp |
| BE | 64.233.166.157:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | g.ezodn.com | udp |
| US | 8.8.8.8:53 | g.ezodn.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.200.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| IE | 52.17.55.191:443 | bcp.crwdcntrl.net | tcp |
| FR | 18.155.129.56:443 | tags.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| IE | 54.72.245.162:443 | bcp.crwdcntrl.net | tcp |
| GB | 142.250.178.10:443 | translate-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | bshr.ezodn.com | udp |
| US | 8.8.8.8:53 | bshr.ezodn.com | udp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | udp |
| US | 104.21.87.79:443 | bshr.ezodn.com | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | 169.96.87.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.2.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.145.39.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.51.11.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.142.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.166.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.129.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.55.17.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.245.72.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.87.21.104.in-addr.arpa | udp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| IE | 34.247.240.165:443 | bcp.crwdcntrl.net | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| FR | 13.39.145.251:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | script.4dex.io | udp |
| US | 8.8.8.8:53 | script.4dex.io | udp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 8.8.8.8:53 | tlx.3lift.com | udp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 8.8.8.8:53 | hb-api.omnitagjs.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | ghb.adtelligent.com | udp |
| US | 8.8.8.8:53 | ghb.adtelligent.com | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | htlb.casalemedia.com | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 8.8.8.8:53 | hb.yellowblue.io | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | prebid.smilewanted.com | udp |
| US | 8.8.8.8:53 | prebid.smilewanted.com | udp |
| US | 8.8.8.8:53 | prebid.cootlogix.com | udp |
| US | 8.8.8.8:53 | prebid.cootlogix.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | cdn.prod.uidapi.com | udp |
| US | 8.8.8.8:53 | cdn.prod.uidapi.com | udp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.187.226:443 | googleads.g.doubleclick.net | udp |
| US | 104.26.8.169:443 | script.4dex.io | tcp |
| US | 104.18.36.155:443 | htlb.casalemedia.com | tcp |
| DE | 51.89.9.251:443 | onetag-sys.com | tcp |
| DE | 18.157.230.4:443 | tlx.3lift.com | tcp |
| FR | 185.255.84.150:443 | hb-api.omnitagjs.com | tcp |
| US | 67.207.94.117:443 | prebid.cootlogix.com | tcp |
| US | 67.207.94.117:443 | prebid.cootlogix.com | tcp |
| US | 67.207.94.117:443 | prebid.cootlogix.com | tcp |
| US | 67.207.94.117:443 | prebid.cootlogix.com | tcp |
| US | 67.207.94.117:443 | prebid.cootlogix.com | tcp |
| GB | 185.64.190.77:443 | hbopenbid.pubmatic.com | tcp |
| NL | 145.40.97.66:443 | prebid.a-mo.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| FR | 18.244.28.8:443 | hb.yellowblue.io | tcp |
| US | 104.22.30.209:443 | prebid.smilewanted.com | tcp |
| US | 104.22.30.209:443 | prebid.smilewanted.com | tcp |
| US | 104.22.30.209:443 | prebid.smilewanted.com | tcp |
| US | 104.22.30.209:443 | prebid.smilewanted.com | tcp |
| US | 104.22.30.209:443 | prebid.smilewanted.com | tcp |
| US | 107.151.11.18:443 | ghb.adtelligent.com | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| US | 104.22.52.86:443 | cdn.id5-sync.com | tcp |
| FR | 99.86.95.185:443 | cdn.prod.uidapi.com | tcp |
| US | 104.18.35.167:443 | cdn-ima.33across.com | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| US | 104.26.8.169:443 | script.4dex.io | tcp |
| US | 8.8.8.8:53 | cadmus.script.ac | udp |
| US | 8.8.8.8:53 | cadmus.script.ac | udp |
| US | 34.120.107.143:443 | oajs.openx.net | tcp |
| US | 104.18.22.145:443 | cadmus.script.ac | tcp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| DE | 162.19.138.118:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.8.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.36.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.146.102.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.70.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.28.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.97.40.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.30.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 251.9.89.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.230.157.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.52.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.35.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.95.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.94.207.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.11.151.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 104.18.36.155:443 | htlb.casalemedia.com | udp |
| DE | 51.89.9.251:443 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | ghb1.adtelligent.com | udp |
| US | 8.8.8.8:53 | ghb1.adtelligent.com | udp |
| US | 34.120.107.143:443 | oajs.openx.net | udp |
| DE | 142.132.249.188:443 | ghb1.adtelligent.com | tcp |
| US | 8.8.8.8:53 | 1cf10096c79c802f86055aeae81c677a.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 1cf10096c79c802f86055aeae81c677a.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 1cf10096c79c802f86055aeae81c677a.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 34.98.64.218:443 | google-bidout-d.openx.net | tcp |
| US | 34.98.64.218:443 | google-bidout-d.openx.net | tcp |
| GB | 172.217.169.65:443 | 1cf10096c79c802f86055aeae81c677a.safeframe.googlesyndication.com | tcp |
| GB | 172.217.169.65:443 | 1cf10096c79c802f86055aeae81c677a.safeframe.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.107.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.22.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.249.132.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.64.98.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| FR | 178.250.7.13:443 | dnacdn.net | tcp |
| NL | 185.235.87.96:443 | ag.gbc.criteo.com | tcp |
| NL | 185.235.87.187:443 | gem.gbc.criteo.com | tcp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.7.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.87.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.87.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download1324.mediafire.com | udp |
| US | 8.8.8.8:53 | download1324.mediafire.com | udp |
| US | 205.196.123.12:443 | download1324.mediafire.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 205.196.123.12:443 | download1324.mediafire.com | tcp |
| US | 104.16.53.110:443 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | id.a-mx.com | udp |
| US | 8.8.8.8:53 | id.a-mx.com | udp |
| US | 8.8.8.8:53 | csync.smilewanted.com | udp |
| US | 8.8.8.8:53 | csync.smilewanted.com | udp |
| US | 8.8.8.8:53 | csync.smilewanted.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | ssc-cms.33across.com | udp |
| US | 8.8.8.8:53 | ssc-cms.33across.com | udp |
| US | 8.8.8.8:53 | ssc-cms.33across.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | sync.cootlogix.com | udp |
| US | 8.8.8.8:53 | sync.cootlogix.com | udp |
| US | 8.8.8.8:53 | sync.cootlogix.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| NL | 79.127.227.46:443 | id.a-mx.com | tcp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | prebid.a-mo.net | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| US | 8.8.8.8:53 | eb2.3lift.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | s.console.adtarget.com.tr | udp |
| US | 8.8.8.8:53 | s.console.adtarget.com.tr | udp |
| US | 8.8.8.8:53 | s.console.adtarget.com.tr | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| FR | 185.255.84.152:443 | visitor.omnitagjs.com | tcp |
| US | 67.202.105.23:443 | ssc-cms.33across.com | tcp |
| US | 172.67.14.119:443 | csync.smilewanted.com | tcp |
| US | 159.223.152.254:443 | sync.cootlogix.com | tcp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | hbx.media.net | udp |
| US | 8.8.8.8:53 | hbx.media.net | udp |
| DE | 51.89.9.252:443 | onetag-sys.com | tcp |
| US | 8.8.8.8:53 | hbx.media.net | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | cm.adform.net | udp |
| US | 8.8.8.8:53 | cm.adform.net | udp |
| US | 8.8.8.8:53 | cm.adform.net | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| NL | 147.75.84.158:443 | prebid.a-mo.net | tcp |
| DE | 49.12.126.50:443 | s.console.adtarget.com.tr | tcp |
| US | 13.248.245.213:443 | eb2.3lift.com | tcp |
| GB | 2.21.188.239:443 | ads.pubmatic.com | tcp |
| US | 104.18.38.76:443 | js-sec.indexww.com | tcp |
| GB | 2.21.188.27:443 | hbx.media.net | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 67.202.105.23:443 | ssc-cms.33across.com | tcp |
| FR | 185.255.84.152:443 | visitor.omnitagjs.com | tcp |
| US | 8.8.8.8:53 | s.console.adtarget.com.tr | udp |
| DK | 37.157.5.133:443 | cm.adform.net | tcp |
| DE | 51.89.9.252:443 | onetag-sys.com | tcp |
| US | 13.248.245.213:443 | eb2.3lift.com | tcp |
| GB | 2.21.188.239:443 | ads.pubmatic.com | tcp |
| GB | 2.21.188.27:443 | hbx.media.net | tcp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| US | 8.8.8.8:53 | id.hadron.ad.gt | udp |
| US | 8.8.8.8:53 | id.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | id.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| DK | 37.157.5.133:443 | cm.adform.net | tcp |
| US | 104.22.4.69:443 | id.hadron.ad.gt | tcp |
| US | 35.71.131.137:443 | match.adsrvr.org | tcp |
| DE | 3.75.62.37:443 | ups.analytics.yahoo.com | tcp |
| DE | 162.19.138.119:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | c3.a-mo.net | udp |
| US | 8.8.8.8:53 | c3.a-mo.net | udp |
| US | 8.8.8.8:53 | dl-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | dl-edge.smartscreen.microsoft.com | udp |
| DE | 79.127.216.47:443 | c3.a-mo.net | tcp |
| US | 20.189.173.15:443 | tcp | |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| DE | 162.19.138.118:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| FR | 178.250.7.13:443 | dnacdn.net | tcp |
| US | 8.8.8.8:53 | sync.adtelligent.com | udp |
| US | 8.8.8.8:53 | sync.adtelligent.com | udp |
| US | 8.8.8.8:53 | sync.adtelligent.com | udp |
| US | 8.8.8.8:53 | 12.123.196.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.227.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.14.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.84.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.9.89.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.245.248.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.84.75.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.126.12.49.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.152.223.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.188.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.105.202.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.188.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.5.157.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.131.71.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.4.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.62.75.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.138.19.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.216.127.79.in-addr.arpa | udp |
| GB | 185.83.71.234:443 | sync.adtelligent.com | tcp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | otnolatrnup.com | udp |
| US | 8.8.8.8:53 | assets.a-mo.net | udp |
| US | 8.8.8.8:53 | assets.a-mo.net | udp |
| US | 8.8.8.8:53 | rtb.mfadsrvr.com | udp |
| US | 8.8.8.8:53 | rtb.mfadsrvr.com | udp |
| US | 8.8.8.8:53 | sync.mathtag.com | udp |
| US | 8.8.8.8:53 | sync.mathtag.com | udp |
| US | 104.19.159.19:443 | assets.a-mo.net | tcp |
| US | 8.8.8.8:53 | woreppercomming.com | udp |
| US | 8.8.8.8:53 | woreppercomming.com | udp |
| US | 8.8.8.8:53 | woreppercomming.com | udp |
| GB | 142.250.187.202:443 | translate-pa.googleapis.com | udp |
| US | 216.200.232.253:443 | sync.mathtag.com | tcp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | ssum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | js-sec.indexww.com | udp |
| NL | 35.214.199.88:443 | rtb.mfadsrvr.com | tcp |
| US | 172.64.151.101:443 | ssum-sec.casalemedia.com | tcp |
| US | 172.64.151.101:443 | ssum-sec.casalemedia.com | tcp |
| US | 8.8.8.8:53 | woreppercomming.com | udp |
| US | 8.8.8.8:53 | woreppercomming.com | udp |
| US | 8.8.8.8:53 | woreppercomming.com | udp |
| US | 8.8.8.8:53 | static.smilewanted.com | udp |
| US | 8.8.8.8:53 | static.smilewanted.com | udp |
| FR | 18.155.129.103:443 | woreppercomming.com | tcp |
| US | 8.8.8.8:53 | gum.aidemsrv.com | udp |
| US | 8.8.8.8:53 | gum.aidemsrv.com | udp |
| US | 8.8.8.8:53 | gum.aidemsrv.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| DE | 51.89.9.252:443 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 104.17.44.93:443 | gum.aidemsrv.com | udp |
| US | 8.8.8.8:53 | pixel-eu.rubiconproject.com | udp |
| US | 8.8.8.8:53 | pixel-eu.rubiconproject.com | udp |
| US | 172.64.151.101:443 | ssum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | 234.71.83.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.159.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.199.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.151.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.232.200.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.129.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.44.17.104.in-addr.arpa | udp |
| NL | 69.173.156.148:443 | pixel-eu.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 8.8.8.8:53 | ssc-cms.33across.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| NL | 185.89.210.20:443 | secure.adnxs.com | tcp |
| US | 8.8.8.8:53 | app-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | app-edge.smartscreen.microsoft.com | udp |
| NL | 185.89.210.20:443 | secure.adnxs.com | tcp |
| US | 8.8.8.8:53 | player.aniview.com | udp |
| US | 8.8.8.8:53 | player.aniview.com | udp |
| US | 8.8.8.8:53 | player.aniview.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| US | 8.8.8.8:53 | www.ovardu.com | udp |
| US | 8.8.8.8:53 | www.ovardu.com | udp |
| GB | 51.140.244.186:443 | app-edge.smartscreen.microsoft.com | tcp |
| US | 2.20.12.106:443 | player.aniview.com | tcp |
| US | 104.21.96.72:443 | www.ovardu.com | udp |
| US | 8.8.8.8:53 | secure-assets.rubiconproject.com | udp |
| US | 8.8.8.8:53 | secure-assets.rubiconproject.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| ES | 23.60.223.190:443 | secure-assets.rubiconproject.com | tcp |
| ES | 23.60.223.190:443 | secure-assets.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| US | 8.8.8.8:53 | ssbsync.smartadserver.com | udp |
| US | 8.8.8.8:53 | visitor.omnitagjs.com | udp |
| FR | 149.202.238.101:443 | ssbsync.smartadserver.com | tcp |
| FR | 149.202.238.101:443 | ssbsync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| US | 8.8.8.8:53 | api-2-0.spot.im | udp |
| US | 8.8.8.8:53 | api-2-0.spot.im | udp |
| US | 8.8.8.8:53 | creativecdn.com | udp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 8.8.8.8:53 | sync.1rx.io | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | b1sync.zemanta.com | udp |
| US | 8.8.8.8:53 | b1sync.zemanta.com | udp |
| NL | 35.214.199.88:443 | rtb.mfadsrvr.com | udp |
| US | 8.8.8.8:53 | s.console.adtarget.com.tr | udp |
| US | 8.8.8.8:53 | s.console.adtarget.com.tr | udp |
| GB | 2.21.189.68:443 | eus.rubiconproject.com | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| US | 3.33.220.150:443 | match.adsrvr.org | tcp |
| FR | 99.86.91.65:443 | api-2-0.spot.im | tcp |
| NL | 46.228.174.117:443 | sync.1rx.io | tcp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| US | 8.8.8.8:53 | image8.pubmatic.com | udp |
| US | 64.202.112.63:443 | b1sync.zemanta.com | tcp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| US | 8.8.8.8:53 | sync.srv.stackadapt.com | udp |
| IE | 52.213.189.168:443 | match.prod.bidr.io | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 8.8.8.8:53 | cdn.indexww.com | udp |
| US | 8.8.8.8:53 | cdn.indexww.com | udp |
| NL | 198.47.127.18:443 | image8.pubmatic.com | tcp |
| US | 54.221.116.2:443 | sync.srv.stackadapt.com | tcp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | ads.stickyadstv.com | udp |
| US | 8.8.8.8:53 | ads.stickyadstv.com | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| US | 8.8.8.8:53 | cs.admanmedia.com | udp |
| US | 8.8.8.8:53 | t.adx.opera.com | udp |
| US | 8.8.8.8:53 | t.adx.opera.com | udp |
| US | 8.8.8.8:53 | ssbsync-global.smartadserver.com | udp |
| US | 8.8.8.8:53 | ssbsync-global.smartadserver.com | udp |
| NL | 198.47.127.18:443 | image8.pubmatic.com | tcp |
| US | 8.8.8.8:53 | spl.zeotap.com | udp |
| US | 8.8.8.8:53 | spl.zeotap.com | udp |
| US | 80.77.87.161:443 | cs.admanmedia.com | tcp |
| NL | 82.145.213.8:443 | t.adx.opera.com | tcp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| US | 104.22.50.98:443 | spl.zeotap.com | tcp |
| NL | 69.173.156.149:443 | pixel-eu.rubiconproject.com | tcp |
| US | 80.77.87.161:443 | cs.admanmedia.com | tcp |
| NL | 81.17.55.170:443 | ssbsync-global.smartadserver.com | tcp |
| NL | 154.57.158.115:443 | ads.stickyadstv.com | tcp |
| NL | 35.214.149.91:443 | x.bidswitch.net | tcp |
| GB | 142.250.178.2:443 | cm.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | s.company-target.com | udp |
| US | 8.8.8.8:53 | s.company-target.com | udp |
| US | 8.8.8.8:53 | sync-tm.everesttech.net | udp |
| US | 8.8.8.8:53 | sync-tm.everesttech.net | udp |
| US | 8.8.8.8:53 | cs-server-s2s.yellowblue.io | udp |
| US | 8.8.8.8:53 | cs-server-s2s.yellowblue.io | udp |
| US | 8.8.8.8:53 | sync.aniview.com | udp |
| US | 8.8.8.8:53 | sync.aniview.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| GB | 142.250.178.2:443 | cm.g.doubleclick.net | tcp |
| US | 151.101.130.49:443 | sync-tm.everesttech.net | tcp |
| US | 8.8.8.8:53 | jadserve.postrelease.com | udp |
| US | 8.8.8.8:53 | jadserve.postrelease.com | udp |
| US | 44.214.224.191:443 | cs-server-s2s.yellowblue.io | tcp |
| US | 34.96.71.22:443 | s.company-target.com | tcp |
| US | 8.8.8.8:53 | bttrack.com | udp |
| US | 8.8.8.8:53 | bttrack.com | udp |
| US | 96.46.186.182:443 | sync.aniview.com | tcp |
| IE | 99.80.49.43:443 | ap.lijit.com | tcp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| US | 8.8.8.8:53 | id.a-mx.com | udp |
| US | 8.8.8.8:53 | id.a-mx.com | udp |
| IE | 52.211.208.72:443 | jadserve.postrelease.com | tcp |
| US | 192.132.33.67:443 | bttrack.com | tcp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| US | 35.244.174.68:443 | id.rlcdn.com | tcp |
| NL | 79.127.227.46:443 | id.a-mx.com | tcp |
| US | 8.8.8.8:53 | sync.a-mo.net | udp |
| US | 8.8.8.8:53 | sync.a-mo.net | udp |
| GB | 142.250.178.2:443 | cm.g.doubleclick.net | udp |
| US | 52.46.128.147:443 | s.amazon-adsystem.com | tcp |
| US | 80.77.87.161:443 | cs.admanmedia.com | tcp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| US | 8.8.8.8:53 | token.rubiconproject.com | udp |
| US | 8.8.8.8:53 | 148.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.210.89.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.96.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 190.223.60.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.238.202.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.8.184.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.91.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 117.174.228.46.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.220.33.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.189.213.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.149.214.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.112.202.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.116.221.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.213.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.50.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.55.17.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 115.158.57.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.130.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.71.96.34.in-addr.arpa | udp |
| NL | 145.40.97.67:443 | sync.a-mo.net | tcp |
| US | 8.8.8.8:53 | 43.49.80.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.208.211.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.174.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.224.214.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.186.46.96.in-addr.arpa | udp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | rtb-csync.smartadserver.com | udp |
| US | 8.8.8.8:53 | rtb-csync.smartadserver.com | udp |
| NL | 89.149.193.105:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | id.rtb.mx | udp |
| US | 8.8.8.8:53 | id.rtb.mx | udp |
| US | 8.8.8.8:53 | ow.pubmatic.com | udp |
| US | 8.8.8.8:53 | ow.pubmatic.com | udp |
| NL | 185.64.189.116:443 | ow.pubmatic.com | tcp |
| NL | 79.127.227.46:443 | id.rtb.mx | tcp |
| NL | 185.89.210.20:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| US | 8.8.8.8:53 | player.aniview.com | udp |
| US | 8.8.8.8:53 | secure-assets.rubiconproject.com | udp |
| US | 8.8.8.8:53 | player.aniview.com | udp |
| US | 8.8.8.8:53 | sync.search.spotxchange.com | udp |
| US | 8.8.8.8:53 | sync.search.spotxchange.com | udp |
| US | 8.8.8.8:53 | sync.search.spotxchange.com | udp |
| US | 8.8.8.8:53 | sync.aniview.com | udp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | player.aniview.com | udp |
| US | 8.8.8.8:53 | sync.search.spotxchange.com | udp |
| US | 8.8.8.8:53 | eus.rubiconproject.com | udp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | tcp |
| US | 8.8.8.8:53 | sync.search.spotxchange.com | udp |
| US | 8.8.8.8:53 | sync.search.spotxchange.com | udp |
| US | 34.36.216.150:443 | pixel-sync.sitescout.com | udp |
| US | 8.8.8.8:53 | csync.smilewanted.com | udp |
| US | 8.8.8.8:53 | csync.smilewanted.com | udp |
| US | 8.8.8.8:53 | sync.smartadserver.com | udp |
| US | 8.8.8.8:53 | sync.smartadserver.com | udp |
| US | 8.8.8.8:53 | sync.smartadserver.com | udp |
| US | 8.8.8.8:53 | csync.smilewanted.com | udp |
| NL | 81.17.55.173:443 | sync.smartadserver.com | tcp |
| NL | 81.17.55.173:443 | sync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | 67.33.132.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.128.46.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.97.40.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.193.149.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.189.64.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.55.17.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.216.36.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | secure.adnxs.com | udp |
| US | 8.8.8.8:53 | csync.smilewanted.com | udp |
| NL | 69.173.156.149:443 | token.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| US | 8.8.8.8:53 | csync.smilewanted.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | csync.smilewanted.com | udp |
| US | 8.8.8.8:53 | ice.360yield.com | udp |
| US | 8.8.8.8:53 | ice.360yield.com | udp |
| US | 8.8.8.8:53 | ice.360yield.com | udp |
| US | 8.8.8.8:53 | csync.smilewanted.com | udp |
| US | 8.8.8.8:53 | csync.smilewanted.com | udp |
| US | 8.8.8.8:53 | u.openx.net | udp |
| US | 8.8.8.8:53 | u.openx.net | udp |
| US | 8.8.8.8:53 | u.openx.net | udp |
| US | 8.8.8.8:53 | csync.smilewanted.com | udp |
| US | 8.8.8.8:53 | csync.smilewanted.com | udp |
| IE | 34.255.242.185:443 | ice.360yield.com | tcp |
| IE | 34.255.242.185:443 | ice.360yield.com | tcp |
| US | 34.98.64.218:443 | u.openx.net | tcp |
| IE | 99.80.49.43:443 | ap.lijit.com | tcp |
| US | 8.8.8.8:53 | ap.lijit.com | udp |
| US | 8.8.8.8:53 | csync.smilewanted.com | udp |
| US | 34.98.64.218:443 | u.openx.net | udp |
| US | 8.8.8.8:53 | cm.adform.net | udp |
| US | 8.8.8.8:53 | csync.smilewanted.com | udp |
| US | 8.8.8.8:53 | us.shb-sync.com | udp |
| US | 8.8.8.8:53 | us.shb-sync.com | udp |
| US | 8.8.8.8:53 | us.shb-sync.com | udp |
| US | 8.8.8.8:53 | csync.smilewanted.com | udp |
| US | 8.8.8.8:53 | csync.smilewanted.com | udp |
| US | 8.8.8.8:53 | s.ad.smaato.net | udp |
| US | 8.8.8.8:53 | s.ad.smaato.net | udp |
| US | 8.8.8.8:53 | s.ad.smaato.net | udp |
| US | 8.8.8.8:53 | csync.smilewanted.com | udp |
| US | 8.2.110.33:443 | us.shb-sync.com | tcp |
| FR | 18.164.52.4:443 | s.ad.smaato.net | tcp |
| US | 8.8.8.8:53 | 185.242.255.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | csync.smilewanted.com | udp |
| US | 8.8.8.8:53 | 33.110.2.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.52.164.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.87.77.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 80.77.87.161:443 | cs.admanmedia.com | tcp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a0998438.xsph.ru | udp |
| RU | 141.8.192.6:80 | a0998438.xsph.ru | tcp |
| RU | 141.8.192.6:80 | a0998438.xsph.ru | tcp |
| US | 8.8.8.8:53 | 6.192.8.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
Files
C:\Users\Admin\Downloads\ValiantSpooferPaid\valiantspooferpaid.exe
| MD5 | 957ba1a651b750713d78d437ed8a3c7a |
| SHA1 | 14fdc69fc21dc9516931f5227d5d66ac1598c69a |
| SHA256 | 7b6a4e1d88e9c477ac1b77f3255a9daa54c083830ad81687cd45b2f237b8237c |
| SHA512 | c1ee2c80192b3f6a501d9958f49565111bdd7ee962fd05e5aab6af5fffc8bb41fb11f56ad590d60915271ecf2e9f774dd58472b6431b9cbebebfc9596efc85b5 |
C:\msAgentServer\sFM4S27zDOBzhYps42TIAnTFMK8Zul.vbe
| MD5 | 1ec6b23ee71cd4838514f2984cfbec8f |
| SHA1 | 0bdf20ddab114712d7b846535896ac7865a48401 |
| SHA256 | d1aebe6120e77195acccb1a39d91e079c83128b54b200d8aaf55e38c852a27ab |
| SHA512 | d673e5ec51cc6ba73289bcc0d126653ce0e650f79bd119e83d68ddae012be40c4dd3793fa6e897b078365c0ce3c4f6efb1c331736ebd2f3b6873a662978dc736 |
C:\msAgentServer\7Hr4JaIGGzbo4YnxbteHZfQH0TIt.bat
| MD5 | e1f65135829b69dd7821d59410d13e2a |
| SHA1 | 24b0c9b6360afd46c770aec60807e4796bcd31fa |
| SHA256 | addde1c2adf45d57e91d73e20f95087a07ef6f1b0287894a207f54ce57b841a7 |
| SHA512 | 020241921bd533ef833ccc34a34f4404e2278e586168dc064b74827abf125640783e6b9d00318a955f4a525236d2540a26775b1a980c5be5f4137b79ba1aa985 |
C:\msAgentServer\Windrivercrt.exe
| MD5 | cc022adec49e3a4e30ef5a2574f06349 |
| SHA1 | 2eb9f31932785a8c31bf505daff842749a34692a |
| SHA256 | a931aa10f393de1169f4616686b3f02c3323f064be3edb69d160dc3e0fe67759 |
| SHA512 | 7146be48b4ead35d0d1e150784ac2acfaaf14c7c04690f8059ad61787a0eec2bdd04ab84f45f76a5498c5aed80d14a244a7ca4f1781ba0424d8a5f828f80aef0 |
memory/6956-16-0x0000000000D60000-0x0000000000EFE000-memory.dmp
memory/6956-17-0x0000000002FC0000-0x0000000002FDC000-memory.dmp
memory/6956-18-0x000000001C1C0000-0x000000001C210000-memory.dmp
memory/6956-19-0x0000000002FE0000-0x0000000002FE8000-memory.dmp
memory/6956-20-0x000000001BB20000-0x000000001BB30000-memory.dmp
memory/6956-21-0x000000001BB30000-0x000000001BB38000-memory.dmp
memory/6956-22-0x000000001BB60000-0x000000001BB70000-memory.dmp
memory/6956-23-0x000000001BB40000-0x000000001BB4A000-memory.dmp
memory/6956-24-0x000000001BB50000-0x000000001BB5C000-memory.dmp
memory/6956-25-0x000000001BB70000-0x000000001BB82000-memory.dmp
memory/6956-26-0x000000001C740000-0x000000001CC68000-memory.dmp
memory/6956-27-0x000000001C210000-0x000000001C21C000-memory.dmp
memory/6956-28-0x000000001C220000-0x000000001C22C000-memory.dmp
memory/6956-32-0x000000001C460000-0x000000001C46C000-memory.dmp
memory/6956-31-0x000000001C350000-0x000000001C358000-memory.dmp
memory/6956-30-0x000000001C340000-0x000000001C34E000-memory.dmp
memory/6956-29-0x000000001C330000-0x000000001C33A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\N2kvYgGXaz.bat
| MD5 | 8c3b13d359bb173bb5ab1a3f0e64ce4a |
| SHA1 | 7be96cd1b1ecce693241c94451e50cef78669782 |
| SHA256 | c3cfc036cb03ba918900264a958892434d0ec34d296275f129230a5d79de53c5 |
| SHA512 | d2b11049081878f90fc9f1cc7e8c2170d5b547bdfa5f940752dd059cb63160de27b0131221c3d9422d44c6c9b3a8265f9c5bc9f7766fee76f1579c3b61ff9fb9 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Windrivercrt.exe.log
| MD5 | bbb951a34b516b66451218a3ec3b0ae1 |
| SHA1 | 7393835a2476ae655916e0a9687eeaba3ee876e9 |
| SHA256 | eb70c64ae99d14ac2588b7a84854fbf3c420532d7fe4dfd49c7b5a70c869943a |
| SHA512 | 63bcbfcf8e7421c66855c487c31b2991a989bdea0c1edd4c40066b52fa3eb3d9d37db1cd21b8eb4f33dd5870cc20532c8f485eab9c0b4f6b0793a35c077f2d6f |
C:\Users\Admin\AppData\Local\Temp\a95e41f4-e9f2-461e-bc97-edbe74c69a00.vbs
| MD5 | 8ecbeb29643548c6d49cfcbae2c5e681 |
| SHA1 | 59ed891b200f1cd678ec02c2ebd7c67244c6cc4f |
| SHA256 | 0481c32b420db2b67230872548832bce5e2a173b6dba47dfb7734df607956176 |
| SHA512 | 34342885467a97f91435dd83e5d82ae0aa54916f4af9bb64b0c26a67f5e765df3de4fe85b72c77d62518d15ea28a5cd1db2f432e9bbf33422cbc541c7026fdb1 |
C:\Users\Admin\AppData\Local\Temp\6c53e1cd-0b14-4089-b381-1276ebbef57f.vbs
| MD5 | 6af0004dc7b894ed9bc161e5c129dc5a |
| SHA1 | 567d65792f0dbf31a35ec0a60a94676e87c48d76 |
| SHA256 | b7346fe2e5d2b752a680d6824ddf873a9af357ac4b567361b8d3a2f048b89a4f |
| SHA512 | 0295a143d5844c0933753c14861433c85ec574a43b0adb64e32f88a0f5b528190258c1136337b64a66f252eb5ae7041cfee685429d7259c235659593d0f1609e |